unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

promote develop to master #6

Merged
unkinben merged 449 commits from develop into master 2024-06-01 14:48:48 +10:00
Conversation 0 Commits 449 Files Changed 291 +51 -1
1 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 114d3fe195 - Show all commits

52
site/profiles/manifests/reposync/webserver.pp
View File

@ -1,6 +1,7 @@
# setup a reposync webserver # setup a reposync webserver
class profiles::reposync::webserver ( class profiles::reposync::webserver (
String $www_root = '/data/repos/snap', String $www_root = '/data/repos/snap',
String $cache_root = '/data/repos/cache',
String $nginx_vhost = 'repos.main.unkin.net', String $nginx_vhost = 'repos.main.unkin.net',
Stdlib::Port $nginx_port = 80, Stdlib::Port $nginx_port = 80,
Stdlib::Port $nginx_ssl_port = 443, Stdlib::Port $nginx_ssl_port = 443,
@ -77,10 +78,45 @@ class profiles::reposync::webserver (
# merge the hashes conditionally # merge the hashes conditionally
$nginx_parameters = merge($defaults, $extras_hash) $nginx_parameters = merge($defaults, $extras_hash)
# manage the nginx class
class { 'nginx':
proxy_cache_path => {
"${cache_root}/debian" => 'debian:128m',
},
proxy_cache_levels => '1:2',
proxy_cache_keys_zone => 'debian:128m',
proxy_cache_max_size => '30000m',
proxy_cache_inactive => '60d',
proxy_temp_path => "${cache_root}/tmp",
}
# create the nginx vhost with the merged parameters # create the nginx vhost with the merged parameters
class { 'nginx': }
create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters }) create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters })
# cache debian packages from upstream
nginx::resource::location { "${nginx_vhost}-debian":
ensure => present,
ssl => true,
ssl_only => false,
location => '/debian',
server => $nginx_vhost,
proxy => 'http://mirror.gsl.icu/debian',
}
nginx::resource::location { "${nginx_vhost}-debian_pool":
ensure => present,
ssl => true,
ssl_only => false,
location => '/debian/pool',
server => $nginx_vhost,
proxy => 'http://mirror.gsl.icu/debian/pool',
proxy_cache => 'debian',
proxy_cache_valid => [
'200 302 1440h',
'404 1m'
],
}
if $favicon { if $favicon {
file { "${www_root}/favicon.ico": file { "${www_root}/favicon.ico":
ensure => 'file', ensure => 'file',
@ -109,6 +145,13 @@ class profiles::reposync::webserver (
pathspec => "${www_root}(/.*)?", pathspec => "${www_root}(/.*)?",
} }
# set httpd_sys_rw_content_t to all files under the cache_root
selinux::fcontext { $cache_root:
ensure => 'present',
seltype => 'httpd_sys_rw_content_t',
pathspec => "${cache_root}(/.*)?",
}
# make sure we can connect to port 80 # make sure we can connect to port 80
selboolean { 'httpd_can_network_connect': selboolean { 'httpd_can_network_connect':
persistent => true, persistent => true,
@ -121,5 +164,12 @@ class profiles::reposync::webserver (
refreshonly => true, refreshonly => true,
subscribe => Selinux::Fcontext[$www_root], subscribe => Selinux::Fcontext[$www_root],
} }
exec { "restorecon_${cache_root}":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "restorecon -Rv ${cache_root}",
refreshonly => true,
subscribe => Selinux::Fcontext[$cache_root],
}
} }
} }