From 3a8354d8088631d3df016b925f5af72f6bb9ec4a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 29 Aug 2020 02:15:03 +0200 Subject: finalize ch-http-proxy --- chaos-at-home/ch-auth-legacy.yml | 6 ++++++ chaos-at-home/ch-http-proxy.yml | 46 +++++++++++++++++++--------------------- 2 files changed, 28 insertions(+), 24 deletions(-) create mode 100644 chaos-at-home/ch-auth-legacy.yml (limited to 'chaos-at-home') diff --git a/chaos-at-home/ch-auth-legacy.yml b/chaos-at-home/ch-auth-legacy.yml new file mode 100644 index 00000000..1e15efa8 --- /dev/null +++ b/chaos-at-home/ch-auth-legacy.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: ch-auth-legacy + tasks: + - debug: + msg: legacy host, not maintained by ansible... diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index f90939d0..2dc38364 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -37,7 +37,6 @@ - - name: configure default vhost web.chaos-at-home.org vars: nginx_vhost: @@ -110,8 +109,7 @@ acme: yes hostnames: - passwd.chaos-at-home.org - # proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-auth-legacy']) | ipaddr('address') }}:843/" + proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" proxy_ssl: verify: "on" trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem @@ -237,27 +235,27 @@ ### Service IP - # - name: install systemd service unit for service-ip - # copy: - # dest: /etc/systemd/system/http-service-ip.service - # content: | - # [Unit] - # Description=Assign HTTP Sevice IP - # After=network.target + - name: install systemd service unit for service-ip + copy: + dest: /etc/systemd/system/http-service-ip.service + content: | + [Unit] + Description=Assign HTTP Sevice IP + After=network.target - # [Service] - # Type=oneshot - # ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # RemainAfterExit=yes + [Service] + Type=oneshot + ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + RemainAfterExit=yes - # [Install] - # WantedBy=multi-user.target - # register: service_ip_systemd_unit + [Install] + WantedBy=multi-user.target + register: service_ip_systemd_unit - # - name: make sure service-ip systemd unit is enabeld and started - # systemd: - # daemon_reload: yes - # name: http-service-ip.service - # state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" - # enabled: yes + - name: make sure service-ip systemd unit is enabeld and started + systemd: + daemon_reload: yes + name: http-service-ip.service + state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" + enabled: yes -- cgit v1.2.3