From bbe6c25b6f46ab351462c655e69217b35532edbf Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 11 May 2017 19:49:31 +0000 Subject: [PATCH] try os-master proxy setup Signed-off-by: Ricky Elrod --- playbooks/include/proxies-reverseproxy.yml | 6 ++++++ playbooks/include/proxies-websites.yml | 6 ++++++ roles/haproxy/files/os-master.staging.pem | 18 ++++++++++++++++++ roles/haproxy/tasks/main.yml | 1 + roles/haproxy/templates/haproxy.cfg | 10 +++++++++- 5 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 roles/haproxy/files/os-master.staging.pem diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 5016da198b..e3de581376 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -608,6 +608,12 @@ proxyurl: http://localhost:10062 keephost: true + - role: httpd/reverseproxy + website: os.fedoraproject.org + destname: os + proxyurl: http://localhost:10064 + keephost: true + - role: httpd/reverseproxy website: data-analysis.fedoraproject.org destname: awstats diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 25492a02c3..25713e8b64 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -556,6 +556,12 @@ sslonly: true cert_name: "{{wildcard_cert_name}}" + - role: httpd/website + name: os.fedoraproject.org + server_aliases: [os.stg.fedoraproject.org] + sslonly: true + cert_name: "{{wildcard_cert_name}}" + - role: httpd/website name: registry.fedoraproject.org server_aliases: [registry.stg.fedoraproject.org] diff --git a/roles/haproxy/files/os-master.staging.pem b/roles/haproxy/files/os-master.staging.pem new file mode 100644 index 0000000000..a7670fd2c7 --- /dev/null +++ b/roles/haproxy/files/os-master.staging.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE0OTQ1MjgxNDAwHhcNMTcwNTExMTg0MjE5WhcNMjIwNTEw +MTg0MjIwWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE0OTQ1MjgxNDAw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjeVJrc9OaedEPF/TDYV5N ++p696vk3q7uFHm09gX7moMzf/IKxKhX3RNWdpJI9eThF2tlxXvP7j9aOb6kQWFih +FSgQmJuQ290hH+rVzlb/s157bqqcuaUogputpMd8a2PzrSMXIXfnF2H8Et3ls63H +fMB2uE5P24LKmsbXaTcaERyQjOOmf6+ApGJZvFb9y+1ZBJJ3b8P1tt+CKAklG7gl +/29TEw4wy6O/1zfGoY1Sb/hlViJi3DWluCn4Ps41w3r0tObjiCKXzdGDlyRoMyYY +Ckd4Z89LEnJ8tY+k/gUeLFRF5pQYv0eeej6JGq6p+ZCcDeDO2xPWNQhnp3/pLgQB +AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAciUUjlfScGmF5z7RSEsIttA7sDHzwnOt0l+iWhCbtFXhl +yisMQLcPtsR0IprDCd8UQiuOH5c7em4BitZ0ulsgPak3nfO2o/IxA6hrFevCwGg7 +J5IAzvdfPhPb8jYxv1k7tBApEsKi6uiZyWowT1uFFbcWLeZvq1b2SDblV/cl/RrU +XP0tv6LhT/0lqabeWiBXxe4Bf8iVujJOdFMkasaXYKu859pGxbxDDF0GvvM87iPy +b4CYRdmIEJfQiP8nHJc+dfB9hYXH0Slq9o9NEeF0q2JwVt+C8bDCCQW0VaCY+6MB +LNUjceqD/+nenyps0KpzyuPEzVXU3sRMtIjYoskB +-----END CERTIFICATE----- diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index 1552e9c1ba..fde8d317dd 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -36,6 +36,7 @@ owner=root group=root mode=0600 with_items: - { file: "ipa.{{env}}.pem", dest: /etc/haproxy/ipa.pem } + - { file: "os-master.{{env}}.pem", dest: /etc/haproxy/os-master.pem } tags: - haproxy diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index f94cacf222..462eea0f77 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -421,13 +421,21 @@ listen kojipkgs 0.0.0.0:10062 option httpchk GET / {% endif %} - listen mbs 0.0.0.0:10063 balance hdr(appserver) server mbs-frontend01 mbs-frontend01:80 check inter 20s rise 2 fall 3 server mbs-frontend02 mbs-frontend02:80 check inter 20s rise 2 fall 3 option httpchk GET /module-build-service/1/module-builds/ +{% if env == "staging" %} +listen ipa 0.0.0.0:10064 + balance hdr(appserver) + server os-master01 os-master01:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem + server os-master01 os-master02:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem + server os-master01 os-master02:8443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/os-master.pem + option httpchk GET / +{% endif %} + # Apache doesn't handle the initial connection here like the other proxy # entries. This proxy also doesn't use the http mode like the others.