Cicalese has submitted this change and it was merged.
Change subject: added suport for CentOS/RHEL 7
......................................................................
added suport for CentOS/RHEL 7
Change-Id: I276d214e763c7591c6ea53e77778225595959540
---
M install_mw_extensions.yml
M roles/deploy_db_host/tasks/install_packages.yml
M roles/deploy_db_host/vars/main.yml
M roles/deploy_mw_host/tasks/configure_squid.yml
M roles/deploy_mw_host/tasks/install_packages.yml
R roles/deploy_mw_host/templates/squid.conf-el6.j2
C roles/deploy_mw_host/templates/squid.conf-el7.j2
M roles/deploy_mw_host/templates/wikifarm.conf.j2
M roles/deploy_mw_host/vars/main.yml
M roles/setup/tasks/main.yml
10 files changed, 77 insertions(+), 43 deletions(-)
Approvals:
Cicalese: Verified; Looks good to me, approved
diff --git a/install_mw_extensions.yml b/install_mw_extensions.yml
index cfd21fb..a0834dc 100644
--- a/install_mw_extensions.yml
+++ b/install_mw_extensions.yml
@@ -230,7 +230,6 @@
- name: "DynamicPageList"
url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/DynamicPageList.git"
version: "{{ MW_RELEASE }}"
- legacy: true
- name: "InputBox"
url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/InputBox.git"
@@ -275,9 +274,11 @@
- name: "CustomNavBlocks"
url: "https://github.com/mathiasertl/CustomNavBlocks.git";
version: master
- legacy: true
+
+ - name: "SimpleTooltip"
+ url: "https://github.com/Fannon/SimpleTooltip.git";
+ version: master
- name: "Piwik"
url: "https://github.com/DaSchTour/piwik-mediawiki-extension.git";
version: master
- legacy: true
diff --git a/roles/deploy_db_host/tasks/install_packages.yml
b/roles/deploy_db_host/tasks/install_packages.yml
index 14dd82b..392d387 100644
--- a/roles/deploy_db_host/tasks/install_packages.yml
+++ b/roles/deploy_db_host/tasks/install_packages.yml
@@ -1,10 +1,3 @@
-- name: install packages (remi)
- yum:
- name={{ item }}
- state=latest
- enablerepo=remi
- with_items: "{{ REMI_PACKAGES }}"
-
- name: install packages
yum:
name={{ item }}
diff --git a/roles/deploy_db_host/vars/main.yml
b/roles/deploy_db_host/vars/main.yml
index ec33bba..afc7add 100644
--- a/roles/deploy_db_host/vars/main.yml
+++ b/roles/deploy_db_host/vars/main.yml
@@ -1,7 +1,5 @@
-REMI_PACKAGES:
- - mysql-server
-
PACKAGES:
- libselinux-python
- policycoreutils-python
+ - mysql-server
- MySQL-python
diff --git a/roles/deploy_mw_host/tasks/configure_squid.yml
b/roles/deploy_mw_host/tasks/configure_squid.yml
index a9c5a92..48a4489 100644
--- a/roles/deploy_mw_host/tasks/configure_squid.yml
+++ b/roles/deploy_mw_host/tasks/configure_squid.yml
@@ -20,10 +20,17 @@
- name: edit Squid configuration file
template:
- src=squid.conf.j2
+ src=squid.conf-el6.j2
dest=/etc/squid/squid.conf
backup=yes
- when: SQUID_HOSTNAME is defined
+ when: SQUID_HOSTNAME is defined and (ansible_distribution == 'CentOS' or
ansible_distribution == 'Red Hat Enterprise Linux') and
ansible_distribution_major_version == '6'
+
+- name: edit Squid configuration file
+ template:
+ src=squid.conf-el7.j2
+ dest=/etc/squid/squid.conf
+ backup=yes
+ when: SQUID_HOSTNAME is defined and (ansible_distribution == 'CentOS' or
ansible_distribution == 'Red Hat Enterprise Linux') and
ansible_distribution_major_version == '7'
- name: configure Squid to start at boot
service:
diff --git a/roles/deploy_mw_host/tasks/install_packages.yml
b/roles/deploy_mw_host/tasks/install_packages.yml
index 14dd82b..392d387 100644
--- a/roles/deploy_mw_host/tasks/install_packages.yml
+++ b/roles/deploy_mw_host/tasks/install_packages.yml
@@ -1,10 +1,3 @@
-- name: install packages (remi)
- yum:
- name={{ item }}
- state=latest
- enablerepo=remi
- with_items: "{{ REMI_PACKAGES }}"
-
- name: install packages
yum:
name={{ item }}
diff --git a/roles/deploy_mw_host/templates/squid.conf.j2
b/roles/deploy_mw_host/templates/squid.conf-el6.j2
similarity index 96%
rename from roles/deploy_mw_host/templates/squid.conf.j2
rename to roles/deploy_mw_host/templates/squid.conf-el6.j2
index 23f2ae9..7ed3de5 100644
--- a/roles/deploy_mw_host/templates/squid.conf.j2
+++ b/roles/deploy_mw_host/templates/squid.conf-el6.j2
@@ -2,7 +2,7 @@
visible_hostname {{ SQUID_HOSTNAME }}
https_port {{ SQUID_LISTEN_ADDRESS }} cert={{ CERT_DIRECTORY }}/site.crt
key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost
http_port {{ PURGE_LISTEN_ADDRESS }} defaultsite={{ SQUID_HOSTNAME }} vhost
-cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver
login=PASS
+cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver
no-digest login=PASS
cache_dir ufs /var/spool/squid 10000 16 256
cache_mem 256 MB
@@ -20,7 +20,6 @@
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
-#acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443
acl PURGE method PURGE
diff --git a/roles/deploy_mw_host/templates/squid.conf.j2
b/roles/deploy_mw_host/templates/squid.conf-el7.j2
similarity index 70%
copy from roles/deploy_mw_host/templates/squid.conf.j2
copy to roles/deploy_mw_host/templates/squid.conf-el7.j2
index 23f2ae9..7b3ebb1 100644
--- a/roles/deploy_mw_host/templates/squid.conf.j2
+++ b/roles/deploy_mw_host/templates/squid.conf-el7.j2
@@ -1,26 +1,22 @@
cache_mgr root
visible_hostname {{ SQUID_HOSTNAME }}
-https_port {{ SQUID_LISTEN_ADDRESS }} cert={{ CERT_DIRECTORY }}/site.crt
key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost
-http_port {{ PURGE_LISTEN_ADDRESS }} defaultsite={{ SQUID_HOSTNAME }} vhost
-cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver
login=PASS
+https_port {{ SQUID_LISTEN_ADDRESS }} accel cert={{ CERT_DIRECTORY }}/site.crt
key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost
+http_port {{ PURGE_LISTEN_ADDRESS }} accel defaultsite={{ SQUID_HOSTNAME }}
vhost
+cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver
no-digest login=PASS
cache_dir ufs /var/spool/squid 10000 16 256
cache_mem 256 MB
maximum_object_size_in_memory 256 KB
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
-access_log /var/log/squid/access.log combined
+access_log stdio:/var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
-cache_store_log /var/log/squid/store.log
+cache_store_log stdio:/var/log/squid/store.log
#logfile_rotate 10
## put this in crontab to rotate logs at midnight:
## 0 0 * * * /usr/sbin/squid -k rotate &> /dev/null
-acl manager proto cache_object
-acl localhost src 127.0.0.1/32 ::1
-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
-#acl Safe_ports port 80
acl Safe_ports port 443
acl SSL_ports port 443
acl PURGE method PURGE
diff --git a/roles/deploy_mw_host/templates/wikifarm.conf.j2
b/roles/deploy_mw_host/templates/wikifarm.conf.j2
index ba6faec..cdb0e0b 100644
--- a/roles/deploy_mw_host/templates/wikifarm.conf.j2
+++ b/roles/deploy_mw_host/templates/wikifarm.conf.j2
@@ -1,5 +1,13 @@
SetEnvIf Request_URI "^/([^/]+)" WIKI_NAME=$1
+<Directory "{{ MW_DIRECTORY }}/mediawiki*">
+ <IfVersion < 2.4>
+ Allow from all
+ </IfVersion>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+</Directory>
<Directory "{{ MW_INSTANCE_DIRECTORY }}/*/images">
Require all denied
</Directory>
@@ -12,4 +20,13 @@
Include {{ APACHE_CONF_DIRECTORY }}/optional.conf
Include {{ APACHE_CONF_DIRECTORY }}/http_redirect.conf
+
+{% if (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux') and ansible_distribution_major_version == '6' %}
