WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-11 10:32:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7bbdf4f679b0bc3cd96bca6f55d2f5bd329bc7e7
fedora-infra_ansible/playbooks/include/proxies-reverseproxy.yml
Frank Ch. Eigler c37d51d236 proxies/debuginfod: allow proxyopts 
debuginfod can take O(60s) to run certain webapi queries, so the httpd
mod_proxy default timeouts are too short.  Introduce an ansible
variable "proxyopts", expanded into the httpd ProxyPass and
ProxyPassReverse configuration lines.  Default to "", but set it
with pretty generous limits for debuginfod only.
2021-04-08 20:58:52 +00:00

760 lines
19 KiB
YAML
Raw Blame History

- name: Set up those ProxyPassReverse statements. Somebody get me a cup of coffee..
hosts: proxies_stg:proxies
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
vars:
- varnish_url: http://localhost:6081
pre_tasks:
- name: Remove some crusty files from bygone eras
file: dest=/etc/httpd/conf.d/{{item}} state=absent
with_items:
- meetbot.fedoraproject.org/reversepassproxy.conf
- meetbot.fedoraproject.org/meetbot.conf
notify:
- reload proxyhttpd
tags:
- httpd
- httpd/reverseproxy
roles:
- role: httpd/reverseproxy
website: copr.fedoraproject.org
destname: coprapi
when: env != "staging"
tags: copr
- role: httpd/reverseproxy
website: copr.fedoraproject.org
destname: copr
proxyurl: http://localhost:10070
keephost: true
when: env == "staging"
tags: copr
- role: httpd/reverseproxy
website: nagios.fedoraproject.org
destname: nagios
remotepath: /
proxyurl: http://noc01.{{ datacenter }}.fedoraproject.org
- role: httpd/reverseproxy
website: zabbix.fedoraproject.org
destname: zabbix
remotepath: /
proxyurl: http://localhost:10068
keephost: true
header_scheme: true
when: env == "staging"
tags: zabbix
- role: httpd/reverseproxy
website: lists.fedoraproject.org
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: lists.fedorahosted.org
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: lists.pagure.io
destname: mailman3
localpath: /
remotepath: /
header_scheme: true
keephost: true
proxyurl: "{{ varnish_url }}"
# The place for the raw originals
- role: httpd/reverseproxy
website: meetbot-raw.fedoraproject.org
destname: meetbot
remotepath: /meetbot/
# Talk directly to the app server, not haproxy
proxyurl: http://value01
# The place for the fancy mote view
- role: httpd/reverseproxy
website: meetbot.fedoraproject.org
destname: mote
#remotepath: /mote/
# Talk directly to the app server, not haproxy
proxyurl: http://value01
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: nuancier
localpath: /nuancier
remotepath: /nuancier
header_scheme: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: github2fedmsg
localpath: /github2fedmsg
remotepath: /github2fedmsg
header_scheme: true
proxyurl: http://localhost:10037
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: fedora-notifications
localpath: /notifications
remotepath: /notifications
header_scheme: true
proxyurl: http://localhost:10036
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: packages
localpath: /packages
remotepath: /packages
proxyurl: http://localhost:10016
- role: httpd/reverseproxy
website: ask.fedoraproject.org
destname: askbot
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: totpcgiprovision
localpath: /totpcgiprovision
remotepath: /totpcgiprovision
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- fas
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: fas
remotepath: /accounts
localpath: /accounts-old
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- fas
- role: httpd/reverseproxy
website: "accounts{{ env_suffix }}.fedoraproject.org"
destname: noggin
balancer_name: app-os
targettype: openshift
keephost: true
tags: noggin
- role: httpd/reverseproxy
website: "fasjson{{ env_suffix }}.fedoraproject.org"
destname: fasjson
balancer_name: app-os
targettype: openshift
keephost: true
tags: fasjson
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: id
proxyurl: http://localhost:10020
keephost: true
