baserock_webserver: Update after redeployment

It now only serves download.baserock.org; the docs are hosted on GitLab
pages.

It will also serve paste, IRC logging and IRC bots soon!

5 files changed, 68 insertions, 63 deletions

diff --git a/README.md b/README.md
index 89a86200..0e327230 100644
--- a/README.md
+++ b/README.md
@@ -348,7 +348,7 @@ To deploy this system:
         --user-data ./baserock-ops-team.cloud-config
     ansible-playbook -i hosts baserock_frontend/image-config.yml
     ansible-playbook -i hosts baserock_frontend/instance-config.yml \
-        --vault-password-file=...
+        --vault-password-file=~/vault-infra-pass
     ansible-playbook -i hosts baserock_frontend/instance-backup-config.yml
 
     ansible -i hosts -m service -a 'name=haproxy enabled=true state=started' \
@@ -376,6 +376,38 @@ usual haproxy.cfg file), use 'git grep' to find all of them. You'll need to
 update all the relevant config files. We really need some internal DNS system
 to avoid this hassle.
 
+### General webserver
+
+The general-purpose webserver provides downloads, plus IRC logging and a
+pastebin service.
+
+To deploy to production:
+
+    openstack volume create \
+        --description 'Webserver volume' \
+        --size 150 \
+        webserver-volume
+
+    nova boot webserver \
+        --key-name $keyname \
+        --flavor 2C-8GB \
+        --image $fedora_image_id \
+        --nic "net-id=$network_id" \
+        --security-groups default,web-server \
+        --user-data ./baserock-ops-team.cloud-config
+
+    nova volume-attach webserver <volume-id> /dev/vdb
+
+    ansible-playbook -i hosts baserock_webserver/image-config.yml
+    ansible-playbook -i hosts baserock_webserver/instance-config.yml
+
+The webserver machine runs [Cherokee](http://cherokee-project.com/). You
+can use the `cherokee-admin` configuration UI, by connecting to the webserver
+over SSH and including this in your SSH commandlines: `-L9090:localhost:9090`.
+When you run `sudo cherokee-admin` on the server, you'll be able to browse to
+it locally on your machine at `https://localhost:9090/`. You also have to
+modify the security groups temporarily to allow that port through.
+
 ### Trove
 
 To deploy to production, run these commands in a Baserock 'devel'
@@ -444,7 +476,6 @@ To deploy this system to production:
     ansible-playbook -i hosts baserock_ostree/instance-config.yml
     ansible-playbook -i hosts baserock_ostree/ostree-access-config.yml
 
-
 SSL certificates
 ================
 
diff --git a/baserock_webserver/etc/cherokee/cherokee.conf b/baserock_webserver/etc/cherokee/cherokee.conf
index 987f22ea..6b6a3d7a 100644
--- a/baserock_webserver/etc/cherokee/cherokee.conf
+++ b/baserock_webserver/etc/cherokee/cherokee.conf
@@ -61,19 +61,6 @@ vserver!2!rule!1!handler!rewrite!10!regex = ^.*$
 vserver!2!rule!1!handler!rewrite!10!show = 1
 vserver!2!rule!1!handler!rewrite!10!substring = /baserock/
 vserver!2!rule!1!match = default
-vserver!3!directory_index = index.html
-vserver!3!document_root = /srv/docs.baserock.org
-vserver!3!nick = docs.baserock.org
-vserver!3!rule!3!document_root = /usr/share/cherokee/themes
-vserver!3!rule!3!handler = file
-vserver!3!rule!3!match = directory
-vserver!3!rule!3!match!directory = /cherokee_themes
-vserver!3!rule!2!document_root = /usr/share/cherokee/icons
-vserver!3!rule!2!handler = file
-vserver!3!rule!2!match = directory
-vserver!3!rule!2!match!directory = /cherokee_icons
-vserver!3!rule!1!handler = common
-vserver!3!rule!1!match = default
 icons!default = page_white.png
 icons!directory = folder.png
 icons!file!bomb.png = core
diff --git a/baserock_webserver/image-config.yml b/baserock_webserver/image-config.yml
index 1244faac..29c1ba5f 100644
--- a/baserock_webserver/image-config.yml
+++ b/baserock_webserver/image-config.yml
@@ -1,11 +1,16 @@
 # Configuration for Baserock webserver system image.
 #
-# This expects to be run on a Fedora 22 cloud image.
+# This expects to be run on a Fedora 26 cloud image.
 ---
 - hosts: webserver
   gather_facts: false
-  sudo: yes
+  become: yes
+  become_method: sudo
   tasks:
+  # see: https://fedoramagazine.org/getting-ansible-working-fedora-23/
+  - name: install python2 and required deps for ansible modules
+    raw: dnf install -y python2 python2-dnf libselinux-python
+
   - name: enable persistant journal
     shell: mkdir /var/log/journal
     args:
@@ -14,11 +19,17 @@
   - name: ensure system up to date
     dnf: name=* state=latest
 
