33c744d923
We've noticed that our mirrors will semi regularly have problems due to old stale works. For example using old ssl certs or having connection problems to round robin backend services. In all cases restarting the service (killing old workers) seems to fix things. Try to force this to automatically happen by setting a reasonable connection limit per worker before we recycle them. Change-Id: Ic377f48d1a5a3eecbcb183327c9255134c4364ab
158 lines
3.2 KiB
YAML
158 lines
3.2 KiB
YAML
- name: Check AFS mounted
|
|
stat:
|
|
path: "/afs/openstack.org/mirror"
|
|
register: afs_mirror
|
|
- name: Sanity check AFS
|
|
assert:
|
|
that:
|
|
- afs_mirror.stat.exists
|
|
|
|
- name: Install apache2
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- apache2-utils
|
|
state: present
|
|
|
|
- name: Rewrite module
|
|
apache2_module:
|
|
state: present
|
|
name: rewrite
|
|
|
|
- name: Substitute module
|
|
apache2_module:
|
|
state: present
|
|
name: substitute
|
|
|
|
- name: Cache module
|
|
apache2_module:
|
|
state: present
|
|
name: cache
|
|
|
|
- name: Cache disk module
|
|
apache2_module:
|
|
state: present
|
|
name: cache_disk
|
|
|
|
- name: Proxy module
|
|
apache2_module:
|
|
state: present
|
|
name: proxy
|
|
|
|
- name: HTTP Proxy module
|
|
apache2_module:
|
|
state: present
|
|
name: proxy_http
|
|
|
|
- name: Apache macro module
|
|
apache2_module:
|
|
state: present
|
|
name: macro
|
|
|
|
- name: Apache 2 ssl module
|
|
apache2_module:
|
|
state: present
|
|
name: ssl
|
|
|
|
- name: Apache webroot
|
|
file:
|
|
path: '{{ www_base }}'
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Apache www root
|
|
file:
|
|
path: '{{ www_root }}'
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
|
|
- name: AFS content symlinks
|
|
file:
|
|
src: '{{ mirror_root }}/{{ item }}'
|
|
dest: '{{ www_root }}/{{ item }}'
|
|
state: link
|
|
owner: root
|
|
group: root
|
|
follow: false
|
|
with_items:
|
|
- apt-puppetlabs
|
|
- centos
|
|
- ceph-deb-hammer
|
|
- ceph-deb-jewel
|
|
- ceph-deb-luminous
|
|
- ceph-deb-mimic
|
|
- ceph-deb-nautilus
|
|
- deb-docker
|
|
- debian
|
|
- debian-security
|
|
- debian-openstack
|
|
- epel
|
|
- fedora
|
|
- logs
|
|
- opensuse
|
|
- ubuntu
|
|
- ubuntu-ports
|
|
- ubuntu-cloud-archive
|
|
- wheel
|
|
- yum-puppetlabs
|
|
|
|
- name: Install robots.txt
|
|
copy:
|
|
src: robots.txt
|
|
dest: '{{ www_root }}'
|
|
owner: root
|
|
group: root
|
|
mode: 0444
|
|
|
|
- name: Apache proxy cache
|
|
file:
|
|
path: /var/cache/apache2/proxy
|
|
owner: www-data
|
|
group: www-data
|
|
mode: 0755
|
|
state: directory
|
|
|
|
- name: Set mirror servername and alias
|
|
set_fact:
|
|
apache_server_name: '{{ inventory_hostname }}'
|
|
# Strip the numeric host value (like mirror01.region.provider.o.o
|
|
# becomes mirror.region...) for the serveralias
|
|
apache_server_alias: '{{ inventory_hostname | regex_replace("^mirror\d\d\.", "mirror.") }}'
|
|
|
|
- name: Copy apache tuning
|
|
copy:
|
|
src: apache-connection-tuning
|
|
dest: /etc/apache2/conf-enabled/connection-tuning.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart apache2
|
|
|
|
- name: Create mirror virtual host
|
|
template:
|
|
src: mirror.vhost.j2
|
|
dest: /etc/apache2/sites-available/mirror.conf
|
|
|
|
- name: Make sure default site disabled
|
|
command: a2dissite 000-default.conf
|
|
args:
|
|
removes: /etc/apache2/sites-enabled/000-default.conf
|
|
|
|
- name: Enable mirror virtual host
|
|
command: a2ensite mirror
|
|
args:
|
|
creates: /etc/apache2/sites-enabled/mirror.conf
|
|
notify:
|
|
- restart apache2
|
|
|
|
# Clean apache cache once an hour, keep size down to 70GiB.
|
|
- name: Proxy cleanup cron job
|
|
cron:
|
|
name: Apache cache cleanup
|
|
state: present
|
|
job: /usr/bin/flock -n /var/run/htcacheclean.lock /usr/bin/htcacheclean -n -p /var/cache/apache2/proxy -t -l 70200M > /dev/null
|
|
minute: '0'
|
|
hour: '*'
|