Move keyserver to a role. Thanks misc!

author: Kevin Fenzi <kevin@scrye.com> 2014-04-24 20:37:51 +0000
committer: Kevin Fenzi <kevin@scrye.com> 2014-04-24 20:37:51 +0000
commit: 52c9e9a08da9a9106b1bd8ee62896346f70a904b (patch)
tree: be8b7ef1dc19b6c8c3fa32af074cc88ae89caf89
parent: 0982cd46a9c6b4d54fda2a08b832a1acce2b6cb6 (diff)
download: ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.tar.gz
ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.tar.xz
ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.zip
10 files changed, 103 insertions, 20 deletions
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 10fa661e1..90cfb67a4 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -80,12 +80,6 @@
 - name: restart rsyslog
   action: service name=rsyslog state=restarted
 
-- name: restart sks-db
-  action: service name=sks-db state=restarted
-
-- name: restart sks-recon
-  action: service name=sks-recon state=restarted
-
 - name: restart sshd
   action: service name=sshd state=restarted
 
diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml
index ef2fb9c7d..4bc06fc9d 100644
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@@ -38,6 +38,7 @@
   - nagios_client
   - fas_client
   - fedmsg/base
+  - keyserver  
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -47,7 +48,6 @@
   - include: "{{ tasks }}/motd.yml"
   - include: "{{ tasks }}/sudo.yml"
   - include: "{{ tasks }}/apache.yml"
-  - include: "{{ tasks }}/keyserver.yml"
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/files/keyserver/css.css b/roles/keyserver/files/css.css
index 99443a005..99443a005 100644
--- a/files/keyserver/css.css
+++ b/roles/keyserver/files/css.css
diff --git a/files/keyserver/index.html b/roles/keyserver/files/index.html
index 12b7be5c0..12b7be5c0 100644
--- a/files/keyserver/index.html
+++ b/roles/keyserver/files/index.html
diff --git a/files/keyserver/membership b/roles/keyserver/files/membership
index 42d57b359..42d57b359 100644
--- a/files/keyserver/membership
+++ b/roles/keyserver/files/membership
diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf
new file mode 100644
index 000000000..2b87b46b5
--- /dev/null
+++ b/roles/keyserver/files/sks.conf
@@ -0,0 +1,83 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+NameVirtualHost *:443
+
+<ifModule !mod_proxy.c>
+    LoadModule proxy_module modules/mod_proxy.so
+</IfModule>
+
+<IfModule !mod_proxy_http.c>
+    LoadModule proxy_http_module modules/mod_proxy_http.so
+</IfModule>
+
+<IfModule !mod_proxy_balancer.c>
+    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+</IfModule>
+
+<IfModule !mod_headers.c>
+    LoadModule headers_module modules/mod_headers.so
+</IfModule>
+
+<IfModule !mod_authz_host.c>
+    LoadModule authz_host_module modules/mod_authz_host.so
+</IfModule>
+
+<IfModule !mod_log_config.c>
+    LoadModule log_config_module modules/mod_log_config.so
+</IfModule>
+
+<IfModule !mod_env.c>
+    LoadModule env_module modules/mod_env.so
+</IfModule>
+
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<VirtualHost *:80>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName keys.fedoraproject.org
+        ProxyPass / http://127.0.0.1:11371/
+        ProxyPassReverse / http://127.0.0.1:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName keys.fedoraproject.org
+	ServerAlias keys01.fedoraproject.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+	SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+        SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+	ProxyPass / http://localhost:11371/
+	ProxyPassReverse / http://localhost:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName pool.sks-keyservers.net
+        ServerAlias sks-keyservers.net
+	ServerAlias *.sks-keyservers.net
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+        SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+        ProxyPass / http://localhost:11371/
+        ProxyPassReverse / http://localhost:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:11371>
+	ServerAdmin sysadmin-keys-members@fedoraproject.org
+	ServerName keys.fedoraproject.org
+	ProxyPass / http://127.0.0.1:11371/
+	ProxyPassReverse / http://127.0.0.1:11371/
+	SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
diff --git a/files/keyserver/sksconf b/roles/keyserver/files/sksconf
index ae15003f7..ae15003f7 100644
--- a/files/keyserver/sksconf
+++ b/roles/keyserver/files/sksconf
diff --git a/files/keyserver/ssl.conf b/roles/keyserver/files/ssl.conf
index c1ed75057..c1ed75057 100644
--- a/files/keyserver/ssl.conf
+++ b/roles/keyserver/files/ssl.conf
diff --git a/roles/keyserver/handlers/main.yml b/roles/keyserver/handlers/main.yml
new file mode 100644
index 000000000..eee9214e5
--- /dev/null
+++ b/roles/keyserver/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: restart sks-db
+  action: service name=sks-db state=restarted
+
+- name: restart sks-recon
+  action: service name=sks-recon state=restarted
+
diff --git a/tasks/keyserver.yml b/roles/keyserver/tasks/main.yml
index 3ed3dff00..af7c67256 100644
--- a/tasks/keyserver.yml
+++ b/roles/keyserver/tasks/main.yml
@@ -16,12 +16,12 @@
     owner=sks group=sks mode=0755
 
 - name: /srv/sks/membership
-  copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
+  copy: src="membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
   tags:
   - config
 
 - name: /srv/sks/sksconf
-  copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
+  copy: src="sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
   tags:
   - config
 
@@ -32,37 +32,37 @@
     owner=sks group=sks mode=0755
 
 - name: /srv/sks/web/index.html
-  copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
+  copy: src="index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
   tags:
   - config
-
+  with_items:
 - name: /srv/sks/web/css.css
-  copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
+  copy: src="css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
   tags:
   - config
 
 - name: /etc/httpd/conf.d/sks.conf
-  copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+  copy: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
   tags:
   - config
 
 - name: /etc/httpd/conf.d/ssl.conf
-  copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
+  copy: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
   tags:
   - config
 
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
-  copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
   tags:
   - config
 
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
-  copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
   tags:
   - config
 
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
-  copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
   tags:
   - config
author	Kevin Fenzi <kevin@scrye.com>	2014-04-24 20:37:51 +0000
committer	Kevin Fenzi <kevin@scrye.com>	2014-04-24 20:37:51 +0000
commit	52c9e9a08da9a9106b1bd8ee62896346f70a904b (patch)
tree	be8b7ef1dc19b6c8c3fa32af074cc88ae89caf89
parent	0982cd46a9c6b4d54fda2a08b832a1acce2b6cb6 (diff)
download	ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.tar.gz ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.tar.xz ansible-52c9e9a08da9a9106b1bd8ee62896346f70a904b.zip