From c4024c4aa414d7861bb48d58696778d60b120f4d Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 2 Aug 2024 13:39:15 -0700 Subject: [PATCH] pdc: fare thee well! This commit retires pdc from ansible. The website should get redirected to a wiki page about the retirement. If for some reason we need to bring things back, the vm's will still have their disks and xml saved off so we can bring it back. Would need to revert this, run proxy playbooks and do a little cleanup on the redirect, then bring the vm's back up. Hopefully we don't have to. Signed-off-by: Kevin Fenzi --- inventory/group_vars/pdc_web | 40 ----- inventory/group_vars/pdc_web_stg | 37 ---- .../host_vars/db01.iad2.fedoraproject.org | 2 - .../pdc-web01.iad2.fedoraproject.org | 9 - .../pdc-web01.stg.iad2.fedoraproject.org | 8 - .../pdc-web02.iad2.fedoraproject.org | 9 - inventory/inventory | 11 -- main.yml | 1 - playbooks/groups/pdc.yml | 55 ------ playbooks/include/proxies-redirects.yml | 7 + playbooks/manual/staging-sync/pdc.yml | 50 ------ playbooks/manual/upgrade/pdc.yml | 39 ----- roles/apps-fp-o/files/apps.yaml | 15 -- roles/distgit/pagure/templates/pagure.cfg | 4 +- roles/haproxy/templates/haproxy.cfg | 18 -- roles/pdc/frontend/files/create-metadata.sh | 106 ------------ roles/pdc/frontend/files/exportbranches.py | 23 --- roles/pdc/frontend/handlers/main.yml | 2 - roles/pdc/frontend/tasks/main.yml | 116 ------------- roles/pdc/frontend/templates/pdc.conf | 126 -------------- .../pdc/frontend/templates/settings_local.py | 159 ------------------ roles/releng/tasks/main.yml | 1 - scripts/public-db-copy | 1 - 23 files changed, 9 insertions(+), 830 deletions(-) delete mode 100644 inventory/group_vars/pdc_web delete mode 100644 inventory/group_vars/pdc_web_stg delete mode 100644 inventory/host_vars/pdc-web01.iad2.fedoraproject.org delete mode 100644 inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org delete mode 100644 inventory/host_vars/pdc-web02.iad2.fedoraproject.org delete mode 100644 playbooks/groups/pdc.yml delete mode 100644 playbooks/manual/staging-sync/pdc.yml delete mode 100644 playbooks/manual/upgrade/pdc.yml delete mode 100755 roles/pdc/frontend/files/create-metadata.sh delete mode 100644 roles/pdc/frontend/files/exportbranches.py delete mode 100644 roles/pdc/frontend/handlers/main.yml delete mode 100644 roles/pdc/frontend/tasks/main.yml delete mode 100644 roles/pdc/frontend/templates/pdc.conf delete mode 100644 roles/pdc/frontend/templates/settings_local.py diff --git a/inventory/group_vars/pdc_web b/inventory/group_vars/pdc_web deleted file mode 100644 index 1605f1028f..0000000000 --- a/inventory/group_vars/pdc_web +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: prod -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: - - can_send: - - logger.log - group: sysadmin - owner: root - service: shell - - can_send: - - pdc.compose - - pdc.rpms - - pdc.images - group: apache - owner: root - service: pdc -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: pdc-web -ipa_host_group_desc: Product Definition Center web app -lvm_size: 20000 -mem_size: 8192 -nagios_Check_Services: - swap: false -num_cpus: 2 -# This just defines the CN of the saml2 cert we pull from the private repo -# Don't be confused. The app is actually served at apps.stg.fp.o/pdc -pdc_domain: pdc.fedoraproject.org -primary_auth_source: ipa -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: pdc -wsgi_procs: 3 -wsgi_threads: 2 diff --git a/inventory/group_vars/pdc_web_stg b/inventory/group_vars/pdc_web_stg deleted file mode 100644 index a11323cc15..0000000000 --- a/inventory/group_vars/pdc_web_stg +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Define