summaryrefslogtreecommitdiffstats
path: root/ansible/roles
diff options
context:
space:
mode:
authorMichal Ptacek <m.ptacek@partner.samsung.com>2018-12-19 12:13:50 +0000
committerMichal Ptacek <m.ptacek@partner.samsung.com>2018-12-19 12:13:50 +0000
commit8d6f28f96155f705aeba94fa7c5e630bd497d1ac (patch)
tree023df56febb44743723c980114a27c70bf82eabb /ansible/roles
parentd21977bd82508b90c8bfda24111ac4a693256e70 (diff)
Adding nginx role
nginx is crucial part of our offline solution, within this role we are covering deployment of this lightweight http server together with its configuration. Change-Id: I89695074349f4c6938340ab3bb735108c8c278f4 Issue-ID: OOM-1551 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/nginx/tasks/main.yml37
-rw-r--r--ansible/roles/nginx/templates/nginx.conf.j2105
2 files changed, 142 insertions, 0 deletions
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
new file mode 100644
index 00000000..5c010848
--- /dev/null
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+- name: Create configuration directory
+ file:
+ path: "{{ app_data_path }}/cfg"
+ state: directory
+
+- name: Upload configuration to server
+ template:
+ src: nginx.conf.j2
+ dest: "{{ app_data_path }}/cfg/nginx.conf"
+
+- name: Load nginx image
+ docker_image:
+ name: own_nginx
+ load_path: "{{ app_data_path }}/offline_data/docker_images_infra/own_nginx_latest.tar"
+ state: present
+ timeout: 120
+
+- name: Start nginx
+ docker_container:
+ name: own_nginx
+ image: own_nginx
+ networks:
+ - name: nexus_network
+ ports:
+ - "80:80"
+ - "443:443"
+ - "10001:443"
+ volumes:
+ - "{{ app_data_path }}/cfg/nginx.conf:/etc/nginx/nginx.conf:ro"
+ - "{{ app_data_path }}/certs:/etc/nginx/certs:ro"
+ - "{{ app_data_path }}/git-repo:/srv/git:rw"
+ - "{{ app_data_path }}/http:/srv/http:rw"
+ - "{{ app_data_path }}/pkg/rhel:/srv/http/repo.infra-server:rw"
+ - /var/log/nginx:/var/log/nginx:rw
+ state: started
+ restart_policy: unless-stopped
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 00000000..fb48565f
--- /dev/null
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,105 @@
+worker_processes 2;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ error_log /var/log/nginx/error.log debug;
+ access_log /var/log/nginx/access.log;
+
+ proxy_intercept_errors on;
+ proxy_send_timeout 120;
+ proxy_read_timeout 300;
+
+ upstream nexus {
+ server nexus:8081;
+ }
+
+ upstream registry {
+ server nexus:8082;
+ }
+
+# http simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name _;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+
+ location / {
+ root /srv/http/$host;
+ index index.html;
+ }
+ }
+
+# nexus simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name {% for host in simulated_hosts.nexus -%}
+ {{ host + " " }}
+ {%- endfor %};
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ # allow large uploads
+ client_max_body_size 3G;
+
+ location / {
+ # redirect to docker registry
+ if ($http_user_agent ~ docker ) {
+ proxy_pass http://registry;
+ }
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+# git simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name {% for host in simulated_hosts.git -%}
+ {{ host + " " }}
+ {%- endfor %};
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ location / {
+ try_files $uri $uri/ @git;
+ }
+
+ location @git {
+
+ # Set chunks to unlimited, as the body's can be huge
+ client_max_body_size 0;
+
+ fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param PATH_INFO $uri;
+
+ include fastcgi_params;
+
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
+
+ # Forward REMOTE_USER as we want to know when we are authenticated
+ fastcgi_param REMOTE_USER $remote_user;
+
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+ }
+}