From ca8994152a776052b7207869f5895732ddc79727 Mon Sep 17 00:00:00 2001 From: Antonio Terceiro Date: Thu, 8 Oct 2015 15:55:57 -0300 Subject: [PATCH] Publish documentation at /doc/ --- Rakefile | 1 + cookbooks/reverse_proxy/files/default/spbdoc.te | 12 ++++++++++++ cookbooks/reverse_proxy/recipes/documentation.rb | 17 +++++++++++++++++ cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb | 5 +++++ roles/reverse_proxy_server.rb | 2 +- 5 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 cookbooks/reverse_proxy/files/default/spbdoc.te create mode 100644 cookbooks/reverse_proxy/recipes/documentation.rb diff --git a/Rakefile b/Rakefile index 81be804..1f5f0df 100644 --- a/Rakefile +++ b/Rakefile @@ -139,6 +139,7 @@ unless ENV['nodeps'] task 'converge:integration' => 'converge:database' task 'converge:integration' => 'converge:social' task 'converge:social' => 'converge:database' + task 'upload:reverseproxy' => 'doc' end $ALT_SSH_PORT = config.fetch('alt_ssh_port', 2222) diff --git a/cookbooks/reverse_proxy/files/default/spbdoc.te b/cookbooks/reverse_proxy/files/default/spbdoc.te new file mode 100644 index 0000000..a37f356 --- /dev/null +++ b/cookbooks/reverse_proxy/files/default/spbdoc.te @@ -0,0 +1,12 @@ +module spbdoc 1.0; + +require { + type httpd_t; + type var_t; + class file { read getattr open }; +} + +#============= httpd_t ============== +allow httpd_t var_t:file getattr; +allow httpd_t var_t:file read; +allow httpd_t var_t:file open; diff --git a/cookbooks/reverse_proxy/recipes/documentation.rb b/cookbooks/reverse_proxy/recipes/documentation.rb new file mode 100644 index 0000000..c38bbb8 --- /dev/null +++ b/cookbooks/reverse_proxy/recipes/documentation.rb @@ -0,0 +1,17 @@ +docs = File.expand_path('../../../docs/_build/html', File.dirname(__FILE__)) + +execute 'rsync::docs' do + command "rsync -avp --delete #{docs}/ /srv/doc/" +end + + +#################################################### +# SELinux: allow nginx to to read doc files +#################################################### +cookbook_file '/etc/selinux/local/spbdoc.te' do + notifies :run, 'execute[selinux-spbdoc]' +end +execute 'selinux-spbdoc' do + command 'selinux-install-module /etc/selinux/local/spbdoc.te' + action :nothing +end diff --git a/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb b/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb index 593de77..d3113c9 100644 --- a/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb +++ b/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb @@ -41,4 +41,9 @@ server { proxy_set_header Remote-User ''; proxy_set_header REMOTE_USER ''; } + + location /doc/ { + root /srv; + } + } diff --git a/roles/reverse_proxy_server.rb b/roles/reverse_proxy_server.rb index 48f8bf6..7a1815a 100644 --- a/roles/reverse_proxy_server.rb +++ b/roles/reverse_proxy_server.rb @@ -1,3 +1,3 @@ name 'database_server' description 'Reverse proxy server' -run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]', 'recipe[reverse_proxy::mailman]' +run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]', 'recipe[reverse_proxy::mailman]', 'recipe[reverse_proxy::documentation]' -- libgit2 0.21.2