mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-29 04:51:16 +08:00
c11afe5673
This will hopefully fix some of the remaining bugs that we're hitting, as well as make it easier to test other tools against.
415 lines
11 KiB
YAML
415 lines
11 KiB
YAML
- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
|
|
hosts: proxies-stg:proxies
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
handlers:
|
|
- include: "{{ handlers }}/restart_services.yml"
|
|
|
|
vars:
|
|
- varnish_url: http://localhost:6081
|
|
|
|
pre_tasks:
|
|
|
|
- name: Remove some crusty files from bygone eras
|
|
file: dest=/etc/httpd/conf.d/{{item}} state=absent
|
|
with_items:
|
|
- meetbot.fedoraproject.org/reversepassproxy.conf
|
|
- meetbot.fedoraproject.org/meetbot.conf
|
|
notify:
|
|
- restart apache
|
|
tags:
|
|
- httpd
|
|
- httpd/reverseproxy
|
|
|
|
|
|
roles:
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: nagios
|
|
localpath: /nagios
|
|
remotepath: /nagios
|
|
proxyurl: http://noc01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: nagios-external
|
|
localpath: /nagios-external
|
|
remotepath: /nagios-external
|
|
proxyurl: http://noc02
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mailman
|
|
localpath: /mailman
|
|
remotepath: /mailman
|
|
proxyurl: http://collab03.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mailman-icons
|
|
localpath: /icons
|
|
remotepath: /icons
|
|
proxyurl: http://collab03.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: lists.fedoraproject.org
|
|
proxyurl: http://localhost:10033
|
|
destname: mailman3
|
|
when: env == "staging"
|
|
|
|
# The place for the raw originals
|
|
- role: httpd/reverseproxy
|
|
website: meetbot-raw.fedoraproject.org
|
|
destname: meetbot
|
|
remotepath: /meetbot/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://value01
|
|
|
|
# The place for the fancy mote view
|
|
- role: httpd/reverseproxy
|
|
website: meetbot.fedoraproject.org
|
|
destname: mote
|
|
#remotepath: /mote/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://value01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: gallery
|
|
localpath: /gallery
|
|
proxyurl: http://localhost:10034
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: nuancier
|
|
localpath: /nuancier
|
|
remotepath: /nuancier
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10035
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: github2fedmsg
|
|
localpath: /github2fedmsg
|
|
remotepath: /github2fedmsg
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10037
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: fedora-notifications
|
|
localpath: /notifications
|
|
remotepath: /notifications
|
|
header_scheme: true
|
|
proxyurl: http://localhost:10036
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: packages
|
|
localpath: /packages
|
|
remotepath: /packages
|
|
proxyurl: http://localhost:10016
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: tagger
|
|
localpath: /tagger
|
|
remotepath: /tagger
|
|
rewrite: true
|
|
proxyurl: http://localhost:10017
|
|
|
|
- role: httpd/reverseproxy
|
|
website: ask.fedoraproject.org
|
|
destname: askbot
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: darkserver.fedoraproject.org
|
|
destname: darkserver
|
|
remotepath: /darkserver/
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://darkserver01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: paste.fedoraproject.org
