- name: Set up those proxy websites. My, my.. hosts: proxies-stg:proxy03.fedoraproject.org:proxy04.fedoraproject.org user: root gather_facts: True vars_files: - /srv/web/infra/ansible/vars/global.yml - "/srv/private/ansible/vars.yml" - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml handlers: - include: "{{ handlers }}/restart_services.yml" vars: - fpo_ips: # Staging - "10.5.126.88" # Production - "85.236.55.5" - "[2001:4178:2:1269::fed1]" - "66.35.62.162" - "80.239.156.214" - "152.19.134.142" - "[2610:28:3090:3001:dead:beef:cafe:fed3]" - "140.211.169.196" - "213.175.193.205" - "[2001:2030:0:2::2]" - "10.5.126.52" - "85.236.55.6" - "[2001:4178:2:1269::fed2]" - "80.239.156.215" - "140.211.169.197" - "213.175.193.206" - "[2001:2030:0:2::3]" - "67.203.2.67" - "[2607:f188::dead:beef:cafe:fed1]" - "192.168.122.2" - wildcard_fpo_ips: # Staging - "10.5.126.88" # Production - "10.5.126.52" - "85.236.55.6" - "[2001:4178:2:1269::fed2]" - "66.35.62.162" - "152.19.134.142" - "80.239.156.215" - "[2610:28:3090:3001:dead:beef:cafe:fed3]" - "140.211.169.197" - "213.175.193.206" - "[2001:2030:0:2::3]" - "67.203.2.67" - "[2607:f188::dead:beef:cafe:fed1]" - "192.168.122.2" pre_tasks: - name: Create /srv/web/ for all the goodies. file: > dest=/srv/web state=directory owner=root group=root mode=0755 tags: - httpd - httpd/website - name: ..and apply the httpd_sys_content_t type recursively to it. file: > dest=/srv/web state=directory setype=httpd_sys_content_t recurse=True tags: - httpd - httpd/website roles: - role: httpd/website name: fedoraproject.org ips: "{{fpo_ips}}" cert_name: "{{wildcard_cert_name}}" server_aliases: [stg.fedoraproject.org] # This is for all the other domains we own # that redirect to http://fedoraproject.org - role: httpd/website name: fedoraproject.com ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" server_aliases: - fedora.redhat.com - fedora.com.my - fedora.my - fedora.pe - fedora.pt - fedora.us - fedoralinux.com - fedoralinux.net - fedoralinux.net - fedoralinux.org - fedoraproject.org.uk - fedoraproject.com - fedoraproject.com.my - fedoraproject.net - projectofedora.org - www.fedora.pe - www.fedora.pt - www.fedora.redhat.com - www.fedora.us - www.fedoralinux.com - www.fedoralinux.net - www.fedoralinux.org - www.fedoraproject.com - www.fedoraproject.com - www.fedoraproject.net - www.fedoraproject.org - www.fedoraproject.org.uk - www.projectofedora.org - role: httpd/website name: admin.fedoraproject.org server_aliases: [admin.stg.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: cloud.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: mirrors.fedoraproject.org server_aliases: [mirrors.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: download.fedoraproject.org server_aliases: - download01.fedoraproject.org - download02.fedoraproject.org - download03.fedoraproject.org - download04.fedoraproject.org - download05.fedoraproject.org - download06.fedoraproject.org - download07.fedoraproject.org - download08.fedoraproject.org - download09.fedoraproject.org - download10.fedoraproject.org - download.stg.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: translate.fedoraproject.org server_aliases: [translate.stg.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: spins.fedoraproject.org server_aliases: - spins.stg.fedoraproject.org - spins-test.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: smolts.org ssl: false server_aliases: - smolt.fedoraproject.org - stg.smolts.org - www.smolts.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: docs.fedoraproject.org server_aliases: - doc.fedoraproject.org - docs.stg.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bodhi.fedoraproject.org server_aliases: [bodhi.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bugz.fedoraproject.org server_aliases: [bugz.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org - accounts.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org - accounts.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoracommunity.org server_aliases: - www.fedoracommunity.org - stg.fedoracommunity.org ssl: false ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: get.fedoraproject.org server_aliases: [get.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: help.fedoraproject.org server_aliases: [help.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: it.fedoracommunity.org server_aliases: [it.fedoracommunity.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: uk.fedoracommunity.org server_aliases: - uk.fedoracommunity.org - www.uk.fedoracommunity.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: people.fedoraproject.org server_aliases: [people.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: join.fedoraproject.org server_aliases: [join.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: l10n.fedoraproject.org server_aliases: [l10n.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: start.fedoraproject.org server_aliases: [start.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: kde.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: nightly.fedoraproject.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: port389.org server_aliases: - www.port389.org - 389tcp.org - www.389tcp.org ssl: false ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoramagazine.org server_aliases: [www.fedoramagazine.org] cert_name: fedoramagazine.org SSLCertificateChainFile: fedoramagazine.org.intermediate.cert ips: "{{wildcard_fpo_ips}}" - role: httpd/website name: k12linux.org server_aliases: - www.k12linux.org ssl: false ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fonts.fedoraproject.org server_aliases: [fonts.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: meetbot.fedoraproject.org server_aliases: [meetbot.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fudcon.fedoraproject.org server_aliases: [fudcon.stg.fedoraproject.org] ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: ask.fedoraproject.org server_aliases: [ask.stg.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: badges.fedoraproject.org server_aliases: [badges.stg.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: darkserver.fedoraproject.org server_aliases: [darkserver.stg.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: paste.fedoraproject.org server_aliases: - paste.stg.fedoraproject.org - fpaste.org - www.fpaste.org ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: apps.fedoraproject.org server_aliases: [apps.stg.fedoraproject.org] sslonly: true gzip: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" # Kinda silly that we have two entries here, one for prod and one for stg. # This is inherited from our puppet setup -- we can collapse them as soon as # is convenient. -- threebean - role: httpd/website name: taskotron.fedoraproject.org server_aliases: [taskotron.fedoraproject.org] sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: taskotron.stg.fedoraproject.org server_aliases: [taskotron.stg.fedoraproject.org] # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert sslonly: true ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: lists.fedoraproject.org server_aliases: [lists.stg.fedoraproject.org] sslonly: true # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: id.fedoraproject.org server_aliases: - "*.id.fedoraproject.org" ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert - role: httpd/website name: id.stg.fedoraproject.org server_aliases: - "*.id.stg.fedoraproject.org" ips: "{{wildcard_fpo_ips}}" cert_name: "{{wildcard_cert_name}}" SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/website name: getfedora.org server_aliases: [stg.getfedora.org] sslonly: true ips: "{{fpo_ips}}" cert_name: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - role: httpd/website name: qa.fedoraproject.org ips: "{{fpo_ips}}" cert_name: "{{wildcard_cert_name}}" server_aliases: [qa.stg.fedoraproject.org] sslonly: true - role: httpd/website name: redirect.fedoraproject.org server_aliases: [redirect.stg.fedoraproject.org] sslonly: true gzip: true ips: "{{fpo_ips}}" cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: geoip.fedoraproject.org server_aliases: [geoip.stg.fedoraproject.org] sslonly: true ips: "{{fpo_ips}}" cert_name: "{{wildcard_cert_name}}"