July 2016 - sysadmin-notify

[ansible] Improve cgit url to avoid free/nonfree

by Nicolas Chauvet

commit 083125c013e27faefdd7911a498646dbbdf649b9 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Tue Jul 26 09:53:08 2016 +0200 Improve cgit url to avoid free/nonfree roles/pkgdb2/templates/pkgdb2.cfg | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg index f1c852d..5fd3f82 100644 --- a/roles/pkgdb2/templates/pkgdb2.cfg +++ b/roles/pkgdb2/templates/pkgdb2.cfg @@ -207,7 +207,7 @@ BASE_REPO_URL = 'http://download1.rpmfusion.org/%s/' #PKGS_BUG_URL = 'https://apps.rpmfusion.org/packages/%s/bugs' PKGS_BUG_URL = 'https://bugzilla.rpmfusion.org/buglist.cgi?query_format=specific&order=re...' PKGS_PKG_URL = 'http://rpmfusion.org/Package/%s' -CGIT_URL = 'https://pkgs.rpmfusion.org/cgit/%s.git/' +CGIT_URL = 'https://pkgs.rpmfusion.org/cgit/?q=%s' BODHI_URL = 'https://admin.rpmfusion.org/updates/?packages=%s' KOJI_URL = 'http://koji.rpmfusion.org/koji/search?'\ 'type=package&match=glob&terms=%s'

8 years, 5 months

1
0
0 / 0

[ansible] Kojiweb: don't use our self-signed certificate by default

by Nicolas Chauvet

commit 95e0858846744e63fbb29480b9ed79ce1b5db900 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Mon Jul 25 15:03:21 2016 +0200 Kojiweb: don't use our self-signed certificate by default roles/koji_hub/templates/web.conf.j2 | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2 index ae2becf..833e324 100644 --- a/roles/koji_hub/templates/web.conf.j2 +++ b/roles/koji_hub/templates/web.conf.j2 @@ -14,7 +14,7 @@ KojiHubURL = http://arm.koji.rpmfusion.org/kojihub KojiFilesURL = http://arm.koji.rpmfusion.org/kojifiles {% else %} KojiHubURL = http://koji.rpmfusion.org/kojihub -KojiFilesURL = https://koji.rpmfusion.org/kojifiles +KojiFilesURL = http://koji.rpmfusion.org/kojifiles {% endif %} # SSL authentication options

8 years, 5 months

1
0
0 / 0

[ansible] Add bugzilla02 to reverseproxy

by Nicolas Chauvet

commit 9c64409d7d2fa10c6eec0c0e143a15d97a46fb8a Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 17:23:26 2016 +0200 Add bugzilla02 to reverseproxy playbooks/include/proxies-reverseproxy.yml | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) --- diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index d428703..4321dce 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -18,3 +18,8 @@ # destname: id # proxyurl: http://localhost:10020 + - role: httpd/reverseproxy + website: bugzilla.rpmfusion.org + destname: bugzilla02 + proxyurl: http://bugzilla02 +

8 years, 5 months

1
0
0 / 0

[ansible] Avoid override ssl.conf in distgit

by Nicolas Chauvet

commit 0c8fcc05ab52068926f16419fbc73139066c9b76 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 17:20:00 2016 +0200 Avoid override ssl.conf in distgit playbooks/include/proxies-reverseproxy.yml | 8 ++-- roles/distgit/files/ssl.conf | 50 -------------------------- roles/distgit/tasks/main.yml | 5 --- roles/httpd/mod_ssl/files/ssl.conf | 52 ++++++++++++++++++++++++++- 4 files changed, 54 insertions(+), 61 deletions(-) --- diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 2a239e5..d428703 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -13,8 +13,8 @@ roles: - - role: httpd/reverseproxy - website: id.rpmfusion.org - destname: id - proxyurl: http://localhost:10020 +# - role: httpd/reverseproxy +# website: id.rpmfusion.org +# destname: id +# proxyurl: http://localhost:10020 diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index f7745f9..f8eedb9 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -24,11 +24,6 @@ notify: - reload httpd -- name: install the mod_ssl configuration - copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf - notify: - - reload httpd - - name: allow httpd to access the files on NFS seboolean: name=httpd_use_nfs state=yes persistent=yes diff --git a/roles/httpd/mod_ssl/files/ssl.conf b/roles/httpd/mod_ssl/files/ssl.conf index f0eadd7..9bb59bc 100644 --- a/roles/httpd/mod_ssl/files/ssl.conf +++ b/roles/httpd/mod_ssl/files/ssl.conf @@ -1,2 +1,50 @@ -LoadModule ssl_module modules/mod_ssl.so -SSLRandomSeed connect "file:/dev/random" 1024 +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(1024000) +SSLSessionCacheTimeout 600 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect file:/dev/random 1024 +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec

8 years, 5 months

1
0
0 / 0

[ansible] Remove reverseproxy

by Nicolas Chauvet

commit 583d0ec17e9368f8b34def275c334c0e78133ecc Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 17:10:57 2016 +0200 Remove reverseproxy playbooks/include/proxies-reverseproxy.yml | 21 --------------------- 1 files changed, 0 insertions(+), 21 deletions(-) --- diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index ba08e9b..2a239e5 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -13,29 +13,8 @@ roles: -# - role: httpd/reverseproxy -# website: admin.rpmfusion.org -# destname: nagios -# localpath: /nagios -# remotepath: /nagios -# proxyurl: http://noc0 - - role: httpd/reverseproxy website: id.rpmfusion.org destname: id proxyurl: http://localhost:10020 - - role: httpd/reverseproxy - website: admin.rpmfusion.org - destname: pkgdb02 - remotepath: /pkgdb - localpath: /pkgdb - proxyurl: http://pkgdb02 - - - role: httpd/reverseproxy - website: admin.rpmfusion.org - destname: bodhi01 - remotepath: /bodhi - localpath: /bodhi - proxyurl: http://bodhi01 -

