Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
11764 commits 9 branches 0 tags 111 MiB
Commit graph

129 commits

Author SHA1 Message Date
Patrick Uiterwijk
69aa7513b0 Also match api_2 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-22 02:23:59 +00:00
Patrick Uiterwijk
b69187c61c COPR API goes over SSL 2016-01-22 01:04:50 +00:00
Patrick Uiterwijk
ff3c5dcdf6 Proxy copr api 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-22 00:44:27 +00:00
Patrick Uiterwijk
d0f8126a9a This is called file 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-22 00:41:38 +00:00
Patrick Uiterwijk
6f990c34dd Do not forward COPR /api requests 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-22 00:40:47 +00:00
Patrick Uiterwijk
62a0372a38 Add the de-facto x-forwarded-proto 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-15 09:34:32 +00:00
Patrick Uiterwijk
7d179ed9dc Merge patch to enable HSTS on id.fp.o. #4991 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-01 21:34:46 +00:00
Patrick Uiterwijk
a0cf3666ce Cherrypy wants -Proto. Lets make it happy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-01 21:15:03 +00:00
Patrick Uiterwijk
08568865fe Replace all restart httpd with reload httpd 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-11-04 23:40:01 +00:00
Patrick Uiterwijk
2f3988868c Set requesttimeout on headers 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-15 17:34:08 +00:00
Kevin Fenzi
7b8f1624bf Gte another reload place 2015-10-11 19:53:20 +00:00
Ralph Bean
b0d3350791 Revert "robots.txt for bodhi.fp.o." 
This reverts commit dd76e91f2f.
 2015-10-11 19:14:42 +00:00
Ralph Bean
dd76e91f2f robots.txt for bodhi.fp.o. 2015-10-11 19:09:17 +00:00
Kevin Fenzi
17b4748e4e Switch proxies to use the mpm event module instead of prefork. 2015-10-09 15:34:17 +00:00
Patrick Uiterwijk
fcc019136a Also start haveged 2015-10-08 00:07:03 +00:00
Patrick Uiterwijk
6d8f8f3641 Var files are also useful 2015-10-08 00:01:30 +00:00
Patrick Uiterwijk
62b853b51e Create both prod and stg ticket keys 2015-10-07 23:42:44 +00:00
Kevin Fenzi
b34edf77a7 Move the haveged install to the mod_ssl role 2015-10-07 23:24:41 +00:00
Patrick Uiterwijk
4fa59b5ce8 Enable ticket keys 2015-10-07 23:04:25 +00:00
Kevin Fenzi
dac2988255 Add connect time random to use 1024 byes of /dev/random 2015-10-07 23:00:17 +00:00
Patrick Uiterwijk
7106486ce3 Add haveged to proxies for entropy 2015-10-07 20:12:14 +00:00
Patrick Uiterwijk
25f71933ab Robots have no use in fedoracommunity as its just an aggregator 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-09-16 11:50:59 +00:00
Stephen Smoogen
b74a402571 and we remove proxy09 2015-09-01 22:13:09 +00:00
Stephen Smoogen
1bc2c83952 change various ips to new ipv6 address 2015-08-21 19:41:43 +00:00
Patrick Uiterwijk
a4a3080f86 Make all redirects be 302 
This will allow us more flexibility for moving redirects around.
It will result in less cached redirect entries, and as such more
requests to the proxies, but since those requests are handled by
the reverse proxies themselves, and within apache, those should
not take that much extra processing.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-08-17 13:37:02 +00:00
Adrian Reber
0c710e5d60 The crawler logs are now on mm-frontend01. 
ProxyPass to the crawler is no longer required.
 2015-06-23 07:39:18 +00:00
Adrian Reber
4d80aff5f1 The crawler logs are now on mm-crawler01 2015-06-12 16:11:00 +00:00
Till Maas
e3606ba68e Use more https URLs where possible 2015-06-04 17:20:06 +02:00
Adrian Reber
74c772f99f Fix redirect from publiclist to mirrormanager. 
There have been reports that the old links pointing to the mirrorlist
are no longer working:

