summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--handlers/restart_services.yml6
-rw-r--r--playbooks/groups/keyserver.yml2
-rw-r--r--roles/keyserver/files/css.css (renamed from files/keyserver/css.css)0
-rw-r--r--roles/keyserver/files/index.html (renamed from files/keyserver/index.html)0
-rw-r--r--roles/keyserver/files/membership (renamed from files/keyserver/membership)0
-rw-r--r--roles/keyserver/files/sks.conf83
-rw-r--r--roles/keyserver/files/sksconf (renamed from files/keyserver/sksconf)0
-rw-r--r--roles/keyserver/files/ssl.conf (renamed from files/keyserver/ssl.conf)0
-rw-r--r--roles/keyserver/handlers/main.yml6
-rw-r--r--roles/keyserver/tasks/main.yml (renamed from tasks/keyserver.yml)26
10 files changed, 103 insertions, 20 deletions
diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 10fa661e1..90cfb67a4 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -80,12 +80,6 @@
- name: restart rsyslog
action: service name=rsyslog state=restarted
-- name: restart sks-db
- action: service name=sks-db state=restarted
-
-- name: restart sks-recon
- action: service name=sks-recon state=restarted
-
- name: restart sshd
action: service name=sshd state=restarted
diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml
index ef2fb9c7d..4bc06fc9d 100644
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@@ -38,6 +38,7 @@
- nagios_client
- fas_client
- fedmsg/base
+ - keyserver
tasks:
- include: "{{ tasks }}/hosts.yml"
@@ -47,7 +48,6 @@
- include: "{{ tasks }}/motd.yml"
- include: "{{ tasks }}/sudo.yml"
- include: "{{ tasks }}/apache.yml"
- - include: "{{ tasks }}/keyserver.yml"
handlers:
- include: "{{ handlers }}/restart_services.yml"
diff --git a/files/keyserver/css.css b/roles/keyserver/files/css.css
index 99443a005..99443a005 100644
--- a/files/keyserver/css.css
+++ b/roles/keyserver/files/css.css
diff --git a/files/keyserver/index.html b/roles/keyserver/files/index.html
index 12b7be5c0..12b7be5c0 100644
--- a/files/keyserver/index.html
+++ b/roles/keyserver/files/index.html
diff --git a/files/keyserver/membership b/roles/keyserver/files/membership
index 42d57b359..42d57b359 100644
--- a/files/keyserver/membership
+++ b/roles/keyserver/files/membership
diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf
new file mode 100644
index 000000000..2b87b46b5
--- /dev/null
+++ b/roles/keyserver/files/sks.conf
@@ -0,0 +1,83 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+NameVirtualHost *:443
+
+<ifModule !mod_proxy.c>
+ LoadModule proxy_module modules/mod_proxy.so
+</IfModule>
+
+<IfModule !mod_proxy_http.c>
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+</IfModule>
+
+<IfModule !mod_proxy_balancer.c>
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+</IfModule>
+
+<IfModule !mod_headers.c>
+ LoadModule headers_module modules/mod_headers.so
+</IfModule>
+
+<IfModule !mod_authz_host.c>
+ LoadModule authz_host_module modules/mod_authz_host.so
+</IfModule>
+
+<IfModule !mod_log_config.c>
+ LoadModule log_config_module modules/mod_log_config.so
+</IfModule>
+
+<IfModule !mod_env.c>
+ LoadModule env_module modules/mod_env.so
+</IfModule>
+
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+</Directory>
+
+<VirtualHost *:80>
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ProxyPass / http://127.0.0.1:11371/
+ ProxyPassReverse / http://127.0.0.1:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ServerAlias keys01.fedoraproject.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+ SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+ SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+ ProxyPass / http://localhost:11371/
+ ProxyPassReverse / http://localhost:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName pool.sks-keyservers.net
+ ServerAlias sks-keyservers.net
+ ServerAlias *.sks-keyservers.net
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+ SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+ ProxyPass / http://localhost:11371/
+ ProxyPassReverse / http://localhost:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+</VirtualHost>
+<VirtualHost *:11371>
+ ServerAdmin sysadmin-keys-members@fedoraproject.org
+ ServerName keys.fedoraproject.org
+ ProxyPass / http://127.0.0.1:11371/
+ ProxyPassReverse / http://127.0.0.1:11371/
+ SetEnv proxy-nokeepalive 1
+ ProxyVia Full
+</VirtualHost>
diff --git a/files/keyserver/sksconf b/roles/keyserver/files/sksconf
index ae15003f7..ae15003f7 100644
--- a/files/keyserver/sksconf
+++ b/roles/keyserver/files/sksconf
diff --git a/files/keyserver/ssl.conf b/roles/keyserver/files/ssl.conf
index c1ed75057..c1ed75057 100644
--- a/files/keyserver/ssl.conf
+++ b/roles/keyserver/files/ssl.conf
diff --git a/roles/keyserver/handlers/main.yml b/roles/keyserver/handlers/main.yml
new file mode 100644
index 000000000..eee9214e5
--- /dev/null
+++ b/roles/keyserver/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: restart sks-db
+ action: service name=sks-db state=restarted
+
+- name: restart sks-recon
+ action: service name=sks-recon state=restarted
+
diff --git a/tasks/keyserver.yml b/roles/keyserver/tasks/main.yml
index 3ed3dff00..af7c67256 100644
--- a/tasks/keyserver.yml
+++ b/roles/keyserver/tasks/main.yml
@@ -16,12 +16,12 @@
owner=sks group=sks mode=0755
- name: /srv/sks/membership
- copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
+ copy: src="membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
tags:
- config
- name: /srv/sks/sksconf
- copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
+ copy: src="sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
tags:
- config
@@ -32,37 +32,37 @@
owner=sks group=sks mode=0755
- name: /srv/sks/web/index.html
- copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
+ copy: src="index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
tags:
- config
-
+ with_items:
- name: /srv/sks/web/css.css
- copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
+ copy: src="css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
tags:
- config
- name: /etc/httpd/conf.d/sks.conf
- copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+ copy: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
tags:
- config
- name: /etc/httpd/conf.d/ssl.conf
- copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
+ copy: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.key
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
tags:
- config
-- name: /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
- copy: src="{{ puppet_private }}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+ copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
tags:
- config
generated by cgit (git 2.34.1) at 2025-09-23 01:15:56 +0000