From a7891e476c03b6b567c3fd17dda78ceaa956b6d4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 22 Apr 2014 17:22:44 +0000
Subject: [PATCH] Add geoip-city-wsgi to sundries servers. Thanks janeznemanic.
 Ticket 4291

---
 playbooks/groups/sundries.yml                 |  3 +
 .../files/geoip-city-wsgi.conf                |  9 +++
 roles/geoip-city-wsgi/files/geoip-city.wsgi   | 71 +++++++++++++++++++
 roles/geoip-city-wsgi/tasks/main.yml          | 42 +++++++++++
 4 files changed, 125 insertions(+)
 create mode 100644 roles/geoip-city-wsgi/files/geoip-city-wsgi.conf
 create mode 100755 roles/geoip-city-wsgi/files/geoip-city.wsgi
 create mode 100644 roles/geoip-city-wsgi/tasks/main.yml

diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml
index a9c74922ae..228ec4813c 100644
--- a/playbooks/groups/sundries.yml
+++ b/playbooks/groups/sundries.yml
@@ -37,6 +37,8 @@
   - denyhosts
   - nagios_client
   - fas_client
+  - geoip
+  - geoip-city-wsgi
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -45,6 +47,7 @@
   - include: "{{ tasks }}/motd.yml"
   - include: "{{ tasks }}/sudo.yml"
   - include: "{{ tasks }}/apache.yml"
+  - include: "{{ tasks }}/mod_wsgi.yml"
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/geoip-city-wsgi/files/geoip-city-wsgi.conf b/roles/geoip-city-wsgi/files/geoip-city-wsgi.conf
new file mode 100644
index 0000000000..89123ee3ad
--- /dev/null
+++ b/roles/geoip-city-wsgi/files/geoip-city-wsgi.conf
@@ -0,0 +1,9 @@
+WSGIDaemonProcess geoip-city user=apache processes=45 threads=1 display-name=geoip-city maximum-requests=1000
+
+WSGIScriptAlias /city /usr/share/geoip-city-wsgi/geoip-city.wsgi
+
+<Location /city>
+    WSGIProcessGroup geoip-city
+    Order deny,allow
+    Allow from all
+</Location>
diff --git a/roles/geoip-city-wsgi/files/geoip-city.wsgi b/roles/geoip-city-wsgi/files/geoip-city.wsgi
new file mode 100755
index 0000000000..94358205aa
--- /dev/null
+++ b/roles/geoip-city-wsgi/files/geoip-city.wsgi
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+#
+# Copyright (c) 2013 Dell, Inc.
+#  by Matt Domsch <Matt_Domsch@dell.com>
+# Licensed under the MIT/X11 license
+
+# Environment Variables setable via Apache SetEnv directive:
+# geoip_city.noreverseproxy
+#  if set (to anything), do not look at X-Forwarded-For headers.  This
+#  is used in environments that do not have a Reverse Proxy (HTTP
+#  accelerator) in front of the application server running this WSGI,
+#  to avoid looking "behind" the real client's own forward HTTP proxy.
+
+from string import zfill, atoi, strip, replace
+from paste.wsgiwrappers import *
+import GeoIP
+import json
+
+global gi
+gi = GeoIP.open("/usr/share/GeoIP/GeoLiteCity.dat", GeoIP.GEOIP_STANDARD)
+gi.set_charset(GeoIP.GEOIP_CHARSET_UTF8)
+
+
+def real_client_ip(xforwardedfor):
+    """Only the last-most entry listed is the where the client
+    connection to us came from, so that's the only one we can trust in
+    any way."""
+    return xforwardedfor.split(',')[-1].strip()
+
+def get_client_ip(environ, request):
+    client_ip = None
+    request_data = request.GET
+
+    if 'ip' in request_data:
+        client_ip = strip(request_data['ip'])
+    elif 'X-Forwarded-For' in request.headers and 'geoip_city.noreverseproxy' not in environ:
+        client_ip = real_client_ip(strip(request.headers['X-Forwarded-For']))
+    else:
+        client_ip = request.environ['REMOTE_ADDR']
+
+    client_ip = unicode(client_ip, 'utf8', 'replace')
+    return client_ip
+
+def application(environ, start_response):
+    request = WSGIRequest(environ)
+    response = WSGIResponse()
+    code = 500
+
+    try:
+        client_ip = get_client_ip(environ, request)
+        if client_ip is None:
+            code = 400
+            raise Exception
+        results =  gi.record_by_addr(client_ip)
+        if results is None:
+            code = 404
+            raise Exception
+    except: 
+        response.status_code=code
+        return response(environ, start_response)
+
+    results['ip'] = client_ip
+    results = json.dumps(results)
+    response.headers['Content-Length'] = str(len(results))
+    response.write(results)
+    return response(environ, start_response)
+
+
+if __name__ == '__main__':
+    from paste import httpserver
+    httpserver.serve(application, host='127.0.0.1', port='8090')
diff --git a/roles/geoip-city-wsgi/tasks/main.yml b/roles/geoip-city-wsgi/tasks/main.yml
new file mode 100644
index 0000000000..2bbcda88a6
--- /dev/null
+++ b/roles/geoip-city-wsgi/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+
+#
+# This is the role for geoip-city-wsgi. 
+#
+
+- name: install geoip-city-wsgi.conf file 
+  copy: >
+        src="geoip-city-wsgi.conf" 
+        dest="/etc/httpd/conf.d/geoip-city-wsgi.conf" 
+        owner=root
+        group=root
+        mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - geoip_config
+  - config
+
+- name: setup /usr/share/geoip-city-wsgi directory
+  file: >
+        path=/usr/share/geoip-city-wsgi 
+        owner=root
+        group=root 
+        mode=0755 
+        state=directory
+  tags:
+  - geoip_config
+  - config
+
+- name: install geoip-city.wsgi file
+  copy: >
+        src="geoip-city.wsgi"
+        dest="/usr/share/geoip-city-wsgi/geoip-city.wsgi"
+        owner=root
+        group=root
+        mode=0775
+  notify:
+  - restart httpd
+  tags:
+  - geoip_config
+  - config