ab50b54169
We've noticed that our static sites will semi-regularly have problems due to stale SSL certs served by Apache workers which predate the latest certificate replacement and haven't terminated (graceful restart only ends the running workers once they have no remaining connections). Limit the impact of this by recycling workers automatically after a reasonable (large) number of connections. This implementation is shamelessly stolen from that used in Ic377f48d1a5a3eecbcb183327c9255134c4364ab for our mirror sites. Change-Id: I2e5c0bdf012184ebbfccb086b967008bf12582ab Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
114 lines
2.3 KiB
YAML
114 lines
2.3 KiB
YAML
- name: Check AFS mounted
|
|
stat:
|
|
path: "/afs/openstack.org/project"
|
|
register: afs_root
|
|
|
|
- name: Sanity check AFS
|
|
assert:
|
|
that:
|
|
- afs_root.stat.exists
|
|
|
|
- name: Install zuul user
|
|
include_role:
|
|
name: zuul-user
|
|
vars:
|
|
zuul_user_enable_sudo: True
|
|
|
|
- name: Install apache2
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- apache2-utils
|
|
state: present
|
|
|
|
- name: Install goaccess
|
|
apt:
|
|
name: goaccess
|
|
state: present
|
|
|
|
- name: Rewrite module
|
|
apache2_module:
|
|
state: present
|
|
name: rewrite
|
|
|
|
- name: Substitute module
|
|
apache2_module:
|
|
state: present
|
|
name: substitute
|
|
|
|
- name: Cache module
|
|
apache2_module:
|
|
state: present
|
|
name: cache
|
|
|
|
- name: Cache disk module
|
|
apache2_module:
|
|
state: present
|
|
name: cache_disk
|
|
|
|
- name: Apache macro module
|
|
apache2_module:
|
|
state: present
|
|
name: macro
|
|
|
|
- name: Apache 2 ssl module
|
|
apache2_module:
|
|
state: present
|
|
name: ssl
|
|
|
|
- name: Apache 2 headers module
|
|
apache2_module:
|
|
state: present
|
|
name: headers
|
|
|
|
- name: Copy apache tuning
|
|
copy:
|
|
src: apache-connection-tuning
|
|
dest: /etc/apache2/conf-enabled/connection-tuning.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: Restart apache2
|
|
|
|
- name: Make sure packaged default site disabled
|
|
command: a2dissite 000-default.conf
|
|
args:
|
|
removes: /etc/apache2/sites-enabled/000-default.conf
|
|
|
|
- name: Enable sites
|
|
include_tasks: enable_site.yaml
|
|
loop:
|
|
- 00-static.opendev.org
|
|
- 50-ci.openstack.org
|
|
- 50-cinder.openstack.org
|
|
- 50-developer.openstack.org
|
|
- 50-devstack.org
|
|
- 50-docs.airshipit.org
|
|
- 50-docs.opendev.org
|
|
- 50-docs.openstack.org
|
|
- 50-docs.starlingx.io
|
|
- 50-governance.openstack.org
|
|
- 50-glance.openstack.org
|
|
- 50-horizon.openstack.org
|
|
- 50-keystone.openstack.org
|
|
- 50-nova.openstack.org
|
|
- 50-security.openstack.org
|
|
- 50-service-types.openstack.org
|
|
- 50-specs.openstack.org
|
|
- 50-releases.openstack.org
|
|
- 50-summit.openstack.org
|
|
- 50-swift.openstack.org
|
|
- 50-tarballs.opendev.org
|
|
- 50-tarballs.openstack.org
|
|
- 50-zuul-ci.org
|
|
|
|
- name: Enable git sites
|
|
include_tasks: enable_git_site.yaml
|
|
loop:
|
|
- git.airshipit.org
|
|
- git.openstack.org
|
|
- git.starlingx.io
|
|
- git.zuul-ci.org
|
|
loop_control:
|
|
loop_var: hostname
|