Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
26084 commits 9 branches 0 tags 111 MiB
Commit graph

157 commits

Author SHA1 Message Date
Tim Flink
16c2787a56 proxies: Adding remotepath to websocket balancers 
The current template assumes that websockets are at the base of a URL
but that is not true for our buildmaster. This patch adds remotepath
to the end of the websocket url if remotepath is defined.
 2019-03-22 15:23:28 +00:00
Patrick Uiterwijk
acf6f6587b Remove workaround for very old ostree 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:27:44 +01:00
Patrick Uiterwijk
f10ce98e0f Disallow cloudfront from accessing ostree refs and summray 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:17:06 +01:00
Kevin Fenzi
a158c64f7d elections: drop no longer needed releasepassproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-01-23 14:35:36 +00:00
Kevin Fenzi
564fc0fbf1 mirrormanager: redirect 7Server to 7 for epel download redirects. 
Fixes https://pagure.io/fedora-infrastructure/issue/7444

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2018-12-28 20:15:24 +00:00
Patrick Uiterwijk
afde4968e5 And do https if not disabled 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:50:45 +01:00
Patrick Uiterwijk
158847f9b5 OpenQA is non-HTTPS for backend, sadly 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:49:46 +01:00
Patrick Uiterwijk
ee0748715a Allow the HTTP Connection header to contain more for websockets 
Firefox is hell-bent on sending "keep-alive, Upgrade", which did not match
^Upgrade$....
Let's accept either.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:38:40 +01:00
Kevin Fenzi
7c931b3c20 Remove regindexer redirects outside the directory level. 2018-11-05 17:51:55 +00:00
Kevin Fenzi
d57f891ade Fix staging oci-registry to point to 01 only since we don't have a 02 anymore. 
This commit should make no changes to production and thus shouldn't need a freeze break.
 2018-10-11 22:07:33 +00:00
Patrick Uiterwijk
646010c992 Set a default targettype 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:11:17 +02:00
Patrick Uiterwijk
7fcd6b2afd Set tags correctly on the set_fact 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:09:29 +02:00
Patrick Uiterwijk
f3bdabd73a Word ordering is hard 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:01:25 +02:00
Patrick Uiterwijk
7dc41f8f16 Let's see if it's reversed? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:55:21 +02:00
Patrick Uiterwijk
48bf3be669 Try quoting... It worked last time? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:52:05 +02:00
Patrick Uiterwijk
3ffd179216 Simplify reverseproxy for openshift and setup SSL config for it 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:46:08 +02:00
Patrick Uiterwijk
a0a625fd08 Stop overriding the reverseproxy config for bodhi 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:19:05 +02:00
Mikolaj Izdebski
735d10275c Enable proxying of copr api_2 and api_3 2018-09-27 10:12:45 +00:00
Patrick Uiterwijk
12186da25f Fix websockets for prod openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 17:33:01 +02:00
Patrick Uiterwijk
b97a401f57 Make WebSocket possible for (app.)os.stg.fedoraproject.org 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:24:30 +02:00
Kevin Fenzi
45184ad096 adjust config for regindexer some for testing 2018-08-30 18:27:57 +00:00
Kevin Fenzi
2229869408 sync icons and setup httpd config 2018-08-30 16:21:09 +00:00
Rick Elrod
d370e3dc7a update things for new names 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-08-21 22:20:10 +00:00
Rick Elrod
4a60ddc875 Nuke pkgdb some more... and probably break everything. 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-07-19 20:40:14 +00:00
Mikolaj Izdebski
682935e658 Make non-phx2 proxies handle nagios with 421 Misdirected Request 2018-07-16 14:14:11 +00:00
Patrick Uiterwijk
b2f08b8b00 Docker client wants to check /v2/.... Allow /v2/ from outside but not internally 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:21:15 +02:00
Patrick Uiterwijk
8342d3283e d4n is really really annoying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:08:06 +02:00
Patrick Uiterwijk
39dc41533e Deny api v1 because docker tries to fall back 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 22:59:41 +02:00
Patrick Uiterwijk
cbd6dfe92b Require auth for /v2 but not everything under 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 22:13:09 +02:00
Patrick Uiterwijk
d89298457c Switch candidate registry to basic auth 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-08 09:19:38 +00:00
Patrick Uiterwijk
f483a219df Move remote path around 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 23:29:03 +02:00
Patrick Uiterwijk
9b1fd99655 Fix balancer reversed 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 23:25:20 +02:00
Patrick Uiterwijk
ab4c8f3521 Fix trailing slash on balancer 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 21:35:01 +02:00
Patrick Uiterwijk
f3fb0336e3 Enable TLS proxying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 21:21:51 +02:00
Patrick Uiterwijk
3376cddd32 Turns out that fedora-alt needs even more than 3 minutes... jeez 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 00:39:40 +02:00
Patrick Uiterwijk
6833e584a5 Fix redirect 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 20:45:31 +00:00
Patrick Uiterwijk
c6ce3621b8 Move the ostree redirect to dl.fp.o 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 22:43:33 +02:00
Patrick Uiterwijk
c72bca84f4 Use the correct location for F27 FAW 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 21:57:43 +02:00
Patrick Uiterwijk
e7cf461e0c Deploy 'brokenostreekojipkgs' to avoid https (and thus http/2) for ostree 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 21:51:27 +02:00
Patrick Uiterwijk
c4157bb821 For now, revert the combined registry, until blocking facts are fixed 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 23:55:30 +02:00
Patrick Uiterwijk
3fd13202c8 Our registry is publicly readable to the world 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 23:45:36 +02:00
Patrick Uiterwijk
6f6a5efd5d Add keephost for bodhi 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-13 15:52:10 +00:00
Patrick Uiterwijk
0947c0f3a5 Move the redirect to dl.fp.o 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-11 12:30:20 -04:00
Patrick Uiterwijk
0ba63db834 Make the atomic rewrite happen at the proxies 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-11 11:49:51 -04:00
Patrick Uiterwijk
89fc603a89 Allow GET/HEAD requesting by everything 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-23 18:02:32 +01:00
Till Maas
8f7acb0dde Increase HSTS max age to one year 
The HSTS preload list requires this now: https://hstspreload.org/
 2018-02-07 12:42:36 +01:00
Patrick Uiterwijk
ad58850372 Add CentOS registry info 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-02-02 10:08:14 +00:00
Patrick Uiterwijk
e342afe8d3 Deploy the registry multi-tenant in staging 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-01-24 22:29:37 +01:00
Patrick Uiterwijk
445d4f0919 Move 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-01-24 22:05:15 +01:00
Patrick Uiterwijk
1a0590e5fd Add multitenancy to staging registry 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-01-24 21:53:27 +01:00