From af92d2582a378e18ee48d0460f8fecf40e6594a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= Date: Tue, 17 Mar 2020 05:55:10 +0000 Subject: [PATCH] ODCS: Add extra compose target directory for private composes. --- inventory/group_vars/odcs_frontend_stg | 6 +++--- roles/odcs/base/defaults/main.yml | 1 + roles/odcs/base/tasks/main.yml | 6 +++++- roles/odcs/base/templates/etc/odcs/config.py.j2 | 2 ++ roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 | 5 +++++ 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/inventory/group_vars/odcs_frontend_stg b/inventory/group_vars/odcs_frontend_stg index e913478fd7..b86dc79db5 100644 --- a/inventory/group_vars/odcs_frontend_stg +++ b/inventory/group_vars/odcs_frontend_stg @@ -36,9 +36,9 @@ odcs_target_dir_url: https://odcs.stg.fedoraproject.org/composes # for taskotron. odcs_allowed_clients_users: jscotka: {} - humaton: {"source_types": ["tag", "module", "build", "raw_config"]} - mohanboddu: {"source_types": ["tag", "module", "build", "raw_config"]} - jkaluza: {"source_types": ["tag", "module", "build", "raw_config"]} + humaton: {"source_types": ["tag", "module", "build", "raw_config"], "target_dirs": ["private"]} + mohanboddu: {"source_types": ["tag", "module", "build", "raw_config"], "target_dirs": ["private"]} + jkaluza: {"source_types": ["tag", "module", "build", "raw_config"], "target_dirs": ["private"]} nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/roles/odcs/base/defaults/main.yml b/roles/odcs/base/defaults/main.yml index f73c837829..f1be428273 100644 --- a/roles/odcs/base/defaults/main.yml +++ b/roles/odcs/base/defaults/main.yml @@ -48,4 +48,5 @@ odcs_seconds_to_live: 86400 # # The default is 72 hours odcs_max_seconds_to_live: 259200 odcs_celery_concurrency: 2 +odcs_extra_target_dirs: {"private": "/srv/odcs/private"} diff --git a/roles/odcs/base/tasks/main.yml b/roles/odcs/base/tasks/main.yml index 841ea63079..cd2c44fbb4 100644 --- a/roles/odcs/base/tasks/main.yml +++ b/roles/odcs/base/tasks/main.yml @@ -51,18 +51,22 @@ - name: create ODCS_TARGET_DIR file: - path: "{{ odcs_target_dir }}" + path: "{{ item }}" state: directory owner: apache group: apache mode: 0777 # recurse: yes follow: no + with_items: + - "{{ odcs_target_dir }}" + - "{{ odcs_target_dir }}/private" tags: - odcs - odcs/backend - odcs/frontend + # this app config is shared by backend and frontend, but has different # owner groups on backend and frontend, and notify different handlers, # we can have vars set for frontend and backend seperately to do that, diff --git a/roles/odcs/base/templates/etc/odcs/config.py.j2 b/roles/odcs/base/templates/etc/odcs/config.py.j2 index fe2ff882ee..2f31f043be 100644 --- a/roles/odcs/base/templates/etc/odcs/config.py.j2 +++ b/roles/odcs/base/templates/etc/odcs/config.py.j2 @@ -97,6 +97,8 @@ class ProdConfiguration(BaseConfiguration): TARGET_DIR = "{{ odcs_target_dir }}" TARGET_DIR_URL = "{{ odcs_target_dir_url }}" + EXTRA_TARGET_DIRS = {{ odcs_extra_target_dirs }} + ALLOWED_SOURCE_TYPES = {{ odcs_allowed_source_types }} RAW_CONFIG_URLS = {{ odcs_raw_config_urls }} diff --git a/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 b/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 index 14e687762b..af96e78516 100644 --- a/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 +++ b/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 @@ -67,3 +67,8 @@ Alias "/composes" "{{ odcs_target_dir }}" Options +Indexes + + + Require all denied + +