Cicalese has submitted this change and it was merged. Change subject: added suport for CentOS/RHEL 7 ......................................................................
added suport for CentOS/RHEL 7 Change-Id: I276d214e763c7591c6ea53e77778225595959540 --- M install_mw_extensions.yml M roles/deploy_db_host/tasks/install_packages.yml M roles/deploy_db_host/vars/main.yml M roles/deploy_mw_host/tasks/configure_squid.yml M roles/deploy_mw_host/tasks/install_packages.yml R roles/deploy_mw_host/templates/squid.conf-el6.j2 C roles/deploy_mw_host/templates/squid.conf-el7.j2 M roles/deploy_mw_host/templates/wikifarm.conf.j2 M roles/deploy_mw_host/vars/main.yml M roles/setup/tasks/main.yml 10 files changed, 77 insertions(+), 43 deletions(-) Approvals: Cicalese: Verified; Looks good to me, approved diff --git a/install_mw_extensions.yml b/install_mw_extensions.yml index cfd21fb..a0834dc 100644 --- a/install_mw_extensions.yml +++ b/install_mw_extensions.yml @@ -230,7 +230,6 @@ - name: "DynamicPageList" url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/DynamicPageList.git" version: "{{ MW_RELEASE }}" - legacy: true - name: "InputBox" url: "{{ MW_EXTENSIONS_GIT_URL_ROOT }}/InputBox.git" @@ -275,9 +274,11 @@ - name: "CustomNavBlocks" url: "https://github.com/mathiasertl/CustomNavBlocks.git" version: master - legacy: true + + - name: "SimpleTooltip" + url: "https://github.com/Fannon/SimpleTooltip.git" + version: master - name: "Piwik" url: "https://github.com/DaSchTour/piwik-mediawiki-extension.git" version: master - legacy: true diff --git a/roles/deploy_db_host/tasks/install_packages.yml b/roles/deploy_db_host/tasks/install_packages.yml index 14dd82b..392d387 100644 --- a/roles/deploy_db_host/tasks/install_packages.yml +++ b/roles/deploy_db_host/tasks/install_packages.yml @@ -1,10 +1,3 @@ -- name: install packages (remi) - yum: - name={{ item }} - state=latest - enablerepo=remi - with_items: "{{ REMI_PACKAGES }}" - - name: install packages yum: name={{ item }} diff --git a/roles/deploy_db_host/vars/main.yml b/roles/deploy_db_host/vars/main.yml index ec33bba..afc7add 100644 --- a/roles/deploy_db_host/vars/main.yml +++ b/roles/deploy_db_host/vars/main.yml @@ -1,7 +1,5 @@ -REMI_PACKAGES: - - mysql-server - PACKAGES: - libselinux-python - policycoreutils-python + - mysql-server - MySQL-python diff --git a/roles/deploy_mw_host/tasks/configure_squid.yml b/roles/deploy_mw_host/tasks/configure_squid.yml index a9c5a92..48a4489 100644 --- a/roles/deploy_mw_host/tasks/configure_squid.yml +++ b/roles/deploy_mw_host/tasks/configure_squid.yml @@ -20,10 +20,17 @@ - name: edit Squid configuration file template: - src=squid.conf.j2 + src=squid.conf-el6.j2 dest=/etc/squid/squid.conf backup=yes - when: SQUID_HOSTNAME is defined + when: SQUID_HOSTNAME is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '6' + +- name: edit Squid configuration file + template: + src=squid.conf-el7.j2 + dest=/etc/squid/squid.conf + backup=yes + when: SQUID_HOSTNAME is defined and (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '7' - name: configure Squid to start at boot service: diff --git a/roles/deploy_mw_host/tasks/install_packages.yml b/roles/deploy_mw_host/tasks/install_packages.yml index 14dd82b..392d387 100644 --- a/roles/deploy_mw_host/tasks/install_packages.yml +++ b/roles/deploy_mw_host/tasks/install_packages.yml @@ -1,10 +1,3 @@ -- name: install packages (remi) - yum: - name={{ item }} - state=latest - enablerepo=remi - with_items: "{{ REMI_PACKAGES }}" - - name: install packages yum: name={{ item }} diff --git a/roles/deploy_mw_host/templates/squid.conf.j2 b/roles/deploy_mw_host/templates/squid.conf-el6.j2 similarity index 96% rename from roles/deploy_mw_host/templates/squid.conf.j2 rename to roles/deploy_mw_host/templates/squid.conf-el6.j2 index 23f2ae9..7ed3de5 100644 --- a/roles/deploy_mw_host/templates/squid.conf.j2 +++ b/roles/deploy_mw_host/templates/squid.conf-el6.j2 @@ -2,7 +2,7 @@ visible_hostname {{ SQUID_HOSTNAME }} https_port {{ SQUID_LISTEN_ADDRESS }} cert={{ CERT_DIRECTORY }}/site.crt key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost http_port {{ PURGE_LISTEN_ADDRESS }} defaultsite={{ SQUID_HOSTNAME }} vhost -cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver login=PASS +cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver no-digest login=PASS cache_dir ufs /var/spool/squid 10000 16 256 cache_mem 256 MB @@ -20,7 +20,6 @@ acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 -#acl Safe_ports port 80 acl Safe_ports port 443 acl SSL_ports port 443 acl PURGE method PURGE diff --git a/roles/deploy_mw_host/templates/squid.conf.j2 b/roles/deploy_mw_host/templates/squid.conf-el7.j2 similarity index 70% copy from roles/deploy_mw_host/templates/squid.conf.j2 copy to roles/deploy_mw_host/templates/squid.conf-el7.j2 index 23f2ae9..7b3ebb1 100644 --- a/roles/deploy_mw_host/templates/squid.conf.j2 +++ b/roles/deploy_mw_host/templates/squid.conf-el7.j2 @@ -1,26 +1,22 @@ cache_mgr root visible_hostname {{ SQUID_HOSTNAME }} -https_port {{ SQUID_LISTEN_ADDRESS }} cert={{ CERT_DIRECTORY }}/site.crt key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost -http_port {{ PURGE_LISTEN_ADDRESS }} defaultsite={{ SQUID_HOSTNAME }} vhost -cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver login=PASS +https_port {{ SQUID_LISTEN_ADDRESS }} accel cert={{ CERT_DIRECTORY }}/site.crt key={{ CERT_DIRECTORY }}/private.key defaultsite={{ SQUID_HOSTNAME }} vhost +http_port {{ PURGE_LISTEN_ADDRESS }} accel defaultsite={{ SQUID_HOSTNAME }} vhost +cache_peer 127.0.0.1 parent {{ APACHE_LISTEN_PORT }} 0 no-query originserver no-digest login=PASS cache_dir ufs /var/spool/squid 10000 16 256 cache_mem 256 MB maximum_object_size_in_memory 256 KB logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh -access_log /var/log/squid/access.log combined +access_log stdio:/var/log/squid/access.log combined cache_log /var/log/squid/cache.log -cache_store_log /var/log/squid/store.log +cache_store_log stdio:/var/log/squid/store.log #logfile_rotate 10 ## put this in crontab to rotate logs at midnight: ## 0 0 * * * /usr/sbin/squid -k rotate &> /dev/null -acl manager proto cache_object -acl localhost src 127.0.0.1/32 ::1 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 -#acl Safe_ports port 80 acl Safe_ports port 443 acl SSL_ports port 443 acl PURGE method PURGE diff --git a/roles/deploy_mw_host/templates/wikifarm.conf.j2 b/roles/deploy_mw_host/templates/wikifarm.conf.j2 index ba6faec..cdb0e0b 100644 --- a/roles/deploy_mw_host/templates/wikifarm.conf.j2 +++ b/roles/deploy_mw_host/templates/wikifarm.conf.j2 @@ -1,5 +1,13 @@ SetEnvIf Request_URI "^/([^/]+)" WIKI_NAME=$1 +<Directory "{{ MW_DIRECTORY }}/mediawiki*"> + <IfVersion < 2.4> + Allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> +</Directory> <Directory "{{ MW_INSTANCE_DIRECTORY }}/*/images"> Require all denied </Directory> @@ -12,4 +20,13 @@ Include {{ APACHE_CONF_DIRECTORY }}/optional.conf