Initial cleanup of copr/frontend role
This commit is contained in:
Mikolaj Izdebski
parent
f937315e14
commit
e198c71bc9
12 changed files with 3 additions and 337 deletions
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
|
||||
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
|
||||
ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
|
||||
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
|
||||
LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
|
||||
YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
|
||||
4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
|
||||
Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
|
||||
itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
|
||||
4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
|
||||
sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
|
||||
bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
|
||||
MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
|
||||
NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
|
||||
dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
|
||||
L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
|
||||
BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
|
||||
UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
|
||||
aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
|
||||
aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
|
||||
E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
|
||||
/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
|
||||
xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
|
||||
0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
|
||||
cPUeybQ=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
<div class="page">
|
||||
<h1>
|
||||
Warning! This is a development server.
|
||||
Warning! This is a staging server.
|
||||
</h1>
|
||||
<h2>
|
||||
Production instance: <a href="https://copr.fedoraproject.org/">https://copr.fedoraproject.org/ </a>
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
#commented out so it doesn't do that stupid index page
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
local coprdb copr-fe md5
|
||||
host coprdb copr-fe 127.0.0.1/8 md5
|
||||
host coprdb copr-fe ::1/128 md5
|
||||
local coprdb postgres ident
|
||||
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
|
||||
# "local" is for Unix domain socket connections only
|
||||
local all all peer
|
||||
# IPv4 local connections:
|
||||
host all all 127.0.0.1/32 ident
|
||||
# IPv6 local connections:
|
||||
host all all ::1/128 ident
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
User-agent: *
|
||||
Disallow: /
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
||||
|
||||
- name: restart postgresql
|
||||
service: name=postgresql
|
||||
state=restarted
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
- name: copy httpd ssl certificates (crt)
|
||||
copy: src="{{ private }}/files/httpd/{{item}}"
|
||||
dest="/etc/pki/tls/certs/"
|
||||
owner=root group=root mode=0600
|
||||
with_items:
|
||||
- copr.fedorainfracloud.org.crt
|
||||
- copr.fedorainfracloud.org.intermediate.crt
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: copy httpd ssl certificates (key)
|
||||
copy: src="{{ private }}/files/httpd/copr.fedorainfracloud.org.key" dest="/etc/pki/tls/private/" owner=root group=root mode=0600
|
||||
tags:
|
||||
- config
|
||||
|
|
@ -1,13 +1,4 @@
|
|||
---
|
||||
- import_tasks: "mount_fs.yml"
|
||||
|
||||
- command: "ls -dZ /var/lib/pgsql"
|
||||
register: pgsql_ls
|
||||
|
||||
- name: update selinux context for postgress db dir if it's wrong
|
||||
command: "restorecon -vvRF /var/lib/pgsql"
|
||||
when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout
|
||||
|
||||
- name: install copr-frontend and copr-selinux
|
||||
dnf: state=latest name={{ item }}
|
||||
with_items:
|
||||
|
|
@ -20,17 +11,11 @@
|
|||
- name: install additional pkgs for copr-frontend
|
||||
dnf: state=present pkg={{ item }}
|
||||
with_items:
|
||||
- "bash-completion"
|
||||
- "mod_ssl"
|
||||
- redis
|
||||
- pxz
|
||||
- python3-alembic
|
||||
tags:
|
||||
- packages
|
||||
|
||||
- name: install a newer version of xstatic-jquery-ui-common
|
||||
command: dnf install -y https://kojipkgs.fedoraproject.org//packages/python-XStatic-jquery-ui/1.12.0.1/2.fc26/noarch/xstatic-jquery-ui-common-1.12.0.1-2.fc26.noarch.rpm
|
||||
|
||||
- name: install copr configs
|
||||
template: src="copr.conf" dest=/etc/copr/copr.conf mode=600
|
||||
notify:
|
||||
|
|
@ -38,19 +23,9 @@
|
|||
tags:
|
||||
- config
|
||||
|
||||
- name: enable and start redis # TODO: .service in copr-backend should depend on redis
|
||||
service: name=redis enabled=yes state=started
|
||||
|
||||
- name: enable and start pagure-events
|
||||
service: name=pagure-events enabled=yes state=started
|
||||
|
||||
- name: copy apache files to conf.d
|
||||
copy: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
||||
with_items:
|
||||
- "welcome.conf"
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: copy apache files to conf.d (templates)
|
||||
template: src="httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
|
||||
with_items:
|
||||
|
|
@ -65,15 +40,6 @@
|
|||
state: yes
|
||||
persistent: yes
|
||||
|
||||
- import_tasks: "psql_setup.yml"
|
||||
|
||||
- name: upgrade db to head
|
||||
command: alembic-3 upgrade head
|
||||
become: yes
|
||||
become_user: copr-fe
|
||||
args:
|
||||
chdir: /usr/share/copr/coprs_frontend/
|
||||
|
||||
- name: set up admins
|
||||
command: ./manage.py alter_user --admin {{ item }}
|
||||
become: yes
|
||||
|
|
@ -88,48 +54,15 @@
|
|||
- nb
|
||||
- kevin
|
||||
|
||||
- name: install ssl certificates for production
|
||||
import_tasks: "install_certs.yml"
|
||||
when: not devel
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: letsencrypt cert
|
||||
include_role: name=certbot
|
||||
when: devel
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Check that cert file exists
|
||||
stat:
|
||||
path: "/etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem"
|
||||
register: stat_cert
|
||||
|
||||
- name: Should admin run certbot?
