From a2cf1312a23e03f31a83830ba56e005ef8ea4bb5 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 6 Jun 2016 22:31:04 +0000 Subject: [PATCH] first cut at alt.stg site for websites folks --- inventory/group_vars/sundries-stg | 2 +- playbooks/include/proxies-fedora-web.yml | 3 + playbooks/include/proxies-websites.yml | 8 + roles/fedora-web/alt/files/alt.conf | 9 + roles/fedora-web/alt/files/cron-sync-alt | 1 + roles/fedora-web/alt/files/languages.conf | 144 ++++++++++++++++ roles/fedora-web/alt/tasks/main.yml | 18 ++ roles/rsyncd/files/rsyncd.conf.sundries-stg | 175 ++++++++++++++++++++ 8 files changed, 359 insertions(+), 1 deletion(-) create mode 100644 roles/fedora-web/alt/files/alt.conf create mode 100644 roles/fedora-web/alt/files/cron-sync-alt create mode 100644 roles/fedora-web/alt/files/languages.conf create mode 100644 roles/fedora-web/alt/tasks/main.yml create mode 100644 roles/rsyncd/files/rsyncd.conf.sundries-stg diff --git a/inventory/group_vars/sundries-stg b/inventory/group_vars/sundries-stg index 3f11362298..3fa7987979 100644 --- a/inventory/group_vars/sundries-stg +++ b/inventory/group_vars/sundries-stg @@ -14,7 +14,7 @@ fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran master_sundries_node: False # A host group for rsync config -rsync_group: sundries +rsync_group: sundries-stg nrpe_procs_warn: 300 nrpe_procs_crit: 500 diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml index 5f275fe365..de04ede249 100644 --- a/playbooks/include/proxies-fedora-web.yml +++ b/playbooks/include/proxies-fedora-web.yml @@ -46,6 +46,9 @@ when: env == "staging" - role: fedora-web/codecs website: codecs.fedoraproject.org + - role: fedora-web/alt + website: alt.fedoraproject.org + when: env == "staging" # Some other static content, not strictly part of "fedora-web" goes below here - role: fedora-docs/proxy diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index b70afdc682..fb2e5cbd33 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -513,6 +513,14 @@ cert_name: "{{wildcard_cert_name}}" when: env == "staging" + - role: httpd/website + name: alt.fedoraproject.org + server_aliases: + - alt.stg.fedoraproject.org + sslonly: true + cert_name: "{{wildcard_cert_name}}" + when: env == "staging" + # Kinda silly that we have two entries here, one for prod and one for stg. # This is inherited from our puppet setup -- we can collapse them as soon as # is convenient. -- threebean diff --git a/roles/fedora-web/alt/files/alt.conf b/roles/fedora-web/alt/files/alt.conf new file mode 100644 index 0000000000..5e3c62c910 --- /dev/null +++ b/roles/fedora-web/alt/files/alt.conf @@ -0,0 +1,9 @@ +DocumentRoot /srv/web/alt.fedoraproject.org +Alias /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico + +AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript + +FileETag MTime Size + +ExpiresActive On +ExpiresDefault "access plus 5 days" diff --git a/roles/fedora-web/alt/files/cron-sync-alt b/roles/fedora-web/alt/files/cron-sync-alt new file mode 100644 index 0000000000..d55ee36390 --- /dev/null +++ b/roles/fedora-web/alt/files/cron-sync-alt @@ -0,0 +1 @@ +25 * * * * root /usr/bin/rsync --delete -a --no-owner --no-group sundries01::alt.fedoraproject.org/ /srv/web/alt.fedoraproject.org/ diff --git a/roles/fedora-web/alt/files/languages.conf b/roles/fedora-web/alt/files/languages.conf new file mode 100644 index 0000000000..55ac195386 --- /dev/null +++ b/roles/fedora-web/alt/files/languages.conf @@ -0,0 +1,144 @@ +# Define the correct MIME type for specific languages +AddType text/html .bn +AddType text/html .el +AddType text/html .nb +AddType text/html .pl +AddType text/html .tr +AddType text/html .es + +AddLanguage af .af +AddLanguage ar .ar +AddLanguage as .as +AddLanguage ast .ast +AddLanguage bal .bal +AddLanguage bg .bg +AddLanguage bn .bn +AddLanguage bn-in .bn_IN +AddLanguage br .br +AddLanguage ca .ca +AddLanguage cs .cs +AddLanguage da .da +AddLanguage de .de +AddLanguage de-ch .de_CH +AddLanguage el .el +AddLanguage en .en +AddLanguage en-gb .en_GB +AddLanguage es .es +AddLanguage eu .eu +AddLanguage fa .fa +AddLanguage fi .fi +AddLanguage fr .fr +AddLanguage gl .gl +AddLanguage gu .gu +AddLanguage he .he +AddLanguage hi .hi +AddLanguage hu .hu +AddLanguage