411 lines
11 KiB
YAML
411 lines
11 KiB
YAML
- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
|
|
hosts: proxies-stg:proxies
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
handlers:
|
|
- include: "{{ handlers }}/restart_services.yml"
|
|
|
|
vars:
|
|
- varnish_url: http://localhost:6081
|
|
|
|
pre_tasks:
|
|
|
|
- name: Remove some crusty files from bygone eras
|
|
file: dest=/etc/httpd/conf.d/{{item}} state=absent
|
|
with_items:
|
|
- meetbot.fedoraproject.org/reversepassproxy.conf
|
|
- meetbot.fedoraproject.org/meetbot.conf
|
|
notify:
|
|
- restart apache
|
|
tags:
|
|
- httpd
|
|
- httpd/reverseproxy
|
|
|
|
|
|
roles:
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: nagios
|
|
localpath: /nagios
|
|
remotepath: /nagios
|
|
proxyurl: http://noc01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: nagios-external
|
|
localpath: /nagios-external
|
|
remotepath: /nagios-external
|
|
proxyurl: http://noc02
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mailman
|
|
localpath: /mailman
|
|
remotepath: /mailman
|
|
proxyurl: http://collab03.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mailman-icons
|
|
localpath: /icons
|
|
remotepath: /icons
|
|
proxyurl: http://collab03.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: lists.fedoraproject.org
|
|
proxyurl: http://localhost:10033
|
|
destname: mailman3
|
|
when: env == "staging"
|
|
|
|
# The place for the raw originals
|
|
- role: httpd/reverseproxy
|
|
website: meetbot-raw.fedoraproject.org
|
|
destname: meetbot
|
|
remotepath: /meetbot/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://value01
|
|
|
|
# The place for the fancy mote view
|
|
- role: httpd/reverseproxy
|
|
website: meetbot.fedoraproject.org
|
|
destname: mote
|
|
#remotepath: /mote/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://value01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: gallery
|
|
localpath: /gallery
|
|
proxyurl: http://localhost:10034
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: nuancier
|
|
localpath: /nuancier
|
|
remotepath: /nuancier
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10035
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: github2fedmsg
|
|
localpath: /github2fedmsg
|
|
remotepath: /github2fedmsg
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10037
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: fedora-notifications
|
|
localpath: /notifications
|
|
remotepath: /notifications
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10036
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: packages
|
|
localpath: /packages
|
|
remotepath: /packages
|
|
proxyurl: http://localhost:10016
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: tagger
|
|
localpath: /tagger
|
|
remotepath: /tagger
|
|
rewrite: true
|
|
proxyurl: http://localhost:10017
|
|
|
|
- role: httpd/reverseproxy
|
|
website: ask.fedoraproject.org
|
|
destname: askbot
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: darkserver.fedoraproject.org
|
|
destname: darkserver
|
|
remotepath: /darkserver/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://darkserver01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: paste.fedoraproject.org
|
|
destname: sticky-notes
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: totpcgiprovision
|
|
localpath: /totpcgiprovision
|
|
proxyurl: http://localhost:10019
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: fas
|
|
remotepath: /accounts
|
|
localpath: /accounts
|
|
proxyurl: http://localhost:10004
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: elections
|
|
remotepath: /voting
|
|
localpath: /voting
|
|
proxyurl: http://localhost:10007
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: fedora-mobile
|
|
remotepath: /mobile
|
|
localpath: /mobile
|
|
proxyurl: http://fedora-infra.github.io
|
|
|
|
# Fedoauth is odd here -- it has an entry for both stg and prod.
|
|
- role: httpd/reverseproxy
|
|
website: id.stg.fedoraproject.org
|
|
destname: id
|
|
proxyurl: http://localhost:10020
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: id.fedoraproject.org
|
|
destname: id
|
|
proxyurl: http://localhost:10020
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: datagrepper
|
|
remotepath: /datagrepper
|
|
localpath: /datagrepper
|
|
rewrite: true
|
|
proxyurl: http://localhost:10028
|
|
|
|
- role: httpd/reverseproxy
|
|
website: badges.fedoraproject.org
|
|
destname: badges
|
|
proxyurl: http://localhost:10032
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: fedocal
|
|
remotepath: /calendar
|
|
localpath: /calendar
|
|
header_scheme: true
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: kerneltest
|
|
remotepath: /kerneltest
|
|
localpath: /kerneltest
|
|
header_scheme: true
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: qa.fedoraproject.org
|
|
destname: blockerbugs
|
|
remotepath: /blockerbugs
|
|
localpath: /blockerbugs
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: fp-wiki
|
|
wpath: /w
|
|
wikipath: /wiki
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: pkgdb
|
|
remotepath: /pkgdb
|
|
localpath: /pkgdb
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: bodhi
|
|
remotepath: /updates
|
|
localpath: /updates
|
|
proxyurl: http://localhost:10009
|
|
when: env != "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: bodhi.fedoraproject.org
|
|
destname: bodhi
|
|
proxyurl: http://localhost:10010
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mirrormanager
|
|
remotepath: /mirrormanager
|
|
localpath: /mirrormanager
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: mirrors.fedoraproject.org
|
|
destname: mirrormanager-mirrorlist
|
|
proxyurl: http://localhost:10002
|
|
|
|
- role: httpd/reverseproxy
|
|
website: download.fedoraproject.org
|
|
destname: mirrormanager-redirector
|
|
proxyurl: http://localhost:10002
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: koschei
|
|
localpath: /koschei
|
|
remotepath: /koschei
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: yk-val
|
|
remotepath: /yk-val/verify
|
|
localpath: /yk-val/verify
|
|
proxyurl: http://localhost:10004
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: pager
|
|
remotepath: /pager
|
|
localpath: /pager
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://sundries01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: awstats
|
|
remotepath: /awstats
|
|
localpath: /awstats
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: epylog
|
|
remotepath: /epylog
|
|
localpath: /epylog
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: maps
|
|
remotepath: /maps
|
|
localpath: /maps
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: freemedia
|
|
remotepath: /freemedia
|
|
localpath: /freemedia
|
|
proxyurl: http://localhost:10011
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: docs-backend
|
|
localpath: /docs-backend
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://docs-backend01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: collectd
|
|
localpath: /collectd
|
|
remotepath: /collectd
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
### Four entries for taskotron for production
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://taskotron01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-resultsdb
|
|
localpath: /resultsdb
|
|
remotepath: /resultsdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-resultsdbapi
|
|
localpath: /resultsdb_api
|
|
remotepath: /resultsdb_api
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-execdb
|
|
localpath: /execdb
|
|
remotepath: /execdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
### And four entries for taskotron for staging
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://taskotron-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-resultsdb
|
|
localpath: /resultsdb
|
|
remotepath: /resultsdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-resultsdbapi
|
|
localpath: /resultsdb_api
|
|
remotepath: /resultsdb_api
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-execdb
|
|
localpath: /execdb
|
|
remotepath: /execdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
### Beaker staging
|
|
- role: httpd/reverseproxy
|
|
website: beaker.stg.fedoraproject.org
|
|
destname: beaker-stg
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://beaker-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
|
|
# This one gets its own role (instead of httpd/reverseproxy) so that it can
|
|
# copy in some silly static resources (globe.png, index.html)
|
|
- role: geoip-city-wsgi/proxy
|
|
website: geoip.fedoraproject.org
|
|
proxyurl: http://localhost:10029
|