From b2ed7fde8918a8bb731b497183c9c2a0d45da499 Mon Sep 17 00:00:00 2001 From: clime Date: Fri, 5 May 2017 14:42:23 +0200 Subject: [PATCH] pkgs-stg: use the new dist-git package only upload.cgi script is used for now --- roles/distgit/tasks/main.yml | 62 ++++++++++++++++- .../templates/lookaside-upload-stg.conf | 66 +++++++++++++++++++ 2 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 roles/distgit/templates/lookaside-upload-stg.conf diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index a94e914afd..5fbc629af1 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -19,6 +19,15 @@ - name: install the httpd config file copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: uninstall the httpd config file + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent + when: env == "staging" notify: - reload httpd tags: @@ -26,6 +35,7 @@ - name: install the httpd config directory file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory + when: env != "staging" notify: - reload httpd tags: @@ -68,13 +78,13 @@ # This is the Git setup itself: group, root directory, scripts,... - name: install dist-git yum: pkg=dist-git state=latest - when: env == "staging" and inventory_hostname.startswith('pkgs02') + when: env == "staging" tags: - distgit - name: install the dist-git config copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf - when: env == "staging" and inventory_hostname.startswith('pkgs02') + when: env == "staging" tags: - config - distgit @@ -135,6 +145,15 @@ - name: install the Dist Git-related httpd config copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Dist Git-related httpd config + copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf + when: env == "staging" notify: - reload httpd tags: @@ -142,6 +161,15 @@ - name: Symlink pkgs-git-repos-list copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: Symlink pkgs-git-repos-list + copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf + when: env == "staging" notify: - reload httpd tags: @@ -331,6 +359,16 @@ - name: install the CGit-related httpd redirect config copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf + when: env != "staging" + tags: + - distgit + - cgit + notify: + - reload httpd + +- name: install the CGit-related httpd redirect config + copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf + when: env == "staging" tags: - distgit - cgit @@ -353,6 +391,18 @@ with_items: - lookaside.conf - lookaside-upload.conf + when: env != "staging" + notify: + - reload httpd + tags: + - distgit + +- name: install the Lookaside Cache httpd configs + template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}} + with_items: + - lookaside.conf + - lookaside-upload-stg.conf + when: env == "staging" notify: - reload httpd tags: @@ -456,6 +506,14 @@ tags: - distgit +- name: uninstall the httpd config directory + file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent + when: env == "staging" + notify: + - reload httpd + tags: + - distgit + - name: check the selinux context of the upload CGI script command: matchpathcon /srv/web/upload.cgi register: upcgicontext diff --git a/roles/distgit/templates/lookaside-upload-stg.conf b/roles/distgit/templates/lookaside-upload-stg.conf new file mode 100644 index 0000000000..16303344ef --- /dev/null +++ b/roles/distgit/templates/lookaside-upload-stg.conf @@ -0,0 +1,66 @@ +Alias /repo/ /srv/cache/lookaside/ + +# default SSL configuration... +Listen 443 + +SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) +SSLSessionCacheTimeout 300 + +Mutex default + +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin + + + ServerName pkgs.{{ env_suffix }}fedoraproject.org + #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + # This is temporary for fixing Kojid because of firewall rules + Alias /repo/ /srv/cache/lookaside/ + + + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName pkgs{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + SSLEngine on + + SSLCertificateFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem + SSLCACertificateFile conf/cacert.pem + SSLCARevocationFile /etc/pki/tls/crl.pem + + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} + + Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/" + + +# Allow upload via src + + # This alias must come before the /repo/ one to avoid being overridden. + ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi + + Alias /repo/ /srv/cache/lookaside/ + ServerName src{{ env_suffix }}.fedoraproject.org + ServerAdmin webmaster@fedoraproject.org + + ErrorLog logs/ssl_error_log + + + Options +ExecCGI + + AuthType GSSAPI + GssapiSSLonly Off + AuthName "GSSAPI Single Sign On Login" + GssapiCredStore keytab:/etc/httpd.keytab + + Require valid-user + + + +