WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-02 06:20:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
25,848 Commits 9 Branches 0 Tags
7a9bc5aaa00a13efd62c3707a6b60abceebac1b2
Commit Graph

296 Commits

Author SHA1 Message Date
Patrick Uiterwijk
bf6be45d70 Hope that curl fixed their GOAWAY HTTP/2 bug 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-02-25 16:47:23 +01:00
Rick Elrod
0b7bb3b5b3 prep for proxy03 move 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-02-11 23:14:27 +00:00
Patrick Uiterwijk
acf6f6587b Remove workaround for very old ostree 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:27:44 +01:00
Patrick Uiterwijk
f10ce98e0f Disallow cloudfront from accessing ostree refs and summray 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:17:06 +01:00
Rick Elrod
c16f040a40 this dir is needed for robots.txt stuff too 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 03:19:48 +00:00
Rick Elrod
62316d11b2 and make the template point to the new ones 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 02:00:39 +00:00
Rick Elrod
3c2e614eeb Make actual robots.txt files end with .txt so the mime-type is right since apache Alias will preserve the mime-type of the file it points to 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-29 01:49:44 +00:00
Rick Elrod
77644a5183 Attempt to make crawlers stop scanning stg.fp.o (infra #7514) 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-01-28 22:43:00 +00:00
Kevin Fenzi
a158c64f7d elections: drop no longer needed releasepassproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-01-23 14:35:36 +00:00
Kevin Fenzi
564fc0fbf1 mirrormanager: redirect 7Server to 7 for epel download redirects. 
Fixes https://pagure.io/fedora-infrastructure/issue/7444

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2018-12-28 20:15:24 +00:00
Patrick Uiterwijk
afde4968e5 And do https if not disabled 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:50:45 +01:00
Patrick Uiterwijk
158847f9b5 OpenQA is non-HTTPS for backend, sadly 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:49:46 +01:00
Patrick Uiterwijk
ee0748715a Allow the HTTP Connection header to contain more for websockets 
Firefox is hell-bent on sending "keep-alive, Upgrade", which did not match
^Upgrade$....
Let's accept either.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:38:40 +01:00
Kevin Fenzi
7c931b3c20 Remove regindexer redirects outside the directory level. 2018-11-05 17:51:55 +00:00
Kevin Fenzi
d57f891ade Fix staging oci-registry to point to 01 only since we don't have a 02 anymore. 
This commit should make no changes to production and thus shouldn't need a freeze break.
 2018-10-11 22:07:33 +00:00
Patrick Uiterwijk
646010c992 Set a default targettype 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:11:17 +02:00
Patrick Uiterwijk
7fcd6b2afd Set tags correctly on the set_fact 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:09:29 +02:00
Patrick Uiterwijk
f3bdabd73a Word ordering is hard 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:01:25 +02:00
Patrick Uiterwijk
7dc41f8f16 Let's see if it's reversed? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:55:21 +02:00
Patrick Uiterwijk
48bf3be669 Try quoting... It worked last time? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:52:05 +02:00
Patrick Uiterwijk
3ffd179216 Simplify reverseproxy for openshift and setup SSL config for it 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:46:08 +02:00
Patrick Uiterwijk
a0a625fd08 Stop overriding the reverseproxy config for bodhi 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:19:05 +02:00
Mikolaj Izdebski
735d10275c Enable proxying of copr api_2 and api_3 2018-09-27 10:12:45 +00:00
Patrick Uiterwijk
f26ac060cb Only do OCSP stapling on the proxies 
The actual cache is only set in the proxy HTTP config.
While we could set the cache path in the other servers' configs as well,
that would be a significantly larger change.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-25 21:52:12 +02:00
Stephen Smoogen
dde378de0a and this will start a long long long proxy push 2018-09-13 21:27:22 +00:00
Patrick Uiterwijk
12186da25f Fix websockets for prod openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 17:33:01 +02:00
Patrick Uiterwijk
4a385eadba Dont use h2 for (app.)os.stg.fedoraproject.org to fix websockets 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:27:39 +02:00
Patrick Uiterwijk
b97a401f57 Make WebSocket possible for (app.)os.stg.fedoraproject.org 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:24:30 +02:00
Kevin Fenzi
45184ad096 adjust config for regindexer some for testing 2018-08-30 18:27:57 +00:00
Kevin Fenzi
2229869408 sync icons and setup httpd config 2018-08-30 16:21:09 +00:00
Rick Elrod
d370e3dc7a update things for new names 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-08-21 22:20:10 +00:00
Patrick Uiterwijk
74502e1c52 Enable OCSP stapling on the proxies 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-28 23:01:20 +00:00
Rick Elrod
4a60ddc875 Nuke pkgdb some more... and probably break everything. 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-07-19 20:40:14 +00:00
Patrick Uiterwijk
26da0d1a0b For all proxied sites, all acme traffic will go to certgetter 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-17 00:12:39 +00:00
Mikolaj Izdebski
682935e658 Make non-phx2 proxies handle nagios with 421 Misdirected Request 2018-07-16 14:14:11 +00:00
Patrick Uiterwijk
51cd5614be Use the ansible-installed hotspot.txt so we don't fail if web build fails 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-12 00:10:19 +00:00
Patrick Uiterwijk
9ade79edad For hotspot.txt, we want all the stats 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-12 02:01:01 +02:00
Patrick Uiterwijk
53b7a8ce3f Fix typo 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-11 21:30:16 +02:00
Patrick Uiterwijk
0fac774a60 Apply expires for hotspot.txt 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-11 21:22:08 +02:00
Patrick Uiterwijk
6d8240bd5b This is python-like, not C-like 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-11 19:08:56 +00:00
Patrick Uiterwijk
1bf2a7210d Also don't force TLS for hotspot-nocache 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-11 19:07:20 +00:00
Patrick Uiterwijk
598c15bf66 X-F-F must not come from anywhere externally 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-11 01:34:33 +02:00
Kevin Fenzi
3852f60c12 fix torrent02 web config 2018-07-10 20:17:59 +00:00
Patrick Uiterwijk
a387117063 Only use this exception for fp.o 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-28 11:41:48 +02:00
Patrick Uiterwijk
424d7c10bb Redirect fp.o to https://fp.o first, then to getfedora.org but not for hotspot.txt 
This reverts commit 80ac144f78.
 2018-06-28 11:39:55 +02:00
Kevin Fenzi
2d997cd54b Stop using h2 / http/2 on src.fedoraproject.org. For some reason it still hits a curl bug when 
downloading sources for packages with tons of sources (texlive). Keep it enabled everywhere else
until we get any reports of issues.
 2018-06-20 21:39:25 +00:00
Kevin Fenzi
77fba2c6ed Revert "disable h2 again for now until we can get curl fixed in f28 and f27 to handle correctly h2 goaway responses. See d122df5972 and https://bugzilla.redhat.com/show_bug.cgi?id=1585797 and https://pagure.io/releng/issue/7550" 
This reverts commit 1bb844c9f0.
 2018-06-14 00:13:15 +00:00
Patrick Uiterwijk
b2f08b8b00 Docker client wants to check /v2/.... Allow /v2/ from outside but not internally 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:21:15 +02:00
Patrick Uiterwijk
8342d3283e d4n is really really annoying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:08:06 +02:00
Patrick Uiterwijk
39dc41533e Deny api v1 because docker tries to fall back 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 22:59:41 +02:00