Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add geoip-city-wsgi to sundries servers. Thanks janeznemanic. Ticket 4291

Browse source
This commit is contained in:
Kevin Fenzi 2014-04-22 17:22:44 +00:00
parent 325f5e8205
commit a7891e476c
4 changed files with 125 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
playbooks/groups/sundries.yml
View file

@ -37,6 +37,8 @@
- denyhosts
- nagios_client
- fas_client
- geoip
- geoip-city-wsgi
tasks:
- include: "{{ tasks }}/hosts.yml"
@ -45,6 +47,7 @@
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- include: "{{ tasks }}/mod_wsgi.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"

9
roles/geoip-city-wsgi/files/geoip-city-wsgi.conf Normal file
View file

@ -0,0 +1,9 @@
WSGIDaemonProcess geoip-city user=apache processes=45 threads=1 display-name=geoip-city maximum-requests=1000
WSGIScriptAlias /city /usr/share/geoip-city-wsgi/geoip-city.wsgi
<Location /city>
WSGIProcessGroup geoip-city
Order deny,allow
Allow from all
</Location>

71
roles/geoip-city-wsgi/files/geoip-city.wsgi Executable file
View file

@ -0,0 +1,71 @@
#!/usr/bin/python
#
# Copyright (c) 2013 Dell, Inc.
# by Matt Domsch <Matt_Domsch@dell.com>
# Licensed under the MIT/X11 license
# Environment Variables setable via Apache SetEnv directive:
# geoip_city.noreverseproxy
# if set (to anything), do not look at X-Forwarded-For headers. This
# is used in environments that do not have a Reverse Proxy (HTTP
# accelerator) in front of the application server running this WSGI,
# to avoid looking "behind" the real client's own forward HTTP proxy.
from string import zfill, atoi, strip, replace
from paste.wsgiwrappers import *
import GeoIP
import json
global gi
gi = GeoIP.open("/usr/share/GeoIP/GeoLiteCity.dat", GeoIP.GEOIP_STANDARD)
gi.set_charset(GeoIP.GEOIP_CHARSET_UTF8)
def real_client_ip(xforwardedfor):
"""Only the last-most entry listed is the where the client
connection to us came from, so that's the only one we can trust in
any way."""
return xforwardedfor.split(',')[-1].strip()
def get_client_ip(environ, request):
client_ip = None
request_data = request.GET
if 'ip' in request_data:
client_ip = strip(request_data['ip'])
elif 'X-Forwarded-For' in request.headers and 'geoip_city.noreverseproxy' not in environ:
client_ip = real_client_ip(strip(request.headers['X-Forwarded-For']))
else:
client_ip = request.environ['REMOTE_ADDR']
client_ip = unicode(client_ip, 'utf8', 'replace')
return client_ip
def application(environ, start_response):
request = WSGIRequest(environ)
response = WSGIResponse()
code = 500
try:
client_ip = get_client_ip(environ, request)
if client_ip is None:
code = 400
raise Exception
results = gi.record_by_addr(client_ip)
if results is None:
code = 404
raise Exception
except:
response.status_code=code
return response(environ, start_response)
results['ip'] = client_ip
results = json.dumps(results)
response.headers['Content-Length'] = str(len(results))
response.write(results)
return response(environ, start_response)
if __name__ == '__main__':
from paste import httpserver
httpserver.serve(application, host='127.0.0.1', port='8090')

42
roles/geoip-city-wsgi/tasks/main.yml Normal file
View file

@ -0,0 +1,42 @@
---
#
# This is the role for geoip-city-wsgi.
#
- name: install geoip-city-wsgi.conf file
copy: >
src="geoip-city-wsgi.conf"
dest="/etc/httpd/conf.d/geoip-city-wsgi.conf"
owner=root
group=root
mode=0644
notify:
- restart httpd
tags:
- geoip_config
- config
- name: setup /usr/share/geoip-city-wsgi directory
file: >
path=/usr/share/geoip-city-wsgi
owner=root
group=root
mode=0755
state=directory
tags:
- geoip_config
- config
- name: install geoip-city.wsgi file
copy: >
src="geoip-city.wsgi"
dest="/usr/share/geoip-city-wsgi/geoip-city.wsgi"
owner=root
group=root
mode=0775
notify:
- restart httpd
tags:
- geoip_config
- config