fixes

README.md

@@ -43,7 +43,7 @@ Continue with autoinstall (yes|no)
 
 Once the installation is complete, you can run the vm using:
 ```
-$ ansible-playbook qemu/run/yml
+$ ansible-playbook qemu/run.yml
 ```
 
 The default login user has
@@ -53,10 +53,17 @@ password: ubuntu
 ```
 
 ## VM Install Option 2 (libvirt)
-Follow instructions in the README.md of the libvirt directory
+Follow the instructions in `libvirt/README.md`
-
+## Issues/Remarks
-## System Details
+- cron config `/etc/cron.d/csc-mirror` is commented out for now
-Further system information for those that are interested.
+- merlin.service is NOT started
+- outsider/insider
+  - ssh server for push user is running on port 23
+  - `/etc/nginx/includes/mirror.conf` allow
+  - `/etc/rsyncd.conf` hosts allow
+- commented out
+  - nginx server_name `debian.csclub.uwaterloo.ca`, `ca.ceph.com`, `ca.releases.ubuntu.com`
+  - nginx port 443 configuration
 
 ```
 $ lsblk
@@ -83,15 +90,4 @@ vde            252:64   0   10G  0 disk
 vdf            252:80   0   10G  0 disk  
 ├─vdf1         252:81   0   10G  0 part  
 └─vdf9         252:89   0    8M  0 part  
-```
+```
-Drives vda and vdb are for the main filesystem, they use raid1. Drives vdc, vdd, vde and vdf are in a raidz2 zpool.
-
-## Issues/Remarks
-- `/etc/cron.d/csc-mirror` is commented out for now
-- need to update `/home/mirror/config/(ADDRESS|ADDRESS_V6)`
-- `/mirror/root/include/motd.msg` contains the wrong address
-- may want to generate cert for nginx
-- will need to modify nginx server_name
-- update /etc/rsyncd.conf hosts allow
-- create playbook to add a new project?
-- ssh server for push user is running on port 23

libvirt/README.md

@@ -1,7 +1,4 @@
 ## Installation
-
----
-
 ### Prerequisites (debian)
 
 Install QEMU and KVM
@@ -29,8 +26,6 @@ $ pacman -S qemu libvirt virt-install virt-viewer ansible
 ```
 ## Running the Playbook
 
----
-
 Run the playbook from one directory down
 ```
 ansible-playbook libvirt/main.yml
@@ -74,8 +69,6 @@ $ git clone https://git.csclub.uwaterloo.ca/public/mirror-env.git
 then enter `mirror-env/mirror` and use the instructions listed there
 ## Troubleshooting
 
----
-
 ```
 net.ipv4.ip_forward = 1
 ```
@@ -90,7 +83,6 @@ group = "root"
 $ service restart libvirtd
 ```
 ## Installing Ubuntu
----
 
 - user: local
 - password: password

mirror/README.md

@@ -1,4 +1,2 @@
-# mirror playbook
+# Mirror Playbook
-this playbook will be run inside a already set up vm to set up the services
+This playbook will be run inside a vm to set up the mirror's services
-
-TODO: varable for which disks to turn into a zfs pool

mirror/main.yml

@@ -1,12 +1,9 @@
 - name: setup mirror vm
   hosts: 127.0.0.1
-# - modify ssh config to allow root login
-# - copy over ssh public keys (if provided)
   roles:
     - "../roles/system"
     - "../roles/mirror"
     - "../roles/ftp"
     - "../roles/nginx"
     - "../roles/rsync"
-    - "../roles/ssh"
+    - "../roles/ssh"
-    # TODO: - "../roles/mirrormanager"

roles/mirror/templates/cron/csc-mirror

@@ -22,9 +22,11 @@
 # # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
 # # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
 # # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
-# 
+
+# uncomment
+#
 # # Update index hourly
 # 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
-# 
+
 # 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
 # 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null

roles/nginx/templates/includes/mirror.conf

@@ -14,13 +14,13 @@ location / {
 # Server status
 location /server-status {
   stub_status on;
-  allow 127.0.0.1;
+#   allow 127.0.0.1;
-  allow ::1;
+#   allow ::1;
-  allow 129.97.134.0/24;
+#   allow 129.97.134.0/24;
-  allow 129.97.31.128/26;
+#   allow 129.97.31.128/26;
-  allow 2620:101:f000:4901::/64;
+#   allow 2620:101:f000:4901::/64;
-  allow 2620:101:f000:4902::/64;
+#   allow 2620:101:f000:4902::/64;
-  deny all;
+#   deny all;
 }
 
 # Statistics

roles/nginx/templates/sites-available/debian.conf

@@ -1,17 +1,21 @@
-server {
+# don't have this domain
-	listen 80;
+#
-	listen [::]:80;
+# 	server {
-  
+# 		listen 80;
-  include includes/csc-debian.conf;
+# 		listen [::]:80;
-}
+# 	  
+# 	  include includes/csc-debian.conf;
+# 	}
 
-server {
+# disable ssl
-	listen 443 ssl;
+# 
-	listen [::]:443 ssl;
+# 	server {
-
+# 		listen 443 ssl;
-	ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
+# 		listen [::]:443 ssl;
-	ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
+# 	
-  include includes/ssl.conf;
+# 		ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
-
+# 		ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
-  include includes/csc-debian.conf;
+# 	  include includes/ssl.conf;
-}
+# 	
+# 	  include includes/csc-debian.conf;
+# 	}

roles/nginx/templates/sites-available/mirror.conf

@@ -5,40 +5,46 @@ server {
   include includes/mirror.conf;
 }
 
-server {
+# disable ssl
-	listen 443 ssl default_server reuseport;
+#
-	listen [::]:443 ssl default_server reuseport;
+# 	server {
+# 		listen 443 ssl default_server reuseport;
+# 		listen [::]:443 ssl default_server reuseport;
+# 	
+# 		ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
+# 		ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
+# 	  include includes/ssl.conf;
+# 	
+# 	  include includes/mirror.conf;
+# 	}
 
-	ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
+# don't have these domains
-	ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
+# 
-  include includes/ssl.conf;
+# 	# ca.releases.ubuntu.com
+# 	server {
+# 		listen 80;
+# 		listen [::]:80;
+# 	
+# 	  include includes/ubuntu.conf;
+# 	}
+# 	
+# 	# ca.ceph.com
+# 	server {
+# 		listen 80;
+# 		listen [::]:80;
+# 	  
+# 	  include includes/ceph.conf;
+# 	}
 
-  include includes/mirror.conf;
+# disable ssl
-}
+#
-
+# 	server {
-# ca.releases.ubuntu.com
+# 		listen 443 ssl;
-server {
+# 		listen [::]:443 ssl;
-	listen 80;
+# 	
-	listen [::]:80;
+# 	  ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
-
+# 		ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
-  include includes/ubuntu.conf;
+# 	  include includes/ssl.conf;
-}
+# 	
-
+# 	  include includes/ceph.conf;
-# ca.ceph.com
+# 	}
-server {
-	listen 80;
-	listen [::]:80;
-  
-  include includes/ceph.conf;
-}
-
-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-
-  ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
-	ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
-  include includes/ssl.conf;
-
-  include includes/ceph.conf;
-}

roles/rsync/templates/rsyncd.conf

@@ -12,7 +12,9 @@ read only = true
 [mirror]
   path = /mirror/root
   comment = Everything
-  hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
+#   allow any host
+# 
+#   hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
   filter = merge /etc/rsyncd-filter.conf
 
 [alpine]

roles/ssh/tasks/main.yml

@@ -44,6 +44,9 @@
     group: "{{ item }}"
     mode: "0700"
     state: directory
+  loop:
+    - mirror
+    - push
 
 - name: create authorized_keys files for mirror and push
   file:
@@ -51,6 +54,9 @@
     owner: "{{ item }}"
     group: "{{ item }}"
     mode: "0644"
+  loop:
+    - mirror
+    - push
 
 - name: generate key for mirror user
   command: