WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 03:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
29,743 Commits 9 Branches 0 Tags
e4e9866e044ce7a81e63145e24257002b2272002
Commit Graph

167 Commits

Author SHA1 Message Date
Patrick Uiterwijk
62f15555b5 Make download.fp.o main page go to getfedora.org 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-04-24 21:34:22 +02:00
Owen W. Taylor
08a3454a43 regindexer: create two sets of indexes 
Flatpak-1.6 expects metadata to be stored in Docker-compatible labels
rather than OCI annotations. We build Flatpaks for Fedora with both
labels and annotations for compatibility with older and newer Flatpaks,
but we also need to have two sets of indexes:

 - One that is served in response to a query for labels, and skips
   including Flatpak annotations in the response (to reduce size)
 - One that is served in response to a query for annotation, and skips
   including Flatpak labels in the response.

This commit requires regindexer-1.6. See:

 https://pagure.io/fedora-infrastructure/issue/8579

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2020-04-24 21:34:21 +02:00
Kevin Fenzi
84d985d2b9 proxies: drop unneeded [OR] 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
713979b3a0 proxies: add registry-no-cdn host to proxies 
This host shares with registry vhost, but if it's used it bypasses downloading from the cdn.
We need this internally on composes that download flatpaks. They need to get them direct
from our registry and not from an external cdn.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Patrick Uiterwijk
180bd2ee6e Move koji to mod_proxy_balancer 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-22 08:53:46 +02:00
Patrick Uiterwijk
ce69ca3a1a Swap FAS in prod over to openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-12 21:29:08 +02:00
Patrick Uiterwijk
354d53c8c2 Prepare for moving Ipsilon to openshift in prod 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-09 16:52:24 +02:00
Patrick Uiterwijk
38dd9cef43 Fix closing quotes and remotepath handling in the balancer members 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 11:44:01 +01:00
Patrick Uiterwijk
b70d43904d Fix broken websocket proxying by double slash in request_uri matching 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 11:39:29 +01:00
Tim Flink
16b791a146 proxies: adding rewritecond to reverseproxy for ws if remotepath exists 
I was hitting an issue where there were multiple reverseproxy instances
configured for a single host and some of the rewrite rules were changing
the request when they shouldn't be.

This patch adds a rewritecond to the websocket rewrite rule to make sure that
the REQUEST_URI starts with $remotepath before it's rewritten.
 2019-03-25 16:56:20 +00:00
Tim Flink
16c2787a56 proxies: Adding remotepath to websocket balancers 
The current template assumes that websockets are at the base of a URL
but that is not true for our buildmaster. This patch adds remotepath
to the end of the websocket url if remotepath is defined.
 2019-03-22 15:23:28 +00:00
Patrick Uiterwijk
acf6f6587b Remove workaround for very old ostree 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:27:44 +01:00
Patrick Uiterwijk
f10ce98e0f Disallow cloudfront from accessing ostree refs and summray 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-01-30 20:17:06 +01:00
Kevin Fenzi
a158c64f7d elections: drop no longer needed releasepassproxy 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-01-23 14:35:36 +00:00
Kevin Fenzi
564fc0fbf1 mirrormanager: redirect 7Server to 7 for epel download redirects. 
Fixes https://pagure.io/fedora-infrastructure/issue/7444

