Hubs: use Apache + mod_wsgi

2018-02-21 14:55:25 +00:00 · 2018-02-21 14:55:25 +00:00 · e604f022e4
commit e604f022e4
parent 87dc6e0e9e
5 changed files with 64 additions and 4 deletions
--- a/playbooks/groups/hubs.yml
+++ b/playbooks/groups/hubs.yml
@ -98,9 +98,7 @@
    hubs_dev_mode: false
    hubs_conf_dir: /etc/fedora-hubs
    hubs_var_dir: /var/lib/fedora-hubs
-    #hubs_ssl_cert: /etc/letsencrypt/live/hubs.stg.fedoraproject.org/fullchain.pem
-    #hubs_ssl_key: /etc/letsencrypt/live/hubs.stg.fedoraproject.org/privkey.pem
-    # Set to null because we use a SSL proxy
+    # Set the SSL files to null because we use a SSL proxy
    hubs_ssl_cert: null
    hubs_ssl_key: null
    hubs_fas_username: "{{ fedoraDummyUser }}"
--- a/roles/hubs/tasks/prod.yml
+++ b/roles/hubs/tasks/prod.yml
@ -16,4 +16,4 @@
    - fedora-hubs-worker@4
    - fedora-hubs-sse

- include_tasks: webserver.yml
+- include_tasks: web-apache.yml
--- a/roles/hubs/tasks/web-apache.yml
+++ b/roles/hubs/tasks/web-apache.yml
@ -0,0 +1,35 @@
+# Webserver config
+
+- name: Install the webserver packages
+  dnf: name={{ item }} state=present
+  with_items:
+    - python3-mod_wsgi
+    - libselinux-python
+    - policycoreutils-python
+
+
+- name: Apache configuration for hubs
+  template:
+    src: apache.conf
+    dest: /etc/httpd/conf.d/fedora-hubs.conf
+  notify:
+    - restart apache
+
+
+- name: Allow network connection for Apache
+  seboolean:
+    name: httpd_can_network_connect
+    state: yes
+    persistent: yes
+
+
+- name: Allow Apache to write to the cache files
+  sefcontext:
+    setype: httpd_sys_rw_content_t   
+    target: "/var/lib/fedora-hubs(/.*)?"
+
+
+- name: Start and enable the services
+  service: name={{ item }} state=started enabled=yes
+  with_items:
+    - httpd
--- a/roles/hubs/tasks/web-nginx.yml
+++ b/roles/hubs/tasks/web-nginx.yml
--- a/roles/hubs/templates/apache.conf
+++ b/roles/hubs/templates/apache.conf
@ -0,0 +1,27 @@
+Alias /static      /usr/lib/python3.6/site-packages/hubs/static
+
+WSGIScriptAlias / /usr/share/fedora-hubs/hubs.wsgi
+WSGIDaemonProcess hubs user=hubs group=hubs display-name=hubs maximum-requests=1000 processes=4 threads=30
+WSGISocketPrefix run/wsgi
+WSGIRestrictStdout On
+WSGIRestrictSignal Off
+WSGIPythonOptimize 1
+
+<Directory "/usr/share/fedora-hubs">
+    <Files hubs.wsgi>
+        Order deny,allow
+        Allow from all
+        Require all granted
+    </Files>
+    WSGIProcessGroup hubs
+</Directory>
+
+<Directory "/usr/lib/python3.6/site-packages/hubs/static">
+    Order deny,allow
+    Allow from all
+    Require all granted
+</Directory>
+
+# SSE
+ProxyPass /sse http://localhost:8080
+ProxyPassReverse /sse http://localhost:8080