Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/playbooks/include/proxies-reverseproxy.yml
Tim Flink 1c6e44180f Proxies: decommission dead taskotron and qa stuff 
This removes proxy bits for all the non-resultsdb taskotron bits that
have been removed and old qa stuff that has been decommissioned
2020-05-21 20:52:28 +00:00

694 lines
18 KiB
YAML
Raw Blame History

- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
hosts: proxies_stg:proxies
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
vars:
- varnish_url: http://localhost:6081
pre_tasks:
- name: Remove some crusty files from bygone eras
file: dest=/etc/httpd/conf.d/{{item}} state=absent
with_items:
- meetbot.fedoraproject.org/reversepassproxy.conf
- meetbot.fedoraproject.org/meetbot.conf
notify:
- reload proxyhttpd
tags:
- httpd
- httpd/reverseproxy
roles:
- role: httpd/reverseproxy
website: copr.fedoraproject.org
destname: coprapi
when: env != "staging"
tags: copr
- role: httpd/reverseproxy
website: copr.fedoraproject.org
destname: copr
proxyurl: http://localhost:10070
keephost: true
when: env == "staging"
tags: copr
- role: httpd/reverseproxy
website: nagios.fedoraproject.org
destname: nagios
remotepath: /
proxyurl: http://noc01.phx2.fedoraproject.org
- role: httpd/reverseproxy
website: lists.fedoraproject.org
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: lists.fedorahosted.org
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: lists.pagure.io
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
# The place for the raw originals
- role: httpd/reverseproxy
website: meetbot-raw.fedoraproject.org
destname: meetbot
remotepath: /meetbot/
# Talk directly to the app server, not haproxy
proxyurl: http://value01
# The place for the fancy mote view
- role: httpd/reverseproxy
website: meetbot.fedoraproject.org
destname: mote
#remotepath: /mote/
# Talk directly to the app server, not haproxy
proxyurl: http://value01
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: nuancier
localpath: /nuancier
remotepath: /nuancier
header_scheme: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: github2fedmsg
localpath: /github2fedmsg
remotepath: /github2fedmsg
header_scheme: true
proxyurl: http://localhost:10037
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: fedora-notifications
localpath: /notifications
remotepath: /notifications
header_scheme: true
proxyurl: http://localhost:10036
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: packages
localpath: /packages
remotepath: /packages
proxyurl: http://localhost:10016
- role: httpd/reverseproxy
website: ask.fedoraproject.org
destname: askbot
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: totpcgiprovision
localpath: /totpcgiprovision
remotepath: /totpcgiprovision
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- fas
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: fas
remotepath: /accounts
localpath: /accounts
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- fas
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: id
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "sso{{ env_suffix }}.fedoraproject.org"
destname: id
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- sso.fedoraproject.org
- role: httpd/reverseproxy
website: "username.id{{ env_suffix }}.fedoraproject.org"
destname: usernameid
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: 00-kdcproxy
remotepath: /KdcProxy
localpath: /KdcProxy
proxyurl: http://localhost:10053
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: 00-ipa
remotepath: /ipa
localpath: /ipa
proxyurl: http://localhost:10061
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: datagrepper
remotepath: /datagrepper
localpath: /datagrepper
rewrite: true
proxyurl: http://localhost:10028
- role: httpd/reverseproxy
website: badges.fedoraproject.org
destname: badges
proxyurl: http://localhost:10032
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: fedocal
remotepath: /calendar
localpath: /calendar
header_scheme: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: kerneltest
remotepath: /kerneltest
localpath: /kerneltest
header_scheme: true
proxyurl: "{{ varnish_url }}"
when: env != "staging"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: kerneltest
remotepath: /kerneltest
localpath: /kerneltest
balancer_name: app-os
targettype: openshift
keephost: true
when: env == "staging"
- role: httpd/reverseproxy
website: kerneltest.fedoraproject.org
destname: kerneltest
balancer_name: app-os
targettype: openshift
