fixes
This commit is contained in:
parent
5164a49ba9
commit
a115df3996
30
README.md
30
README.md
|
@ -43,7 +43,7 @@ Continue with autoinstall (yes|no)
|
|||
|
||||
Once the installation is complete, you can run the vm using:
|
||||
```
|
||||
$ ansible-playbook qemu/run/yml
|
||||
$ ansible-playbook qemu/run.yml
|
||||
```
|
||||
|
||||
The default login user has
|
||||
|
@ -53,10 +53,17 @@ password: ubuntu
|
|||
```
|
||||
|
||||
## VM Install Option 2 (libvirt)
|
||||
Follow instructions in the README.md of the libvirt directory
|
||||
|
||||
## System Details
|
||||
Further system information for those that are interested.
|
||||
Follow the instructions in `libvirt/README.md`
|
||||
## Issues/Remarks
|
||||
- cron config `/etc/cron.d/csc-mirror` is commented out for now
|
||||
- merlin.service is NOT started
|
||||
- outsider/insider
|
||||
- ssh server for push user is running on port 23
|
||||
- `/etc/nginx/includes/mirror.conf` allow
|
||||
- `/etc/rsyncd.conf` hosts allow
|
||||
- commented out
|
||||
- nginx server_name `debian.csclub.uwaterloo.ca`, `ca.ceph.com`, `ca.releases.ubuntu.com`
|
||||
- nginx port 443 configuration
|
||||
|
||||
```
|
||||
$ lsblk
|
||||
|
@ -83,15 +90,4 @@ vde 252:64 0 10G 0 disk
|
|||
vdf 252:80 0 10G 0 disk
|
||||
├─vdf1 252:81 0 10G 0 part
|
||||
└─vdf9 252:89 0 8M 0 part
|
||||
```
|
||||
Drives vda and vdb are for the main filesystem, they use raid1. Drives vdc, vdd, vde and vdf are in a raidz2 zpool.
|
||||
|
||||
## Issues/Remarks
|
||||
- `/etc/cron.d/csc-mirror` is commented out for now
|
||||
- need to update `/home/mirror/config/(ADDRESS|ADDRESS_V6)`
|
||||
- `/mirror/root/include/motd.msg` contains the wrong address
|
||||
- may want to generate cert for nginx
|
||||
- will need to modify nginx server_name
|
||||
- update /etc/rsyncd.conf hosts allow
|
||||
- create playbook to add a new project?
|
||||
- ssh server for push user is running on port 23
|
||||
```
|
|
@ -1,7 +1,4 @@
|
|||
## Installation
|
||||
|
||||
---
|
||||
|
||||
### Prerequisites (debian)
|
||||
|
||||
Install QEMU and KVM
|
||||
|
@ -29,8 +26,6 @@ $ pacman -S qemu libvirt virt-install virt-viewer ansible
|
|||
```
|
||||
## Running the Playbook
|
||||
|
||||
---
|
||||
|
||||
Run the playbook from one directory down
|
||||
```
|
||||
ansible-playbook libvirt/main.yml
|
||||
|
@ -74,8 +69,6 @@ $ git clone https://git.csclub.uwaterloo.ca/public/mirror-env.git
|
|||
then enter `mirror-env/mirror` and use the instructions listed there
|
||||
## Troubleshooting
|
||||
|
||||
---
|
||||
|
||||
```
|
||||
net.ipv4.ip_forward = 1
|
||||
```
|
||||
|
@ -90,7 +83,6 @@ group = "root"
|
|||
$ service restart libvirtd
|
||||
```
|
||||
## Installing Ubuntu
|
||||
---
|
||||
|
||||
- user: local
|
||||
- password: password
|
||||
|
|
|
@ -1,4 +1,2 @@
|
|||
# mirror playbook
|
||||
this playbook will be run inside a already set up vm to set up the services
|
||||
|
||||
TODO: varable for which disks to turn into a zfs pool
|
||||
# Mirror Playbook
|
||||
This playbook will be run inside a vm to set up the mirror's services
|
|
@ -1,12 +1,9 @@
|
|||
- name: setup mirror vm
|
||||
hosts: 127.0.0.1
|
||||
# - modify ssh config to allow root login
|
||||
# - copy over ssh public keys (if provided)
|
||||
roles:
|
||||
- "../roles/system"
|
||||
- "../roles/mirror"
|
||||
- "../roles/ftp"
|
||||
- "../roles/nginx"
|
||||
- "../roles/rsync"
|
||||
- "../roles/ssh"
|
||||
# TODO: - "../roles/mirrormanager"
|
||||
- "../roles/ssh"
|
|
@ -22,9 +22,11 @@
|
|||
# # ztseguin - temporarilly disabled until script can be updated to handle symlink farm
|
||||
# # 40 5 */14 * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||
# # 30 3 * * 0 mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||
#
|
||||
|
||||
# uncomment
|
||||
#
|
||||
# # Update index hourly
|
||||
# 0 * * * * mirror cd /home/mirror/mirror-index && /home/mirror/mirror-index/make-index.py
|
||||
#
|
||||
|
||||
# 0 * * * * mirror /home/mirror/bin/zfssync csclub >/home/mirror/merlin/logs/zfssync-csclub 2>/dev/null
|
||||