resources for this group of hosts here. -deployment_type: stg -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: - - can_send: - - logger.log - group: sysadmin - owner: root - service: shell - - can_send: - - pdc.compose - - pdc.rpms - - pdc.images - group: apache - owner: root - service: pdc -ipa_client_shell_groups: - - sysadmin-noc - - sysadmin-releng - - sysadmin-veteran -ipa_client_sudo_groups: - - sysadmin-releng -ipa_host_group: pdc-web -ipa_host_group_desc: Product Definition Center web app -lvm_size: 20000 -mem_size: 4098 -num_cpus: 1 -# This just defines the CN of the saml2 cert we pull from the private repo -# Don't be confused. The app is actually served at apps.stg.fp.o/pdc -pdc_domain: pdc.stg.fedoraproject.org -tcp_ports: [80] -# for systems that do not match the above - specify the same parameter in -# the host_vars/$hostname file -wsgi_fedmsg_service: pdc -wsgi_procs: 2 -wsgi_threads: 2 diff --git a/inventory/host_vars/db01.iad2.fedoraproject.org b/inventory/host_vars/db01.iad2.fedoraproject.org index 64186b4fff..9941eb2b8b 100644 --- a/inventory/host_vars/db01.iad2.fedoraproject.org +++ b/inventory/host_vars/db01.iad2.fedoraproject.org @@ -18,7 +18,6 @@ databases: - notifications - odcs - pagure - - pdc - tahrir - waiverdb - transtats @@ -41,7 +40,6 @@ dbs_to_backup: - notifications - odcs - pagure - - pdc - tahrir - waiverdb - transtats diff --git a/inventory/host_vars/pdc-web01.iad2.fedoraproject.org b/inventory/host_vars/pdc-web01.iad2.fedoraproject.org deleted file mode 100644 index 3fa6aa2e5d..0000000000 --- a/inventory/host_vars/pdc-web01.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.118 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -mem_size: 32768 -vmhost: bvmhost-x86-02.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org b/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org deleted file mode 100644 index 9b34388165..0000000000 --- a/inventory/host_vars/pdc-web01.stg.iad2.fedoraproject.org +++ /dev/null @@ -1,8 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.167.254 -eth0_ipv4_ip: 10.3.167.26 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -vmhost: bvmhost-x86-05.stg.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/host_vars/pdc-web02.iad2.fedoraproject.org b/inventory/host_vars/pdc-web02.iad2.fedoraproject.org deleted file mode 100644 index 286200be84..0000000000 --- a/inventory/host_vars/pdc-web02.iad2.fedoraproject.org +++ /dev/null @@ -1,9 +0,0 @@ ---- -datacenter: iad2 -eth0_ipv4_gw: 10.3.169.254 -eth0_ipv4_ip: 10.3.169.129 -ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/ -ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2 -mem_size: 32768 -vmhost: bvmhost-x86-04.iad2.fedoraproject.org -volgroup: /dev/vg_guests diff --git a/inventory/inventory b/inventory/inventory index 2dfa400408..6d9dd04983 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -590,7 +590,6 @@ memcached01.stg.iad2.fedoraproject.org odcs-backend01.stg.iad2.fedoraproject.org odcs-frontend01.stg.iad2.fedoraproject.org os-control01.stg.iad2.fedoraproject.org -pdc-web01.stg.iad2.fedoraproject.org pkgs01.stg.iad2.fedoraproject.org proxy01.stg.iad2.fedoraproject.org proxy02.stg.iad2.fedoraproject.org @@ -751,14 +750,6 @@ mailman_stg #virthost-cloud01.fedorainfracloud.org #copr-vmhost01.fedorainfracloud.org - -[pdc_web] -pdc-web01.iad2.fedoraproject.org -pdc-web02.iad2.fedoraproject.org - -[pdc_web_stg] -pdc-web01.stg.iad2.fedoraproject.org - [maintainer_test] f39-test.fedorainfracloud.org rawhide-test.fedorainfracloud.org @@ -1067,7 +1058,6 @@ openqa openqa_lab openqa_lab_workers openqa_workers -pdc_web pkgs proxies_iad2 qahardware @@ -1097,7 +1087,6 @@ koji_stg memcached_stg oci_registry_stg odcs_stg -pdc_web_stg pkgs_stg proxies_stg rabbitmq_stg diff --git a/main.yml b/main.yml index 434198b800..406a830000 100644 --- a/main.yml +++ b/main.yml @@ -50,7 +50,6 @@ - import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa-workers.