From e604f022e46df85e0c853354ffdbc715d94c0adf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Wed, 21 Feb 2018 14:55:25 +0000 Subject: [PATCH] Hubs: use Apache + mod_wsgi --- playbooks/groups/hubs.yml | 4 +-- roles/hubs/tasks/prod.yml | 2 +- roles/hubs/tasks/web-apache.yml | 35 +++++++++++++++++++ .../tasks/{webserver.yml => web-nginx.yml} | 0 roles/hubs/templates/apache.conf | 27 ++++++++++++++ 5 files changed, 64 insertions(+), 4 deletions(-) create mode 100644 roles/hubs/tasks/web-apache.yml rename roles/hubs/tasks/{webserver.yml => web-nginx.yml} (100%) create mode 100644 roles/hubs/templates/apache.conf diff --git a/playbooks/groups/hubs.yml b/playbooks/groups/hubs.yml index fc357b49fe..bfb18763fc 100644 --- a/playbooks/groups/hubs.yml +++ b/playbooks/groups/hubs.yml @@ -98,9 +98,7 @@ hubs_dev_mode: false hubs_conf_dir: /etc/fedora-hubs hubs_var_dir: /var/lib/fedora-hubs - #hubs_ssl_cert: /etc/letsencrypt/live/hubs.stg.fedoraproject.org/fullchain.pem - #hubs_ssl_key: /etc/letsencrypt/live/hubs.stg.fedoraproject.org/privkey.pem - # Set to null because we use a SSL proxy + # Set the SSL files to null because we use a SSL proxy hubs_ssl_cert: null hubs_ssl_key: null hubs_fas_username: "{{ fedoraDummyUser }}" diff --git a/roles/hubs/tasks/prod.yml b/roles/hubs/tasks/prod.yml index 31c29dff2a..7900abd36c 100644 --- a/roles/hubs/tasks/prod.yml +++ b/roles/hubs/tasks/prod.yml @@ -16,4 +16,4 @@ - fedora-hubs-worker@4 - fedora-hubs-sse -- include_tasks: webserver.yml +- include_tasks: web-apache.yml diff --git a/roles/hubs/tasks/web-apache.yml b/roles/hubs/tasks/web-apache.yml new file mode 100644 index 0000000000..e359f769cc --- /dev/null +++ b/roles/hubs/tasks/web-apache.yml @@ -0,0 +1,35 @@ +# Webserver config + +- name: Install the webserver packages + dnf: name={{ item }} state=present + with_items: + - python3-mod_wsgi + - libselinux-python + - policycoreutils-python + + +- name: Apache configuration for hubs + template: + src: apache.conf + dest: /etc/httpd/conf.d/fedora-hubs.conf + notify: + - restart apache + + +- name: Allow network connection for Apache + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + + +- name: Allow Apache to write to the cache files + sefcontext: + setype: httpd_sys_rw_content_t + target: "/var/lib/fedora-hubs(/.*)?" + + +- name: Start and enable the services + service: name={{ item }} state=started enabled=yes + with_items: + - httpd diff --git a/roles/hubs/tasks/webserver.yml b/roles/hubs/tasks/web-nginx.yml similarity index 100% rename from roles/hubs/tasks/webserver.yml rename to roles/hubs/tasks/web-nginx.yml diff --git a/roles/hubs/templates/apache.conf b/roles/hubs/templates/apache.conf new file mode 100644 index 0000000000..e283e56743 --- /dev/null +++ b/roles/hubs/templates/apache.conf @@ -0,0 +1,27 @@ +Alias /static /usr/lib/python3.6/site-packages/hubs/static + +WSGIScriptAlias / /usr/share/fedora-hubs/hubs.wsgi +WSGIDaemonProcess hubs user=hubs group=hubs display-name=hubs maximum-requests=1000 processes=4 threads=30 +WSGISocketPrefix run/wsgi +WSGIRestrictStdout On +WSGIRestrictSignal Off +WSGIPythonOptimize 1 + + + + Order deny,allow + Allow from all + Require all granted + + WSGIProcessGroup hubs + + + + Order deny,allow + Allow from all + Require all granted + + +# SSE +ProxyPass /sse http://localhost:8080 +ProxyPassReverse /sse http://localhost:8080