# 0 * * * * mirror /home/mirror/bin/zfssync wics >/home/mirror/merlin/logs/zfssync-wics 2>/dev/null
|
|
@ -14,13 +14,13 @@ location / {
|
|||
# Server status
|
||||
location /server-status {
|
||||
stub_status on;
|
||||
allow 127.0.0.1;
|
||||
allow ::1;
|
||||
allow 129.97.134.0/24;
|
||||
allow 129.97.31.128/26;
|
||||
allow 2620:101:f000:4901::/64;
|
||||
allow 2620:101:f000:4902::/64;
|
||||
deny all;
|
||||
# allow 127.0.0.1;
|
||||
# allow ::1;
|
||||
# allow 129.97.134.0/24;
|
||||
# allow 129.97.31.128/26;
|
||||
# allow 2620:101:f000:4901::/64;
|
||||
# allow 2620:101:f000:4902::/64;
|
||||
# deny all;
|
||||
}
|
||||
|
||||
# Statistics
|
||||
|
|
|
@ -1,17 +1,21 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
include includes/csc-debian.conf;
|
||||
}
|
||||
# don't have this domain
|
||||
#
|
||||
# server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# include includes/csc-debian.conf;
|
||||
# }
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||
include includes/ssl.conf;
|
||||
|
||||
include includes/csc-debian.conf;
|
||||
}
|
||||
# disable ssl
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl;
|
||||
#
|
||||
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||
# include includes/ssl.conf;
|
||||
#
|
||||
# include includes/csc-debian.conf;
|
||||
# }
|
||||
|
|
|
@ -5,40 +5,46 @@ server {
|
|||
include includes/mirror.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl default_server reuseport;
|
||||
listen [::]:443 ssl default_server reuseport;
|
||||
# disable ssl
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl default_server reuseport;
|
||||
# listen [::]:443 ssl default_server reuseport;
|
||||
#
|
||||
# ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||
# ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||
# include includes/ssl.conf;
|
||||
#
|
||||
# include includes/mirror.conf;
|
||||
# }
|
||||
|
||||
ssl_certificate /etc/ssl/private/csclub-wildcard-chain.crt;
|
||||
ssl_certificate_key /etc/ssl/private/csclub-wildcard.key;
|
||||
include includes/ssl.conf;
|
||||
# don't have these domains
|
||||
#
|
||||
# # ca.releases.ubuntu.com
|
||||
# server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# include includes/ubuntu.conf;
|
||||
# }
|
||||
#
|
||||
# # ca.ceph.com
|
||||
# server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
#
|
||||
# include includes/ceph.conf;
|
||||
# }
|
||||
|
||||
include includes/mirror.conf;
|
||||
}
|
||||
|
||||
# ca.releases.ubuntu.com
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
include includes/ubuntu.conf;
|
||||
}
|
||||
|
||||
# ca.ceph.com
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
include includes/ceph.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
|
||||
include includes/ssl.conf;
|
||||
|
||||
include includes/ceph.conf;
|
||||
}
|
||||
# disable ssl
|
||||
#
|
||||
# server {
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl;
|
||||
#
|
||||
# ssl_certificate /etc/dehydrated/certs/ca.ceph.com/fullchain.pem;
|
||||
# ssl_certificate_key /etc/dehydrated/certs/ca.ceph.com/privkey.pem;
|
||||
# include includes/ssl.conf;
|
||||
#
|
||||
# include includes/ceph.conf;
|
||||
# }
|
|
@ -12,7 +12,9 @@ read only = true
|
|||
[mirror]
|
||||
path = /mirror/root
|
||||
comment = Everything
|
||||
hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
|
||||
# allow any host
|
||||
#
|
||||
# hosts allow = 129.97.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 2620:101:f000::/47, fd74:6b6a:8eca::/47
|
||||
filter = merge /etc/rsyncd-filter.conf
|
||||
|
||||
[alpine]
|
||||
|
|
|
@ -44,6 +44,9 @@
|
|||
group: "{{ item }}"
|
||||
mode: "0700"
|
||||
state: directory
|
||||
loop:
|
||||
- mirror
|
||||
- push
|
||||
|
||||
- name: create authorized_keys files for mirror and push
|
||||
file:
|
||||
|
@ -51,6 +54,9 @@
|
|||
owner: "{{ item }}"
|
||||
group: "{{ item }}"
|
||||
mode: "0644"
|
||||
loop:
|
||||
- mirror
|
||||
- push
|
||||
|
||||
- name: generate key for mirror user
|
||||
command:
|
||||
|
|
Loading…
Reference in New Issue