|
|
destname: sticky-notes
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: totpcgiprovision
|
|
localpath: /totpcgiprovision
|
|
proxyurl: http://localhost:10019
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: fas
|
|
remotepath: /accounts
|
|
localpath: /accounts
|
|
proxyurl: http://localhost:10004
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: elections
|
|
remotepath: /voting
|
|
localpath: /voting
|
|
proxyurl: http://localhost:10007
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: fedora-mobile
|
|
remotepath: /mobile
|
|
localpath: /mobile
|
|
proxyurl: http://fedora-infra.github.io
|
|
|
|
# Fedoauth is odd here -- it has an entry for both stg and prod.
|
|
- role: httpd/reverseproxy
|
|
website: id.stg.fedoraproject.org
|
|
destname: id
|
|
proxyurl: http://localhost:10020
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: id.fedoraproject.org
|
|
destname: id
|
|
proxyurl: http://localhost:10020
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: datagrepper
|
|
remotepath: /datagrepper
|
|
localpath: /datagrepper
|
|
rewrite: true
|
|
proxyurl: http://localhost:10028
|
|
|
|
- role: httpd/reverseproxy
|
|
website: badges.fedoraproject.org
|
|
destname: badges
|
|
proxyurl: http://localhost:10032
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: fedocal
|
|
remotepath: /calendar
|
|
localpath: /calendar
|
|
header_scheme: true
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: kerneltest
|
|
remotepath: /kerneltest
|
|
localpath: /kerneltest
|
|
header_scheme: true
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: qa.fedoraproject.org
|
|
destname: blockerbugs
|
|
remotepath: /blockerbugs
|
|
localpath: /blockerbugs
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: fp-wiki
|
|
wpath: /w
|
|
wikipath: /wiki
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: pkgdb
|
|
remotepath: /pkgdb
|
|
localpath: /pkgdb
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: bodhi
|
|
remotepath: /updates
|
|
localpath: /updates
|
|
proxyurl: http://localhost:10009
|
|
when: env != "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: bodhi2
|
|
remotepath: /
|
|
localpath: /updates
|
|
proxyurl: http://localhost:10010
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: mirrormanager
|
|
remotepath: /mirrormanager
|
|
localpath: /mirrormanager
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: mirrors.fedoraproject.org
|
|
destname: mirrormanager-mirrorlist
|
|
proxyurl: http://localhost:10002
|
|
|
|
- role: httpd/reverseproxy
|
|
website: download.fedoraproject.org
|
|
destname: mirrormanager-redirector
|
|
proxyurl: http://localhost:10002
|
|
|
|
- role: httpd/reverseproxy
|
|
website: apps.fedoraproject.org
|
|
destname: koschei
|
|
localpath: /koschei
|
|
remotepath: /koschei
|
|
proxyurl: "{{ varnish_url }}"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: yk-val
|
|
remotepath: /yk-val/verify
|
|
localpath: /yk-val/verify
|
|
proxyurl: http://localhost:10004
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: pager
|
|
remotepath: /pager
|
|
localpath: /pager
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://sundries01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: awstats
|
|
remotepath: /awstats
|
|
localpath: /awstats
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: epylog
|
|
remotepath: /epylog
|
|
localpath: /epylog
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: maps
|
|
remotepath: /maps
|
|
localpath: /maps
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: fedoraproject.org
|
|
destname: freemedia
|
|
remotepath: /freemedia
|
|
localpath: /freemedia
|
|
proxyurl: http://localhost:10011
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: docs-backend
|
|
localpath: /docs-backend
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://docs-backend01
|
|
|
|
- role: httpd/reverseproxy
|
|
website: admin.fedoraproject.org
|
|
destname: collectd
|
|
localpath: /collectd
|
|
remotepath: /collectd
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://log01
|
|
|
|
### Four entries for taskotron for production
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://taskotron01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-resultsdb
|
|
localpath: /resultsdb
|
|
remotepath: /resultsdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-resultsdbapi
|
|
localpath: /resultsdb_api
|
|
remotepath: /resultsdb_api
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.fedoraproject.org
|
|
destname: taskotron-execdb
|
|
localpath: /execdb
|
|
remotepath: /execdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb01.vpn.fedoraproject.org
|
|
|
|
### And four entries for taskotron for staging
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://taskotron-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-resultsdb
|
|
localpath: /resultsdb
|
|
remotepath: /resultsdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-resultsdbapi
|
|
localpath: /resultsdb_api
|
|
remotepath: /resultsdb_api
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/reverseproxy
|
|
website: taskotron.stg.fedoraproject.org
|
|
destname: taskotron-execdb
|
|
localpath: /execdb
|
|
remotepath: /execdb
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
### Beaker staging
|
|
- role: httpd/reverseproxy
|
|
website: beaker.stg.fedoraproject.org
|
|
destname: beaker-stg
|
|
# Talk directly to the app server, not haproxy
|
|
proxyurl: http://beaker-stg01.qa.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
|
|
# This one gets its own role (instead of httpd/reverseproxy) so that it can
|
|
# copy in some silly static resources (globe.png, index.html)
|
|
- role: geoip-city-wsgi/proxy
|
|
website: geoip.fedoraproject.org
|
|
proxyurl: http://localhost:10029
|