|
||||
fail:
|
||||
msg: Please see roles/certbot/README step (2) and manually run certbot
|
||||
when:
|
||||
- stat_cert.stat.exists == False
|
||||
- devel
|
||||
|
||||
- name: install copr-frontend ssl vhost
|
||||
template: src="httpd/coprs_ssl.conf.j2" dest="/etc/httpd/conf.d/coprs_ssl.conf"
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: enable services
|
||||
service: state=started enabled=yes name={{ item }}
|
||||
with_items:
|
||||
- httpd
|
||||
|
||||
- name: set dev banner for dev instance
|
||||
when: devel
|
||||
- name: set staging banner for staging instance
|
||||
when: when: env == 'staging'
|
||||
copy: src=banner-include.html dest=/var/lib/copr/
|
||||
|
||||
- name: disallow robots on dev instance
|
||||
when: devel
|
||||
copy: src=robots.txt dest=/var/www/html/
|
||||
|
||||
- name: rebuild indexes
|
||||
command: ./manage.py update_indexes
|
||||
become: yes
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
- name: mount up disk of copr fe
|
||||
mount: name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
|
||||
|
||||
- name: mount up bind mount for postgres
|
||||
mount: src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted
|
||||
|
||||
|
|
@ -1,110 +0,0 @@
|
|||
- name: install postresql
|
||||
package: state=present pkg={{ item }}
|
||||
with_items:
|
||||
- "postgresql-server"
|
||||
- "postgresql-contrib"
|
||||
|
||||
|
||||
- name: See if postgreSQL is installed
|
||||
stat: path=/var/lib/pgsql/initdb.log
|
||||
register: pgsql_installed
|
||||
|
||||
- name: init postgresql
|
||||
shell: "postgresql-setup initdb"
|
||||
when: not pgsql_installed.stat.exists
|
||||
|
||||
- name: copy pg_hba.conf
|
||||
copy: src="pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
|
||||
notify:
|
||||
- restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Ensure postgres has a place to backup to
|
||||
file: dest=/backups state=directory owner=postgres
|
||||
tags:
|
||||
- config
|
||||
|
||||
# TODO: I think we missing user creation, check it we do it somewhere else ...
|
||||
|
||||
- name: Copy over backup scriplet
|
||||
copy: src="{{ files }}/../roles/postgresql_server/files/backup-database" dest=/usr/local/bin/backup-database mode=0755
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: Set up some cronjobs to backup databases as configured
|
||||
template: >
|
||||
src="{{ files }}/../roles/postgresql_server/templates/cron-backup-database"
|
||||
dest="/etc/cron.d/cron-backup-database-{{ item }}"
|
||||
with_items:
|
||||
- "{{ dbs_to_backup }}"
|
||||
when: dbs_to_backup != []
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: enable Pg service
|
||||
service: state=started enabled=yes name=postgresql
|
||||
|
||||
- name: Create db
|
||||
postgresql_db: name="coprdb" encoding='UTF-8'
|
||||
become: yes
|
||||
become_user: postgres
|
||||
|
||||
- name: Create db user
|
||||
postgresql_user: db="coprdb" name="copr-fe" password="{{ copr_database_password }}" role_attr_flags=SUPERUSER,NOCREATEDB,NOCREATEROLE
|
||||
become: yes
|
||||
become_user: postgres
|
||||
|
||||
- name: set shared_buffers for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^shared_buffers ='
|
||||
line: 'shared_buffers = 1024MB'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: set effective_cache_size for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^effective_cache_size ='
|
||||
line: 'effective_cache_size = 2048MB'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: set work_mem for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^work_mem ='
|
||||
line: 'work_mem = 4MB'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: set maintenance_work_mem for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^maintenance_work_mem ='
|
||||
line: 'maintenance_work_mem = 1GB'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: set checkpoint_completion_target for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^checkpoint_completion_target ='
