diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2018-10-03 17:07:19 -0500 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2018-10-10 13:03:21 +0000 |
commit | 2b46aa173cfe5ef1b0a10bea28bf9a661b5a152a (patch) | |
tree | 5e2b127f56bc49f0aca9edb89eb50d2cb40c649a | |
parent | 6163b1db65929f469d14d834a9dfe7cf12230fc0 (diff) |
ArmNN: setup mi.linaro.org
This change creates the armnn playbook to setup the
mi.linaro.org gerrit server and git-mi.linaro.org
cgit server
Change-Id: I69dd1711c0f4464d94181262b139caa3cccaadc9
Reviewed-on: https://review.linaro.org/28607
Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
l--------- | files/apache/git-mi.linaro.org.conf | 1 | ||||
-rw-r--r-- | files/apache/git.linaro.org.conf | 6 | ||||
-rw-r--r-- | files/apache/mi.linaro.org.conf | 39 | ||||
-rw-r--r-- | files/gerrit/mi.linaro.org | 72 | ||||
-rw-r--r-- | gerrit.yml | 1 | ||||
-rw-r--r-- | host_vars/git-mi.linaro.org | 14 | ||||
-rw-r--r-- | host_vars/mi.linaro.org | 22 | ||||
-rw-r--r-- | hosts | 3 | ||||
-rw-r--r-- | postfix.yml | 1 |
9 files changed, 159 insertions, 0 deletions
diff --git a/files/apache/git-mi.linaro.org.conf b/files/apache/git-mi.linaro.org.conf new file mode 120000 index 00000000..f6fbf658 --- /dev/null +++ b/files/apache/git-mi.linaro.org.conf @@ -0,0 +1 @@ +git.linaro.org.conf
\ No newline at end of file diff --git a/files/apache/git.linaro.org.conf b/files/apache/git.linaro.org.conf index 7f700001..ee0bf9fc 100644 --- a/files/apache/git.linaro.org.conf +++ b/files/apache/git.linaro.org.conf @@ -52,6 +52,7 @@ ServerTokens Prod MaxKeepAliveRequests 150 RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ # Following directives removed from Apache 2.4 # http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#logging #RewriteLog ${APACHE_LOG_DIR}/{{ git_host }}-rewrite.log @@ -100,6 +101,11 @@ ServerTokens Prod ScriptAliasMatch "(?x)^/git/(.*/(HEAD | info/refs | objects/info/[^/]+ | git-(upload|receive)-pack))$" {{ apache_root }}/cgit/git-http-backend.cgi + Alias "/.well-known/acme-challenge" "/srv/certbot/.well-known/acme-challenge" + <Directory /srv/certbot/.well-known/acme-challenge> + Require all granted + </Directory> + <Directory "{{ repo_root }}"> AllowOverride None Require all granted diff --git a/files/apache/mi.linaro.org.conf b/files/apache/mi.linaro.org.conf new file mode 100644 index 00000000..e6e57706 --- /dev/null +++ b/files/apache/mi.linaro.org.conf @@ -0,0 +1,39 @@ +<VirtualHost *:80> + ServerName {{inventory_hostname}} + ServerAlias {{inventory_hostname}} + + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + + Alias "/.well-known/acme-challenge/" "/srv/certbot/.well-known/acme-challenge/" + <Directory "/srv/certbot/.well-known/acme-challenge/"> + Require all granted + </Directory> + +</VirtualHost> + +<VirtualHost *:443> + ServerName {{inventory_hostname}} + ServerAlias {{inventory_hostname}} + + SSLEngine On + + SSLCertificateFile /etc/letsencrypt/live/{{gerrit_host}}/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/{{gerrit_host}}/privkey.pem + SSLCACertificateFile /etc/letsencrypt/live/{{gerrit_host}}/fullchain.pem + + DocumentRoot /srv/gerrit + + CustomLog /var/log/apache2/{{inventory_hostname}}-access.log combined + ErrorLog /var/log/apache2/{{inventory_hostname}}-error.log + + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + AllowEncodedSlashes On + ProxyPass / http://127.0.0.1:8080/ nocanon +</VirtualHost> diff --git a/files/gerrit/mi.linaro.org b/files/gerrit/mi.linaro.org new file mode 100644 index 00000000..fc0f7f78 --- /dev/null +++ b/files/gerrit/mi.linaro.org @@ -0,0 +1,72 @@ +[core] + streamFileThreshold = 512m + packedGitLimit = 1500m +[gerrit] + basePath = /srv/repositories + canonicalWebUrl = https://{{www_host}}/ +[database] + type = postgresql + hostname = localhost + database = reviewdb + username = git +[auth] + type = OAUTH + loginUrl = /login + loginText = Sign-in with GitHub + registerPageUrl = "/#/register" + gitBasicAuthPolicy = HTTP +[oauth] + allowEditFullName = true + allowRegisterNewEmail = true + +[sendemail] + smtpServer = localhost + expiryDays = 15 + includeDiff = true + maximumDiffSize = 512k +[container] + user = git + javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre + heapLimit = 14000m +[sshd] + listenAddress = *:29418 + idleTimeout = 5m + loginGraceTime = 1 min + batchThreads = 4 + maxAuthTries = 4 + backend = NIO2 +[httpd] + listenUrl = proxy-https://127.0.0.1:8080/ +[cache] + directory = cache +[cache "web_sessions"] + maxAge = 1 month +[download] + scheme = ssh + scheme = anon_http +[gitweb] + type = cgit + url = https://git-mi.linaro.org + revision = "/${project}.git/commit/?id=${commit}" +[theme] + selectionColor = FFFEAE +[user] + name = ArmNN Code Review + email = review@{{www_host}} +[site] + enableDeprecatedQuery = false +[commitmessage] + maxSubjectLength = 70 + maxLineLength = 80 + rejectTooLong = false + +# https://code.google.com/p/gerrit/issues/detail?id=2296#c2 +[receive] + checkReferencedObjectsAreReachable = false +[index] + type = LUCENE +[repository "*"] + defaultSubmitType = REBASE_IF_NECESSARY +[plugin "gerrit-oauth-provider-github-oauth"] + client-id = c9573d41459955d81f3a + fix-legacy-user-id = false @@ -6,6 +6,7 @@ - ["{{secrets_dir}}/host_vars/{{inventory_hostname}}", "vars/empty.yml"] - ["{{secrets_dir}}/group_vars/all"] roles: + - {role: certbot, tags: [certbot]} - {role: apache-site, src: "apache/{{gerrit_host}}.conf", config: "{{gerrit_host}}", tags: [apache, website-conf] } - {role: apache-auth, host_name: "{{gerrit_host}}", when: server_access == "private", tags: [apache-auth, website-conf]} - {role: git-deps} diff --git a/host_vars/git-mi.linaro.org b/host_vars/git-mi.linaro.org new file mode 100644 index 00000000..11b31ee3 --- /dev/null +++ b/host_vars/git-mi.linaro.org @@ -0,0 +1,14 @@ +server_role: git-review +hosttype: foo +git_host: git-mi.linaro.org + +certbot_host_domain: git-mi.linaro.org +ssl_cert: /etc/letsencrypt/live/{{certbot_host_domain}}/fullchain.pem +ssl_key: /etc/letsencrypt/live/{{certbot_host_domain}}/privkey.pem +ssl_ca: /etc/letsencrypt/live/{{certbot_host_domain}}/fullchain.pem + +host_site_name: ARM MI Code Review +host_site_desc: Git Repositories hosted by Linaro +clone_urls: + - https://{{inventory_hostname}} +cgit_strict_export: false diff --git a/host_vars/mi.linaro.org b/host_vars/mi.linaro.org new file mode 100644 index 00000000..37019440 --- /dev/null +++ b/host_vars/mi.linaro.org @@ -0,0 +1,22 @@ +hosttype: foo # Using git-review tags causes a bunch of "Linaro" stuff to get deployed which we don't want +server_role: git-review +git_host: git-mi.linaro.org +db_user: git +gerrit_host: mi.linaro.org +host_site_name: ARM MI Code Review + +gerrit_managed: yes + +certbot_domains: ["mi.linaro.org","git-mi.linaro.org"] +certbot_host_domain: mi.linaro.org + +ssl_cert: /etc/letsencrypt/live/{{certbot_host_domain}}/fullchain.pem +ssl_key: /etc/letsencrypt/live/{{certbot_host_domain}}/privkey.pem +ssl_ca: /etc/letsencrypt/live/{{certbot_host_domain}}/fullchain.pem + +postfix_relay_hostname: smtp.mailgun.org +postfix_destinations: ["mi.linaro.org"] +postfix_hostname: "mi.linaro.org" + +dovecot_user: "{{gerrit_config_dovecot_user}}" +dovecot_password: "{{gerrit_config_dovecot_password}}" @@ -22,6 +22,7 @@ git-ap.linaro.org git-ie.linaro.org dev-private-git.linaro.org git.trustedfirmware.org +git-mi.linaro.org [git:children] android-git @@ -40,6 +41,7 @@ android-review.linaro.org dev-private-review.linaro.org lhg-review.linaro.org review.trustedfirmware.org +mi.linaro.org [gerrit-mirror] git-us.linaro.org @@ -114,6 +116,7 @@ mmwg-hackbox.linaro.org lcg-hackbox.linaro.org releases-us.linaro.org j12-qrep-01 ansible_host=10.101.16.17 # inside mlab, jumphost via jenkins-master +mi.linaro.org [apache-auth] dev-private-git.linaro.org diff --git a/postfix.yml b/postfix.yml index d0e9cb75..85e4f261 100644 --- a/postfix.yml +++ b/postfix.yml @@ -4,6 +4,7 @@ - review.trustedfirmware.org - developer.trustedfirmware.org - patches.opendataplane.org + - mi.linaro.org gather_facts: no become: yes vars_files: |