Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Fabian Arrotin <arrfab@centos.org>
- Loading branch information
Showing
5 changed files
with
220 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# This task is just for the docs.infra.centos.org node, automatically rendering (through podman) website content | ||
|
||
- import_role: | ||
name: httpd | ||
vars: | ||
httpd_tls: True | ||
|
||
- import_role: | ||
name: httpd | ||
tasks_from: pki-tls | ||
vars: | ||
pki_hostname: docs.infra.centos.org | ||
|
||
- name: Adding specific user to build mkdocs site | ||
user: | ||
name: "{{ httpd_docs_infra_user }}" | ||
state: present | ||
comment: CentOS Web content user | ||
|
||
- name: Ensuring we have a DocumentRoot | ||
file: | ||
path: "{{ httpd_docs_infra_rootdir }}" | ||
state: directory | ||
owner: '{{ httpd_docs_infra_user }}' | ||
group: '{{ httpd_docs_infra_user }}' | ||
mode: 0775 | ||
|
||
|
||
- name: Configuring httpd vhost for www | ||
template: | ||
src: "{{ item }}.j2" | ||
dest: "/etc/httpd/conf.d/{{ item }}" | ||
mode: 0644 | ||
with_items: | ||
- 02_vhost-docs-infra.conf | ||
- ssl-vhost-docs-infra.conf | ||
notify: | ||
- reload_httpd | ||
tags: | ||
- config | ||
|
||
- name: Install some tools to render website locally | ||
yum: | ||
name: | ||
- podman | ||
- git | ||
state: installed | ||
|
||
- name: Enabling needed selinux booleans | ||
seboolean: | ||
name: "{{ item }}" | ||
persistent: yes | ||
state: on | ||
with_items: | ||
- httpd_can_network_connect | ||
|
||
- name: Wrapper tool to build website | ||
template: | ||
src: docs-infra/mkdocs-infra.j2 | ||
dest: /usr/libexec/centos/mkdocs-infra | ||
mode: 0750 | ||
owner: "{{ httpd_docs_infra_user }}" | ||
register: mkdocs_infra_script | ||
tags: | ||
- script | ||
|
||
- name: Init podman containers | ||
command: /usr/libexec/centos/mkdocs-infra init | ||
when: mkdocs_infra_script is changed | ||
become_user: "{{ httpd_docs_infra_user }}" | ||
tags: | ||
- script | ||
|
||
- name: Cron to compare upstream git | ||
cron: | ||
name: Build mkdcos from git | ||
job: /usr/libexec/centos/mkdocs-infra build | ||
minute: "*/2" | ||
user: "{{ httpd_docs_infra_user }}" | ||
tags: | ||
- cron | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
<VirtualHost *:80> | ||
DocumentRoot {{ httpd_docs_infra_rootdir }} | ||
ServerName {{ httpd_docs_infra_hostname }} | ||
CustomLog logs/{{ httpd_docs_infra_hostname }}_access.log combined | ||
ErrorLog logs/{{ httpd_docs_infra_hostname }}_error.log | ||
# Some needed headers | ||
Header always set X-Frame-Options "SAMEORIGIN" | ||
Header always set X-Xss-Protection "1; mode=block" | ||
Header always set X-Content-Type-Options "nosniff" | ||
Header always set Referrer-Policy "same-origin" | ||
|
||
RewriteEngine On | ||
RewriteCond $1 !^.well-known | ||
RewriteCond %{HTTPS} !=on | ||
RewriteRule ^/?(.*) https://{{ httpd_docs_infra_hostname }}/$1 [R,L] | ||
|
||
|
||
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
#!/bin/bash | ||
|
||
# | ||
# Purposes : renders and publish website from git | ||
# Called by: cron | ||
# Configured by: Ansible, don't edit | ||
# | ||
|
||
action="$1" | ||
git_upstream="https://git.centos.org/centos/centos-infra-docs.git" # Where to git clone/pull from | ||
git_directory="/home/{{ httpd_docs_infra_user }}/git/" | ||
logfile="/home/{{ httpd_docs_infra_user }}/mkdocs-infra.log" | ||
|
||
function usage() { | ||
cat << EOF | ||
