master
Andrew Wang 1 year ago
parent 5164a49ba9
commit a115df3996
  1. 30
      README.md
  2. 8
      libvirt/README.md
  3. 6
      mirror/README.md
  4. 5
      mirror/main.yml
  5. 6
      roles/mirror/templates/cron/csc-mirror
  6. 14
      roles/nginx/templates/includes/mirror.conf
  7. 36
      roles/nginx/templates/sites-available/debian.conf
  8. 80
      roles/nginx/templates/sites-available/mirror.conf
  9. 4
      roles/rsync/templates/rsyncd.conf
  10. 6
      roles/ssh/tasks/main.yml

@ -43,7 +43,7 @@ Continue with autoinstall (yes|no)
Once the installation is complete, you can run the vm using:
```
$ ansible-playbook qemu/run/yml
$ ansible-playbook qemu/run.yml
```
The default login user has
@ -53,10 +53,17 @@ password: ubuntu
```
## VM Install Option 2 (libvirt)
Follow instructions in the README.md of the libvirt directory
## System Details
Further system information for those that are interested.
Follow the instructions in `libvirt/README.md`
## Issues/Remarks
- cron config `/etc/cron.d/csc-mirror` is commented out for now
- merlin.service is NOT started
- outsider/insider
- ssh server for push user is running on port 23
- `/etc/nginx/includes/mirror.conf` allow
- `/etc/rsyncd.conf` hosts allow
- commented out
- nginx server_name `debian.csclub.uwaterloo.ca`, `ca.ceph.com`, `ca.releases.ubuntu.com`
- nginx port 443 configuration
```
$ lsblk
@ -83,15 +90,4 @@ vde 252:64 0 10G 0 disk
vdf 252:80 0 10G 0 disk
├─vdf1 252:81 0 10G 0 part
└─vdf9 252:89 0 8M 0 part
```
Drives vda and vdb are for the main filesystem, they use raid1. Drives vdc, vdd, vde and vdf are in a raidz2 zpool.
## Issues/Remarks
- `/etc/cron.d/csc-mirror` is commented out for now
- need to update `/home/mirror/config/(ADDRESS|ADDRESS_V6)`
- `/mirror/root/include/motd.msg` contains the wrong address
- may want to generate cert for nginx
- will need to modify nginx server_name
- update /etc/rsyncd.conf hosts allow
- create playbook to add a new project?
- ssh server for push user is running on port 23
```

@ -1,7 +1,4 @@
## Installation
---
### Prerequisites (debian)
Install QEMU and KVM
@ -29,8 +26,6 @@ $ pacman -S qemu libvirt virt-install virt-viewer ansible
```
## Running the Playbook
---
Run the playbook from one directory down
```
ansible-playbook libvirt/main.yml
@ -74,8 +69,6 @@ $ git clone https://git.csclub.uwaterloo.ca/public/mirror-env.git
then enter `mirror-env/mirror` and use the instructions listed there
## Troubleshooting
---
```
net.ipv4.ip_forward = 1
```
@ -90,7 +83,6 @@ group = "root"
$ service restart libvirtd
```
## Installing Ubuntu
---
- user: local
- password: password

@ -1,4 +1,2 @@
# mirror playbook
this playbook will be run inside a already set up vm to set up the services
TODO: varable for which disks to turn into a zfs pool
# Mirror Playbook
This playbook will be run inside a vm to set up the mirror's services

@ -1,12 +1,9 @@
- name: setup mirror vm
hosts: 127.0.0.1
# - modify ssh config to allow root login
# - copy over ssh public keys (if provided)
roles:
- "../roles/system"
- "../roles/mirror"
- "../roles/ftp"
- "../roles/nginx"
- "../roles/rsync"
- "../roles/ssh"
# TODO: - "../roles/mirrormanager"
- "../roles/ssh"

@ -22,9 +22,11 @@
# # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
# # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
# # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
#
# uncomment
#
# # Update index hourly
# 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
#
# 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
# 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null

@ -14,13 +14,13 @@ location / {
# Server status
location /server-status {
stub_status on;
allow 127.0.0.1;
allow ::1;
allow 129.97.134.0/24;
allow 129.97.31.128/26;
allow 2620:101:f000:4901::/64;
allow 2620:101:f000:4902::/64;
deny all;
# allow 127.0.0.1;
# allow ::1;
# allow 129.97.134.0/24;
# allow 129.97.31.128/26;
# allow 2620:101:f000:4901::/64;
# allow 2620:101:f000:4902::/64;
# deny all;
}
# Statistics

@ -1,17 +1,21 @@
server {
listen 80;
listen [::]:80;
include includes/csc-debian.conf;
}
# don't have this domain
#
# server {
# listen 80;
# listen [::]:80;
#
# include includes/csc-debian.conf;
# }
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
include includes/ssl.conf;
include includes/csc-debian.conf;
}
# disable ssl
#
# server {
# listen 443 ssl;
# listen [::]:443 ssl;
#
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
# include includes/ssl.conf;
#
# include includes/csc-debian.conf;
# }

@ -5,40 +5,46 @@ server {
include includes/mirror.conf;
}
server {
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
include includes/ssl.conf;
include includes/mirror.conf;
}
# ca.releases.ubuntu.com
server {
listen 80;
listen [::]:80;
include includes/ubuntu.conf;
}
# ca.ceph.com
server {
listen 80;
listen [::]:80;
include includes/ceph.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
include includes/ssl.conf;
include includes/ceph.conf;
}
# disable ssl
#
# server {
# listen 443 ssl default_server reuseport;
# listen [::]:443 ssl default_server reuseport;
#
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
# include includes/ssl.conf;
#
# include includes/mirror.conf;
# }
# don't have these domains
#
# # ca.releases.ubuntu.com
# server {
# listen 80;
# listen [::]:80;
#
# include includes/ubuntu.conf;
# }
#
# # ca.ceph.com
# server {
# listen 80;
# listen [::]:80;
#
# include includes/ceph.conf;
# }
# disable ssl
#
# server {
# listen 443 ssl;
# listen [::]:443 ssl;
#
# ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
# ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
# include includes/ssl.conf;
#
# include includes/ceph.conf;
# }

@ -12,7 +12,9 @@ read only = true
[mirror]
path = /mirror/root
comment = Everything
hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
# allow any host
#
# hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
filter = merge /etc/rsyncd-filter.conf
[alpine]

@ -44,6 +44,9 @@
group: "{{ item }}"
mode: "0700"
state: directory
loop:
- mirror
- push
- name: create authorized_keys files for mirror and push
file:
@ -51,6 +54,9 @@
owner: "{{ item }}"
group: "{{ item }}"
mode: "0644"
loop:
- mirror
- push
- name: generate key for mirror user
command:

Loading…
Cancel
Save