Firmware: add a proxy to reach downloads.dell.com

Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>

roles/firmware_proxy/files/httpd_vhost.conf

@@ -0,0 +1,27 @@
+Listen 8080
+<VirtualHost *:8080>
+    # Enable forward proxy
+    ProxyRequests On
+    ProxyVia On
+
+    # Restrict access to mgmt vlans
+    <Proxy *>
+        Require ip 10.16.160.0/24
+        Require ip 10.16.160.1/24
+    </Proxy>
+
+    # Only proxy to Dell links
+    <ProxyMatch "^https?://.*\.?dell\.com">
+        Require ip 10.16.160.0/24
+        Require ip 10.16.161.0/24
+    </ProxyMatch>
+
+    # Deny everything else
+    <ProxyMatch "^(?!.*\.?dell\.com)">
+        Require all denied
+    </ProxyMatch>
+
+    # Logging
+    ErrorLog logs/firmware-proxy-error.log
+    CustomLog logs/firmware-proxy-access.log combined
+</VirtualHost>

roles/firmware_proxy/tasks/main.yml

@@ -0,0 +1,17 @@
+## A playbook for an httpd proxy which relays
+# the firmware catalogs to the Dell iDRACs
+#
+# Currently this is just an Apache vhost and restart
+#
+---
+- name: Copy over proxy httpd vhost
+  ansible.builtin.copy:
+    src: httpd_vhost.conf
+    dest: /etc/httpd/conf.d/firmware-proxy.conf
+    owner: root
+    group: root
+    mode: '0644'
+  tags:
+  - firmware_proxy
+  notify:
+    - Reload httpd