WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-13 09:49:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
37,261 Commits 9 Branches 0 Tags
99eab71b2ebd689ee467fb89e3f63ef5cc8c2a5e
Commit Graph

53 Commits

Author SHA1 Message Date
Kevin Fenzi
313674646d proxies: increase max workers 
Also add a ssl connection cache.
These changes are live on proxy01/10 and seem to have made them stable
again. Will look at pushing to the rest tomorrow.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-21 16:19:14 -07:00
Francois Andrieu
a3021f650c httpd: remove deprecated NamedVirtualHost 2021-04-03 18:10:47 +00:00
Francois Andrieu
db437822cb cleanup: fix proxies NameVirtualHost 2021-04-03 18:10:47 +00:00
Stephen Smoogen
152b415410 allow proxy32 to get to infrastructure 2020-06-19 15:21:51 -04:00
Stephen Smoogen
2b9f82f9f4 proxy31 2020-04-24 21:34:26 +02:00
Stephen Smoogen
9d02ba6cf4 add proxy30 to config files 2020-04-24 21:34:21 +02:00
Stephen Smoogen
14ccfa20e3 Add in virtual ipv6 hosts for proxy03 and proxy14 2020-04-24 21:34:20 +02:00
Rick Elrod
f7d01587a3 httpd/proxy: libsemanage here too, we should abstract this out... 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:18 +02:00
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00
Patrick Uiterwijk
cb8b0c935d Restrict Proxy server-status to localhost for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-03 20:00:53 +02:00
Rick Elrod
0b7bb3b5b3 prep for proxy03 move 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2019-02-11 23:14:27 +00:00
Patrick Uiterwijk
74502e1c52 Enable OCSP stapling on the proxies 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-07-28 23:01:20 +00:00
Patrick Uiterwijk
ac055b3927 Deploy ticketkey as part of proxy role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-25 00:02:26 +00:00
Stephen Smoogen
d03b61ac73 and we have ips we need for the hosts 2017-10-09 19:44:31 +00:00
Patrick Uiterwijk
039b08354a Yum allowed state=installed. Lets use state=present consistently 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
a9e616022f Also package-ize this 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:03:18 +00:00
Stephen Smoogen
e3c0199dad make another set of stg ip changes 2017-09-29 15:24:58 +00:00
Patrick Uiterwijk
fbbf28f32c Remove keepalives configuration in production 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-14 16:11:09 +00:00
Patrick Uiterwijk
14d68a4b22 Let's try keepalive 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-13 16:00:29 +00:00
Stephen Smoogen
4fe0981401 we need to do all this stuff in templates. 2017-01-16 01:01:45 +00:00
Kevin Fenzi
1effd347df Setup a proxyreload for httpd that looks for the ticketkey. If it's not there, assume the proxy is just being configured and don't reload httpd. 2016-12-01 21:36:07 +00:00
Kevin Fenzi
2209cb5efa drop bodhost01 and proxy07 2016-05-31 16:48:17 +00:00
Patrick Uiterwijk
98a1619e01 Let's use the existing pki path 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-04-12 14:16:56 +00:00
Patrick Uiterwijk
08568865fe Replace all restart httpd with reload httpd 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-11-04 23:40:01 +00:00
Patrick Uiterwijk
2f3988868c Set requesttimeout on headers 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-10-15 17:34:08 +00:00
Kevin Fenzi
17b4748e4e Switch proxies to use the mpm event module instead of prefork. 2015-10-09 15:34:17 +00:00
Patrick Uiterwijk
6d8f8f3641 Var files are also useful 2015-10-08 00:01:30 +00:00
Patrick Uiterwijk
62b853b51e Create both prod and stg ticket keys 2015-10-07 23:42:44 +00:00
Kevin Fenzi
b34edf77a7 Move the haveged install to the mod_ssl role 2015-10-07 23:24:41 +00:00
Patrick Uiterwijk
4fa59b5ce8 Enable ticket keys 2015-10-07 23:04:25 +00:00
Patrick Uiterwijk
7106486ce3 Add haveged to proxies for entropy 2015-10-07 20:12:14 +00:00
Stephen Smoogen
b74a402571 and we remove proxy09 2015-09-01 22:13:09 +00:00
Stephen Smoogen
1bc2c83952 change various ips to new ipv6 address 2015-08-21 19:41:43 +00:00
Stephen Smoogen
7cba4be63c and we have ipv6 2015-03-30 20:40:48 +00:00
Stephen Smoogen
73d8098fc2 oh yeah.. vpn 2015-03-23 22:51:30 +00:00
Kevin Fenzi
1e7e1ec92c Add proxy02. Drop second ip. 2015-02-21 22:28:28 +00:00
Kevin Fenzi
fdad2cd006 Drop the one ip on proxy07 to prep for moving it over to ansible 2015-02-21 16:48:39 +00:00
Kevin Fenzi
64d93edcd8 Lets try and get things in phx2 to use proxy10 instead of proxy01. 2015-02-18 22:53:10 +00:00
Kevin Fenzi
73dee1dc7f Stab at making our lower mem proxies happier so they don't nagios flood us 2015-02-06 18:16:31 +00:00
Stephen Smoogen
4fad601cfd and we really need to make sure we use the right ip address. 2015-02-05 23:50:58 +00:00
Kevin Fenzi
c9ad5669ce Quash one of proxy06's ips so we only have 1 for it. 2015-02-05 22:38:38 +00:00
Kevin Fenzi
a5d5bfff7f Try and make proxies not replace files twice and also fix el7 python hash hotfix. 2015-02-02 00:39:49 +00:00
Kevin Fenzi
5c03699109 more poking at nagios 2015-01-26 21:28:17 +00:00
Kevin Fenzi
ef32289804 Try and nuke .146 proxy04 second ip address. 2015-01-26 20:55:05 +00:00
Kevin Fenzi
2d8f1e4b94 Clean up httpd.conf for new 2.4 options and names. 2015-01-21 22:54:35 +00:00
Kevin Fenzi
ef0cffd7dc Lets try this. 2015-01-21 22:19:11 +00:00
Kevin Fenzi
92283b6b96 More nuking of second wildcard ip on proxy03 2015-01-21 00:13:34 +00:00
Ralph Bean
b9180755f4 Collapse old references to .89 over to .88. 2015-01-06 20:22:56 +00:00
Ralph Bean
968b26b882 Install libsemanage-python so we can manage selinux with python... 2015-01-06 19:26:55 +00:00
Ralph Bean
2053ae2d31 Turn on httpd_can_network_connect for reverseproxy. 2015-01-06 19:23:43 +00:00