fixes
This commit is contained in:
parent
5164a49ba9
commit
a115df3996
28
README.md
28
README.md
|
@ -43,7 +43,7 @@ Continue with autoinstall (yes|no)
|
||||||
|
|
||||||
Once the installation is complete, you can run the vm using:
|
Once the installation is complete, you can run the vm using:
|
||||||
```
|
```
|
||||||
$ ansible-playbook qemu/run/yml
|
$ ansible-playbook qemu/run.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
The default login user has
|
The default login user has
|
||||||
|
@ -53,10 +53,17 @@ password: ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
## VM Install Option 2 (libvirt)
|
## VM Install Option 2 (libvirt)
|
||||||
Follow instructions in the README.md of the libvirt directory
|
Follow the instructions in `libvirt/README.md`
|
||||||
|
## Issues/Remarks
|
||||||
## System Details
|
- cron config `/etc/cron.d/csc-mirror` is commented out for now
|
||||||
Further system information for those that are interested.
|
- merlin.service is NOT started
|
||||||
|
- outsider/insider
|
||||||
|
- ssh server for push user is running on port 23
|
||||||
|
- `/etc/nginx/includes/mirror.conf` allow
|
||||||
|
- `/etc/rsyncd.conf` hosts allow
|
||||||
|
- commented out
|
||||||
|
- nginx server_name `debian.csclub.uwaterloo.ca`, `ca.ceph.com`, `ca.releases.ubuntu.com`
|
||||||
|
- nginx port 443 configuration
|
||||||
|
|
||||||
```
|
```
|
||||||
$ lsblk
|
$ lsblk
|
||||||
|
@ -84,14 +91,3 @@ vdf 252:80 0 10G 0 disk
|
||||||
├─vdf1 252:81 0 10G 0 part
|
├─vdf1 252:81 0 10G 0 part
|
||||||
└─vdf9 252:89 0 8M 0 part
|
└─vdf9 252:89 0 8M 0 part
|
||||||
```
|
```
|
||||||
Drives vda and vdb are for the main filesystem, they use raid1. Drives vdc, vdd, vde and vdf are in a raidz2 zpool.
|
|
||||||
|
|
||||||
## Issues/Remarks
|
|
||||||
- `/etc/cron.d/csc-mirror` is commented out for now
|
|
||||||
- need to update `/home/mirror/config/(ADDRESS|ADDRESS_V6)`
|
|
||||||
- `/mirror/root/include/motd.msg` contains the wrong address
|
|
||||||
- may want to generate cert for nginx
|
|
||||||
- will need to modify nginx server_name
|
|
||||||
- update /etc/rsyncd.conf hosts allow
|
|
||||||
- create playbook to add a new project?
|
|
||||||
- ssh server for push user is running on port 23
|
|
|
@ -1,7 +1,4 @@
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
### Prerequisites (debian)
|
### Prerequisites (debian)
|
||||||
|
|
||||||
Install QEMU and KVM
|
Install QEMU and KVM
|
||||||
|
@ -29,8 +26,6 @@ $ pacman -S qemu libvirt virt-install virt-viewer ansible
|
||||||
```
|
```
|
||||||
## Running the Playbook
|
## Running the Playbook
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
Run the playbook from one directory down
|
Run the playbook from one directory down
|
||||||
```
|
```
|
||||||
ansible-playbook libvirt/main.yml
|
ansible-playbook libvirt/main.yml
|
||||||
|
@ -74,8 +69,6 @@ $ git clone https://git.csclub.uwaterloo.ca/public/mirror-env.git
|
||||||
then enter `mirror-env/mirror` and use the instructions listed there
|
then enter `mirror-env/mirror` and use the instructions listed there
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
```
|
```
|
||||||
net.ipv4.ip_forward = 1
|
net.ipv4.ip_forward = 1
|
||||||
```
|
```
|
||||||
|
@ -90,7 +83,6 @@ group = "root"
|
||||||
$ service restart libvirtd
|
$ service restart libvirtd
|
||||||
```
|
```
|
||||||
## Installing Ubuntu
|
## Installing Ubuntu
|
||||||
---
|
|
||||||
|
|
||||||
- user: local
|
- user: local
|
||||||
- password: password
|
- password: password
|
||||||
|
|
|
@ -1,4 +1,2 @@
|
||||||
# mirror playbook
|
# Mirror Playbook
|
||||||
this playbook will be run inside a already set up vm to set up the services
|
This playbook will be run inside a vm to set up the mirror's services
|
||||||
|
|
||||||
TODO: varable for which disks to turn into a zfs pool
|
|
|
@ -1,7 +1,5 @@
|
||||||
- name: setup mirror vm
|
- name: setup mirror vm
|
||||||
hosts: 127.0.0.1
|
hosts: 127.0.0.1
|
||||||
# - modify ssh config to allow root login
|
|
||||||
# - copy over ssh public keys (if provided)
|
|
||||||
roles:
|
roles:
|
||||||
- "../roles/system"
|
- "../roles/system"
|
||||||
- "../roles/mirror"
|
- "../roles/mirror"
|
||||||
|
@ -9,4 +7,3 @@
|
||||||
- "../roles/nginx"
|
- "../roles/nginx"
|
||||||
- "../roles/rsync"
|
- "../roles/rsync"
|
||||||
- "../roles/ssh"
|
- "../roles/ssh"
|
||||||
# TODO: - "../roles/mirrormanager"
|
|
|
@ -22,9 +22,11 @@
|
||||||
# # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
|
# # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
|
||||||
# # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
# # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||||
# # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
# # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||||
|
|
||||||
|
# uncomment
|
||||||
#
|
#
|
||||||
# # Update index hourly
|
# # Update index hourly
|
||||||
# 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
# 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||||
#
|
|
||||||
# 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
|
# 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
|
||||||
# 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null
|
# 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null
|
|
@ -14,13 +14,13 @@ location / {
|
||||||
# Server status
|
# Server status
|
||||||
location /server-status {
|
location /server-status {
|
||||||
stub_status on;
|
stub_status on;
|
||||||
allow 127.0.0.1;
|
# allow 127.0.0.1;
|
||||||
allow ::1;
|
# allow ::1;
|
||||||
allow 129.97.134.0/24;
|
# allow 129.97.134.0/24;
|
||||||
allow 129.97.31.128/26;
|
# allow 129.97.31.128/26;
|
||||||
allow 2620:101:f000:4901::/64;
|
# allow 2620:101:f000:4901::/64;
|
||||||
allow 2620:101:f000:4902::/64;
|
# allow 2620:101:f000:4902::/64;
|
||||||
deny all;
|
# deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Statistics
|
# Statistics
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
server {
|
# don't have this domain
|
||||||
listen 80;
|
#
|
||||||
listen [::]:80;
|
# server {
|
||||||
|
# listen 80;
|
||||||
|
# listen [::]:80;
|
||||||
|
#
|
||||||
|
# include includes/csc-debian.conf;
|
||||||
|
# }
|
||||||
|
|
||||||
include includes/csc-debian.conf;
|
# disable ssl
|
||||||
}
|
#
|
||||||
|
# server {
|
||||||
server {
|
# listen 443 ssl;
|
||||||
listen 443 ssl;
|
# listen [::]:443 ssl;
|
||||||
listen [::]:443 ssl;
|
#
|
||||||
|
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||||
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||||
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
# include includes/ssl.conf;
|
||||||
include includes/ssl.conf;
|
#
|
||||||
|
# include includes/csc-debian.conf;
|
||||||
include includes/csc-debian.conf;
|
# }
|
||||||
}
|
|
||||||
|
|
|
@ -5,40 +5,46 @@ server {
|
||||||
include includes/mirror.conf;
|
include includes/mirror.conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
# disable ssl
|
||||||
listen 443 ssl default_server reuseport;
|
#
|
||||||
listen [::]:443 ssl default_server reuseport;
|
# server {
|
||||||
|
# listen 443 ssl default_server reuseport;
|
||||||
|
# listen [::]:443 ssl default_server reuseport;
|
||||||
|
#
|
||||||
|
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||||
|
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||||
|
# include includes/ssl.conf;
|
||||||
|
#
|
||||||
|
# include includes/mirror.conf;
|
||||||
|
# }
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
# don't have these domains
|
||||||
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
#
|
||||||
include includes/ssl.conf;
|
# # ca.releases.ubuntu.com
|
||||||
|
# server {
|
||||||
|
# listen 80;
|
||||||
|
# listen [::]:80;
|
||||||
|
#
|
||||||
|
# include includes/ubuntu.conf;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# # ca.ceph.com
|
||||||
|
# server {
|
||||||
|
# listen 80;
|
||||||
|
# listen [::]:80;
|
||||||
|
#
|
||||||
|
# include includes/ceph.conf;
|
||||||
|
# }
|
||||||
|
|
||||||
include includes/mirror.conf;
|
# disable ssl
|
||||||
}
|
#
|
||||||
|
# server {
|
||||||
# ca.releases.ubuntu.com
|
# listen 443 ssl;
|
||||||
server {
|
# listen [::]:443 ssl;
|
||||||
listen 80;
|
#
|
||||||
listen [::]:80;
|
# ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
|
||||||
include includes/ubuntu.conf;
|
# include includes/ssl.conf;
|
||||||
}
|
#
|
||||||
|
# include includes/ceph.conf;
|
||||||
# ca.ceph.com
|
# }
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
include includes/ceph.conf;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
|
|
||||||
ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
|
|
||||||
include includes/ssl.conf;
|
|
||||||
|
|
||||||
include includes/ceph.conf;
|
|
||||||
}
|
|
|
@ -12,7 +12,9 @@ read only = true
|
||||||
[mirror]
|
[mirror]
|
||||||
path = /mirror/root
|
path = /mirror/root
|
||||||
comment = Everything
|
comment = Everything
|
||||||
hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
|
# allow any host
|
||||||
|
#
|
||||||
|
# hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
|
||||||
filter = merge /etc/rsyncd-filter.conf
|
filter = merge /etc/rsyncd-filter.conf
|
||||||
|
|
||||||
[alpine]
|
[alpine]
|
||||||
|
|
|
@ -44,6 +44,9 @@
|
||||||
group: "{{ item }}"
|
group: "{{ item }}"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
|
loop:
|
||||||
|
- mirror
|
||||||
|
- push
|
||||||
|
|
||||||
- name: create authorized_keys files for mirror and push
|
- name: create authorized_keys files for mirror and push
|
||||||
file:
|
file:
|
||||||
|
@ -51,6 +54,9 @@
|
||||||
owner: "{{ item }}"
|
owner: "{{ item }}"
|
||||||
group: "{{ item }}"
|
group: "{{ item }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
loop:
|
||||||
|
- mirror
|
||||||
|
- push
|
||||||
|
|
||||||
- name: generate key for mirror user
|
- name: generate key for mirror user
|
||||||
command:
|
command:
|
||||||
|
|
Loading…
Reference in New Issue