Start working on stunnel for pagure

2015-06-18 19:19:07 +02:00 · 2015-06-18 19:19:07 +02:00 · bcd2be9627
commit bcd2be9627
parent ad5855775f
4 changed files with 60 additions and 0 deletions
--- a/inventory/group_vars/pagure-stg
+++ b/inventory/group_vars/pagure-stg
@ -13,6 +13,10 @@ tcp_ports: [ 22, 25, 80, 443, 9418,
    # This is for the pagure public fedmsg relay
    9940]

+stunnel_service: "eventsource"
+stunnel_source_port: 8080
+stunnel_destination_port: 8080
+
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
--- a/roles/pagure/frontend/files/stunnel.service
+++ b/roles/pagure/frontend/files/stunnel.service
@ -0,0 +1,14 @@
+[Unit]
+Description=stunnel
+After=network.target
+Documentation=https://infrastructure.fedoraproject.org/infra/docs/fedmsg-websocket.txt
+
+[Service]
+ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
+Type=forking
+User=root
+Group=root
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@ -127,6 +127,39 @@
  - restart pagure_milter


+# Set-up stunnel for the event source server
+
+- name: install stunnel service definition
+  copy: src=stunnel.service
+        dest=/usr/lib/systemd/system/stunnel.service
+        owner=root group=root mode=0755
+  notify:
+  - reload systemd
+  - restart stunnel
+  tags:
+  - pagure
+  - stunnel
+
+- name: ensure old stunnel init file is gone
+  file: dest=/etc/init.d/stunnel/stunnel.init state=absent
+  tags:
+  - pagure
+  - stunnel
+  - config
+
+- name: install stunnel.conf
+  template: src={{ item.file }}
+            dest={{ item.dest }}
+            owner=root group=root mode=0600
+  with_items:
+  - { file: stunnel-conf.j2, dest: /etc/stunnel/stunnel.conf }
+  notify: restart stunnel
+  tags:
+  - pagure
+  - stunnel
+  - config
+
+
 # Set-up Pagure

 - name: create the /var/www/releases folder
@ -165,6 +198,7 @@
  copy: >
      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
      owner=root group=root mode=0600
+  notify: restart stunnel
  with_items:
  - pagure.io.cert
  - pagure.io.key
--- a/roles/pagure/frontend/templates/stunnel-conf.j2
+++ b/roles/pagure/frontend/templates/stunnel-conf.j2
@ -0,0 +1,8 @@
+cert = /etc/pki/tls/certs/pagure.io.cert
+key = /etc/pki/tls/certs/pagure.io.key
+pid = /var/run/stunnel.pid
+
+[{{ stunnel_service }}]
+
+accept = {{ stunnel_source_port }}
+connect = {{ stunnel_destination_port }}