8 years, 5 months

1
0
0 / 0

[ansible] Fixup alias on 80

by Nicolas Chauvet

commit e53baf980996484b18f9f8a70791a0f1e4bd0984 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 17:06:12 2016 +0200 Fixup alias on 80 roles/distgit/files/pkgs.rpmfusion.org.conf | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) --- diff --git a/roles/distgit/files/pkgs.rpmfusion.org.conf b/roles/distgit/files/pkgs.rpmfusion.org.conf index a1271c8..f01aa6b 100644 --- a/roles/distgit/files/pkgs.rpmfusion.org.conf +++ b/roles/distgit/files/pkgs.rpmfusion.org.conf @@ -35,6 +35,8 @@ <VirtualHost *:80> + Alias /repo/ /srv/cache/lookaside/ + ServerName pkgs.rpmfusion.org ServerAdmin root(a)rpmfusion.org

8 years, 5 months

1
0
0 / 0

[ansible] remove log01

by Nicolas Chauvet

commit 2a4cc82a2213fa1cf80a7b10803142994ec96c5b Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 17:04:15 2016 +0200 remove log01 playbooks/include/proxies-reverseproxy.yml | 7 ------- 1 files changed, 0 insertions(+), 7 deletions(-) --- diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index 7cc79ea..ba08e9b 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -39,10 +39,3 @@ localpath: /bodhi proxyurl: http://bodhi01 - - role: httpd/reverseproxy - website: admin.rpmfusion.org - destname: collectd - localpath: /collectd - remotepath: /collectd - proxyurl: http://log01 -

8 years, 5 months

1
0
0 / 0

[ansible] Override pkgs.rpmfusion.org in distdit

by Nicolas Chauvet

commit d47ecd9692213500f29ffebbeca9c423bb0e5c42 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 16:42:59 2016 +0200 Override pkgs.rpmfusion.org in distdit playbooks/include/proxies-websites.yml | 11 ++++++----- roles/distgit/files/pkgs.rpmfusion.org.conf | 12 +++++++----- 2 files changed, 13 insertions(+), 10 deletions(-) --- diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index fc362c9..a39b3bd 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -90,10 +90,11 @@ cert_name: "{{wildcard_cert_name}}" - - role: httpd/website - name: pkgs.rpmfusion.org - sslonly: false - cert_name: pkgs.rpmfusion.org - SSLCertificateChainFile : pkgs.rpmfusion.org-intermediate.cert +# Overrided in distgit role +# - role: httpd/website +# name: pkgs.rpmfusion.org +# sslonly: false +# cert_name: pkgs.rpmfusion.org +# SSLCertificateChainFile : pkgs.rpmfusion.org-intermediate.cert diff --git a/roles/distgit/files/pkgs.rpmfusion.org.conf b/roles/distgit/files/pkgs.rpmfusion.org.conf index 2e8840e..a1271c8 100644 --- a/roles/distgit/files/pkgs.rpmfusion.org.conf +++ b/roles/distgit/files/pkgs.rpmfusion.org.conf @@ -1,11 +1,11 @@ # SSL host -<VirtualHost pkgs.rpmfusion.org:443> +<VirtualHost *:443> # This alias must come before the /repo/ one to avoid being overridden. ScriptAlias /repo/pkgs/upload.cgi /srv/web/upload.cgi Alias /repo/ /srv/cache/lookaside/ ServerName pkgs.rpmfusion.org - ServerAdmin sysadmin(a)lists.rpmfusion.org + ServerAdmin root(a)rpmfusion.org SSLEngine on @@ -33,11 +33,13 @@ </VirtualHost> -<VirtualHost pkgs.rpmfusion.org:80> +<VirtualHost *:80> ServerName pkgs.rpmfusion.org - ServerAdmin sysadmin(a)lists.rpmfusion.org + ServerAdmin root(a)rpmfusion.org + + + include "conf.d/pkgs.rpmfusion.org/*.conf" -Redirect / https://pkgs.rpmfusion.org/ </VirtualHost>

8 years, 5 months

1
0
0 / 0

[ansible] Fixup redirect community

by Nicolas Chauvet

commit 640efdedecd28817cd62bfec03ec446d28b9f72d Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 16:37:51 2016 +0200 Fixup redirect community playbooks/include/proxies-redirects.yml | 7 ------- 1 files changed, 0 insertions(+), 7 deletions(-) --- diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 0a85049..f72d502 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -13,13 +13,6 @@ roles: - # Various app redirects - - role: httpd/redirect - name: community - website: admin.rpmfusion.org - path: /community - target: https://apps.fedoraproject.org/packages - # - role: httpd/redirect # name: fas # website: fas.rpmfusion.org

8 years, 5 months

1
0
0 / 0

[ansible] Fixup redirect

by Nicolas Chauvet

commit a236411eaef36cf182e90c4f91239d4da5aaad79 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Jul 22 16:37:21 2016 +0200 Fixup redirect playbooks/include/proxies-redirects.yml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) --- diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 87db0e1..0a85049 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -29,7 +29,7 @@ name: fas website: admin.rpmfusion.org path: /accounts - target: https://fas.rpmfusion.org + target: https://fas.rpmfusion.org/ - role: httpd/redirectmatch name: mailman

8 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify July 2016