|
||||
line: 'checkpoint_completion_target = 0.9'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
||||
- name: set log_min_duration_statement for PostgreSQL
|
||||
lineinfile:
|
||||
path: /var/lib/pgsql/data/postgresql.conf
|
||||
regexp: '^log_min_duration_statement ='
|
||||
line: 'log_min_duration_statement = 500'
|
||||
notify: restart postgresql
|
||||
tags:
|
||||
- config
|
||||
|
|
@ -28,14 +28,6 @@ WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
|
|||
</Directory>
|
||||
</VirtualHost>
|
||||
|
||||
{% if devel %}
|
||||
<VirtualHost *:80>
|
||||
RewriteEngine on
|
||||
RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
|
||||
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
|
||||
</VirtualHost>
|
||||
{% endif %}
|
||||
|
||||
<IfModule mod_status.c>
|
||||
ExtendedStatus On
|
||||
|
||||
|
|
|
|||
|
|
@ -1,80 +0,0 @@
|
|||
Listen 443 https
|
||||
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLProtocol {{ ssl_protocols }}
|
||||
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
||||
SSLCipherSuite {{ ssl_ciphers }}
|
||||
SSLHonorCipherOrder on
|
||||
Header always add Strict-Transport-Security "max-age=31536000; preload"
|
||||
|
||||
{% if not devel %}
|
||||
SSLCertificateFile /etc/pki/tls/certs/copr.fedorainfracloud.org.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/copr.fedorainfracloud.org.key
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/copr.fedorainfracloud.org.intermediate.crt
|
||||
{% else %}
|
||||
SSLCertificateFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/privkey.pem
|
||||
SSLCertificateChainFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/fullchain.pem
|
||||
{% endif %}
|
||||
|
||||
ServerName {{ copr_frontend_public_hostname }}
|
||||
|
||||
WSGIPassAuthorization On
|
||||
WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
|
||||
WSGIProcessGroup 127.0.0.1
|
||||
|
||||
<Location /api>
|
||||
WSGIProcessGroup api
|
||||
</Location>
|
||||
<Location /backend>
|
||||
WSGIProcessGroup backend
|
||||
</Location>
|
||||
<Location /stats_rcv>
|
||||
WSGIProcessGroup stats
|
||||
</Location>
|
||||
<Location /tmp>
|
||||
WSGIProcessGroup tmp
|
||||
</Location>
|
||||
|
||||
#ErrorLog logs/error_coprs
|
||||
#CustomLog logs/access_coprs common
|
||||
|
||||
<Directory /usr/share/copr>
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/coprs/sgallagh/cockpit-preview/repo/(.*)/.*\.repo$ /coprs/g/cockpit/cockpit-preview/repo/$1/ [R=301]
|
||||
RewriteRule ^/coprs/sgallagh/cockpit-preview/(.*)$ /coprs/g/cockpit/cockpit-preview/$1 [R=301]
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1582294 - yum copr enable does not work
|
||||
RewriteRule ^/coprs/([^/]*)/([^/]*)/repo/epel-(.*)-(.*)/(.*)$ /coprs/$1/$2/repo/epel-$3/$5 [PT]
|
||||
RewriteRule ^/coprs/g/([^/]*)/([^/]*)/repo/epel-(.*)-(.*)/(.*)$ /coprs/g/$1/$2/repo/epel-$3/$5 [PT]
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
SSLEngine on
|
||||
SSLProtocol {{ ssl_protocols }}
|
||||
# Use secure TLSv1.1 and TLSv1.2 ciphers
|
||||
SSLCipherSuite {{ ssl_ciphers }}
|
||||
SSLHonorCipherOrder on
|
||||
Header always add Strict-Transport-Security "max-age=31536000; preload"
|
||||
|
||||
{% if not devel %}
|
||||
SSLCertificateFile /etc/pki/tls/certs/copr.fedorainfracloud.org.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/copr.fedorainfracloud.org.key
|
||||
SSLCertificateChainFile /etc/pki/tls/certs/copr.fedorainfracloud.org.intermediate.crt
|
||||
{% else %}
|
||||
SSLCertificateFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/cert.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/privkey.pem
|
||||
SSLCertificateChainFile /etc/letsencrypt/live/{{ copr_frontend_public_hostname }}/fullchain.pem
|
||||
{% endif %}
|
||||
|
||||
{% if not devel %}
|
||||
ServerAlias copr.fedoraproject.org
|
||||
Redirect 302 / https://copr.fedorainfracloud.org/
|
||||
{% endif %}
|
||||
</VirtualHost>
|
||||
Loading…
Add table
Add a link
Reference in a new issue