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/openqa.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pagure.yml -- import_playbook: /srv/web/infra/ansible/playbooks/groups/pdc.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/people.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/pkgs.yml - import_playbook: /srv/web/infra/ansible/playbooks/groups/postgresql-server.yml diff --git a/playbooks/groups/pdc.yml b/playbooks/groups/pdc.yml deleted file mode 100644 index 24720c1b20..0000000000 --- a/playbooks/groups/pdc.yml +++ /dev/null @@ -1,55 +0,0 @@ -# PDC servers (both frontend and backend) - -- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml" - vars: - myhosts: "pdc_web:pdc_web_stg" - -- name: dole out the generic configuration - hosts: pdc_web:pdc_web_stg - user: root - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - roles: - - base - - rkhunter - - nagios_client - - zabbix/zabbix_agent - - collectd/base - - hosts - - ipa/client - - role: openvpn/client - when: env != "staging" and datacenter == 'iad2' - - sudo - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - -- name: stuff for the web nodes - hosts: pdc_web:pdc_web_stg - user: root - gather_facts: True - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - roles: - - mod_wsgi - - role: fedmsg/base - # Set up for fedora-messaging - - role: rabbit/user - username: "pdc{{ env_suffix }}" - sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(pdc|logger)\..* - when: inventory_hostname.startswith(('pdc-web01','pdc-web01.stg')) - - pdc/frontend diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index bf935ac523..d8136ace53 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -887,3 +887,10 @@ target: https://docs.fedoraproject.org/en-US/epel/ tags: - epel.io + + - role: httpd/redirect + shortname: 00-old-pdc + website: pdc.fedoraproject.org + target: https://fedoraproject.org/wiki/Infrastructure/pdc-retirement + tags: + - pdc diff --git a/playbooks/manual/staging-sync/pdc.yml b/playbooks/manual/staging-sync/pdc.yml deleted file mode 100644 index 0198d6e165..0000000000 --- a/playbooks/manual/staging-sync/pdc.yml +++ /dev/null @@ -1,50 +0,0 @@ -# This playbook syncs the production pdc instance with staging. - - -- name: bring staging services down (httpd) - hosts: pdc-web-stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=stopped - -# Here's the meaty part in the middle -- name: drop and re-create the staging db entirely - hosts: db01.stg.iad2.fedoraproject.org - user: root - become: yes - become_user: postgres - become_method: sudo - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - tasks: - - copy: src=/srv/web/infra/db-dumps/pdc.dump.xz dest=/var/tmp/pdc.dump.xz - owner=postgres group=postgres - - command: unxz /var/tmp/pdc.dump.xz - creates=/var/tmp/pdc.dump - - command: dropdb pdc - - command: createdb -O pdc pdc - - name: Import the prod db. - shell: cat /var/tmp/pdc.dump | psql pdc - - file: path=/var/tmp/pdc.dump state=absent - -- name: bring staging services up (httpd) - hosts: pdc-web-stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - tasks: - - service: name=httpd state=started diff --git a/playbooks/manual/upgrade/pdc.yml b/playbooks/manual/upgrade/pdc.yml deleted file mode 100644 index 6c716e15cb..0000000000 --- a/playbooks/manual/upgrade/pdc.yml +++ /dev/null @@ -1,39 +0,0 @@ -- name: verify the frontend, stop it, upgrade the db, and restart it - hosts: pdc_web:pdc_web_stg - user: root - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - handlers: - - import_tasks: "{{ handlers_path }}/restart_services.yml" - - pre_tasks: - - name: clean all metadata - command: yum clean all - check_mode: no - - name: yum update PDC packages - yum: name="{{item}}" state=latest - with_items: - - python-pdc - - python2-productmd - - roles: - - pdc/frontend - - post_tasks: - - name: tell nagios to shush w.r.t. the frontend - nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true - - service: name="httpd" state=stopped - - name: Upgrade the database, only on the primary web node. - command: python /usr/lib/python2.7/site-packages/pdc/manage.py migrate --noinput - args: - chdir: /usr/lib/python2.7/site-packages/pdc/ - when: inventory_hostname_short == 'pdc-web01' - - service: name="httpd" state=started - - name: tell nagios to unshush w.r.t. the frontend - nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} - delegate_to: noc01.iad2.fedoraproject.org - ignore_errors: true diff --git a/roles/apps-fp-o/files/apps.yaml b/roles/apps-fp-o/files/apps.yaml index 33da576d0f..f48271d5fc 100644 --- a/roles/apps-fp-o/files/apps.yaml +++ b/roles/apps-fp-o/files/apps.yaml @@ -626,21 +626,6 @@ children: they're broken -- it's a big help!. Check back here from time to time, as this section will change. children: - - name: Product Definition Center - data: - url: https://pdc.fedoraproject.org/ - source_url: https://github.com/product-definition-center/product-definition-center - bugs_url: https://github.com/product-definition-center/product-definition-center/issues - # Also, https://fedoraproject.org/wiki/Changes/PDC - docs_url: https://github.com/product-definition-center/product-definition-center/issues/303 - sops: - - https://infrastructure.fedoraproject.org/infra/docs/pdc.rst - description: > - The Product Definition Center (PDC) is a new app we're working - on which will track 1) all of the artifacts that release - engineering *should* be producing and 2) all of the artifacts - taht release engineering *did* produce. The web interface isn't - much to write home about, but the API is where it's at. - name: Ipsilon data: url: https://pagure.io/ipsilon diff --git a/roles/distgit/pagure/templates/pagure.cfg b/roles/distgit/pagure/templates/pagure.cfg index a761475077..ecbae826ec 100644 --- a/roles/distgit/pagure/templates/pagure.cfg +++ b/roles/distgit/pagure/templates/pagure.cfg @@ -317,7 +317,7 @@ CSP_HEADERS = ( "object-src 'none'; " "base-uri 'self'; " "img-src 'self' https:; " - "connect-src 'self' https://pdc.stg.fedoraproject.org https://apps.stg.fedoraproject.org https://mdapi.stg.fedoraproject.org https://transtats.stg.fedoraproject.org https://bodhi.stg.fedoraproject.org;" + "connect-src 'self' https://apps.stg.fedoraproject.org https://mdapi.stg.fedoraproject.org https://transtats.stg.fedoraproject.org https://bodhi.stg.fedoraproject.org;" ) {% else %} CSP_HEADERS = ( @@ -327,7 +327,7 @@ CSP_HEADERS = ( "object-src 'none'; " "base-uri 'self'; " "img-src 'self' https:; " - "connect-src 'self' https://pdc.fedoraproject.org https://apps.fedoraproject.org https://mdapi.fedoraproject.org https://transtats.fedoraproject.org https://bodhi.fedoraproject.org;" + "connect-src 'self' https://apps.fedoraproject.org https://mdapi.fedoraproject.org https://transtats.fedoraproject.org https://bodhi.fedoraproject.org;" ) {% endif %} diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg index 00fe1d3f65..560f785611 100644 --- a/roles/haproxy/templates/haproxy.cfg +++ b/roles/haproxy/templates/haproxy.cfg @@ -213,24 +213,6 @@ backend openqa-backend option httpchk GET /api/v1/job_groups/1 {% endif %} -frontend pdc-frontend - bind 0.0.0.0:10045 - default_backend pdc-backend - -backend pdc-backend - balance hdr(appserver) - -{% if env != "staging" %} - # Set session persistence with a cookie. - # https://jdennis.fedorapeople.org/doc/rhsso-tripleo-federation/html/rhsso-tripleo-federation.html#step-18-use-proxy-persistence-for-keystone-on-each-controller - cookie SERVERID insert indirect nocache -{% endif %} - - server pdc-web01 pdc-web01:80 check inter 10s rise 1 fall 2 cookie pdc-web01 -{% if env != "staging" %} - server pdc-web02 pdc-web02:80 check inter 10s rise 1 fall 2 cookie pdc-web02 -{% endif %} - option httpchk GET /rest_api/v1/ timeout server 3600000 timeout connect 3600000 diff --git a/roles/pdc/frontend/files/create-metadata.sh b/roles/pdc/frontend/files/create-metadata.sh deleted file mode 100755 index f6b36a429b..0000000000 --- a/roles/pdc/frontend/files/create-metadata.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/usr/bin/env bash - -# -# Like /usr/libexec/mod_auth_mellon/mellon_create_metadata.sh, but don't create the certificate and the key. -# Author: abompard@fedoraproject.org -# - -set -e - -PROG="$(basename "$0")" - -printUsage() { - echo "Usage: $PROG ENTITY-ID ENDPOINT-URL" - echo "" - echo "Example:" - echo " $PROG urn:someservice https://sp.example.org/mellon" - echo "" -} - -if [ "$#" -lt 2 ]; then - printUsage - exit 1 -fi - -ENTITYID="$1" -if [ -z "$ENTITYID" ]; then - echo "$PROG: An entity ID is required." >&2 - exit 1 -fi - -BASEURL="$2" -if [ -z "$BASEURL" ]; then - echo "$PROG: The URL to the MellonEndpointPath is required." >&2 - exit 1 -fi - -if ! echo "$BASEURL" | grep -q '^https\?://'; then - echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2 - exit 1 -fi - -DATADIR=`dirname $0` - -if [ ! -f "$DATADIR/certificate.pem" ]; then - echo "$PROG: The certificate must be in the file $DATADIR/certificate.pem." >&2 - exit 1 -fi - -BASEURL="$(echo "$BASEURL" | sed 's#/$##')" - -# No files should not be readable by the rest of the world. -umask 0077 - -# Everything between the markers, but not the markers themselves -CERT="$(sed -n '/^-----BEGIN/,/^-----END/ {/^----/b; p}' $DATADIR/certificate.pem)" - -cat > $DATADIR/metadata.xml < - - - - - - $CERT - - - - - - - $CERT - - - - - - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - -EOF - -umask 0777 -chown apache: $DATADIR/metadata.xml -echo "Wrote $DATADIR/metadata.xml" diff --git a/roles/pdc/frontend/files/exportbranches.py b/roles/pdc/frontend/files/exportbranches.py deleted file mode 100644 index 2298025054..0000000000 --- a/roles/pdc/frontend/files/exportbranches.py +++ /dev/null @@ -1,23 +0,0 @@ -""" Export component branches. - -This is used to drive the pagure-sync-bugzilla script. -""" - -import collections -import json - -from django.core.management.base import BaseCommand -from pdc.apps.componentbranch.models import ComponentBranch -from pdc.apps.componentbranch.serializers import is_branch_active - - -class Command(BaseCommand): - help = 'Export a JSON file with information about all component branches' - - def handle(self, *args, **options): - all_entries = ComponentBranch.objects.all() - output = collections.defaultdict(lambda: collections.defaultdict(list)) - for entry in all_entries: - active = is_branch_active(entry) - output[entry.type.name][entry.global_component.name].append([entry.name, active]) - self.stdout.write(json.dumps(output)) diff --git a/roles/pdc/frontend/handlers/main.yml b/roles/pdc/frontend/handlers/main.yml deleted file mode 100644 index 5d8555af78..0000000000 --- a/roles/pdc/frontend/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: rebuild metadata - command: /etc/httpd/saml2/create-metadata.sh https://pdc{{ env_suffix }}.fedoraproject.org/saml2 https://pdc{{ env_suffix }}.fedoraproject.org/saml2/ diff --git a/roles/pdc/frontend/tasks/main.yml b/roles/pdc/frontend/tasks/main.yml deleted file mode 100644 index 11db7000b4..0000000000 --- a/roles/pdc/frontend/tasks/main.yml +++ /dev/null @@ -1,116 +0,0 @@ -- name: remove some old copr repos for things now in the infra repo. - file: dest="/etc/yum.repos.d/{{item}}" state=absent - with_items: - - patternfly-patternfly1-epel-7.repo - - ralph-pdc-deps-epel-7.repo - - sochotni-pdc-test-epel-7.repo - tags: pdc - -- name: install needed packages - package: pkg={{ item }} state=present - with_items: - - patternfly1 - - python-pdc - - xmlsec1 - - mod_auth_mellon - tags: pdc - -- name: Copy over settings_local.py - template: src=settings_local.py - dest=/usr/lib/python2.7/site-packages/pdc/settings_local.py - mode=0600 owner=apache group=apache - notify: reload httpd - tags: pdc - -- name: Create directory structure for exportbranches command - file: dest={{item.dest}} state={{item.state}} owner=apache group=apache - with_items: - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management - state: directory - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/ - state: directory - tags: - - pdc - - cron - -- name: Create files for exportbranches command if they do not already exist - copy: dest={{item.dest}} owner=apache group=apache content='' force=no - with_items: - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/__init__.py - - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/__init__.py - tags: - - pdc - - cron - -- name: Copy over the exportbranches command - copy: - dest: /usr/lib/python2.7/site-packages/pdc/apps/componentbranch/management/commands/exportbranches.py - src: exportbranches.py - tags: - - pdc - - cron - -- name: create directory for the active_branches cache - file: path=/var/www/html/extras/ state=directory owner=apache group=apache - tags: - - pdc - - cron - -- name: cron to generate cache of active component branches for pagure-sync-bugzilla - cron: name="export-branches" minute="15" user="apache" - job="/usr/local/bin/lock-wrapper export-branches 'python /usr/lib/python2.7/site-packages/pdc/manage.py exportbranches > /var/www/html/extras/active_branches.json.tmp && mv /var/www/html/extras/active_branches.json.tmp /var/www/html/extras/active_branches.json'" - cron_file=export-branches - tags: - - pdc - - cron - -- name: Copy over httpd config - template: src=pdc.conf dest=/etc/httpd/conf.d/pdc.conf - notify: reload httpd - tags: pdc - -- name: ensure selinux lets httpd do the stuff we need. - seboolean: name={{ item }} persistent=yes state=yes - with_items: - - httpd_can_network_connect_db - - httpd_can_sendmail - # XXX - Someday for fedmsg - #- httpd_can_network_connect - tags: - - pdc - - selinux - -- name: create /etc/httpd/saml2 - file: state=directory - path=/etc/httpd/saml2 - owner=apache group=apache mode=0775 - tags: pdc - -- name: Install saml2 idp file (which describes our ipsilon instances). - copy: src="{{ private }}/files/saml2/idp-{{env}}.xml" - dest="/etc/httpd/saml2/idp-metadata.xml" - owner="apache" group="apache" mode=0600 - notify: reload httpd - tags: pdc - -- name: Copy over the metadata.xml rebuild script - copy: - src: create-metadata.sh - dest: /etc/httpd/saml2/create-metadata.sh - mode: 0755 - notify: - - rebuild metadata - - reload httpd - tags: pdc - -- name: Install domain-specific saml2 certs - copy: src="{{ private }}/files/saml2/{{ pdc_domain }}/{{ item }}" - dest="/etc/httpd/saml2/{{ item }}" - owner="apache" group="apache" mode=0600 - with_items: - - certificate.pem - - certificate.key - notify: - - rebuild metadata - - reload httpd - tags: pdc diff --git a/roles/pdc/frontend/templates/pdc.conf b/roles/pdc/frontend/templates/pdc.conf deleted file mode 100644 index 3e17d5a836..0000000000 --- a/roles/pdc/frontend/templates/pdc.conf +++ /dev/null @@ -1,126 +0,0 @@ -Alias /docs/ /usr/share/doc/pdc/docs/build/html/ -Alias /saml2protected /usr/share/ipsilon/ui/saml2sp - -WSGIDaemonProcess pdc user=apache group=apache maximum-requests=100 display-name=pdc processes={{ wsgi_procs - 1}} threads={{ wsgi_threads }} -WSGISocketPrefix run/wsgi -WSGIRestrictStdout On -WSGIRestrictSignal Off -WSGIPythonOptimize 1 - -WSGIScriptAlias / /usr/lib/python2.7/site-packages/pdc/wsgi.py - - - - {% if env == 'staging' %} - ServerName https://pdc.stg.fedoraproject.org - {% else %} - ServerName https://pdc.fedoraproject.org - {% endif %} - - UseCanonicalName on - - RewriteEngine on - - # An entry for django admin - RewriteCond "/usr/lib/python2.7/site-packages/django/contrib/admin/static/$1" -f - RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/django/contrib/admin/static/$1" [L] - - # First try to find the files in pdc - RewriteCond "/usr/lib/python2.7/site-packages/pdc/static/$1" -f - RewriteRule "^/static/(.*)" "/usr/lib/python2.7/site-packages/pdc/static/$1" [L] - # Try to find them in the patternfly files - RewriteRule "^/static/(.*)" "/usr/share/patternfly1/resources/$1" [L] - - # An entry for our exported branches - RewriteCond "/var/www/html/extras/$1" -f - RewriteRule "^/extras/(.*)" "/var/www/html/extras/$1" [L] - - - SetHandler wsgi-script - - LimitRequestBody 256000000 - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - Require all granted - MellonEnable "info" - MellonSPPrivateKeyFile "/etc/httpd/saml2/certificate.key" - MellonSPCertFile "/etc/httpd/saml2/certificate.pem" - MellonSPMetadataFile "/etc/httpd/saml2/metadata.xml" - MellonIdPMetadataFile "/etc/httpd/saml2/idp-metadata.xml" - MellonEndpointPath /saml2 - MellonVariable "saml-sesion-cookie" - - MellonUser username - MellonIdP "IDP" - MellonSessionLength 3600 - # MellonNoCookieErrorPage "https://idp.example.com/no-cookie-error.html" - # MellonPostDirectory "/var/lib/ipsilon/post_cache" - # MellonPostReplay On - - - - WSGIProcessGroup pdc - MellonEnable "auth" - Header append Cache-Control "no-cache" - - - - WSGIPassAuthorization On - - WSGIProcessGroup pdc - - - - SetHandler None - - # Disable auth on the static content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the static - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - # Set far-future Expires headers on static content - # (trac 184): - ExpiresActive On - ExpiresDefault "access plus 10 years" - - - - SetHandler None - - # Disable auth on the extras content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the extras - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - - - SetHandler None - - # Disable auth on the static content, so that we're aren't forced to - # use Kerberos. Doing so would remove "Expires" headers from the static - # content, which would lead to poor page-load times. - AuthType none - Satisfy Any - Require all granted - - # Many file types are likely to benefit from compression - # Enable gzip compression on them: - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript application/x-javascript text/css - - # Set far-future Expires headers on static content - # (trac 184): - ExpiresActive On - ExpiresDefault "access plus 2 weeks" - - diff --git a/roles/pdc/frontend/templates/settings_local.py