You need to call the script like this : $0 -arguments | ||
Argument can be one of the following: | ||
init : prepares local podman container and git initial clone | ||
build : verify upstream git and rebuild if different | ||
EOF | ||
} | ||
|
||
f_log() { | ||
echo "[+] $(date +%Y%m%d-%H:%M) $(basename $0) -> $*" >>$logfile | ||
} | ||
|
||
function init(){ | ||
test -d ${git_directory} || mkdir -p ${git_directory} | ||
pushd ${git_directory} >/dev/null | ||
test -d centos-infra-docs || git clone ${git_upstream} >> $logfile | ||
podman images |grep -q mkdocs-material || podman pull docker.io/squidfunk/mkdocs-material:latest >>$logfile | ||
popd >/dev/null | ||
render | ||
} | ||
|
||
function render(){ | ||
podman run --volume="${git_directory}/centos-infra-docs:/docs:z" --rm -it squidfunk/mkdocs-material build 2>&1 > /dev/null && cp -r ${git_directory}/centos-infra-docs/site/* /var/www/docs.infra/ | ||
if [ "$?" -eq "0" ] ; then | ||
f_log "Rendering status : $?" | ||
else | ||
f_log "[ERROR] issue detected when building website" | ||
fi | ||
} | ||
|
||
function build(){ | ||
pushd ${git_directory}/centos-infra-docs >/dev/null | ||
last_commit=$(git log| head -n 1|awk '{print $2}') | ||
git pull >/dev/null | ||
current_commit=$(git log| head -n 1|awk '{print $2}') | ||
popd >/dev/null | ||
|
||
if [ "${current_commit}" == "${last_commit}" ] ; then | ||
f_log "Git head/last commit is equal [${current_commit}]" | ||
f_log "Skipping website build and push" | ||
else | ||
render | ||
fi | ||
} | ||
|
||
if [ "$action" == "init" ] ; then | ||
f_log "Initializing ..." | ||
init | ||
elif [ "$action" == "build" ] ; then | ||
f_log "Comparing upstream git HEAD and rebuilding if needed" | ||
build | ||
elif [ "$action" == "refresh" ] ; then | ||
f_log "Refreshing external content and rendering website .." | ||
refresh | ||
else | ||
usage | ||
exit 1 | ||
fi | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<VirtualHost *:443> | ||
ServerAdmin webmaster@centos.org | ||
ServerName {{ httpd_docs_infra_hostname }} | ||
DocumentRoot {{ httpd_docs_infra_rootdir }} | ||
|
||
Header always set Strict-Transport-Security "max-age=31536000" | ||
Header always set X-Frame-Options "SAMEORIGIN" | ||
Header always set X-Xss-Protection "1; mode=block" | ||
Header always set X-Content-Type-Options "nosniff" | ||
Header always set Referrer-Policy "same-origin" | ||
|
||
RewriteEngine on | ||
|
||
|
||
ErrorLog logs/ssl-{{ httpd_docs_infra_hostname }}_error.log | ||
TransferLog logs/ssl-{{ httpd_docs_infra_hostname }}_access.log | ||
LogLevel warn | ||
SSLEngine on | ||
SSLHonorCipherOrder on | ||
SSLProtocol all -SSLv2 -SSLv3 | ||
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!aNULL:!eNULL:!DES:!MD5:!PSK:!RC4 | ||
|
||
SSLCertificateFile /etc/pki/tls/certs/{{ httpd_docs_infra_hostname }}.crt | ||
SSLCertificateKeyFile /etc/pki/tls/private/{{ httpd_docs_infra_hostname }}.key | ||
SSLCertificateChainFile /etc/pki/tls/certs/{{ httpd_docs_infra_hostname }}-CAChain.crt | ||
|
||
<Files ~ "\.(cgi|shtml|phtml|php3?)$"> | ||
SSLOptions +StdEnvVars | ||
</Files> | ||
<Directory "/var/www/cgi-bin"> | ||
SSLOptions +StdEnvVars | ||
</Directory> | ||
SetEnvIf User-Agent ".*MSIE.*" \ | ||
nokeepalive ssl-unclean-shutdown \ | ||
downgrade-1.0 force-response-1.0 | ||
CustomLog logs/ssl-{{ httpd_docs_infra_hostname }}_request.log \ | ||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | ||
</VirtualHost> | ||
|