pkgs-stg: use the new dist-git package

only upload.cgi script is used for now
2017-05-05 14:42:23 +02:00 · 2017-05-05 14:42:23 +02:00 · b2ed7fde89
commit b2ed7fde89
parent 129283a80b
2 changed files with 126 additions and 2 deletions
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@ -19,6 +19,15 @@

 - name: install the httpd config file
  copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: uninstall the httpd config file
+  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent
+  when: env == "staging"
  notify:
  - reload httpd
  tags:
@ -26,6 +35,7 @@

 - name: install the httpd config directory
  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
+  when: env != "staging"
  notify:
  - reload httpd
  tags:
@ -68,13 +78,13 @@
 # This is the Git setup itself: group, root directory, scripts,...
 - name: install dist-git
  yum: pkg=dist-git state=latest
-  when: env == "staging" and inventory_hostname.startswith('pkgs02')
+  when: env == "staging"
  tags:
  - distgit

 - name: install the dist-git config
  copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf
-  when: env == "staging" and inventory_hostname.startswith('pkgs02')
+  when: env == "staging"
  tags:
  - config
  - distgit
@ -135,6 +145,15 @@

 - name: install the Dist Git-related httpd config
  copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: install the Dist Git-related httpd config
+  copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
+  when: env == "staging"
  notify:
  - reload httpd
  tags:
@ -142,6 +161,15 @@

 - name: Symlink pkgs-git-repos-list
  copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: Symlink pkgs-git-repos-list
+  copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
+  when: env == "staging"
  notify:
  - reload httpd
  tags:
@ -331,6 +359,16 @@

 - name: install the CGit-related httpd redirect config
  copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
+  when: env != "staging"
+  tags:
+  - distgit
+  - cgit
+  notify:
+  - reload httpd
+
+- name: install the CGit-related httpd redirect config
+  copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
+  when: env == "staging"
  tags:
  - distgit
  - cgit
@ -353,6 +391,18 @@
  with_items:
  - lookaside.conf
  - lookaside-upload.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: install the Lookaside Cache httpd configs
+  template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
+  with_items:
+  - lookaside.conf
+  - lookaside-upload-stg.conf
+  when: env == "staging"
  notify:
  - reload httpd
  tags:
@ -456,6 +506,14 @@
  tags:
  - distgit

+- name: uninstall the httpd config directory
+  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
+  when: env == "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
 - name: check the selinux context of the upload CGI script
  command: matchpathcon /srv/web/upload.cgi
  register: upcgicontext
--- a/roles/distgit/templates/lookaside-upload-stg.conf
+++ b/roles/distgit/templates/lookaside-upload-stg.conf
@ -0,0 +1,66 @@
+Alias /repo/ /srv/cache/lookaside/
+
+# default SSL configuration...
+Listen 443
+
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+Mutex default
+
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+SSLCryptoDevice builtin
+
+<VirtualHost _default_:80>
+    ServerName pkgs.{{ env_suffix }}fedoraproject.org
+    #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+    # This is temporary for fixing Kojid because of firewall rules
+    Alias /repo/ /srv/cache/lookaside/
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    # This alias must come before the /repo/ one to avoid being overridden.
+    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+    Alias /repo/ /srv/cache/lookaside/
+    ServerName pkgs{{ env_suffix }}.fedoraproject.org
+    ServerAdmin webmaster@fedoraproject.org
+
+    SSLEngine on
+
+    SSLCertificateFile    conf/pkgs.fedoraproject.org_key_and_cert.pem
+    SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
+    SSLCACertificateFile  conf/cacert.pem
+    SSLCARevocationFile  /etc/pki/tls/crl.pem
+
+    SSLProtocol {{ ssl_protocols }}
+    SSLCipherSuite {{ ssl_ciphers }}
+
+    Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+</VirtualHost>
+
+# Allow upload via src
+<VirtualHost _default_:80>
+    # This alias must come before the /repo/ one to avoid being overridden.
+    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+    Alias /repo/ /srv/cache/lookaside/
+    ServerName src{{ env_suffix }}.fedoraproject.org
+    ServerAdmin webmaster@fedoraproject.org
+
+    ErrorLog logs/ssl_error_log
+
+   <Location /repo/pkgs/upload.cgi>
+       Options +ExecCGI
+
+       AuthType GSSAPI
+       GssapiSSLonly Off
+       AuthName "GSSAPI Single Sign On Login"
+       GssapiCredStore keytab:/etc/httpd.keytab
+
+       Require valid-user
+    </Location>
+
+</VirtualHost>
+