keephost: true
tags: kerneltest
header_scheme: true
when: env == "staging"
- role: httpd/reverseproxy
website: qa.fedoraproject.org
destname: blockerbugs
remotepath: /blockerbugs
localpath: /blockerbugs
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: fedoraproject.org
destname: fp-wiki
wpath: /w
wikipath: /wiki
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: bodhi.fedoraproject.org
destname: bodhi
balancer_name: app-os
targettype: openshift
keephost: true
tags: bodhi
#
# fedora core os routes
# These point to openshift
#
- role: httpd/reverseproxy
website: "updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
#
# end coreos
#
- role: httpd/reverseproxy
website: caiapi.fedoraproject.org
destname: caiapi
balancer_name: app-os
targettype: openshift
keephost: true
tags: caiapi
when: env == "staging"
- role: httpd/reverseproxy
website: transtats.fedoraproject.org
destname: transtats
balancer_name: app-os
targettype: openshift
keephost: true
tags: transtats
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: mirrormanager
remotepath: /mirrormanager
localpath: /mirrormanager
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: mirrors.fedoraproject.org
destname: mirrormanager-mirrorlist
proxyurl: http://localhost:10002
- role: httpd/reverseproxy
website: download.fedoraproject.org
destname: mirrormanager-redirector
proxyurl: http://localhost:10002
- role: httpd/reverseproxy
website: koschei.fedoraproject.org
destname: koschei
balancer_name: app-os
targettype: openshift
keephost: true
tags: koschei
- role: httpd/reverseproxy
website: message-tagging-service.fedoraproject.org
destname: message-tagging-service
balancer_name: app-os
targettype: openshift
keephost: true
tags: message-tagging-service
- role: httpd/reverseproxy
website: openqa.fedoraproject.org
destname: openqa
balancer_name: openqa
balancer_members: ['openqa01:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "production"
tags: openqa
- role: httpd/reverseproxy
website: openqa.fedoraproject.org
destname: openqa
balancer_name: openqa-stg
balancer_members: ['openqa-stg01.qa.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: pdc.fedoraproject.org
destname: pdc
proxyurl: http://localhost:10045
header_scheme: true
tags: pdc
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: zanata2fedmsg
localpath: /zanata2fedmsg
remotepath: /zanata2fedmsg
proxyurl: http://localhost:10046
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: yk-val
remotepath: /yk-val/verify
localpath: /yk-val/verify
proxyurl: http://localhost:10004
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: pager
remotepath: /pager
localpath: /pager
# Talk directly to the app server, not haproxy
proxyurl: http://sundries01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: awstats
remotepath: /awstats
localpath: /awstats
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: epylog
remotepath: /epylog
localpath: /epylog
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: maps
remotepath: /maps
localpath: /maps
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: fedoraproject.org
destname: freemedia
remotepath: /freemedia
localpath: /freemedia
proxyurl: http://localhost:10011
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: collectd
localpath: /collectd
remotepath: /collectd
# Talk directly to the app server, not haproxy
proxyurl: http://log01
### entries for resultsdb and resultsdb_frontend
- role: httpd/reverseproxy
website: taskotron.fedoraproject.org
destname: taskotron-resultsdb
localpath: /resultsdb
remotepath: /resultsdb
balancer_name: resultsdb
balancer_members: ['resultsdb01.vpn.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
- role: httpd/reverseproxy
website: taskotron.fedoraproject.org
destname: taskotron-resultsdbapi
localpath: /resultsdb_api
remotepath: /resultsdb_api
balancer_name: resultsdb
balancer_members: ['resultsdb01.vpn.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
### staging entries for resultsdb and resultsdb_frontend
- role: httpd/reverseproxy
website: taskotron.stg.fedoraproject.org
destname: taskotron-resultsdb
localpath: /resultsdb
remotepath: /resultsdb
balancer_name: resultsdb-stg
balancer_members: ['resultsdb-stg01.qa.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: taskotron.stg.fedoraproject.org
destname: taskotron-resultsdbapi
localpath: /resultsdb_api
remotepath: /resultsdb_api
balancer_name: resultsdb-stg
balancer_members: ['resultsdb-stg01.qa.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
