6ca2b9a7d5
This is some evidence these vhosts are impacted. Mitigate that with our rules. While we are at it we modify the ruleset to add a newly noticed item. Change-Id: I8c20193e4e474898a0bdc395b25fd9de94469dd6
124 lines
2.6 KiB
YAML
124 lines
2.6 KiB
YAML
- name: Install apache2
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- apache2-utils
|
|
state: present
|
|
|
|
- name: Add UA filter macro to apache config
|
|
# This is used in the zuul apache vhost.
|
|
include_role:
|
|
name: apache-ua-filter
|
|
|
|
- name: Apache modules
|
|
apache2_module:
|
|
state: present
|
|
name: "{{ item }}"
|
|
loop:
|
|
- rewrite
|
|
- proxy
|
|
- proxy_http
|
|
- proxy_wstunnel
|
|
- ssl
|
|
- cache
|
|
- cache_disk
|
|
- cache_socache
|
|
- headers
|
|
|
|
- name: Copy common log configuration
|
|
copy:
|
|
src: log-combined-cache.conf
|
|
dest: /etc/apache2/conf-available
|
|
register: _log_combined_cache
|
|
|
|
- name: Enable combined cache log config
|
|
command: a2enconf log-combined-cache
|
|
when: _log_combined_cache.changed
|
|
|
|
- name: Copy apache config
|
|
template:
|
|
src: zuul.vhost.j2
|
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: zuul Reload apache2
|
|
|
|
- name: Copy whitelabel config
|
|
template:
|
|
src: openstack.vhost.j2
|
|
dest: "/etc/apache2/sites-enabled/010-openstack.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: zuul Reload apache2
|
|
|
|
- name: Copy htcacheclean config
|
|
copy:
|
|
src: apache-htcacheclean.default
|
|
dest: /etc/default/apache-htcacheclean
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Install logging config
|
|
copy:
|
|
src: logging.conf
|
|
dest: /etc/zuul/web-logging.conf
|
|
|
|
- name: Install fingergw logging config
|
|
copy:
|
|
src: fingergw-logging.conf
|
|
dest: /etc/zuul/fingergw-logging.conf
|
|
|
|
- name: Rotate web logs
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/log/zuul/web.log
|
|
logrotate_rotate: 30
|
|
|
|
- name: Rotate web debug logs
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/log/zuul/web-debug.log
|
|
logrotate_rotate: 30
|
|
|
|
- name: Rotate fingergw logs
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/log/zuul/fingergw.log
|
|
logrotate_rotate: 30
|
|
|
|
- name: Rotate fingergw debug logs
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/log/zuul/fingergw-debug.log
|
|
logrotate_rotate: 30
|
|
|
|
- name: Make docker-compose directory
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul-web
|
|
|
|
- name: Install docker-compose file
|
|
copy:
|
|
src: docker-compose.yaml
|
|
dest: /etc/zuul-web/docker-compose.yaml
|
|
|
|
- name: Update container images
|
|
include_tasks: pull.yaml
|
|
|
|
- name: Start containers
|
|
include_tasks: start.yaml
|
|
when: zuul_web_start | bool
|
|
|
|
# We can prune here as it should leave the "latest" tagged images
|
|
# as well as the currently running images.
|
|
- name: Run docker prune to cleanup unneeded images
|
|
shell:
|
|
cmd: docker image prune -f
|