fic
/
server
2
0
Fork 0
Code Issues Pull Requests 10 Releases Wiki Activity

Add frontend playbook

This commit is contained in:
nemunaire 2016-10-13 20:10:29 +02:00
parent 3bcffbe251
commit 4a625bf3eb
9 changed files with 447 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
playbooks/playbook.yml
View File

@ -4,3 +4,4 @@
hosts: all
roles:
- nrpe
- fic-frontend

1
playbooks/roles/fic-frontend/files/ficpasswd Normal file
View File

@ -0,0 +1 @@
nemunaire:$apr1$GCAyuMBH$BGenYoXt1ZX7x7bt6bPa0.

1
playbooks/roles/fic-frontend/files/frontend Symbolic link
View File

@ -0,0 +1 @@
../../../../frontend/frontend

12
playbooks/roles/fic-frontend/files/frontend.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=FIC Frontend service
After=nginx.service
[Service]
User=fic
Group=nogroup
WorkingDirectory=/home/fic
ExecStart=/home/fic/frontend -teams ./TEAMS -submission ./submissions -start 1477954800 -duration 2065h
[Install]
WantedBy=multi-user.target

179
playbooks/roles/fic-frontend/files/nginx-frontend-htpasswd.conf Normal file
View File

@ -0,0 +1,179 @@
server_tokens off;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
proxy_connect_timeout 1s;
server {
listen 80 default;
listen [::]:80 default;
root /home/fic/frontend-htdocs/;
error_page 401 /welcome.html;
error_page 403 404 /e404.html;
error_page 413 404 /e413.html;
error_page 500 502 504 /e500.html;
location = / {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
}
location = /index.html {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
}
location ~ ^/[0-9] {
rewrite ^/.*$ /index.html;
}
location /edit {
rewrite ^/.*$ /index.html;
}
location /rank {
rewrite ^/.*$ /index.html;
}
location /files/ {
alias /home/fic/FILES/;
tcp_nodelay on;
}
location /wait.json {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
}
location /public.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /stats.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /my.json {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
if (!-f $document_root/../started) {
rewrite ^/ /wait.json;
}
}
location /teams.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /themes.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /api/ {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081/admin/api/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /admin/ {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/ {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
include /etc/nginx/auth.conf;
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/name {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
include /etc/nginx/auth.conf;
rewrite ^/submit/.*$ /chname/$team break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /openhint/ {
auth_basic "Secure Zone";
auth_basic_user_file ficpasswd;
include /etc/nginx/auth.conf;
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location = /time.json {
proxy_pass http://localhost:8080/time.json;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 1s;
}
location = /events.json {
proxy_pass http://localhost:8081/api/events;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 3s;
}
}

179
playbooks/roles/fic-frontend/files/nginx-frontend-pam.conf Normal file
View File

@ -0,0 +1,179 @@
server_tokens off;
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
proxy_connect_timeout 1s;
server {
listen 80 default;
listen [::]:80 default;
root /home/fic/frontend-htdocs/;
error_page 401 /welcome.html;
error_page 403 404 /e404.html;
error_page 413 404 /e413.html;
error_page 500 502 504 /e500.html;
location = / {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
}
location = /index.html {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
}
location ~ ^/[0-9] {
rewrite ^/.*$ /index.html;
}
location /edit {
rewrite ^/.*$ /index.html;
}
location /rank {
rewrite ^/.*$ /index.html;
}
location /files/ {
alias /home/fic/FILES/;
tcp_nodelay on;
}
location /wait.json {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
}
location /public.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /stats.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /my.json {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
root /home/fic/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
if (!-f $document_root/../started) {
rewrite ^/ /wait.json;
}
}
location /teams.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /themes.json {
root /home/fic/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /api/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081/admin/api/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /admin/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
if ($remote_user !~ "^nemunaire|bombal_s$") {
return 403;
}
proxy_pass http://localhost:8081;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /submit/name {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/submit/.*$ /chname/$team break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location /openhint/ {
auth_pam "Secure Zone";
auth_pam_service_name "nginx-srs";
include /etc/nginx/auth.conf;
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
}
location = /time.json {
proxy_pass http://localhost:8080/time.json;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 1s;
}
location = /events.json {
proxy_pass http://localhost:8081/api/events;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host localhost;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 3s;
}
}

1
playbooks/roles/fic-frontend/files/static Symbolic link
View File

@ -0,0 +1 @@
../../../../frontend/static/

3
playbooks/roles/fic-frontend/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart nginx
service: name=nginx state=restarted

70
playbooks/roles/fic-frontend/tasks/main.yml Normal file
View File

@ -0,0 +1,70 @@
---
- name: install nginx
apt: name=nginx-extras
- name: create fic user
user:
name=fic
home=/home/fic
group=nogroup
- name: remove default configuration
file:
path=/etc/nginx/sites-enabled/default
state=absent
notify: restart nginx
- name: copy htdocs
copy:
src=static/
dest=/home/fic/frontend-htdocs
- name: copy frontend binary
copy:
src=frontend
mode=755
dest=/home/fic/frontend
- name: copy htpasswd
copy:
src=ficpasswd
dest=/etc/nginx/ficpasswd
notify: restart nginx
#- name: copy frontend configuration
# copy:
# src=nginx-frontend-pam.conf
# dest=/etc/nginx/sites-available/frontend
# notify: restart nginx
- name: copy frontend configuration
copy:
src=nginx-frontend-htpasswd.conf
dest=/etc/nginx/sites-available/frontend
notify: restart nginx
- name: activate frontend configuration
file:
src=/etc/nginx/sites-available/frontend
path=/etc/nginx/sites-enabled/frontend
state=link
notify: restart nginx
- name: enable and start nginx
service:
name=nginx
enabled=yes
state=started
- name: add frontend service
copy:
src=frontend.service
dest=/lib/systemd/system/fic-frontend.service
- name: reload systemd
command: systemctl daemon-reload
- name: enable and start fic-frontend
service:
name=fic-frontend
enabled=yes
state=started