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "sso{{ env_suffix }}.fedoraproject.org"
destname: id
proxyurl: http://localhost:10020
keephost: true
tags:
- sso.fedoraproject.org
- role: httpd/reverseproxy
website: "username.id{{ env_suffix }}.fedoraproject.org"
destname: usernameid
proxyurl: http://localhost:10020
keephost: true
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: 00-kdcproxy
remotepath: /KdcProxy
localpath: /KdcProxy
proxyurl: http://localhost:10053
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: "id{{ env_suffix }}.fedoraproject.org"
destname: 00-ipa
remotepath: /ipa
localpath: /ipa
proxyurl: http://localhost:10061
tags:
- id.fedoraproject.org
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: datagrepper
remotepath: /datagrepper
localpath: /datagrepper
rewrite: true
proxyurl: http://localhost:10028
- role: httpd/reverseproxy
website: badges.fedoraproject.org
destname: badges
proxyurl: http://localhost:10032
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: fedocal
remotepath: /calendar
localpath: /calendar
header_scheme: true
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: kerneltest
remotepath: /kerneltest
localpath: /kerneltest
header_scheme: true
proxyurl: "{{ varnish_url }}"
when: env != "staging"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: kerneltest
remotepath: /kerneltest
localpath: /kerneltest
balancer_name: app-os
targettype: openshift
keephost: true
when: env == "staging"
- role: httpd/reverseproxy
website: kerneltest.fedoraproject.org
destname: kerneltest
balancer_name: app-os
targettype: openshift
keephost: true
tags: kerneltest
header_scheme: true
when: env == "staging"
- role: httpd/reverseproxy
website: qa.fedoraproject.org
destname: blockerbugs
remotepath: /blockerbugs
localpath: /blockerbugs
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: fedoraproject.org
destname: fp-wiki
wpath: /w
wikipath: /wiki
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: bodhi.fedoraproject.org
destname: bodhi
balancer_name: app-os
targettype: openshift
keephost: true
tags: bodhi
#
# fedora core os routes
# These point to openshift
#
- role: httpd/reverseproxy
website: "updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "status.updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
- role: httpd/reverseproxy
website: "status.raw-updates.coreos{{ env_suffix }}.fedoraproject.org"
destname: cincinnati
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- updates.coreos.fedoraproject.org
#
# end coreos
#
- role: httpd/reverseproxy
website: transtats.fedoraproject.org
destname: transtats
balancer_name: app-os
targettype: openshift
keephost: true
tags: transtats
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: mirrormanager
remotepath: /mirrormanager
localpath: /mirrormanager
proxyurl: "{{ varnish_url }}"
- role: httpd/reverseproxy
website: mirrors.fedoraproject.org
destname: mirrormanager-mirrorlist
proxyurl: http://localhost:10002
- role: httpd/reverseproxy
website: download.fedoraproject.org
destname: mirrormanager-redirector
proxyurl: http://localhost:10002
- role: httpd/reverseproxy
website: koschei.fedoraproject.org
destname: koschei
balancer_name: app-os
targettype: openshift
keephost: true
tags: koschei
- role: httpd/reverseproxy
website: message-tagging-service.fedoraproject.org
destname: message-tagging-service
balancer_name: app-os
targettype: openshift
keephost: true
tags: message-tagging-service
- role: httpd/reverseproxy
website: openqa.fedoraproject.org
destname: openqa
balancer_name: openqa
balancer_members: ['openqa01:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "production"
tags: openqa
- role: httpd/reverseproxy
website: openqa.fedoraproject.org
destname: openqa
balancer_name: openqa-stg
balancer_members: ['openqa-lab01.iad2.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: pdc.fedoraproject.org
destname: pdc
proxyurl: http://localhost:10045
header_scheme: true
tags: pdc
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: yk-val