Include {{ APACHE_CONF_DIRECTORY }}/http_redirect.conf + +{% if (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '6' %} + Include {{ APACHE_INSTANCE_DIRECTORY }}/*.conf + +{% elif (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '7' %} + +IncludeOptional {{ APACHE_INSTANCE_DIRECTORY }}/*.conf + +{% endif %} diff --git a/roles/deploy_mw_host/vars/main.yml b/roles/deploy_mw_host/vars/main.yml index 68f9a50..758228a 100644 --- a/roles/deploy_mw_host/vars/main.yml +++ b/roles/deploy_mw_host/vars/main.yml @@ -1,6 +1,3 @@ -REMI_PACKAGES: - - mysql - PACKAGES: - libselinux-python - policycoreutils-python @@ -17,6 +14,7 @@ - php-pecl-apcu - php-mysqlnd - php-pear-Mail + - mysql - MySQL-python - httpd - ImageMagick diff --git a/roles/setup/tasks/main.yml b/roles/setup/tasks/main.yml index 4d49c6f..792c458 100644 --- a/roles/setup/tasks/main.yml +++ b/roles/setup/tasks/main.yml @@ -4,26 +4,58 @@ state=latest with_items: "{{ PACKAGES }}" -- name: add epel repo (1/2) - get_url: - url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm - dest=/root/epel-release-latest-6.noarch.rpm - validate_certs={{ VALIDATE_CERTS }} +- name: install iptables if CentOS/RHEL 7 (1/3) + yum: + name=iptables-services + state=latest + when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '7' -- name: add epel repo (2/2) - shell: rpm -Uvh epel-release-latest-6.noarch.rpm +- name: install iptables if CentOS/RHEL 7 (2/3) + shell: systemctl enable iptables + when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '7' + +- name: install iptables if CentOS/RHEL 7 (3/3) + shell: systemctl start iptables + when: (ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux') and ansible_distribution_major_version == '7' + +- name: add MySQL repo (1/2) + get_url: + url=http://repo.mysql.com/mysql-community-release-el{{ ansible_distribution_major_version }}.rpm + dest=/root/mysql-community-release-el{{ ansible_distribution_major_version }}.rpm + validate_certs={{ VALIDATE_CERTS }} + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + +- name: add MySQL repo (2/2) + shell: rpm -Uvh mysql-community-release-el{{ ansible_distribution_major_version }}.rpm args: chdir: /root ignore_errors: true + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + +- name: add epel repo (1/2) + get_url: + url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm + dest=/root/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm + validate_certs={{ VALIDATE_CERTS }} + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + +- name: add epel repo (2/2) + shell: rpm -Uvh epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm + args: + chdir: /root + ignore_errors: true + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - name: get remi repo get_url: url=http://rpms.remirepo.net/enterprise/remi.repo dest=/etc/yum.repos.d validate_certs={{ VALIDATE_CERTS }} + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - name: enable remi repo shell: yum-config-manager --enable remi-php55 + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - name: copy public key authorized_key: -- To view, visit https://gerrit.wikimedia.org/r/284406 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I276d214e763c7591c6ea53e77778225595959540 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/tools/ansible-wikifarm Gerrit-Branch: master Gerrit-Owner: Cicalese <cical...@mitre.org> Gerrit-Reviewer: Cicalese <cical...@mitre.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits