From ce8b4467c7071aa280343844c6752db7bed328aa Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Mon, 6 Nov 2017 20:59:44 +0000 Subject: [PATCH] Remove old waiverdb role. See roles/openshift-apps/waiverdb/ --- roles/waiverdb/defaults/main.yml | 8 --- roles/waiverdb/files/pg/pg_hba.conf | 29 --------- roles/waiverdb/handlers/main.yml | 10 --- roles/waiverdb/tasks/main.yml | 64 ------------------- roles/waiverdb/tasks/psql_setup.yml | 63 ------------------ .../etc/nginx/conf.d/waiverdb.conf.j2 | 21 ------ .../etc/waiverdb/client_secrets.json | 11 ---- .../templates/etc/waiverdb/settings.py.j2 | 14 ---- 8 files changed, 220 deletions(-) delete mode 100644 roles/waiverdb/defaults/main.yml delete mode 100644 roles/waiverdb/files/pg/pg_hba.conf delete mode 100644 roles/waiverdb/handlers/main.yml delete mode 100644 roles/waiverdb/tasks/main.yml delete mode 100644 roles/waiverdb/tasks/psql_setup.yml delete mode 100644 roles/waiverdb/templates/etc/nginx/conf.d/waiverdb.conf.j2 delete mode 100644 roles/waiverdb/templates/etc/waiverdb/client_secrets.json delete mode 100644 roles/waiverdb/templates/etc/waiverdb/settings.py.j2 diff --git a/roles/waiverdb/defaults/main.yml b/roles/waiverdb/defaults/main.yml deleted file mode 100644 index 21c008102c..0000000000 --- a/roles/waiverdb/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -waiverdb_db_port: 5432 -waiverdb_oidc_auth_uri: 'https://iddev.fedorainfracloud.org/openidc/Authorization' -waiverdb_oidc_token_uri: 'https://iddev.fedorainfracloud.org/openidc/Token' -waiverdb_oidc_client_id: 'D-eb5668aa-f962-4d9e-8131-4ef6d7840436' -waiverdb_oidc_client_secret: 'QctUSOfqot6-XQd7YG0DeIAI81wlc7oD' -waiverdb_oidc_token_introspection_uri: 'https://iddev.fedorainfracloud.org/openidc/TokenInfo' -waiverdb_oidc_userinfo_uri: 'https://iddev.fedorainfracloud.org/openidc/UserInfo' diff --git a/roles/waiverdb/files/pg/pg_hba.conf b/roles/waiverdb/files/pg/pg_hba.conf deleted file mode 100644 index 9fcf023732..0000000000 --- a/roles/waiverdb/files/pg/pg_hba.conf +++ /dev/null @@ -1,29 +0,0 @@ -# This file is managed by Ansible - changes may be lost -# -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# TYPE DATABASE USER ADDRESS METHOD - -# Default: -# -local all postgres trust -# "local" is for Unix domain socket connections only -local all all trust -# IPv4 local connections: -host all all 127.0.0.1/32 trust -# IPv6 local connections: -host all all ::1/128 trust diff --git a/roles/waiverdb/handlers/main.yml b/roles/waiverdb/handlers/main.yml deleted file mode 100644 index 40cbeb8b64..0000000000 --- a/roles/waiverdb/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: restart waiverdb - systemd: - name: waiverdb.service - state: restarted - -- name: restart postgresql - systemd: - name: postgresql.service - state: restarted diff --git a/roles/waiverdb/tasks/main.yml b/roles/waiverdb/tasks/main.yml deleted file mode 100644 index d7c4049bb5..0000000000 --- a/roles/waiverdb/tasks/main.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -- import_tasks: psql_setup.yml - -# Need to set selinux to permissive for now due to https://bugzilla.redhat.com/show_bug.cgi?id=1291940 -- name: switch selinux to permissive - selinux: policy=targeted state=permissive - -- name: install needed packages (yum) - package: name={{ item }} state=present - with_items: - - waiverdb - - python-gunicorn - - python-psycopg2 - notify: - - restart waiverdb - when: ansible_distribution_major_version|int < 22 - -- name: install needed packages (dnf) - dnf: pkg={{ item }} state=present - with_items: - - waiverdb - - python-gunicorn - - python-psycopg2 - notify: - - restart waiverdb - when: ansible_distribution_major_version|int > 21 - -- name: start waiverdb on boot - systemd: - name: waiverdb.socket - enabled: yes - -- name: copy client secrets - template: - src: etc/waiverdb/client_secrets.json - dest: /etc/waiverdb/client_secrets.json - owner: root - group: root - mode: 0640 - notify: - - restart waiverdb - -- name: generate the app config - template: - src: etc/waiverdb/settings.py.j2 - dest: /etc/waiverdb/settings.py - owner: root - group: root - mode: 0660 - backup: yes - force: yes - notify: - - restart waiverdb - -- name: install the nginx config - template: - src: etc/nginx/conf.d/waiverdb.conf.j2 - dest: /etc/nginx/conf.d/waiverdb.conf - owner: nginx - group: nginx - mode: 0640 - notify: - - restart nginx - diff --git a/roles/waiverdb/tasks/psql_setup.yml b/roles/waiverdb/tasks/psql_setup.yml deleted file mode 100644 index 50f096bc02..0000000000 --- a/roles/waiverdb/tasks/psql_setup.yml +++ /dev/null @@ -1,63 +0,0 @@ -- name: install postresql (yum) - package: state=present pkg={{ item }} - with_items: - - "postgresql-server" - - "postgresql-contrib" - - "python-psycopg2" - when: ansible_distribution_major_version|int < 22 - -- name: install postresql (dnf) - dnf: state=present pkg={{ item }} - with_items: - - "postgresql-server" - - "postgresql-contrib" - - "python-psycopg2" - when: ansible_distribution_major_version|int > 21 - -- name: See if postgreSQL is installed - stat: path=/var/lib/pgsql/initdb_postgresql.log - register: pgsql_installed - -- name: init postgresql - shell: "postgresql-setup initdb" - when: not pgsql_installed.stat.exists - -- name: copy pg_hba.conf - copy: src="pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600 - notify: - - restart postgresql - tags: - - config - -- name: Ensure postgres has a place to backup to - file: dest=/backups state=directory owner=postgres - tags: - - config - -- name: Copy over backup scriplet - copy: src="{{ files }}/../roles/postgresql_server/files/backup-database" dest=/usr/local/bin/backup-database mode=0755 - tags: - - config - -- name: Set up some cronjobs to backup databases as configured - template: > - src="{{ files }}/../roles/postgresql_server/templates/cron-backup-database" - dest="/etc/cron.d/cron-backup-database-{{ item }}" - with_items: - - "{{ dbs_to_backup }}" - when: dbs_to_backup != [] - tags: - - config - -- name: enable Pg service - service: state=started enabled=yes name=postgresql - -- name: Create db - postgresql_db: name="waiverdb" encoding='UTF-8' - become: yes - become_user: postgres - -- name: Create db user - postgresql_user: db="waiverdb" name="waiverdb-user" role_attr_flags=SUPERUSER,NOCREATEDB,NOCREATEROLE - become: yes - become_user: postgres diff --git a/roles/waiverdb/templates/etc/nginx/conf.d/waiverdb.conf.j2 b/roles/waiverdb/templates/etc/nginx/conf.d/waiverdb.conf.j2 deleted file mode 100644 index 0fe42b5eaa..0000000000 --- a/roles/waiverdb/templates/etc/nginx/conf.d/waiverdb.conf.j2 +++ /dev/null @@ -1,21 +0,0 @@ -# HTTP server -server { - listen 80 default_server; - server_name _; - - large_client_header_buffers 4 32k; - client_max_body_size 50M; - charset utf-8; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - location /api { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://unix:/run/waiverdb/socket:/api; - } -} diff --git a/roles/waiverdb/templates/etc/waiverdb/client_secrets.json b/roles/waiverdb/templates/etc/waiverdb/client_secrets.json deleted file mode 100644 index 83dc8b0ed8..0000000000 --- a/roles/waiverdb/templates/etc/waiverdb/client_secrets.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "web": { - "auth_uri": "{{ waiverdb_oidc_auth_uri }}", - "client_id": "{{ waiverdb_oidc_client_id }}", - "client_secret": "{{ waiverdb_oidc_client_secret }}", - "redirect_uris": [], - "token_uri": "{{ waiverdb_oidc_token_uri }}", - "token_introspection_uri": "{{ waiverdb_oidc_token_introspection_uri }}", - "userinfo_uri": "{{ waiverdb_oidc_userinfo_uri }}" - } -} diff --git a/roles/waiverdb/templates/etc/waiverdb/settings.py.j2 b/roles/waiverdb/templates/etc/waiverdb/settings.py.j2 deleted file mode 100644 index 986a7f9520..0000000000 --- a/roles/waiverdb/templates/etc/waiverdb/settings.py.j2 +++ /dev/null @@ -1,14 +0,0 @@ -{% if deployment_type == "prod" %} -SECRET_KEY = '{{ prod_waiverdb_secret_key }}' -{% elif deployment_type == "stg" %} -SECRET_KEY = '{{ stg_waiverdb_secret_key }}' -{% else %} -SECRET_KEY = '{{ dev_waiverdb_secret_key }}' -{% endif %} -SQLALCHEMY_DATABASE_URI = 'postgresql://waiverdb-user@:{{ waiverdb_db_port }}/waiverdb' -OIDC_CLIENT_SECRETS = '/etc/waiverdb/client_secrets.json' -OIDC_REQUIRED_SCOPE = 'https://waiverdb.fedoraproject.org/oidc/create-waiver' -OIDC_RESOURCE_SERVER_ONLY = True -{% if deployment_type == "dev" %} -ZEROMQ_PUBLISH = False -{% endif %}