 $ curl -I http://mirrors.fedoraproject.org/publiclist/
 Location: https://admin.fedoraproject.org/mirrormanager///

This redirect still works but trying to access a specific mirrorlist
fails:

 $ curl -I http://mirrors.fedoraproject.org/publiclist/EPEL/7/
 Location: https://admin.fedoraproject.org/mirrormanager///EPEL/7/
 $ curl -I https://admin.fedoraproject.org/mirrormanager///EPEL/7/
 HTTP/1.1 404 NOT FOUND

At different places there are just too many slashes added. Removing the
slashes seems to help.
 2015-05-15 19:06:05 +00:00
Kevin Fenzi
4f2d7f0362 Just disallow /updates. Not much point in bodhi updates being in search engines. 2015-04-23 15:01:16 +00:00
Patrick Uiterwijk
88cc733244 Also tell riddler we don't like them 2015-04-23 14:50:53 +00:00
Kevin Fenzi
daf911784a Sync ssh_known_hosts to the proxies 2015-04-02 17:34:56 +00:00
Patrick Uiterwijk
141cc34862 Remove ip-specific listening 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-03-30 21:47:11 +00:00
Stephen Smoogen
7cba4be63c and we have ipv6 2015-03-30 20:40:48 +00:00
Stephen Smoogen
73d8098fc2 oh yeah.. vpn 2015-03-23 22:51:30 +00:00
Stephen Smoogen
a1b74f4caf and we try to make listspam a little less. 2015-03-23 21:56:21 +00:00
Kevin Fenzi
1e7e1ec92c Add proxy02. Drop second ip. 2015-02-21 22:28:28 +00:00
Kevin Fenzi
fdad2cd006 Drop the one ip on proxy07 to prep for moving it over to ansible 2015-02-21 16:48:39 +00:00
Patrick Uiterwijk
fa1f170788 Revert "Set HSTS on id.fp.o manually to disable subdomains" 
This reverts commit 62c73923f3.
 2015-02-20 21:41:32 +00:00
Patrick Uiterwijk
62c73923f3 Set HSTS on id.fp.o manually to disable subdomains 2015-02-20 21:32:18 +00:00
Kevin Fenzi
64d93edcd8 Lets try and get things in phx2 to use proxy10 instead of proxy01. 2015-02-18 22:53:10 +00:00
Till Maas
2ac8a57d05 Set HSTS header in TLS vhost 2015-02-12 21:52:36 +01:00
Till Maas
ce8655f7d1 Set HSTS for sslonly websites in roles/httpd/reverseproxy 2015-02-12 21:41:27 +01:00
Patrick Uiterwijk
2b1d97f004 Set the X-Scheme header as we agreed on 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-02-11 09:47:49 +00:00
Kevin Fenzi
73dee1dc7f Stab at making our lower mem proxies happier so they don't nagios flood us 2015-02-06 18:16:31 +00:00
Stephen Smoogen
4fad601cfd and we really need to make sure we use the right ip address. 2015-02-05 23:50:58 +00:00
Kevin Fenzi
c9ad5669ce Quash one of proxy06's ips so we only have 1 for it. 2015-02-05 22:38:38 +00:00
Till Maas
bd5407d679 Add HSTS header to bodhi, elections, fas, pkgdb 
Seems like this needs to be configured in the reverse proxy config as it
is done for id.
 2015-02-04 15:24:01 +01:00
Till Maas
e67081afe1 Improve HSTS header 
- always set the header to make it hopefully appear on redirect as well
  (https://fedorahosted.org/fedora-infrastructure/ticket/2888#comment:11)
- set preload, to make it more likely that subdomains can be
  added to preload list
 2015-02-04 11:49:05 +01:00
Kevin Fenzi
a5d5bfff7f Try and make proxies not replace files twice and also fix el7 python hash hotfix. 2015-02-02 00:39:49 +00:00