Proxy config for gather-easyfix and fedmsg-crl.

playbooks/groups/proxies-miscellaneous.yml

@@ -21,3 +21,11 @@
 
   - role: httpd/fingerprints
     website: admin.fedoraproject.org
+
+  - role: easyfix/proxy
+    website: fedoraproject.org
+    path: /easyfix
+ 
+  - role: fedmsg/crl
+    website: fedoraproject.org
+    path: /fedmsg

playbooks/groups/proxies.yml

@@ -51,8 +51,6 @@
   #
   # - smolt::proxy -- note going to do this.  smolt is dead.  long live smolt.
   #
-  # - gather-easyfix::proxy
-  # - fedmsg::proxy-crl
   # - review-stats::proxy
   # - membership-map::proxy
   #

roles/easyfix/proxy/files/sync-easyfix.cron

@@ -0,0 +1 @@
+5,35 * * * * root /usr/bin/rsync -a --delete sundries01::gather-easyfix/* /srv/web/gather-easyfix/ >& /dev/null

roles/easyfix/proxy/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: Ensure dir for content exists
+  file: dest=/srv/web/gather-easyfix owner=root group=root mode=0755 state=directory
+  tags:
+  - easyfix
+  - easyfix/proxy
+
+- name: Put the proxy config in place
+  template: >
+    src=gather-easyfix.conf
+    dest=/etc/httpd/conf.d/{{website}}/gather-easyfix.conf
+    owner=root group=root mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - easyfix
+  - easyfix/proxy
+
+- name: Install the sync-easyfix cronjob to pull content from gatherer
+  copy: >
+    src=sync-easyfix.cron dest=/etc/cron.d/sync-easyfix.cron
+    owner=root group=root mode=0644
+  tags:
+  - cron
+  - easyfix
+  - easyfix/proxy

roles/easyfix/proxy/templates/gather-easyfix.conf

@@ -0,0 +1,6 @@
+Alias {{path}} /srv/web/gather-easyfix
+
+<Directory /srv/web/gather-easyfix>
+  Options Indexes
+  AllowOverride None
+</Directory>

roles/fedmsg/crl/tasks/main.yml

@@ -0,0 +1,44 @@
+# fedmsg has a relatively static CRL (certificate revocation list) that  
+# needs to be publicly accessible.  We pull it here from the private     
+# repo and throw it into fedoraproject.org/fedmsg/crl.pem                
+# See http://infrastructure.fedoraproject.org/infra/docs/fedmsg-certs.txt
+
+- name: Ensure dir for content exists
+  file: dest=/srv/web/fedmsg owner=root group=root mode=0755 state=directory
+  tags:
+  - fedmsg
+  - fedmsg/crl
+  - fedmsg/proxy
+
+- name: Copy over our crl from the private repo
+  copy: >
+    src={{private}}/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem
+    owner=root group=root mode=0644
+  tags:
+  - fedmsg
+  - fedmsg/crl
+  - fedmsg/proxy
+
+# Also expose the ca cert.  Everybody gets this and can read it.  Public!
+# End users (fedmsg-notify) need it to be able to validate our outbound  
+# messages.                                                              
+- name: Copy over our crl from the private repo
+  copy: >
+    src={{private}}/fedmsg-certs/keys/crl.pem dest=/srv/web/fedmsg/crl.pem
+    owner=root group=root mode=0644
+  tags:
+  - fedmsg
+  - fedmsg/crl
+  - fedmsg/proxy
+
+- name: Put the proxy config in place
+  template: >
+    src=fedmsg.conf
+    dest=/etc/httpd/conf.d/{{website}}/fedmsg.conf
+    owner=root group=root mode=0644
+  notify:
+  - restart httpd
+  tags:
+  - fedmsg
+  - fedmsg/crl
+  - fedmsg/proxy

roles/fedmsg/crl/templates/fedmsg.conf

@@ -0,0 +1,6 @@
+Alias {{path}} /srv/web/fedmsg
+
+<Directory /srv/web/fedmsg>
+  Options Indexes
+  AllowOverride None
+</Directory>