fixes

1 year ago · a115df3996
parent 5164a49ba9
commit a115df3996
10 changed files with 99 additions and 96 deletions
--- a/README.md
+++ b/README.md
@ -43,7 +43,7 @@ Continue with autoinstall (yes|no)

 Once the installation is complete, you can run the vm using:
 ```
-$ ansible-playbook qemu/run/yml
+$ ansible-playbook qemu/run.yml
 ```

 The default login user has
@ -53,10 +53,17 @@ password: ubuntu
 ```

 ## VM Install Option 2 (libvirt)
-Follow instructions in the README.md of the libvirt directory
-
-## System Details
-Further system information for those that are interested.
+Follow the instructions in `libvirt/README.md`
+## Issues/Remarks
+- cron config `/etc/cron.d/csc-mirror` is commented out for now
+- merlin.service is NOT started
+- outsider/insider
+  - ssh server for push user is running on port 23
+  - `/etc/nginx/includes/mirror.conf` allow
+  - `/etc/rsyncd.conf` hosts allow
+- commented out
+  - nginx server_name `debian.csclub.uwaterloo.ca`, `ca.ceph.com`, `ca.releases.ubuntu.com`
+  - nginx port 443 configuration

 ```
 $ lsblk
@ -83,15 +90,4 @@ vde            252:64   0   10G  0 disk
 vdf            252:80   0   10G  0 disk  
 ├─vdf1         252:81   0   10G  0 part  
 └─vdf9         252:89   0    8M  0 part  
-```
-Drives vda and vdb are for the main filesystem, they use raid1. Drives vdc, vdd, vde and vdf are in a raidz2 zpool.
-
-## Issues/Remarks
- `/etc/cron.d/csc-mirror` is commented out for now
- need to update `/home/mirror/config/(ADDRESS|ADDRESS_V6)`
- `/mirror/root/include/motd.msg` contains the wrong address
- may want to generate cert for nginx
- will need to modify nginx server_name
- update /etc/rsyncd.conf hosts allow
- create playbook to add a new project?
- ssh server for push user is running on port 23
+```
--- a/libvirt/README.md
+++ b/libvirt/README.md
@ -1,7 +1,4 @@
 ## Installation
-
---
-
 ### Prerequisites (debian)

 Install QEMU and KVM
@ -29,8 +26,6 @@ $ pacman -S qemu libvirt virt-install virt-viewer ansible
 ```
 ## Running the Playbook

---
-
 Run the playbook from one directory down
 ```
 ansible-playbook libvirt/main.yml
@ -74,8 +69,6 @@ $ git clone https://git.csclub.uwaterloo.ca/public/mirror-env.git
 then enter `mirror-env/mirror` and use the instructions listed there
 ## Troubleshooting

---
-
 ```
 net.ipv4.ip_forward = 1
 ```
@ -90,7 +83,6 @@ group = "root"
 $ service restart libvirtd
 ```
 ## Installing Ubuntu
---

 - user: local
 - password: password
--- a/mirror/README.md
+++ b/mirror/README.md
@ -1,4 +1,2 @@
-# mirror playbook
-this playbook will be run inside a already set up vm to set up the services
-
-TODO: varable for which disks to turn into a zfs pool
+# Mirror Playbook
+This playbook will be run inside a vm to set up the mirror's services
--- a/mirror/main.yml
+++ b/mirror/main.yml
@ -1,12 +1,9 @@
 - name: setup mirror vm
  hosts: 127.0.0.1
-# - modify ssh config to allow root login
-# - copy over ssh public keys (if provided)
  roles:
    - "../roles/system"
    - "../roles/mirror"
    - "../roles/ftp"
    - "../roles/nginx"
    - "../roles/rsync"
-    - "../roles/ssh"
-    # TODO: - "../roles/mirrormanager"
+    - "../roles/ssh"
--- a/roles/mirror/templates/cron/csc-mirror
+++ b/roles/mirror/templates/cron/csc-mirror
@ -22,9 +22,11 @@
 # # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
 # # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
 # # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
-# 
+
+# uncomment
+#
 # # Update index hourly
 # 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
-# 
+
 # 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
 # 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null
--- a/roles/nginx/templates/includes/mirror.conf
+++ b/roles/nginx/templates/includes/mirror.conf
@ -14,13 +14,13 @@ location / {
 # Server status
 location /server-status {
  stub_status on;
-  allow 127.0.0.1;
-  allow ::1;
-  allow 129.97.134.0/24;
-  allow 129.97.31.128/26;
-  allow 2620:101:f000:4901::/64;
-  allow 2620:101:f000:4902::/64;
-  deny all;
+#   allow 127.0.0.1;
+#   allow ::1;
+#   allow 129.97.134.0/24;
+#   allow 129.97.31.128/26;
+#   allow 2620:101:f000:4901::/64;
+#   allow 2620:101:f000:4902::/64;
+#   deny all;
 }

 # Statistics
--- a/roles/nginx/templates/sites-available/debian.conf
+++ b/roles/nginx/templates/sites-available/debian.conf
@ -1,17 +1,21 @@
-server {
-	listen 80;
-	listen [::]:80;
-  
-  include includes/csc-debian.conf;
-}
+# don't have this domain
+#
+# 	server {
+# 		listen 80;
+# 		listen [::]:80;
+# 	  
+# 	  include includes/csc-debian.conf;
+# 	}

-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-
-	ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
-	ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
-  include includes/ssl.conf;
-
-  include includes/csc-debian.conf;
-}
+# disable ssl
+# 
+# 	server {
+# 		listen 443 ssl;
+# 		listen [::]:443 ssl;
+# 	
+# 		ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
+# 		ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
+# 	  include includes/ssl.conf;
+# 	
+# 	  include includes/csc-debian.conf;
+# 	}
--- a/roles/nginx/templates/sites-available/mirror.conf
+++ b/roles/nginx/templates/sites-available/mirror.conf
@ -5,40 +5,46 @@ server {
  include includes/mirror.conf;
 }

-server {
-	listen 443 ssl default_server reuseport;
-	listen [::]:443 ssl default_server reuseport;
-
-	ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
-	ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
-  include includes/ssl.conf;
-
-  include includes/mirror.conf;
-}
-
-# ca.releases.ubuntu.com
-server {
-	listen 80;
-	listen [::]:80;
-
-  include includes/ubuntu.conf;
-}
-
-# ca.ceph.com
-server {
-	listen 80;
-	listen [::]:80;
-  
-  include includes/ceph.conf;
-}
-
-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-
-  ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
-	ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
-  include includes/ssl.conf;
-
-  include includes/ceph.conf;
-}
+# disable ssl
+#
+# 	server {
+# 		listen 443 ssl default_server reuseport;
+# 		listen [::]:443 ssl default_server reuseport;
+# 	
+# 		ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
+# 		ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
+# 	  include includes/ssl.conf;
+# 	
+# 	  include includes/mirror.conf;
+# 	}
+
+# don't have these domains
+# 
+# 	# ca.releases.ubuntu.com
+# 	server {
+# 		listen 80;
+# 		listen [::]:80;
+# 	
+# 	  include includes/ubuntu.conf;
+# 	}
+# 	
+# 	# ca.ceph.com
+# 	server {
+# 		listen 80;
+# 		listen [::]:80;
+# 	  
+# 	  include includes/ceph.conf;
+# 	}
+
+# disable ssl
+#
+# 	server {
+# 		listen 443 ssl;
+# 		listen [::]:443 ssl;
+# 	
+# 	  ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
+# 		ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
+# 	  include includes/ssl.conf;
+# 	
+# 	  include includes/ceph.conf;
+# 	}
--- a/roles/rsync/templates/rsyncd.conf
+++ b/roles/rsync/templates/rsyncd.conf
@ -12,7 +12,9 @@ read only = true
 [mirror]
  path = /mirror/root
  comment = Everything
-  hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
+#   allow any host
+# 
+#   hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
  filter = merge /etc/rsyncd-filter.conf

 [alpine]
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@ -44,6 +44,9 @@
    group: "{{ item }}"
    mode: "0700"
    state: directory
+  loop:
+    - mirror
+    - push

 - name: create authorized_keys files for mirror and push
  file:
@ -51,6 +54,9 @@
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: "0644"
+  loop:
+    - mirror
+    - push

 - name: generate key for mirror user
  command: