diff --git a/inventory/group_vars/pdc_web b/inventory/group_vars/pdc_web deleted file mode 100644 index 1605f1028f..0000000000 --- a/inventory/group_vars/pdc_web +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: - - can_send: - - logger.log - group: sysadmin - owner: root - service: shell - - can_send: - - pdc.compose - - pdc.rpms - - pdc.images - group: apache - owner: root - service: pdc -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: pdc-web -ipa_host_group_desc: Product Definition Center web app -lvm_size: 20000 -mem_size: 8192 -nagios_Check_Services: - swap: false -num_cpus: 2 -# This just defines the CN of the saml2 cert we pull from the private repo -# Don't be confused. The app is actually served at apps.stg.fp.o/pdc -pdc_domain: pdc.fedoraproject.org -primary_auth_source: ipa -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: pdc -wsgi_procs: 3 -wsgi_threads: 2 diff --git a/inventory/group_vars/pdc_web_stg b/inventory/group_vars/pdc_web_stg deleted file mode 100644 index a11323cc15..0000000000 --- a/inventory/group_vars/pdc_web_stg +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: - - can_send: - - logger.log - group: sysadmin - owner: root - service: shell - - can_send: - - pdc.compose - - pdc.rpms - - pdc.images - group: apache - owner: root - service: pdc -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: pdc-web -ipa_host_group_desc: Product Definition Center web app -lvm_size: 20000 -mem_size: 4098 -num_cpus: 1 -# This just defines the CN of the saml2 cert we pull from the private repo -# Don't be confused. The app is actually served at apps.stg.fp.o/pdc -pdc_domain: pdc.stg.fedoraproject.org -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: pdc -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/host_vars/db01.iad2.fedoraproject.org b/inventory/host_vars/db01.iad2.fedoraproject.org index 64186b4fff..9941eb2b8b 100644 --- a/inventory/host_vars/db01.iad2.fedoraproject.org +++ b/inventory/host_vars/db01.iad2.fedoraproject.org @@ -18,7 +18,6 @@ databases: - notifications - odcs - pagure - - pdc - tahrir - waiverdb - transtats @@ -41,7 +40,6 @@ dbs_to_backup: - notifications - odcs - pagure - - pdc - tahrir - waiverdb - transtats diff --git a/inventory/host_vars/pdc-web01.iad2.fedoraproject.org b/inventory/host_vars/pdc-web01.iad2.fedoraproject.org deleted file mode 100644 index 3fa6aa2e5d..0000000000 --- a/inventory/host_vars/pdc-web01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.118 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -mem_size: 32768 -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org b/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org deleted file mode 100644 index 9b34388165..0000000000 --- a/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.26 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pdc-web02.iad2.fedoraproject.org b/inventory/host_vars/pdc-web02.iad2.fedoraproject.org deleted file mode 100644 index 286200be84..0000000000 --- a/inventory/host_vars/pdc-web02.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.129 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -mem_size: 32768 -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/inventory b/inventory/inventory index 2dfa400408..6d9dd04983 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -590,7 +590,6 @@ memcached01.stg.iad2.fedoraproject.org odcs-backend01.stg.iad2.fedoraproject.org odcs-frontend01.stg.iad2.fedoraproject.org os-control01.stg.iad2.fedoraproject.org -pdc-web01.stg.iad2.fedoraproject.org pkgs01.stg.iad2.fedoraproject.org proxy01.stg.iad2.fedoraproject.org proxy02.stg.iad2.fedoraproject.org @@ -751,14 +750,6 @@ mailman_stg #virthost-cloud01.fedorainfracloud.org #copr-vmhost01.fedorainfracloud.org - -[pdc_web] -pdc-web01.iad2.fedoraproject.org -pdc-web02.iad2.fedoraproject.org - -[pdc_web_stg] -pdc-web01.stg.iad2.fedoraproject.org - [maintainer_test] f39-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org @@ -1067,7 +1058,6 @@ openqa openqa_lab openqa_lab_workers openqa_workers -pdc_web pkgs proxies_iad2 qahardware @@ -1097,7 +1087,6 @@ koji_stg memcached_stg oci_registry_stg odcs_stg -pdc_web_stg pkgs_stg proxies_stg rabbitmq_stg diff --git a/main.yml b/main.yml index 434198b800..406a830000 100644 --- a/main.yml +++ b/main.yml @@ -50,7 +50,6 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml deleted file mode 100644 index 24720c1b20..0000000000 --- a/playbooks/groups/pdc.yml +++ /dev/null @@ -1,55 +0,0 @@ -# PDC servers (both frontend and backend) - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pdc_web:pdc_web_stg" - -- name: dole out the generic configuration - hosts: pdc_web:pdc_web_stg - user: root - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - collectd/base - - hosts - - ipa/client - - role: openvpn/client - when: env != "staging" and datacenter == 'iad2' - - sudo - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - -- name: stuff for the web nodes - hosts: pdc_web:pdc_web_stg - user: root - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - mod_wsgi - - role: fedmsg/base - # Set up for fedora-messaging - - role: rabbit/user - username: "pdc{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pdc|logger)\..* - when: inventory_hostname.startswith(('pdc-web01','pdc-web01.stg')) - - pdc/frontend diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index bf935ac523..d8136ace53 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -887,3 +887,10 @@ target: https://docs.fedoraproject.org/en-US/epel/ tags: - epel.io + + - role: httpd/redirect + shortname: 00-old-pdc + website: pdc.fedoraproject.org + target: https://fedoraproject.org/wiki/Infrastructure/pdc-retirement + tags: + - pdc diff --git a/playbooks/manual/staging-sync/pdc.yml b/playbooks/manual/staging-sync/pdc.yml deleted file mode 100644 index 0198d6e165..0000000000 --- a/playbooks/manual/staging-sync/pdc.yml +++ /dev/null @@ -1,50 +0,0 @@ -# This playbook syncs the production pdc instance with staging. - - -- name: bring staging services down (httpd) - hosts: pdc-web-stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=stopped - -# Here's the meaty part in the middle -- name: drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - copy: src=/srv/web/infra/db-dumps/pdc.dump.xz dest=/var/tmp/pdc.dump.xz - owner=postgres group=postgres - - command: unxz /var/tmp/pdc.dump.xz - creates=/var/tmp/pdc.dump - - command: dropdb pdc - - command: createdb -O pdc pdc - - name: Import the prod db. - shell: cat /var/tmp/pdc.dump | psql pdc - - file: path=/var/tmp/pdc.dump state=absent - -- name: bring staging services up (httpd) - hosts: pdc-web-stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=started diff --git a/playbooks/manual/upgrade/pdc.yml b/playbooks/manual/upgrade/pdc.yml deleted file mode 100644 index 6c716e15cb..0000000000 --- a/playbooks/manual/upgrade/pdc.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: verify the frontend, stop it, upgrade the db, and restart it - hosts: pdc_web:pdc_web_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: clean all metadata - command: yum clean all - check_mode: no - - name: yum update PDC packages - yum: name="{{item}}" state=latest - with_items: - - python-pdc - - python2-productmd - - roles: - - pdc/frontend - - post_tasks: - - name: tell nagios to shush w.r.t. the frontend - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - service: name="httpd" state=stopped - - name: Upgrade the database, only on the primary web node. - command: python /usr/lib/python2.7/site-packages/pdc/manage.py migrate --noinput - args: - chdir: /usr/lib/python2.7/site-packages/pdc/ - when: inventory_hostname_short == 'pdc-web01' - - service: name="httpd" state=started - - name: tell nagios to unshush w.r.t. the frontend - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 33da576d0f..f48271d5fc 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -626,21 +626,6 @@ children: they're broken -- it's a big help!. Check back here from time to time, as this section will change. children: - - name: Product Definition Center - data: - url: https://pdc.fedoraproject.org/ - source_url: https://github.com/product-definition-center/product-definition-center - bugs_url: https://github.com/product-definition-center/product-definition-center/issues - # Also, https://fedoraproject.org/wiki/Changes/PDC - docs_url: https://github.com/product-definition-center/product-definition-center/issues/303 - sops: - - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst - description: > - The Product Definition Center (PDC) is a new app we're working - on which will track 1) all of the artifacts that release - engineering *should* be producing and 2) all of the artifacts - taht release engineering *did* produce. The web interface isn't - much to write home about, but the API is where it's at. - name: Ipsilon data: url: https://pagure.io/ipsilon diff --git a/roles/distgit/pagure/templates/pagure.cfg b/roles/distgit/pagure/templates/pagure.cfg index a761475077..ecbae826ec 100644 --- a/roles/distgit/pagure/templates/pagure.cfg +++ b/roles/distgit/pagure/templates/pagure.cfg @@ -317,7 +317,7 @@ CSP_HEADERS = ( "object-src 'none'; " "base-uri 'self'; " "img-src 'self' https:; " - "connect-src 'self' https://pdc.stg.fedoraproject.org https://apps.stg.fedoraproject.org https://mdapi.stg.fedoraproject.org https://transtats.stg.fedoraproject.org https://bodhi.stg.fedoraproject.org;" + "connect-src 'self' https://apps.stg.fedoraproject.org https://mdapi.stg.fedoraproject.org https://transtats.stg.fedoraproject.org https://bodhi.stg.fedoraproject.org;" ) {% else %} CSP_HEADERS = ( @@ -327,7 +327,7 @@ CSP_HEADERS = ( "object-src 'none'; " "base-uri 'self'; " "img-src 'self' https:; " - "connect-src 'self' https://pdc.fedoraproject.org https://apps.fedoraproject.org https://mdapi.fedoraproject.org https://transtats.fedoraproject.org https://bodhi.fedoraproject.org;" + "connect-src 'self' https://apps.fedoraproject.org https://mdapi.fedoraproject.org https://transtats.fedoraproject.org https://bodhi.fedoraproject.org;" ) {% endif %} diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index 00fe1d3f65..560f785611 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -213,24 +213,6 @@ backend openqa-backend option httpchk GET /api/v1/job_groups/1 {% endif %} -frontend pdc-frontend - bind 0.0.0.0:10045 - default_backend pdc-backend - -backend pdc-backend - balance hdr(appserver) - -{% if env != "staging" %} - # Set session persistence with a cookie. - # https://jdennis.fedorapeople.org/doc/rhsso-tripleo-federation/html/rhsso-tripleo-federation.html#step-18-use-proxy-persistence-for-keystone-on-each-controller - cookie SERVERID insert indirect nocache -{% endif %} - - server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 cookie pdc-web01 -{% if env != "staging" %} - server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 cookie pdc-web02 -{% endif %} - option httpchk GET /rest_api/v1/ timeout server 3600000 timeout connect 3600000 diff --git a/roles/pdc/frontend/files/create-metadata.sh b/roles/pdc/frontend/files/create-metadata.sh deleted file mode 100755 index f6b36a429b..0000000000 --- a/roles/pdc/frontend/files/create-metadata.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/usr/bin/env bash - -# -# Like /usr/libexec/mod_auth_mellon/mellon_create_metadata.sh, but don't create the certificate and the key. -# Author: abompard@fedoraproject.org -# - -set -e - -PROG="$(basename "$0")" - -printUsage() { - echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" - echo "" - echo "Example:" - echo " $PROG urn:someservice https://sp.example.org/mellon" - echo "" -} - -if [ "$#" -lt 2 ]; then - printUsage - exit 1 -fi - -ENTITYID="$1" -if [ -z "$ENTITYID" ]; then - echo "$PROG: An entity ID is required." >&2 - exit 1 -fi - -BASEURL="$2" -if [ -z "$BASEURL" ]; then - echo "$PROG: The URL to the MellonEndpointPath is required." >&2 - exit 1 -fi - -if ! echo "$BASEURL" | grep -q '^https\?://'; then - echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 - exit 1 -fi - -DATADIR=`dirname $0` - -if [ ! -f "$DATADIR/certificate.pem" ]; then - echo "$PROG: The certificate must be in the file $DATADIR/certificate.pem." >&2 - exit 1 -fi - -BASEURL="$(echo "$BASEURL" | sed 's#/$##')" - -# No files should not be readable by the rest of the world. -umask 0077 - -# Everything between the markers, but not the markers themselves -CERT="$(sed -n '/^-----BEGIN/,/^-----END/ {/^----/b; p}' $DATADIR/certificate.pem)" - -cat > $DATADIR/metadata.xml < - - - - - - $CERT - - - - - - - $CERT - - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - -EOF - -umask 0777 -chown apache: $DATADIR/metadata.xml -echo "Wrote $DATADIR/metadata.xml" diff --git a/roles/pdc/frontend/files/exportbranches.py b/roles/pdc/frontend/files/exportbranches.py deleted file mode 100644 index 2298025054..0000000000 --- a/roles/pdc/frontend/files/exportbranches.py +++ /dev/null @@ -1,23 +0,0 @@ -""" Export component branches. - -This is used to drive the pagure-sync-bugzilla script. -""" - -import collections -import json - -from django.core.management.base import BaseCommand -from pdc.apps.componentbranch.models import ComponentBranch -from pdc.apps.componentbranch.serializers import is_branch_active - - -class Command(BaseCommand): - help = 'Export a JSON file with information about all component branches' - - def handle(self, *args, **options): - all_entries = ComponentBranch.objects.all() - output = collections.defaultdict(lambda: collections.defaultdict(list)) - for entry in all_entries: - active = is_branch_active(entry) - output[entry.type.name][entry.global_component.name].append([entry.name, active]) - self.stdout.write(json.dumps(output)) diff --git a/roles/pdc/frontend/handlers/main.yml b/roles/pdc/frontend/handlers/main.yml deleted file mode 100644 index 5d8555af78..0000000000 --- a/roles/pdc/frontend/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: rebuild metadata - command: /etc/httpd/saml2/create-metadata.sh https://pdc{{ env_suffix }}.fedoraproject.org/saml2 https://pdc{{ env_suffix }}.fedoraproject.org/saml2/ diff --git a/roles/pdc/frontend/tasks/main.yml b/roles/pdc/frontend/tasks/main.yml deleted file mode 100644 index 11db7000b4..0000000000 --- a/roles/pdc/frontend/tasks/main.yml +++ /dev/null @@ -1,116 +0,0 @@ -- name: remove some old copr repos for things now in the infra repo. - file: dest="/etc/yum.repos.d/{{item}}" state=absent - with_items: - - patternfly-patternfly1-epel-7.repo - - ralph-pdc-deps-epel-7.repo - - sochotni-pdc-test-epel-7.repo - tags: pdc - -- name: install needed packages - package: pkg={{ item }} state=present - with_items: - - patternfly1 - - python-pdc - - xmlsec1 - - mod_auth_mellon - tags: pdc - -- name: Copy over settings_local.py - template: src=settings_local.py - dest=/usr/lib/python2.7/site-packages/pdc/settings_local.py - mode=0600 owner=apache group=apache - notify: reload httpd - tags: pdc - -- name: Create directory structure for exportbranches command - file: dest={{item.dest}} state={{item.state}} owner=apache group=apache - with_items: - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management - state: directory - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/ - state: directory - tags: - - pdc - - cron - -- name: Create files for exportbranches command if they do not already exist - copy: dest={{item.dest}} owner=apache group=apache content='' force=no - with_items: - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/__init__.py - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/__init__.py - tags: - - pdc - - cron - -- name: Copy over the exportbranches command - copy: - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/exportbranches.py - src: exportbranches.py - tags: - - pdc - - cron - -- name: create directory for the active_branches cache - file: path=/var/www/html/extras/ state=directory owner=apache group=apache - tags: - - pdc - - cron - -- name: cron to generate cache of active component branches for pagure-sync-bugzilla - cron: name="export-branches" minute="15" user="apache" - job="/usr/local/bin/lock-wrapper export-branches 'python /usr/lib/python2.7/site-packages/pdc/manage.py exportbranches > /var/www/html/extras/active_branches.json.tmp && mv /var/www/html/extras/active_branches.json.tmp /var/www/html/extras/active_branches.json'" - cron_file=export-branches - tags: - - pdc - - cron - -- name: Copy over httpd config - template: src=pdc.conf dest=/etc/httpd/conf.d/pdc.conf - notify: reload httpd - tags: pdc - -- name: ensure selinux lets httpd do the stuff we need. - seboolean: name={{ item }} persistent=yes state=yes - with_items: - - httpd_can_network_connect_db - - httpd_can_sendmail - # XXX - Someday for fedmsg - #- httpd_can_network_connect - tags: - - pdc - - selinux - -- name: create /etc/httpd/saml2 - file: state=directory - path=/etc/httpd/saml2 - owner=apache group=apache mode=0775 - tags: pdc - -- name: Install saml2 idp file (which describes our ipsilon instances). - copy: src="{{ private }}/files/saml2/idp-{{env}}.xml" - dest="/etc/httpd/saml2/idp-metadata.xml" - owner="apache" group="apache" mode=0600 - notify: reload httpd - tags: pdc - -- name: Copy over the metadata.xml rebuild script - copy: - src: create-metadata.sh - dest: /etc/httpd/saml2/create-metadata.sh - mode: 0755 - notify: - - rebuild metadata - - reload httpd - tags: pdc - -- name: Install domain-specific saml2 certs - copy: src="{{ private }}/files/saml2/{{ pdc_domain }}/{{ item }}" - dest="/etc/httpd/saml2/{{ item }}" - owner="apache" group="apache" mode=0600 - with_items: - - certificate.pem - - certificate.key - notify: - - rebuild metadata - - reload httpd - tags: pdc diff --git a/roles/pdc/frontend/templates/pdc.conf b/roles/pdc/frontend/templates/pdc.conf deleted file mode 100644 index 3e17d5a836..0000000000 --- a/roles/pdc/frontend/templates/pdc.conf +++ /dev/null @@ -1,126 +0,0 @@ -Alias /docs/ /usr/share/doc/pdc/docs/build/html/ -Alias /saml2protected /usr/share/ipsilon/ui/saml2sp - -WSGIDaemonProcess pdc user=apache group=apache maximum-requests=100 display-name=pdc processes={{ wsgi_procs - 1}} threads={{ wsgi_threads }} -WSGISocketPrefix run/wsgi -WSGIRestrictStdout On -WSGIRestrictSignal Off -WSGIPythonOptimize 1 - -WSGIScriptAlias / /usr/lib/python2.7/site-packages/pdc/wsgi.py - - - - {% if env == 'staging' %} - ServerName https://pdc.stg.fedoraproject.org - {% else %} - ServerName https://pdc.fedoraproject.org - {% endif %} - - UseCanonicalName on - - RewriteEngine on - - # An entry for django admin - RewriteCond "/usr/lib/python2.7/site-packages/django/contrib/admin/static/$1" -f - RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/django/contrib/admin/static/$1" [L] - - # First try to find the files in pdc - RewriteCond "/usr/lib/python2.7/site-packages/pdc/static/$1" -f - RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pdc/static/$1" [L] - # Try to find them in the patternfly files - RewriteRule "^/static/(.*)" "/usr/share/patternfly1/resources/$1" [L] - - # An entry for our exported branches - RewriteCond "/var/www/html/extras/$1" -f - RewriteRule "^/extras/(.*)" "/var/www/html/extras/$1" [L] - - - SetHandler wsgi-script - - LimitRequestBody 256000000 - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - Require all granted - MellonEnable "info" - MellonSPPrivateKeyFile "/etc/httpd/saml2/certificate.key" - MellonSPCertFile "/etc/httpd/saml2/certificate.pem" - MellonSPMetadataFile "/etc/httpd/saml2/metadata.xml" - MellonIdPMetadataFile "/etc/httpd/saml2/idp-metadata.xml" - MellonEndpointPath /saml2 - MellonVariable "saml-sesion-cookie" - - MellonUser username - MellonIdP "IDP" - MellonSessionLength 3600 - # MellonNoCookieErrorPage "https://idp.example.com/no-cookie-error.html" - # MellonPostDirectory "/var/lib/ipsilon/post_cache" - # MellonPostReplay On - - - - WSGIProcessGroup pdc - MellonEnable "auth" - Header append Cache-Control "no-cache" - - - - WSGIPassAuthorization On - - WSGIProcessGroup pdc - - - - SetHandler None - - # Disable auth on the static content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the static - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - # Set far-future Expires headers on static content - # (trac 184): - ExpiresActive On - ExpiresDefault "access plus 10 years" - - - - SetHandler None - - # Disable auth on the extras content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the extras - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - - - SetHandler None - - # Disable auth on the static content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the static - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - # Set far-future Expires headers on static content - # (trac 184): - ExpiresActive On - ExpiresDefault "access plus 2 weeks" - - diff --git a/roles/pdc/frontend/templates/settings_local.py b/roles/pdc/frontend/templates/settings_local.py deleted file mode 100644 index 7896bfdacd..0000000000 --- a/roles/pdc/frontend/templates/settings_local.py +++ /dev/null @@ -1,159 +0,0 @@ -# Feel free to `cp settings_local.py.dist settings.local.py` -# and customize your settings, changes here will be populated -# automatically. -# -# This file only contains the minimized settings you should do, -# please look into settings.py to see the whole avaiable settings -# you can do for your PDC instance. -# -# NOTE: For developers or others who want to extend the default -# settings, please remember to update your settings_local.py -# when the items you extended got updated in settings.py. - -# Turn on the fedmsg publishing plugin. -MESSAGE_BUS = { - 'MLP': 'fedmsg', # MLP: Messaging Library Package -} - -REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES': ( - 'pdc.apps.auth.authentication.TokenAuthenticationWithChangeSet', - 'rest_framework.authentication.SessionAuthentication', - ), - - 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly', - ], - - 'DEFAULT_FILTER_BACKENDS': ( - 'rest_framework.filters.DjangoFilterBackend', - 'pdc.apps.utils.utils.RelatedNestedOrderingFilter', - ), - - 'DEFAULT_METADATA_CLASS': 'contrib.bulk_operations.metadata.BulkMetadata', - - 'DEFAULT_RENDERER_CLASSES': ( - 'rest_framework.renderers.JSONRenderer', - 'pdc.apps.common.renderers.ReadOnlyBrowsableAPIRenderer', - ), - - 'EXCEPTION_HANDLER': 'pdc.apps.common.handlers.exception_handler', - - 'DEFAULT_PAGINATION_CLASS': 'pdc.apps.common.pagination.AutoDetectedPageNumberPagination', -} - -# Because we don't want to kerberos, we want to ipsilon -LOGIN_URL = '/auth/saml2login' -AUTHENTICATION_BACKENDS = ( - 'pdc.apps.auth.backends.AuthMellonUserBackend', # XXX - <- no kerb - 'django.contrib.auth.backends.ModelBackend', -) -MIDDLEWARE_CLASSES = ( - 'pdc.apps.utils.middleware.MessagingMiddleware', - 'corsheaders.middleware.CorsMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', - 'pdc.apps.auth.middleware.RemoteUserMiddleware', # XXX - <- no kerb - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'django.middleware.security.SecurityMiddleware', - 'kobo.django.menu.middleware.MenuMiddleware', - 'pdc.apps.changeset.middleware.ChangesetMiddleware', -) - - -import os.path - -BASE_DIR = os.path.dirname(os.path.dirname(__file__)) - -{% if env == 'staging' %} -SECRET_KEY = '{{ pdc_secret_key_stg }}' -{% else %} -SECRET_KEY = '{{ pdc_secret_key_prod }}' -{% endif %} - -DEBUG = False - -# NOTE: this is needed when DEGUB is False. -# https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts -ALLOWED_HOSTS = [ - {% if env == 'staging' %} - 'pdc.stg.fedoraproject.org', - {% else %} - 'pdc.fedoraproject.org', - {% endif %} - '{{ inventory_hostname }}', - '{{ inventory_hostname_short }}', - 'localhost', -] - -# Database settings -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': 'pdc', - 'USER': 'pdc', - {% if env == 'staging' %} - 'PASSWORD': '{{ pdc_db_pass_stg }}', - 'HOST': 'db01.stg', - {% else %} - 'PASSWORD': '{{ pdc_db_pass_prod }}', - 'HOST': 'db01', - {% endif %} - } -} - -REST_API_URL = 'rest_api/' -REST_API_VERSION = 'v1' - -# https://github.com/product-definition-center/product-definition-center/issues/352 -USE_X_FORWARDED_HOST = True - -# https://pagure.io/fedora-infrastructure/issue/6122 -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') - -BROWSABLE_DOCUMENT_MACROS = { - # need to be rewrite with the real host name when deploy. - 'HOST_NAME': 'http://{{ inventory_hostname }}:80', - # make consistent with rest api root. - 'API_PATH': '%s%s' % (REST_API_URL, REST_API_VERSION), -} - -def get_setting(setting): - import pdc.settings - return getattr(pdc.settings, setting) - -# ======== Email configuration ========= -# Email addresses who would like to receive email -ADMINS = ( - # TODO -- eventually replace this with admin.fp.o - ('PDC Admins', 'rbean@redhat.com'), -) -MANAGERS = ADMINS - -# Email SMTP HOST configuration -EMAIL_HOST = 'bastion' -# Email sender's address -SERVER_EMAIL = 'nobody@fedoraproject.org' -EMAIL_SUBJECT_PREFIX = '[PDC]' - -{% if env == 'staging' %} -DIST_GIT_WEB_ROOT_URL = 'https://src.stg.fedoraproject.org/cgit/' -{% else %} -DIST_GIT_WEB_ROOT_URL = 'https://src.fedoraproject.org/cgit/' -{% endif %} -DIST_GIT_RPM_PATH = 'rpms/' -DIST_GIT_REPO_FORMAT = DIST_GIT_WEB_ROOT_URL + DIST_GIT_RPM_PATH + "%s" + ".git" - -# Use this to deny people creating new "epel" or "fedora" branches after we -# import the existing oldschool branches. -#COMPONENT_BRANCH_NAME_BLACKLIST_REGEX = r'^(epel\d+|el\d+|f\d+|fc\d+)' - -# un-comment below 4 lines if enable email notification as meet any error -#get_setting('LOGGING').get('loggers').update({'pdc.apps.common.handlers': { -# 'handlers': ['mail_admins'], -# 'level': 'ERROR', -#}}) diff --git a/roles/releng/tasks/main.yml b/roles/releng/tasks/main.yml index 1982430f10..b4b3a91409 100644 --- a/roles/releng/tasks/main.yml +++ b/roles/releng/tasks/main.yml @@ -133,7 +133,6 @@ - python3-productmd - ostree - python3-libmodulemd - - python3-pdc-client - python3-koji-cli-plugins - python3-fedfind # needed by clean-amis.py script - python3-boto3 # needed by clean-amis.py script diff --git a/scripts/public-db-copy b/scripts/public-db-copy index d7a1327f9a..55168ae911 100755 --- a/scripts/public-db-copy +++ b/scripts/public-db-copy @@ -9,7 +9,6 @@ scp db-koji01.iad2.fedoraproject.org:/backups/koji-$(date +%F).dump.xz /srv/web/ scp db01.iad2.fedoraproject.org:/backups/pkgdb2-$(date +%F).dump.xz /srv/web/infra/db-dumps/pkgdb2.dump.xz scp db01.iad2.fedoraproject.org:/backups/koschei-$(date +%F).dump.xz /srv/web/infra/db-dumps/koschei.dump.xz scp db01.iad2.fedoraproject.org:/backups/bodhi2-$(date +%F).dump.xz /srv/web/infra/db-dumps/bodhi2.dump.xz -scp db01.iad2.fedoraproject.org:/backups/pdc-$(date +%F).dump.xz /srv/web/infra/db-dumps/pdc.dump.xz scp db01.iad2.fedoraproject.org:/backups/anitya-public-$(date +%F).dump.xz /srv/web/infra/db-dumps/anitya.dump.xz scp db01.iad2.fedoraproject.org:/backups/mailman-$(date +%F).dump.xz /srv/web/infra/db-dumps/mailman.dump.xz scp db01.iad2.fedoraproject.org:/backups/odcs-$(date +%F).dump.xz /srv/web/infra/db-dumps/odcs.dump.xz