ia .ia +AddLanguage id .id +AddLanguage is .is +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ka .ka +AddLanguage kn .kn +AddLanguage ko .ko +AddLanguage lv .lv +AddLanguage ml .ml +AddLanguage mr .mr +AddLanguage nb .nb +AddLanguage nl .nl +AddLanguage or .or +AddLanguage pa .pa +AddLanguage pl .pl +AddLanguage pt .pt +AddLanguage pt-br .pt_BR +AddLanguage ro .ro +AddLanguage ru .ru +AddLanguage sk .sk +AddLanguage sq .sq +AddLanguage sr .sr +AddLanguage sv .sv +AddLanguage ta .ta +AddLanguage te .te +AddLanguage tg .tg +AddLanguage th .th +AddLanguage tr .tr +AddLanguage uk .uk +AddLanguage vi .vi +AddLanguage zh-cn .zh_CN +AddLanguage zh-tw .zh_TW + +LanguagePriority en +ForceLanguagePriority Prefer Fallback + +AddDefaultCharset utf-8 + +RewriteEngine on + +RewriteCond %{QUERY_STRING} ^lang=(af|ar|as|ast|bal|bg|bn|bn_IN|br|ca|cs|da|de|de_CH|el|en|en_GB|es|eu|fa|fi|fr|gl|gu|he|hi|hu|ia|id|is|it|ja|ka|kn|ko|lv|ml|mr|nb|nl|or|pa|pl|pt|pt_BR|ro|ru|sk|sq|sr|sv|ta|te|tg|th|tr|uk|vi|zh_CN|zh_TW)$ +RewriteRule ^(?:/(?:af|ar|as|ast|bal|bg|bn|bn_IN|br|ca|cs|da|de|de_CH|el|en|en_GB|es|eu|fa|fi|fr|gl|gu|he|hi|hu|ia|id|is|it|ja|ka|kn|ko|lv|ml|mr|nb|nl|or|pa|pl|pt|pt_BR|ro|ru|sk|sq|sr|sv|ta|te|tg|th|tr|uk|vi|zh_CN|zh_TW))?(/.*)$ /%1$1? [R=301] +AliasMatch ^(?:/(?:af|ar|as|ast|bal|bg|bn|bn_IN|br|ca|cs|da|de|de_CH|el|en|en_GB|es|eu|fa|fi|fr|gl|gu|he|hi|hu|ia|id|is|it|ja|ka|kn|ko|lv|ml|mr|nb|nl|or|pa|pl|pt|pt_BR|ro|ru|sk|sq|sr|sv|ta|te|tg|th|tr|uk|vi|zh_CN|zh_TW))(/.*)?$ /srv/web/alt.fedoraproject.org$1 + + + Options MultiViews + + SetEnvIf Request_URI ^/af/ prefer-language=af + SetEnvIf Request_URI ^/ar/ prefer-language=ar + SetEnvIf Request_URI ^/as/ prefer-language=as + SetEnvIf Request_URI ^/ast/ prefer-language=ast + SetEnvIf Request_URI ^/bal/ prefer-language=bal + SetEnvIf Request_URI ^/bg/ prefer-language=bg + SetEnvIf Request_URI ^/bn/ prefer-language=bn + SetEnvIf Request_URI ^/bn_IN/ prefer-language=bn-in + SetEnvIf Request_URI ^/br/ prefer-language=br + SetEnvIf Request_URI ^/ca/ prefer-language=ca + SetEnvIf Request_URI ^/cs/ prefer-language=cs + SetEnvIf Request_URI ^/da/ prefer-language=da + SetEnvIf Request_URI ^/de/ prefer-language=de + SetEnvIf Request_URI ^/de_CH/ prefer-language=de-ch + SetEnvIf Request_URI ^/el/ prefer-language=el + SetEnvIf Request_URI ^/en/ prefer-language=en + SetEnvIf Request_URI ^/en_GB/ prefer-language=en-gb + SetEnvIf Request_URI ^/es/ prefer-language=es + SetEnvIf Request_URI ^/eu/ prefer-language=eu + SetEnvIf Request_URI ^/fa/ prefer-language=fa + SetEnvIf Request_URI ^/fi/ prefer-language=fi + SetEnvIf Request_URI ^/fr/ prefer-language=fr + SetEnvIf Request_URI ^/gl/ prefer-language=gl + SetEnvIf Request_URI ^/gu/ prefer-language=gu + SetEnvIf Request_URI ^/he/ prefer-language=he + SetEnvIf Request_URI ^/hi/ prefer-language=hi + SetEnvIf Request_URI ^/hu/ prefer-language=hu + SetEnvIf Request_URI ^/ia/ prefer-language=ia + SetEnvIf Request_URI ^/id/ prefer-language=id + SetEnvIf Request_URI ^/is/ prefer-language=is + SetEnvIf Request_URI ^/it/ prefer-language=it + SetEnvIf Request_URI ^/ja/ prefer-language=ja + SetEnvIf Request_URI ^/ka/ prefer-language=ka + SetEnvIf Request_URI ^/kn/ prefer-language=kn + SetEnvIf Request_URI ^/ko/ prefer-language=ko + SetEnvIf Request_URI ^/lv/ prefer-language=lv + SetEnvIf Request_URI ^/ml/ prefer-language=ml + SetEnvIf Request_URI ^/mr/ prefer-language=mr + SetEnvIf Request_URI ^/nb/ prefer-language=nb + SetEnvIf Request_URI ^/nl/ prefer-language=nl + SetEnvIf Request_URI ^/or/ prefer-language=or + SetEnvIf Request_URI ^/pa/ prefer-language=pa + SetEnvIf Request_URI ^/pl/ prefer-language=pl + SetEnvIf Request_URI ^/pt/ prefer-language=pt + SetEnvIf Request_URI ^/pt_BR/ prefer-language=pt-br + SetEnvIf Request_URI ^/ro/ prefer-language=ro + SetEnvIf Request_URI ^/ru/ prefer-language=ru + SetEnvIf Request_URI ^/sk/ prefer-language=sk + SetEnvIf Request_URI ^/sq/ prefer-language=sq + SetEnvIf Request_URI ^/sr/ prefer-language=sr + SetEnvIf Request_URI ^/sv/ prefer-language=sv + SetEnvIf Request_URI ^/ta/ prefer-language=ta + SetEnvIf Request_URI ^/te/ prefer-language=te + SetEnvIf Request_URI ^/tg/ prefer-language=tg + SetEnvIf Request_URI ^/th/ prefer-language=th + SetEnvIf