From 989f4f1e6b4686bb008b97aa2cb62508b3037a45 Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 15 May 2014 03:29:43 +0000 Subject: [PATCH] More downloadXX fun --- playbooks/groups/download.yml | 3 + .../files/httpd/dl.fedoraproject.org.conf | 30 +++++ roles/download/files/httpd/logs.conf | 2 + roles/download/files/httpd/rewrite.conf | 2 + roles/download/files/httpd/robots.conf | 1 + roles/download/files/httpd/secondary.conf | 13 +++ roles/download/tasks/main.yml | 14 ++- .../rsyncd/files/rsyncd.conf.download-ibiblio | 105 +++++++++++++++++ roles/rsyncd/files/rsyncd.conf.download-phx2 | 109 ++++++++++++++++++ roles/rsyncd/files/rsyncd.conf.download-rdu | 105 +++++++++++++++++ roles/rsyncd/tasks/main.yml | 2 +- 11 files changed, 384 insertions(+), 2 deletions(-) create mode 100644 roles/download/files/httpd/dl.fedoraproject.org.conf create mode 100644 roles/download/files/httpd/logs.conf create mode 100644 roles/download/files/httpd/rewrite.conf create mode 100644 roles/download/files/httpd/robots.conf create mode 100644 roles/download/files/httpd/secondary.conf create mode 100644 roles/rsyncd/files/rsyncd.conf.download-ibiblio create mode 100644 roles/rsyncd/files/rsyncd.conf.download-phx2 create mode 100644 roles/rsyncd/files/rsyncd.conf.download-rdu diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index 226079e1e9..80d9d2ecaf 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -26,6 +26,9 @@ - "{{ private }}/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml + vars: + - rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}" + roles: - base - rkhunter diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf new file mode 100644 index 0000000000..b4ba2d4506 --- /dev/null +++ b/roles/download/files/httpd/dl.fedoraproject.org.conf @@ -0,0 +1,30 @@ + + ServerName dl.fedoraproject.org + ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + TraceEnable Off + + + Include "conf.d/dl.fedoraproject.org/*.conf" + + + + ServerName dl.fedoraproject.org + ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert + SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key + SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert + SSLHonorCipherOrder On + + # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 + # If you change the protocols or cipher suites, you should probably update + # modules/squid/files/squid.conf-el6 too, to keep it in sync. + SSLProtocol +SSLv3 +TLSv1 + SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-SEED-SHA:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:SEED-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA + + Include "conf.d/dl.fedoraproject.org/*.conf" + diff --git a/roles/download/files/httpd/logs.conf b/roles/download/files/httpd/logs.conf new file mode 100644 index 0000000000..8b5ac9cde2 --- /dev/null +++ b/roles/download/files/httpd/logs.conf @@ -0,0 +1,2 @@ +CustomLog "logs/dl.fedoraproject.org-access.log" combined +ErrorLog "logs/dl.fedoraproject.org-error.log" diff --git a/roles/download/files/httpd/rewrite.conf b/roles/download/files/httpd/rewrite.conf new file mode 100644 index 0000000000..ac0c4f1000 --- /dev/null +++ b/roles/download/files/httpd/rewrite.conf @@ -0,0 +1,2 @@ +RewriteEngine On +RewriteRule ^/$ /pub [R=302,L] diff --git a/roles/download/files/httpd/robots.conf b/roles/download/files/httpd/robots.conf new file mode 100644 index 0000000000..b4023906ca --- /dev/null +++ b/roles/download/files/httpd/robots.conf @@ -0,0 +1 @@ +Alias /robots.txt /srv/web/robots.txt.dl.fedoraproject.org diff --git a/roles/download/files/httpd/secondary.conf b/roles/download/files/httpd/secondary.conf new file mode 100644 index 0000000000..15dd4f7822 --- /dev/null +++ b/roles/download/files/httpd/secondary.conf @@ -0,0 +1,13 @@ +Alias /pub /srv/pub + +DocumentRoot /srv/web + + + Options Indexes FollowSymLinks + HeaderName /HEADER.html + ReadmeName /FOOTER.html + + + + ReadmeName /pub/archive/README.html + diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index 8a7f67efae..639701ae4c 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -29,4 +29,16 @@ - name: NFS mount points (rdu) mount: name=/srv/pub src=172.31.1.10:/vol/fedora_ftp/fedora.redhat.com/pub fstype=nfs opts=defaults,ro,noatime,nodev,nosuid,hard,intr,nfsvers=3 state=mounted - when: datacenter == 'phx2' + when: datacenter == 'rdu' + +- name: Copy wildcard cert from puppet private + copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600 + +- name: Copy wildcard key from puppet private + copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600 + +- name: Copy intermediate wildcard cert from puppet private + copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600 + +- name: Configure httpd + copy: src=httpd/ dest=/etc/httpd/conf.d/ diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio new file mode 100644 index 0000000000..ac4e5e0b03 --- /dev/null +++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio @@ -0,0 +1,105 @@ +#download-rdu +pid file = /var/run/rsyncd.pid +syslog facility = daemon +max connections = 15 +timeout = 600 +use chroot = yes +uid = nobody +gid = nobody +#transfer logging = false +motd file = /etc/motd_fedora +log file = /var/log/rsyncd-fedora.log + +dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz +exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs* +ignore nonreadable = yes +list = true +read only = yes +refuse options = checksum + +[ fedora-alt ] + comment = non-Fedora Alternative Content + path = /srv/pub/alt + +# [fedora-archive] +# comment = Fedora Release Archives +# path = /srv/pub/archive + +[ fedora-enchilada ] + comment = Fedora - The whole enchilada + path = /srv/pub/fedora + +[ fedora-buffet ] + comment = Fedora - The whole buffet. All you can eat. + path = /srv/pub + +[ fedora-epel ] + comment = Extra Packages for Enterprise Linux + path = /srv/pub/epel + +[ fedora-linux-releases ] + comment = Fedora Linux Releases + path = /srv/pub/fedora/linux/releases + +[ fedora-linux-development ] + comment = Fedora Linux Development + path = /srv/pub/fedora/linux/development + +[ fedora-linux-updates ] + comment = Fedora Linux Updates + path = /srv/pub/fedora/linux/updates + +# [fedora-secondary] +# comment = Fedora Secondary Archs +# path = /srv/pub/fedora-secondary + +[ fedora-stage ] + comment = Staging directory + path = /srv/pub/alt/stage/ + +## +## The following are not seen and are limited by IP. +## +## All entries should be hostnames that resolve to the reverse dns not ips + +[fedora-enchilada0] + comment = Fedora Enchilada for Tier0|1 Mirrors + path = /srv/pub/fedora/ + list = no + uid = 263 + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-buffet0] + comment = Fedora Buffet for Tier0|1 Mirrors + path = /srv/pub/ + list = no + uid = 263 + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-epel0] + comment = Fedora EPEL for Tier0|1 Mirrors + path = /srv/pub/epel/ + list = no + uid = 263 + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-alt0] + comment = Fedora ALT for Tier0|1 Mirrors + path = /srv/pub/alt/ + list = no + uid = 100103 + gid = 101737 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +# For distributing applications +[log] + comment = Server Logs + path = /var/log + uid = root + gid = root + read only = yes + hosts allow = 10.5.126.29 192.168.1.56 + list = no diff --git a/roles/rsyncd/files/rsyncd.conf.download-phx2 b/roles/rsyncd/files/rsyncd.conf.download-phx2 new file mode 100644 index 0000000000..b5ca03b507 --- /dev/null +++ b/roles/rsyncd/files/rsyncd.conf.download-phx2 @@ -0,0 +1,109 @@ +#download-phx +pid file = /var/run/rsyncd.pid +syslog facility = daemon +max connections = 20 +timeout = 600 +use chroot = yes +uid = nobody +gid = nobody +#transfer logging = false +motd file = /etc/motd_fedora +log file = /var/log/rsyncd-fedora.log + +dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz +exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs* +ignore nonreadable = yes +list = true +read only = yes +refuse options = checksum + +[ fedora-alt ] + comment = non-Fedora Alternative Content + path = /srv/pub/alt + +[fedora-archive] + comment = Fedora Release Archives + path = /srv/pub/archive + +[ fedora-enchilada ] + comment = Fedora - The whole enchilada + path = /srv/pub/fedora + +[ fedora-buffet ] + comment = Fedora - The whole buffet. All you can eat. + path = /srv/pub + +[ fedora-epel ] + comment = Extra Packages for Enterprise Linux + path = /srv/pub/epel + +[ fedora-linux-releases ] + comment = Fedora Linux Releases + path = /srv/pub/fedora/linux/releases + +[ fedora-linux-development ] + comment = Fedora Linux Development + path = /srv/pub/fedora/linux/development + +[ fedora-linux-updates ] + comment = Fedora Linux Updates + path = /srv/pub/fedora/linux/updates + +[fedora-secondary] + comment = Fedora Secondary Archs + path = /srv/pub/fedora-secondary + +[ fedora-stage ] + comment = Staging directory + path = /srv/pub/alt/stage/ + +[ deltaisos ] + comment = Delta isos + path = /srv/pub/alt/stage/deltaisos + +## +## The following are not seen and are limited by IP. +## +## All entries should be hostnames that resolve to the reverse dns not ips + +[fedora-enchilada0] + comment = Fedora Enchilada for Tier0|1 Mirrors + path = /srv/pub/fedora/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-buffet] + comment = Fedora Buffet for Tier0|1 Mirrors + path = /srv/pub/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-epel0] + comment = Fedora EPEL for Tier0|1 Mirrors + path = /srv/pub/epel/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-alt0] + comment = Fedora ALT for Tier0|1 Mirrors + path = /srv/pub/alt/ + list = no + uid = 100103 + gid = 101737 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +# For distributing applications +[log] + comment = Server Logs + path = /var/log + uid = root + gid = root + read only = yes + hosts allow = 10.5.126.29 + list = no diff --git a/roles/rsyncd/files/rsyncd.conf.download-rdu b/roles/rsyncd/files/rsyncd.conf.download-rdu new file mode 100644 index 0000000000..1c27580502 --- /dev/null +++ b/roles/rsyncd/files/rsyncd.conf.download-rdu @@ -0,0 +1,105 @@ +#download-rdu +pid file = /var/run/rsyncd.pid +syslog facility = daemon +max connections = 15 +timeout = 600 +use chroot = yes +uid = nobody +gid = nobody +#transfer logging = false +motd file = /etc/motd_fedora +log file = /var/log/rsyncd-fedora.log + +dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz +exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs* +ignore nonreadable = yes +list = true +read only = yes +refuse options = checksum + +[ fedora-alt ] + comment = non-Fedora Alternative Content + path = /srv/pub/alt + +[fedora-archive] + comment = Fedora Release Archives + path = /srv/pub/archive + +[ fedora-enchilada ] + comment = Fedora - The whole enchilada + path = /srv/pub/fedora + +[ fedora-buffet ] + comment = Fedora - The whole buffet. All you can eat. + path = /srv/pub + +[ fedora-epel ] + comment = Extra Packages for Enterprise Linux + path = /srv/pub/epel + +[ fedora-linux-releases ] + comment = Fedora Linux Releases + path = /srv/pub/fedora/linux/releases + +[ fedora-linux-development ] + comment = Fedora Linux Development + path = /srv/pub/fedora/linux/development + +[ fedora-linux-updates ] + comment = Fedora Linux Updates + path = /srv/pub/fedora/linux/updates + +[fedora-secondary] + comment = Fedora Secondary Archs + path = /srv/pub/fedora-secondary + +[ fedora-stage ] + comment = Staging directory + path = /srv/pub/alt/stage/ + +## +## The following are not seen and are limited by IP. +## +## All entries should be hostnames that resolve to the reverse dns not ips + +[fedora-enchilada0] + comment = Fedora Enchilada for Tier0|1 Mirrors + path = /srv/pub/fedora/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-buffet0] + comment = Fedora Buffet for Tier0|1 Mirrors + path = /srv/pub/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-epel0] + comment = Fedora EPEL for Tier0|1 Mirrors + path = /srv/pub/epel/ + list = no + uid = nobody + gid = 263 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +[fedora-alt0] + comment = Fedora ALT for Tier0|1 Mirrors + path = /srv/pub/alt/ + list = no + uid = 100103 + gid = 101737 + hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com + +# For distributing applications +[log] + comment = Server Logs + path = /var/log + uid = root + gid = root + read only = yes + hosts allow = 10.5.126.29 192.168.1.56 + list = no diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index a7acb0466c..ea195925d9 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -16,7 +16,7 @@ - name: rsyncd.conf file copy: src={{ item }} dest=/etc/rsyncd.conf mode=644 with_first_found: - - "{{ rsyncd.conf }}" + - "{{ rsyncd_conf }}" - rsyncd.conf.{{ ansible_fqdn }} - rsyncd.conf.{{ host_group }} - rsyncd.conf.default