diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index a94e914afd..5fbc629af1 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -19,6 +19,15 @@
- name: install the httpd config file
copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
+ when: env != "staging"
+ notify:
+ - reload httpd
+ tags:
+ - distgit
+
+- name: uninstall the httpd config file
+ file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent
+ when: env == "staging"
notify:
- reload httpd
tags:
@@ -26,6 +35,7 @@
- name: install the httpd config directory
file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
+ when: env != "staging"
notify:
- reload httpd
tags:
@@ -68,13 +78,13 @@
# This is the Git setup itself: group, root directory, scripts,...
- name: install dist-git
yum: pkg=dist-git state=latest
- when: env == "staging" and inventory_hostname.startswith('pkgs02')
+ when: env == "staging"
tags:
- distgit
- name: install the dist-git config
copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf
- when: env == "staging" and inventory_hostname.startswith('pkgs02')
+ when: env == "staging"
tags:
- config
- distgit
@@ -135,6 +145,15 @@
- name: install the Dist Git-related httpd config
copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
+ when: env != "staging"
+ notify:
+ - reload httpd
+ tags:
+ - distgit
+
+- name: install the Dist Git-related httpd config
+ copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
+ when: env == "staging"
notify:
- reload httpd
tags:
@@ -142,6 +161,15 @@
- name: Symlink pkgs-git-repos-list
copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
+ when: env != "staging"
+ notify:
+ - reload httpd
+ tags:
+ - distgit
+
+- name: Symlink pkgs-git-repos-list
+ copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
+ when: env == "staging"
notify:
- reload httpd
tags:
@@ -331,6 +359,16 @@
- name: install the CGit-related httpd redirect config
copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
+ when: env != "staging"
+ tags:
+ - distgit
+ - cgit
+ notify:
+ - reload httpd
+
+- name: install the CGit-related httpd redirect config
+ copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
+ when: env == "staging"
tags:
- distgit
- cgit
@@ -353,6 +391,18 @@
with_items:
- lookaside.conf
- lookaside-upload.conf
+ when: env != "staging"
+ notify:
+ - reload httpd
+ tags:
+ - distgit
+
+- name: install the Lookaside Cache httpd configs
+ template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
+ with_items:
+ - lookaside.conf
+ - lookaside-upload-stg.conf
+ when: env == "staging"
notify:
- reload httpd
tags:
@@ -456,6 +506,14 @@
tags:
- distgit
+- name: uninstall the httpd config directory
+ file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
+ when: env == "staging"
+ notify:
+ - reload httpd
+ tags:
+ - distgit
+
- name: check the selinux context of the upload CGI script
command: matchpathcon /srv/web/upload.cgi
register: upcgicontext
diff --git a/roles/distgit/templates/lookaside-upload-stg.conf b/roles/distgit/templates/lookaside-upload-stg.conf
new file mode 100644
index 0000000000..16303344ef
--- /dev/null
+++ b/roles/distgit/templates/lookaside-upload-stg.conf
@@ -0,0 +1,66 @@
+Alias /repo/ /srv/cache/lookaside/
+
+# default SSL configuration...
+Listen 443
+
+SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout 300
+
+Mutex default
+
+SSLRandomSeed startup file:/dev/urandom 256
+SSLRandomSeed connect builtin
+SSLCryptoDevice builtin
+
+
+ ServerName pkgs.{{ env_suffix }}fedoraproject.org
+ #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+ # This is temporary for fixing Kojid because of firewall rules
+ Alias /repo/ /srv/cache/lookaside/
+
+
+
+ # This alias must come before the /repo/ one to avoid being overridden.
+ ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+ Alias /repo/ /srv/cache/lookaside/
+ ServerName pkgs{{ env_suffix }}.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+
+ SSLEngine on
+
+ SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem
+ SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
+ SSLCACertificateFile conf/cacert.pem
+ SSLCARevocationFile /etc/pki/tls/crl.pem
+
+ SSLProtocol {{ ssl_protocols }}
+ SSLCipherSuite {{ ssl_ciphers }}
+
+ Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+
+
+# Allow upload via src
+
+ # This alias must come before the /repo/ one to avoid being overridden.
+ ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+ Alias /repo/ /srv/cache/lookaside/
+ ServerName src{{ env_suffix }}.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+
+ ErrorLog logs/ssl_error_log
+
+
+ Options +ExecCGI
+
+ AuthType GSSAPI
+ GssapiSSLonly Off
+ AuthName "GSSAPI Single Sign On Login"
+ GssapiCredStore keytab:/etc/httpd.keytab
+
+ Require valid-user
+
+
+
+