remotepath: /yk-val/verify
localpath: /yk-val/verify
proxyurl: http://localhost:10004
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: pager
remotepath: /pager
localpath: /pager
# Talk directly to the app server, not haproxy
proxyurl: http://sundries01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: awstats
remotepath: /awstats
localpath: /awstats
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: epylog
remotepath: /epylog
localpath: /epylog
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: maps
remotepath: /maps
localpath: /maps
# Talk directly to the app server, not haproxy
proxyurl: http://log01
- role: httpd/reverseproxy
website: fedoraproject.org
destname: freemedia
remotepath: /freemedia
localpath: /freemedia
proxyurl: http://localhost:10011
- role: httpd/reverseproxy
website: admin.fedoraproject.org
destname: collectd
localpath: /collectd
remotepath: /collectd
# Talk directly to the app server, not haproxy
proxyurl: http://log01
tags: data-analysis
- role: httpd/reverseproxy
website: data-analysis.fedoraproject.org
destname: data-analysis
remotepath: /
localpath: /
proxyurl: http://log01
tags: data-analysis
### entries for resultsdb and resultsdb_frontend
- role: httpd/reverseproxy
website: taskotron.fedoraproject.org
destname: taskotron-resultsdb
localpath: /resultsdb
remotepath: /resultsdb
balancer_name: resultsdb
balancer_members: ['resultsdb01.vpn.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
- role: httpd/reverseproxy
website: taskotron.fedoraproject.org
destname: taskotron-resultsdbapi
localpath: /resultsdb_api
remotepath: /resultsdb_api
balancer_name: resultsdb
balancer_members: ['resultsdb01.vpn.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
### staging entries for resultsdb and resultsdb_frontend
- role: httpd/reverseproxy
website: taskotron.stg.fedoraproject.org
destname: taskotron-resultsdb
localpath: /resultsdb
remotepath: /resultsdb
balancer_name: resultsdb-stg
balancer_members: ['resultsdb01.stg.iad2.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: taskotron.stg.fedoraproject.org
destname: taskotron-resultsdbapi
localpath: /resultsdb_api
remotepath: /resultsdb_api
balancer_name: resultsdb-stg
balancer_members: ['resultsdb01.stg.iad2.fedoraproject.org:80']
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
# This one gets its own role (instead of httpd/reverseproxy) so that it can
# copy in some silly static resources (globe.png, index.html)
- role: geoip-city-wsgi/proxy
website: geoip.fedoraproject.org
proxyurl: http://localhost:10029
- role: httpd/reverseproxy
website: src.fedoraproject.org
destname: git
proxyurl: http://localhost:10057
header_scheme: true
keephost: true
- role: httpd/reverseproxy
website: osbs.fedoraproject.org
destname: osbs
proxyurl: http://localhost:10047
- role: httpd/reverseproxy
website: registry.fedoraproject.org
destname: registry-fedora
# proxyurl in this one is totally ignored, because Docker.
# (turns out it uses PATCH requests that Varnish cannot deal with)
proxyurl: "{{ varnish_url }}"
tags:
- registry
- role: httpd/reverseproxy
website: registry.centos.org
destname: registry-centos
# proxyurl in this one is totally ignored, because Docker.
# (turns out it uses PATCH requests that Varnish cannot deal with)
proxyurl: "{{ varnish_url }}"
tags:
- registry
- role: httpd/reverseproxy
website: candidate-registry.fedoraproject.org
destname: candidate-registry
proxyurl: http://localhost:10054
- role: httpd/reverseproxy
website: retrace.fedoraproject.org
destname: retrace
proxyurl: http://localhost:10049
when: env == "staging"
- role: httpd/reverseproxy
website: faf.fedoraproject.org
destname: faf
proxyurl: http://localhost:10050
when: env == "staging"
- role: httpd/reverseproxy
website: apps.fedoraproject.org
destname: pps
remotepath: /pps
localpath: /pps
proxyurl: http://localhost:10051
when: env == "staging"
- role: httpd/reverseproxy
website: mbs.fedoraproject.org
destname: mbs
proxyurl: http://localhost:10063
- role: httpd/reverseproxy
website: koji.fedoraproject.org
destname: koji
keephost: true
balancer_name: koji
balancer_members:
- "koji01.{{ datacenter }}.fedoraproject.org"
- "koji02.{{ datacenter }}.fedoraproject.org"
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "production"
- role: httpd/reverseproxy
website: koji.fedoraproject.org
destname: koji
keephost: true
balancer_name: koji
balancer_members:
- "koji01.stg.{{ datacenter }}.fedoraproject.org"
http_not_https_yes_this_is_insecure_and_i_feel_bad: true
when: env == "staging"
- role: httpd/reverseproxy
website: kojipkgs.fedoraproject.org
destname: kojipkgs
proxyurl: http://localhost:10062
keephost: true
- role: httpd/reverseproxy
website: "os{{ env_suffix }}.fedoraproject.org"
destname: os
balancer_name: os
targettype: openshift
balancer_members: "{{ openshift_masters }}"
keephost: true
tags:
- os.fedoraproject.org
- role: httpd/reverseproxy
website: "app.os{{ env_suffix }}.fedoraproject.org"
destname: app.os
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- app.os.fedoraproject.org
- role: httpd/reverseproxy
website: "provision{{ env_suffix }}.fedoraproject.org"
destname: zezere
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- zezere
- role: httpd/reverseproxy
website: odcs.fedoraproject.org
destname: odcs
proxyurl: http://localhost:10066
tags:
- odcs
- role: httpd/reverseproxy
website: greenwave.fedoraproject.org
destname: greenwave
balancer_name: app-os
targettype: openshift
keephost: true
tags: greenwave
- role: httpd/reverseproxy
website: waiverdb.fedoraproject.org
destname: waiverdb
balancer_name: app-os
targettype: openshift
keephost: true
tags: waiverdb
- role: httpd/reverseproxy
website: elections.fedoraproject.org
destname: elections
balancer_name: app-os
targettype: openshift
keephost: true
tags: elections
header_scheme: true
- role: httpd/reverseproxy
website: calendar.fedoraproject.org
destname: calendar
balancer_name: app-os
targettype: openshift
keephost: true
header_scheme: true
tags: calendar
- role: httpd/reverseproxy
website: mdapi.fedoraproject.org
destname: mdapi
balancer_name: app-os
targettype: openshift
keephost: true
tags: mdapi
- role: httpd/reverseproxy
website: wallpapers.fedoraproject.org
destname: wallpapers
balancer_name: app-os
targettype: openshift
keephost: true
tags: wallpapers
- role: httpd/reverseproxy
website: silverblue.fedoraproject.org
destname: silverblue
balancer_name: app-os
targettype: openshift
keephost: true
tags: silverblue
- role: httpd/reverseproxy
website: release-monitoring.org
destname: release-monitoring
balancer_name: app-os
targettype: openshift
keephost: true
tags: release-montoring.org
when: env == "production"
- role: httpd/reverseproxy
website: stg.release-monitoring.org
destname: stg.release-monitoring
balancer_name: app-os
targettype: openshift
keephost: true
tags: release-montoring.org
when: env == "staging"
- role: httpd/reverseproxy
website: whatcanidoforfedora.org
destname: whatcanidoforfedora
balancer_name: app-os
targettype: openshift
keephost: true
tags: whatcanidoforfedora.org
- role: httpd/reverseproxy
website: fpdc.fedoraproject.org
destname: fpdc
balancer_name: app-os
targettype: openshift
keephost: true
tags: fpdc
- role: httpd/reverseproxy
website: testdays.fedoraproject.org
destname: testdays
balancer_name: app-os
targettype: openshift
keephost: true
tags: testdays
- role: httpd/reverseproxy
website: packager-dashboard.fedoraproject.org
destname: packager-dashboard
balancer_name: app-os
targettype: openshift
keephost: true
tags: packager-dashboard
- role: httpd/reverseproxy
website: "languages{{ env_suffix }}.fedoraproject.org"
destname: app.os
balancer_name: app-os
targettype: openshift
keephost: true
tags:
- languages
- role: httpd/reverseproxy
website: debuginfod.fedoraproject.org
destname: debuginfod
remotepath: /
localpath: /
proxyurl: http://debuginfod01:8002
proxyopts: "connectiontimeout=600 timeout=600 keepalive=on"
tags: debuginfod
Reference in New Issue View Git Blame Copy Permalink