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2018-12-28 20:15:24 +00:00
Patrick Uiterwijk
afde4968e5 And do https if not disabled 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:50:45 +01:00
Patrick Uiterwijk
158847f9b5 OpenQA is non-HTTPS for backend, sadly 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:49:46 +01:00
Patrick Uiterwijk
ee0748715a Allow the HTTP Connection header to contain more for websockets 
Firefox is hell-bent on sending "keep-alive, Upgrade", which did not match
^Upgrade$....
Let's accept either.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-23 21:38:40 +01:00
Kevin Fenzi
7c931b3c20 Remove regindexer redirects outside the directory level. 2018-11-05 17:51:55 +00:00
Kevin Fenzi
d57f891ade Fix staging oci-registry to point to 01 only since we don't have a 02 anymore. 
This commit should make no changes to production and thus shouldn't need a freeze break.
 2018-10-11 22:07:33 +00:00
Patrick Uiterwijk
646010c992 Set a default targettype 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:11:17 +02:00
Patrick Uiterwijk
7fcd6b2afd Set tags correctly on the set_fact 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:09:29 +02:00
Patrick Uiterwijk
f3bdabd73a Word ordering is hard 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 19:01:25 +02:00
Patrick Uiterwijk
7dc41f8f16 Let's see if it's reversed? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:55:21 +02:00
Patrick Uiterwijk
48bf3be669 Try quoting... It worked last time? 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:52:05 +02:00
Patrick Uiterwijk
3ffd179216 Simplify reverseproxy for openshift and setup SSL config for it 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:46:08 +02:00
Patrick Uiterwijk
a0a625fd08 Stop overriding the reverseproxy config for bodhi 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-28 18:19:05 +02:00
Mikolaj Izdebski
735d10275c Enable proxying of copr api_2 and api_3 2018-09-27 10:12:45 +00:00
Patrick Uiterwijk
12186da25f Fix websockets for prod openshift 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 17:33:01 +02:00
Patrick Uiterwijk
b97a401f57 Make WebSocket possible for (app.)os.stg.fedoraproject.org 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-09-12 01:24:30 +02:00
Kevin Fenzi
45184ad096 adjust config for regindexer some for testing 2018-08-30 18:27:57 +00:00
Kevin Fenzi
2229869408 sync icons and setup httpd config 2018-08-30 16:21:09 +00:00
Rick Elrod
d370e3dc7a update things for new names 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-08-21 22:20:10 +00:00
Rick Elrod
4a60ddc875 Nuke pkgdb some more... and probably break everything. 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-07-19 20:40:14 +00:00
Mikolaj Izdebski
682935e658 Make non-phx2 proxies handle nagios with 421 Misdirected Request 2018-07-16 14:14:11 +00:00
Patrick Uiterwijk
b2f08b8b00 Docker client wants to check /v2/.... Allow /v2/ from outside but not internally 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:21:15 +02:00
Patrick Uiterwijk
8342d3283e d4n is really really annoying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 23:08:06 +02:00
Patrick Uiterwijk
39dc41533e Deny api v1 because docker tries to fall back 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 22:59:41 +02:00
Patrick Uiterwijk
cbd6dfe92b Require auth for /v2 but not everything under 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-12 22:13:09 +02:00
Patrick Uiterwijk
d89298457c Switch candidate registry to basic auth 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-06-08 09:19:38 +00:00
Patrick Uiterwijk
f483a219df Move remote path around 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 23:29:03 +02:00
Patrick Uiterwijk
9b1fd99655 Fix balancer reversed 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 23:25:20 +02:00
Patrick Uiterwijk
ab4c8f3521 Fix trailing slash on balancer 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 21:35:01 +02:00
Patrick Uiterwijk
f3fb0336e3 Enable TLS proxying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 21:21:51 +02:00
Patrick Uiterwijk
3376cddd32 Turns out that fedora-alt needs even more than 3 minutes... jeez 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-31 00:39:40 +02:00
Patrick Uiterwijk
6833e584a5 Fix redirect 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 20:45:31 +00:00
Patrick Uiterwijk
c6ce3621b8 Move the ostree redirect to dl.fp.o 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 22:43:33 +02:00
Patrick Uiterwijk
c72bca84f4 Use the correct location for F27 FAW 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 21:57:43 +02:00
Patrick Uiterwijk
e7cf461e0c Deploy 'brokenostreekojipkgs' to avoid https (and thus http/2) for ostree 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 21:51:27 +02:00
Patrick Uiterwijk
c4157bb821 For now, revert the combined registry, until blocking facts are fixed 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-16 23:55:30 +02:00