# This one gets its own role (instead of httpd/reverseproxy) so that it can
# copy in some silly static resources (globe.png, index.html)
- role: geoip-city-wsgi/proxy
website: geoip.fedoraproject.org
proxyurl: http://localhost:10029
- role: httpd/reverseproxy
website: src.fedoraproject.org
destname: git
proxyurl: http://localhost:10057
header_scheme: true
keephost: true
- role: httpd/reverseproxy
website: osbs.fedoraproject.org
destname: osbs
proxyurl: http://localhost:10047
- role: httpd/reverseproxy
website: registry.fedoraproject.org
destname: registry-fedora
# proxyurl in this one is totally ignored, because Docker.
# (turns out it uses PATCH requests that Varnish cannot deal with)
proxyurl: "{{ varnish_url }}"
tags:
- registry
- role: httpd/reverseproxy
website: registry.centos.org
destname: registry-centos
# proxyurl in this one is totally ignored, because Docker.
# (turns out it uses PATCH requests that Varnish cannot deal with)
proxyurl: "{{ varnish_url }}"
tags:
- registry
- role: httpd/reverseproxy
website: candidate-registry.fedoraproject.org
destname: candidate-registry
proxyurl: http://localhost:10054
- role: httpd/reverseproxy
website: retrace.fedoraproject.org
destname: retrace
proxyurl: http://localhost:10049
when: env == "staging"
- role: httpd/reverseproxy
website: faf.fedoraproject.org
destname: faf
proxyurl: http://localhost:10050
when: env == "staging"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: pps
remotepath: /pps
localpath: /pps
proxyurl: http://localhost:10051
when: env == "staging"
- role: httpd/reverseproxy
website: mbs.fedoraproject.org
destname: mbs
proxyurl: http://localhost:10063
- role: httpd/reverseproxy
website: koji.fedoraproject.org
destname: koji
keephost: true
balancer_name: koji
balancer_members:
- "koji01.phx2.fedoraproject.org"
- "koji02.phx2.fedoraproject.org"
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "production"
- role: httpd/reverseproxy
website: koji.fedoraproject.org
destname: koji
keephost: true
balancer_name: koji
balancer_members:
- "koji01.stg.phx2.fedoraproject.org"
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: kojipkgs.fedoraproject.org
destname: kojipkgs
proxyurl: http://localhost:10062
keephost: true
- role: httpd/reverseproxy
website: "os{{ env_suffix }}.fedoraproject.org"
destname: os
balancer_name: os
targettype: openshift
balancer_members: "{{ openshift_masters }}"
keephost: true
tags:
- os.fedoraproject.org
- role: httpd/reverseproxy
website: "app.os{{ env_suffix }}.fedoraproject.org"
destname: app.os
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- app.os.fedoraproject.org
- role: httpd/reverseproxy
website: odcs.fedoraproject.org
destname: odcs
proxyurl: http://localhost:10066
tags:
- odcs
- role: httpd/reverseproxy
website: greenwave.fedoraproject.org
destname: greenwave
balancer_name: app-os
targettype: openshift
keephost: true
tags: greenwave
- role: httpd/reverseproxy
website: waiverdb.fedoraproject.org
destname: waiverdb
balancer_name: app-os
targettype: openshift
keephost: true
tags: waiverdb
- role: httpd/reverseproxy
website: elections.fedoraproject.org
destname: elections
balancer_name: app-os
targettype: openshift
keephost: true
tags: elections
header_scheme: true
- role: httpd/reverseproxy
website: calendar.fedoraproject.org
destname: calendar
balancer_name: app-os
targettype: openshift
keephost: true
tags: calendar
- role: httpd/reverseproxy
website: mdapi.fedoraproject.org
destname: mdapi
balancer_name: app-os
targettype: openshift
keephost: true
tags: mdapi
- role: httpd/reverseproxy
website: wallpapers.fedoraproject.org
destname: wallpapers
balancer_name: app-os
targettype: openshift
keephost: true
tags: wallpapers
- role: httpd/reverseproxy
website: silverblue.fedoraproject.org
destname: silverblue
balancer_name: app-os
targettype: openshift
keephost: true
tags: silverblue
- role: httpd/reverseproxy
website: release-monitoring.org
destname: release-monitoring
balancer_name: app-os
targettype: openshift
keephost: true
tags: release-montoring.org
- role: httpd/reverseproxy
website: whatcanidoforfedora.org
destname: whatcanidoforfedora
balancer_name: app-os
targettype: openshift
keephost: true
tags: whatcanidoforfedora.org
- role: httpd/reverseproxy
website: fpdc.fedoraproject.org
destname: fpdc
balancer_name: app-os
targettype: openshift
keephost: true
tags: fpdc
- role: httpd/reverseproxy
website: data-analysis.fedoraproject.org
destname: awstats
remotepath: /
localpath: /
proxyurl: http://data-analysis01.phx2.fedoraproject.org
Reference in a new issue View git blame Copy permalink