Request_URI ^/tr/ prefer-language=tr + SetEnvIf Request_URI ^/uk/ prefer-language=uk + SetEnvIf Request_URI ^/vi/ prefer-language=vi + SetEnvIf Request_URI ^/zh_CN/ prefer-language=zh-cn + SetEnvIf Request_URI ^/zh_TW/ prefer-language=zh-tw + diff --git a/roles/fedora-web/alt/tasks/main.yml b/roles/fedora-web/alt/tasks/main.yml new file mode 100644 index 0000000000..bd47a0081f --- /dev/null +++ b/roles/fedora-web/alt/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Copy in the sync-alt cronjob + copy: src=cron-sync-alt dest=/etc/cron.d/sync-alt + tags: + - fedora-web + - fedora-web/alt + +- name: Copy some config files for {{website}} + copy: > + src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}} + owner=root group=root mode=0644 + with_items: + - alt.conf + - languages.conf + notify: + - reload httpd + tags: + - fedora-web + - fedora-web/alt diff --git a/roles/rsyncd/files/rsyncd.conf.sundries-stg b/roles/rsyncd/files/rsyncd.conf.sundries-stg new file mode 100644 index 0000000000..c4087ebab5 --- /dev/null +++ b/roles/rsyncd/files/rsyncd.conf.sundries-stg @@ -0,0 +1,175 @@ +pid file = /var/run/rsyncd.pid +syslog facility = daemon +dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso +use chroot = false +transfer logging = false +exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs* + +# For distributing applications +[log] +comment = Server Logs +path = /var/log +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.13 192.168.1.59 + +[docs] +comment = Docs Site +path = /srv/web/docs +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[membership-map] +comment = Ambassadors Membership Map +path = /srv/web/membership-map +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[review-stats] +comment = Package Review Stats +path = /srv/web/review-stats +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[gather-easyfix] +comment = Gather easyfix available in Fedora +path = /srv/web/easyfix +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[fedoraproject.org] +comment = fedoraproject.org +path = /srv/web/fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[spins.fedoraproject.org] +comment = spins.fedoraproject.org +path = /srv/web/spins.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[talk.fedoraproject.org] +comment = talk.fedoraproject.org +path = /srv/web/talk.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[start.fedoraproject.org] +comment = start.fedoraproject.org +path = /srv/web/start.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[boot.fedoraproject.org] +comment = boot.fedoraproject.org +path = /srv/web/boot.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[mirrors.fedoraproject.org] +comment = mirrors.fedoraproject.org +path = /srv/web/mirrors.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[fedoracommunity.org] +comment = fedoracommunity.org +path = /srv/web/fedoracommunity.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[fudcon.fedoraproject.org] +comment = fudcon.fedoraproject.org +path = /srv/web/fudcon.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[flocktofedora.org] +comment = flocktofedora.org +path = /srv/web/flocktofedora.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[getfedora.org] +comment = getfedora.org +path = /srv/web/getfedora.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[labs.fedoraproject.org] +comment = labs.fedoraproject.org +path = /srv/web/labs.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[budget.fedoraproject.org] +comment = budget.fedoraproject.org +path = /srv/web/budget.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[arm.fedoraproject.org] +comment = arm.fedoraproject.org +path = /srv/web/arm.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[developer.fedoraproject.org] +comment = developer.fedoraproject.org +path = /srv/web/developer.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[codecs.fedoraproject.org] +comment = codecs.fedoraproject.org +path = /srv/web/codecs.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 + +[alt.stg.fedoraproject.org] +comment = alt.stg.fedoraproject.org +path = /srv/web/alt.fedoraproject.org +uid = root +gid = root +read only = yes +hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0