+
Include {{ APACHE_INSTANCE_DIRECTORY }}/*.conf
+
+{% elif (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux') and ansible_distribution_major_version == '7' %}
+
+IncludeOptional {{ APACHE_INSTANCE_DIRECTORY }}/*.conf
+
+{% endif %}
diff --git a/roles/deploy_mw_host/vars/main.yml
b/roles/deploy_mw_host/vars/main.yml
index 68f9a50..758228a 100644
--- a/roles/deploy_mw_host/vars/main.yml
+++ b/roles/deploy_mw_host/vars/main.yml
@@ -1,6 +1,3 @@
-REMI_PACKAGES:
- - mysql
-
PACKAGES:
- libselinux-python
- policycoreutils-python
@@ -17,6 +14,7 @@
- php-pecl-apcu
- php-mysqlnd
- php-pear-Mail
+ - mysql
- MySQL-python
- httpd
- ImageMagick
diff --git a/roles/setup/tasks/main.yml b/roles/setup/tasks/main.yml
index 4d49c6f..792c458 100644
--- a/roles/setup/tasks/main.yml
+++ b/roles/setup/tasks/main.yml
@@ -4,26 +4,58 @@
state=latest
with_items: "{{ PACKAGES }}"
-- name: add epel repo (1/2)
- get_url:
- url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
- dest=/root/epel-release-latest-6.noarch.rpm
- validate_certs={{ VALIDATE_CERTS }}
+- name: install iptables if CentOS/RHEL 7 (1/3)
+ yum:
+ name=iptables-services
+ state=latest
+ when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux') and ansible_distribution_major_version == '7'
-- name: add epel repo (2/2)
- shell: rpm -Uvh epel-release-latest-6.noarch.rpm
+- name: install iptables if CentOS/RHEL 7 (2/3)
+ shell: systemctl enable iptables
+ when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux') and ansible_distribution_major_version == '7'
+
+- name: install iptables if CentOS/RHEL 7 (3/3)
+ shell: systemctl start iptables
+ when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux') and ansible_distribution_major_version == '7'
+
+- name: add MySQL repo (1/2)
+ get_url:
+ url=http://repo.mysql.com/mysql-community-release-el{{
ansible_distribution_major_version }}.rpm
+ dest=/root/mysql-community-release-el{{ ansible_distribution_major_version
}}.rpm
+ validate_certs={{ VALIDATE_CERTS }}
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
+
+- name: add MySQL repo (2/2)
+ shell: rpm -Uvh mysql-community-release-el{{
ansible_distribution_major_version }}.rpm
args:
chdir: /root
ignore_errors: true
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
+
+- name: add epel repo (1/2)
+ get_url:
+ url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{
ansible_distribution_major_version }}.noarch.rpm
+ dest=/root/epel-release-latest-{{ ansible_distribution_major_version
}}.noarch.rpm
+ validate_certs={{ VALIDATE_CERTS }}
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
+
+- name: add epel repo (2/2)
+ shell: rpm -Uvh epel-release-latest-{{ ansible_distribution_major_version
}}.noarch.rpm
+ args:
+ chdir: /root
+ ignore_errors: true
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
- name: get remi repo
get_url:
url=http://rpms.remirepo.net/enterprise/remi.repo
dest=/etc/yum.repos.d
validate_certs={{ VALIDATE_CERTS }}
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
- name: enable remi repo
shell: yum-config-manager --enable remi-php55
+ when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat
Enterprise Linux'
- name: copy public key
authorized_key:
--
To view, visit https://gerrit.wikimedia.org/r/284406
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I276d214e763c7591c6ea53e77778225595959540
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/tools/ansible-wikifarm
Gerrit-Branch: master
Gerrit-Owner: Cicalese <cical...@mitre.org>
Gerrit-Reviewer: Cicalese <cical...@mitre.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