-  - name: SELinux configuration (setting it to 'permissive' mode)
-    copy: src=etc/selinux/config dest=/etc/selinux/
-
   - name: Cherokee webserver package
     dnf: name=cherokee state=latest
 
   - name: Cherokee configuration
     copy: src=etc/cherokee/cherokee.conf dest=/etc/cherokee/
+
+  - name: install lvm2 tools
+    dnf: name=lvm2 state=latest
+
+  - name: disable SELinux on subsequent boots
+    selinux: state=disabled
+
+  - name: disable SELinux on current boot
+    command: setenforce 0
diff --git a/baserock_webserver/instance-config.yml b/baserock_webserver/instance-config.yml
new file mode 100644
index 00000000..96f0ee01
--- /dev/null
+++ b/baserock_webserver/instance-config.yml
@@ -0,0 +1,19 @@
+# Instance configuration for Baserock general-purpose webserver.
+#
+# Tested against Fedora 26 base image.
+---
+- hosts: webserver
+  gather_facts: false
+  become: yes
+  become_method: sudo
+  tasks:
+  - import_tasks: ../tasks/create-data-volume.yml lv_name=webserver lv_size=145g mountpoint=/srv
+
+  - name: /srv/download.baserock.org/
+    file: path=/srv/download.baserock.org/ owner=fedora state=directory
+
+  - name: Cherokee configuration
+    copy: src=etc/cherokee/cherokee.conf dest=/etc/cherokee/
+
+  - name: (re)start Cherokee webserver
+    service: name=cherokee enabled=yes state=restarted
diff --git a/baserock_webserver/instance-docs.baserock.org-config.yml b/baserock_webserver/instance-docs.baserock.org-config.yml
deleted file mode 100644
index e5910579..00000000
--- a/baserock_webserver/instance-docs.baserock.org-config.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-# Configuration for docs.baserock.org site.
-#
-# This expects to be run after image-config.yml.
-- hosts: webserver
-  gather_facts: False
-  tasks:
-  - name: /srv/docs.baserock.org/
-    file: path=/srv/docs.baserock.org/ owner=fedora state=directory
-
-  - name: git
-    dnf: name=git state=latest
-    sudo: yes
-
-  - name: mkdocs documentation generator
-    pip: name=mkdocs executable=pip3.4 extra_args="--user"
-
-  # A lot of the mkdocs themes are totally broken without Javascript, which
-  # is stupid. This one looks a little bit ugly without Javascript, but it
-  # is mostly usable.
-  - name: mkdocs 'material' theme
-    pip: name=mkdocs-material executable=pip3.4 extra_args="--user"
-
-  - name: generate-docs.baserock.org script
-    copy: src=generate-docs.baserock.org dest=/home/fedora/ mode=755
-
-  - name: generate-docs.baserock.org systemd unit
-    copy: src=etc/systemd/system/generate-docs.baserock.org.service dest=/etc/systemd/system/
-    sudo: yes
-
-  - name: generate-docs.baserock.org systemd timer
-    copy: src=etc/systemd/system/generate-docs.baserock.org.timer dest=/etc/systemd/system/
-    sudo: yes
-
-  # FIXME: it would be much cooler to monitor the output of `gerrit
-  # stream-events`, or have a git post-receive hook installed on
-  # git.baserock.org to trigger this.
-  - name: enable generate-docs.baserock.org timer
-    service: name=generate-docs.baserock.org.timer state=started enabled=yes
-    sudo: yes
-
-  - name: enable generate-docs.baserock.org service
-    service: name=generate-docs.baserock.org.service enabled=yes
-    sudo: yes