- name: Set up those proxy websites. My, my.. hosts: proxies-stg:proxies user: root gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - include: "{{ handlers }}/restart_services.yml" pre_tasks: - name: Install policycoreutils-python yum: pkg=policycoreutils-python state=present - name: Create /srv/web/ for all the goodies. file: > dest=/srv/web state=directory owner=root group=root mode=0755 tags: - httpd - httpd/website - name: check the selinux context of webdir command: matchpathcon /srv/web register: webdir always_run: yes changed_when: "1 != 1" tags: - config - selinux - httpd - httpd/website - name: /srv/web file contexts command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: webdir.stdout.find('httpd_sys_content_t') == -1 tags: - config - selinux - httpd - httpd/website roles: - role: httpd/website name: fedoraproject.org cert_name: "{{wildcard_cert_name}}" server_aliases: - stg.fedoraproject.org - localhost # This is for all the other domains we own # that redirect to https://fedoraproject.org - role: httpd/website name: fedoraproject.com cert_name: "{{wildcard_cert_name}}" server_aliases: - fedora.asia - fedora.com.my - fedora.cr - fedora.events - fedora.me - fedora.mobi - fedora.my - fedora.org - fedora.org.cn - fedora.pe - fedora.pt - fedora.redhat.com - fedora.software - fedora.tk - fedora.us - fedora.wiki - fedoralinux.com - fedoralinux.net - fedoralinux.org - fedoraproject.asia - fedoraproject.cn - fedoraproject.co.uk - fedoraproject.com - fedoraproject.com.cn - fedoraproject.com.gr - fedoraproject.com.my - fedoraproject.cz - fedoraproject.eu - fedoraproject.gr - fedoraproject.info - fedoraproject.net - fedoraproject.net.cn - fedoraproject.org.uk - fedoraproject.pe - fedoraproject.su - projectofedora.org - www.fedora.asia - www.fedora.com.my - www.fedora.cr - www.fedora.events - www.fedora.me - www.fedora.mobi - www.fedora.org - www.fedora.org.cn - www.fedora.pe - www.fedora.pt - www.fedora.redhat.com - www.fedora.software - www.fedora.tk - www.fedora.us - www.fedora.wiki - www.fedoralinux.com - www.fedoralinux.net - www.fedoralinux.org - www.fedoraproject.asia - www.fedoraproject.cn - www.fedoraproject.co.uk - www.fedoraproject.com - www.fedoraproject.com.cn - www.fedoraproject.com.gr - www.fedoraproject.com.my - www.fedoraproject.cz - www.fedoraproject.eu - www.fedoraproject.gr - www.fedoraproject.info - www.fedoraproject.net - www.fedoraproject.net.cn - www.fedoraproject.org - www.fedoraproject.org.uk - www.fedoraproject.pe - www.fedoraproject.su - www.projectofedora.org - www.getfedora.com - getfedora.com - role: httpd/website name: admin.fedoraproject.org server_aliases: [admin.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: cloud.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: mirrors.fedoraproject.org server_aliases: - mirrors.stg.fedoraproject.org - fedoramirror.net - www.fedoramirror.net cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: src.fedoraproject.org server_aliases: - src.stg.fedoraproject.org cert_name: "{{wildcard_cert_name}}" sslonly: true - role: httpd/website name: download.fedoraproject.org server_aliases: - download01.fedoraproject.org - download02.fedoraproject.org - download03.fedoraproject.org - download04.fedoraproject.org - download05.fedoraproject.org - download06.fedoraproject.org - download07.fedoraproject.org - download08.fedoraproject.org - download09.fedoraproject.org - download10.fedoraproject.org - download.stg.fedoraproject.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: translate.fedoraproject.org server_aliases: [translate.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: spins.fedoraproject.org server_aliases: - spins.stg.fedoraproject.org - spins-test.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: labs.fedoraproject.org server_aliases: - labs.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: arm.fedoraproject.org server_aliases: - arm.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: budget.fedoraproject.org server_aliases: - budget.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: smolts.org ssl: false server_aliases: - smolt.fedoraproject.org - stg.smolts.org - www.smolts.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: docs.fedoraproject.org server_aliases: - doc.fedoraproject.org - docs.stg.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bodhi.fedoraproject.org sslonly: true server_aliases: [bodhi.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: flocktofedora.org server_aliases: - flocktofedora.org - www.flocktofedora.org ssl: true sslonly: true cert_name: flocktofedora.org SSLCertificateChainFile: flocktofedora.org.intermediate.cert - role: httpd/website name: flocktofedora.net server_aliases: - flocktofedora.com - www.flocktofedora.net - www.flocktofedora.com ssl: false - role: httpd/website name: fedora.my server_aliases: - fedora.my ssl: false - role: httpd/website name: copr.fedoraproject.org ssl: true # We need sslonly=false because copr-cli hardcoded http sslonly: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bugz.fedoraproject.org server_aliases: [bugz.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org - accounts.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoracommunity.org server_aliases: - www.fedoracommunity.org - stg.fedoracommunity.org - fedoraproject.community - fedora.community - www.fedora.community - www.fedoraproject.community ssl: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: get.fedoraproject.org server_aliases: [get.stg.fedoraproject.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: help.fedoraproject.org server_aliases: [help.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: it.fedoracommunity.org server_aliases: [it.fedoracommunity.org] cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: uk.fedoracommunity.org server_aliases: - uk.fedoracommunity.org - www.uk.fedoracommunity.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: communityblog.fedoraproject.org server_aliases: [communityblog.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: people.fedoraproject.org server_aliases: [people.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: join.fedoraproject.org server_aliases: [join.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: l10n.fedoraproject.org server_aliases: [l10n.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: start.fedoraproject.org server_aliases: [start.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: kde.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: nightly.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: store.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: port389.org server_aliases: - www.port389.org - 389tcp.org - www.389tcp.org ssl: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: whatcanidoforfedora.org server_aliases: - www.whatcanidoforfedora.org ssl: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoramagazine.org server_aliases: [www.fedoramagazine.org stg.fedoramagazine.org] cert_name: fedoramagazine.org SSLCertificateChainFile: fedoramagazine.org.intermediate.cert - role: httpd/website name: k12linux.org server_aliases: - www.k12linux.org ssl: false cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fonts.fedoraproject.org server_aliases: [fonts.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: meetbot.fedoraproject.org server_aliases: [meetbot.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: meetbot-raw.fedoraproject.org server_aliases: [meetbot-raw.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fudcon.fedoraproject.org server_aliases: [fudcon.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: ask.fedoraproject.org server_aliases: [ask.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: badges.fedoraproject.org server_aliases: [badges.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: darkserver.fedoraproject.org server_aliases: [darkserver.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: paste.fedoraproject.org server_aliases: - paste.stg.fedoraproject.org cert_name: "{{wildcard_cert_name}}" # # Make a website here so we can redirect it to paste.fedoraproject.org # - role: httpd/website name: fpaste.org server_aliases: - www.fpaste.org cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: apps.fedoraproject.org server_aliases: [apps.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: pdc.fedoraproject.org server_aliases: [pdc.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: developer.fedoraproject.org server_aliases: [developer.stg.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert sslonly: true cert_name: "{{wildcard_cert_name}}" # This is just a redirect to developer, to make it easier for people to get # here from Red Hat's developers.redhat.com (ticket #5216). - role: httpd/website name: developers.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: osbs.fedoraproject.org server_aliases: [osbs.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: registry.fedoraproject.org server_aliases: [registry.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" # Kinda silly that we have two entries here, one for prod and one for stg. # This is inherited from our puppet setup -- we can collapse them as soon as # is convenient. -- threebean - role: httpd/website name: taskotron.fedoraproject.org server_aliases: [taskotron.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: taskotron.stg.fedoraproject.org server_aliases: [taskotron.stg.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: lists.fedoraproject.org server_aliases: [lists.stg.fedoraproject.org] sslonly: true # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: id.fedoraproject.org server_aliases: - "*.id.fedoraproject.org" # Must not be sslonly, because example.id.fedoraproject.org must be reachable # via plain http for openid identity support cert_name: wildcard-2014.id.fedoraproject.org SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert - role: httpd/website name: id.stg.fedoraproject.org server_aliases: - "*.id.stg.fedoraproject.org" # Must not be sslonly, because example.id.fedoraproject.org must be reachable # via plain http for openid identity support cert_name: "{{wildcard_cert_name}}" SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/website name: getfedora.org server_aliases: [stg.getfedora.org] sslonly: true cert_name: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - role: httpd/website name: qa.fedoraproject.org cert_name: "{{wildcard_cert_name}}" sslonly: true - role: httpd/website name: openqa.fedoraproject.org cert_name: "{{wildcard_cert_name}}" server_aliases: [openqa.stg.fedoraproject.org] sslonly: true - role: httpd/website name: redirect.fedoraproject.org server_aliases: [redirect.stg.fedoraproject.org] sslonly: true gzip: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: geoip.fedoraproject.org server_aliases: [geoip.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: codecs.fedoraproject.org server_aliases: [codecs.stg.fedoraproject.org] sslonly: true cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: beaker.qa.fedoraproject.org server_aliases: [beaker.qa.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert sslonly: true cert_name: "qa.fedoraproject.org" - role: httpd/website name: beaker.stg.fedoraproject.org server_aliases: [beaker.stg.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert sslonly: true cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: qa.stg.fedoraproject.org server_aliases: [qa.stg.fedoraproject.org] cert_name: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert sslonly: true when: env == "staging" - role: httpd/website name: phab.qa.stg.fedoraproject.org server_aliases: [phab.qa.stg.fedoraproject.org] cert_name: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert sslonly: true when: env == "staging" - role: httpd/website name: docs.qa.stg.fedoraproject.org server_aliases: [docs.qa.stg.fedoraproject.org] cert_name: qa.stg.fedoraproject.org SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert sslonly: true when: env == "staging"