pkgs-stg: use the new dist-git package

only upload.cgi script is used for now

roles/distgit/tasks/main.yml

@@ -19,6 +19,15 @@
 
 - name: install the httpd config file
   copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: uninstall the httpd config file
+  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf state=absent
+  when: env == "staging"
   notify:
   - reload httpd
   tags:
@@ -26,6 +35,7 @@
 
 - name: install the httpd config directory
   file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
+  when: env != "staging"
   notify:
   - reload httpd
   tags:
@@ -68,13 +78,13 @@
 # This is the Git setup itself: group, root directory, scripts,...
 - name: install dist-git
   yum: pkg=dist-git state=latest
-  when: env == "staging" and inventory_hostname.startswith('pkgs02')
+  when: env == "staging"
   tags:
   - distgit
 
 - name: install the dist-git config
   copy: src=dist-git.conf dest=/etc/dist-git/dist-git.conf
-  when: env == "staging" and inventory_hostname.startswith('pkgs02')
+  when: env == "staging"
   tags:
   - config
   - distgit
@@ -135,6 +145,15 @@
 
 - name: install the Dist Git-related httpd config
   copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: install the Dist Git-related httpd config
+  copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/dist-git/git-smart-http.conf
+  when: env == "staging"
   notify:
   - reload httpd
   tags:
@@ -142,6 +161,15 @@
 
 - name: Symlink pkgs-git-repos-list
   copy: src=repolist.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/repolist.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: Symlink pkgs-git-repos-list
+  copy: src=repolist.conf dest=/etc/httpd/conf.d/dist-git/repolist.conf
+  when: env == "staging"
   notify:
   - reload httpd
   tags:
@@ -331,6 +359,16 @@
 
 - name: install the CGit-related httpd redirect config
   copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
+  when: env != "staging"
+  tags:
+  - distgit
+  - cgit
+  notify:
+  - reload httpd
+
+- name: install the CGit-related httpd redirect config
+  copy: src=redirect.conf dest=/etc/httpd/conf.d/dist-git/redirect.conf
+  when: env == "staging"
   tags:
   - distgit
   - cgit
@@ -353,6 +391,18 @@
   with_items:
   - lookaside.conf
   - lookaside-upload.conf
+  when: env != "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
+- name: install the Lookaside Cache httpd configs
+  template: src={{item}} dest=/etc/httpd/conf.d/dist-git/{{item}}
+  with_items:
+  - lookaside.conf
+  - lookaside-upload-stg.conf
+  when: env == "staging"
   notify:
   - reload httpd
   tags:
@@ -456,6 +506,14 @@
   tags:
   - distgit
 
+- name: uninstall the httpd config directory
+  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=absent
+  when: env == "staging"
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
 - name: check the selinux context of the upload CGI script
   command: matchpathcon /srv/web/upload.cgi
   register: upcgicontext

roles/distgit/templates/lookaside-upload-stg.conf

@@ -0,0 +1,66 @@
+Alias /repo/ /srv/cache/lookaside/
+
+# default SSL configuration...
+Listen 443
+
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+Mutex default
+
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+SSLCryptoDevice builtin
+
+<VirtualHost _default_:80>
+    ServerName pkgs.{{ env_suffix }}fedoraproject.org
+    #Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+    # This is temporary for fixing Kojid because of firewall rules
+    Alias /repo/ /srv/cache/lookaside/
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    # This alias must come before the /repo/ one to avoid being overridden.
+    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+    Alias /repo/ /srv/cache/lookaside/
+    ServerName pkgs{{ env_suffix }}.fedoraproject.org
+    ServerAdmin webmaster@fedoraproject.org
+
+    SSLEngine on
+
+    SSLCertificateFile    conf/pkgs.fedoraproject.org_key_and_cert.pem
+    SSLCertificateKeyFile conf/pkgs.fedoraproject.org_key_and_cert.pem
+    SSLCACertificateFile  conf/cacert.pem
+    SSLCARevocationFile  /etc/pki/tls/crl.pem
+
+    SSLProtocol {{ ssl_protocols }}
+    SSLCipherSuite {{ ssl_ciphers }}
+
+    Redirect "/" "https://src{{ env_suffix }}.fedoraproject.org/"
+</VirtualHost>
+
+# Allow upload via src
+<VirtualHost _default_:80>
+    # This alias must come before the /repo/ one to avoid being overridden.
+    ScriptAlias /repo/pkgs/upload.cgi /var/lib/dist-git/web/upload.cgi
+
+    Alias /repo/ /srv/cache/lookaside/
+    ServerName src{{ env_suffix }}.fedoraproject.org
+    ServerAdmin webmaster@fedoraproject.org
+
+    ErrorLog logs/ssl_error_log
+
+   <Location /repo/pkgs/upload.cgi>
+       Options +ExecCGI
+
+       AuthType GSSAPI
+       GssapiSSLonly Off
+       AuthName "GSSAPI Single Sign On Login"
+       GssapiCredStore keytab:/etc/httpd.keytab
+
+       Require valid-user
+    </Location>
+
+</VirtualHost>
+