From c0f9a32ae8f092b7ba552798ea1ae2f2fdd9666a Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 5 Aug 2018 17:23:51 +0300 Subject: Fix: how ickweb is started --- group_vars/all.yml | 31 +++++++++++++++++++++++++++++++ group_vars/ickhost.yml | 5 ++++- ick-cluster.yml | 1 + ick2.yml | 1 + roles/haproxy/templates/haproxy.cfg.j2 | 15 +++++++++++++++ roles/qvisqve/tasks/main.yml | 8 ++++++++ roles/qvisqve/templates/qvisqve.yaml.j2 | 3 +-- 7 files changed, 61 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index b42720e..26dc61c 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,3 +1,34 @@ +ql_ick_apt_signing_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFsqXtgBEADkoJ5/pbHjDHxYteLm9aFeaRrkTzorLRQJbLJrzKhhdk6rHC1e + PLhTOto5dIzk1WaFL9y4YYcTcH8DG3RECfYN0XP7alO7jSUSbavMzFkdTCfj7nve + VzXFOHKAPjQ5sNk1RmkXhymN47Jz0P7wDXuPfUOesYcsZbiPqYt58Lo8uM9cXxxw + 7QKr1fcgiobVIOliUGRK5xd1ouf89RHnNx4mnGU8h253Uj/3W2HxYvjQJ+viJwZ5 + 2RBG0If0+NT2mWo57b91TadkNh3ePPGzeQ44HK/FKyTmJh/LhYhVTIUd1V2a8Lb4 + ZsLbsLbKZ5JOWMluCE15zfRm5i5jCr/kKw6jkXl/GSsTTTKP/7QLDTsV8bpQTQIB + gH63zTdbNnGgOdW8h6Mbba5fxk5uYikVCzyXrBJMz1iPN81kmrKxrNQHeD/W+izE + Is1vgRCob0FQvXY12nUioxHalzpo48hfPLqraN+YrLV+ZMay+mDawp9I4UyjZZVJ + BvPtIFVk00dan0qRvrJSDC01I8e3OiPnSR/fxYpsgnRMZq/izR6vxurcvltw4xZf + qQduHQIwhMBS0fqZsWA2+iRxcoJHSHyU8GjaR56J7FyVFRVYALEDRwMivGQJA9EB + tGs/to6jKI44/mTQuINSXbqg675fK8BBD9cKfgbm0e7d29RL1opKHmkc/QARAQAB + tC5RdmFybkxhYnMgQ0kgc2lnbmluZyBrZXkgMiA8b3BzQHF2YXJubGFicy5jb20+ + iQJOBBMBCgA4FiEEuNQCV3NzVKizncG08iKomR2ZL5QFAlsqXtgCGwMFCwkIBwMF + FQoJCAsFFgIDAQACHgECF4AACgkQ8iKomR2ZL5TnsxAAt3bqgpVD4WhtzJY2HaC4 + EwfNApC3K2pdHTNH02fA2xbw/cZoVzyq+8yHfMy30EeWfQmyAf3yUM0GcmQuKq8S + qRcP3AthGZCMZlYoRorpTe+1RnpSvxcty9feDSdyvhDQvz7sWiy1apbn378eYGyk + uuRUgyzmeYOyQvtpEshiGcQNANJYTOAlV5txqzkZEVAuATnaFo0zIpg37uYgl/Hq + doongXIU3vYKEum000/h04198Na1j1X/5q3sdUvBu4s6FuSSG+Y2gHLM+ZvpQ3AA + H7PNypPHqKgVVbid67OyzQr4AX+dD90G1Y/3tgZu4Y2YS84G5t9TWmkj5gKdeMIk + osNui5ewSKF99goMu8nFT5BIQzAYVinE1GdDO4nZuBVRntbb+aizDVBrQmtDogDy + QhmZN2zDXu+mSCOuc/4Vz0WzStaVt/0IGn8mhAYzWDD9qhG0y9iQjMqsJL8Mz4aU + zhHdLtCDzPkmA/PmJ5xMWkYBg3o50Zym7th5VNx7WiH1x60aIuop1cY4ijIwtq2I + pk15xAMkpJu0GpmLj11NyAdNKh1ZO4C++++VeSybedUe8cALY2w7fYFoKaHlLMTJ + Yl0IOnX5Arsu/uDf+MEr8KqUot7wClCu2xc+Uibl82TvJughSXos837VVqwsXbrP + O0r4lo6OxPSsGD4HZ4/hbwk= + =Iy6+ + -----END PGP PUBLIC KEY BLOCK----- + ci_prep_apt_signing_key: | -----BEGIN PGP PUBLIC KEY BLOCK----- diff --git a/group_vars/ickhost.yml b/group_vars/ickhost.yml index aa922f4..c33d718 100644 --- a/group_vars/ickhost.yml +++ b/group_vars/ickhost.yml @@ -8,14 +8,17 @@ debian_mirror_src: deb.debian.org ci_prefix: "" sources_lists: - - repo: "deb http://code.liw.fi/debian stretch main" + - repo: "deb http://code.liw.fi/debian stretch main ickhost" keyring_package: code.liw.fi-keyring signing_key: "{{ code_liw_fi_signing_key }}" + - repo: "deb http://ick-controller.h.qvarnlabs.eu/debian stretch-ci main" + signing_key: "{{ ql_ick_apt_fi_signing_key }}" controller_port: 12765 artifact_store_port: 12766 qvisqve_port: 10000 notify_port: 12767 +ickweb_port: 10001 controller_url: "https://{{ controller_domain }}" artifact_store_url: "https://{{ artifact_store_domain }}" diff --git a/ick-cluster.yml b/ick-cluster.yml index 9ff578b..55b9c5b 100644 --- a/ick-cluster.yml +++ b/ick-cluster.yml @@ -23,6 +23,7 @@ - ick-artifact-store - apt_repository - ick-notifier + - ickweb vars: hostname: ick diff --git a/ick2.yml b/ick2.yml index b91d435..afb74fb 100644 --- a/ick2.yml +++ b/ick2.yml @@ -13,6 +13,7 @@ - apt_repository - ick-notifier - ick-worker + - ickweb vars: hostname: ick diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2 index 8117d8a..0a6ec70 100644 --- a/roles/haproxy/templates/haproxy.cfg.j2 +++ b/roles/haproxy/templates/haproxy.cfg.j2 @@ -36,21 +36,36 @@ frontend http-in rspadd Strict-Transport-Security:\ max-age=15768000 + acl ickweb path_beg /web acl blobs path_beg /blobs acl token path_beg /token + acl login path_beg /login + acl auth path_beg /auth + acl clients path_beg /clients + acl users path_beg /users + acl applications path_beg /applications acl notify path_beg /notify acl debian path_beg /debian acl any method GET HEAD POST PUT DELETE use_backend apache if debian + use_backend ickweb if ickweb use_backend notification_service if notify use_backend artifact_store if blobs use_backend qvisqve if token + use_backend qvisqve if login + use_backend qvisqve if auth + use_backend qvisqve if clients + use_backend qvisqve if users + use_backend qvisqve if applications use_backend controller if any backend apache server apache_1 127.0.0.1:8080 +backend ickweb + server ickweb_1 127.0.0.1:{{ ickweb_port }} + backend controller server controller_1 127.0.0.1:{{ controller_port }} diff --git a/roles/qvisqve/tasks/main.yml b/roles/qvisqve/tasks/main.yml index 2b78dac..2d19c75 100644 --- a/roles/qvisqve/tasks/main.yml +++ b/roles/qvisqve/tasks/main.yml @@ -15,6 +15,14 @@ with_items: - qvisqve +- name: "create Qvisqve store dir" + file: + state: directory + path: /var/lib/qvisqve + owner: _qvisqve + group: _qvisqve + mode: 0755 + - name: "create Qvisqve config dir" file: state: directory diff --git a/roles/qvisqve/templates/qvisqve.yaml.j2 b/roles/qvisqve/templates/qvisqve.yaml.j2 index 5d19a1d..1f22fda 100644 --- a/roles/qvisqve/templates/qvisqve.yaml.j2 +++ b/roles/qvisqve/templates/qvisqve.yaml.j2 @@ -1,8 +1,7 @@ +store: /var/lib/qvisqve gunicorn: yes gunicorn-log: /var/log/qvisqve/gunicorn.log gunicorn-port: {{ qvisqve_port }} -clients: -{{ qvisqve_clients|to_nice_yaml|indent(4,true) }} log: - filename: /var/log/qvisqve/qvisqve.slog token-issuer: "https://{{ qvisqve_domain }}" -- cgit v1.2.1