b/roles/pdc/frontend/templates/settings_local.py deleted file mode 100644 index 7896bfdacd..0000000000 --- a/roles/pdc/frontend/templates/settings_local.py +++ /dev/null @@ -1,159 +0,0 @@ -# Feel free to `cp settings_local.py.dist settings.local.py` -# and customize your settings, changes here will be populated -# automatically. -# -# This file only contains the minimized settings you should do, -# please look into settings.py to see the whole avaiable settings -# you can do for your PDC instance. -# -# NOTE: For developers or others who want to extend the default -# settings, please remember to update your settings_local.py -# when the items you extended got updated in settings.py. - -# Turn on the fedmsg publishing plugin. -MESSAGE_BUS = { - 'MLP': 'fedmsg', # MLP: Messaging Library Package -} - -REST_FRAMEWORK = { - 'DEFAULT_AUTHENTICATION_CLASSES': ( - 'pdc.apps.auth.authentication.TokenAuthenticationWithChangeSet', - 'rest_framework.authentication.SessionAuthentication', - ), - - 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly', - ], - - 'DEFAULT_FILTER_BACKENDS': ( - 'rest_framework.filters.DjangoFilterBackend', - 'pdc.apps.utils.utils.RelatedNestedOrderingFilter', - ), - - 'DEFAULT_METADATA_CLASS': 'contrib.bulk_operations.metadata.BulkMetadata', - - 'DEFAULT_RENDERER_CLASSES': ( - 'rest_framework.renderers.JSONRenderer', - 'pdc.apps.common.renderers.ReadOnlyBrowsableAPIRenderer', - ), - - 'EXCEPTION_HANDLER': 'pdc.apps.common.handlers.exception_handler', - - 'DEFAULT_PAGINATION_CLASS': 'pdc.apps.common.pagination.AutoDetectedPageNumberPagination', -} - -# Because we don't want to kerberos, we want to ipsilon -LOGIN_URL = '/auth/saml2login' -AUTHENTICATION_BACKENDS = ( - 'pdc.apps.auth.backends.AuthMellonUserBackend', # XXX - <- no kerb - 'django.contrib.auth.backends.ModelBackend', -) -MIDDLEWARE_CLASSES = ( - 'pdc.apps.utils.middleware.MessagingMiddleware', - 'corsheaders.middleware.CorsMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', - 'pdc.apps.auth.middleware.RemoteUserMiddleware', # XXX - <- no kerb - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'django.middleware.security.SecurityMiddleware', - 'kobo.django.menu.middleware.MenuMiddleware', - 'pdc.apps.changeset.middleware.ChangesetMiddleware', -) - - -import os.path - -BASE_DIR = os.path.dirname(os.path.dirname(__file__)) - -{% if env == 'staging' %} -SECRET_KEY = '{{ pdc_secret_key_stg }}' -{% else %} -SECRET_KEY = '{{ pdc_secret_key_prod }}' -{% endif %} - -DEBUG = False - -# NOTE: this is needed when DEGUB is False. -# https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts -ALLOWED_HOSTS = [ - {% if env == 'staging' %} - 'pdc.stg.fedoraproject.org', - {% else %} - 'pdc.fedoraproject.org', - {% endif %} - '{{ inventory_hostname }}', - '{{ inventory_hostname_short }}', - 'localhost', -] - -# Database settings -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.postgresql_psycopg2', - 'NAME': 'pdc', - 'USER': 'pdc', - {% if env == 'staging' %} - 'PASSWORD': '{{ pdc_db_pass_stg }}', - 'HOST': 'db01.stg', - {% else %} - 'PASSWORD': '{{ pdc_db_pass_prod }}', - 'HOST': 'db01', - {% endif %} - } -} - -REST_API_URL = 'rest_api/' -REST_API_VERSION = 'v1' - -# https://github.com/product-definition-center/product-definition-center/issues/352 -USE_X_FORWARDED_HOST = True - -# https://pagure.io/fedora-infrastructure/issue/6122 -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') - -BROWSABLE_DOCUMENT_MACROS = { - # need to be rewrite with the real host name when deploy. - 'HOST_NAME': 'http://{{ inventory_hostname }}:80', - # make consistent with rest api root. - 'API_PATH': '%s%s' % (REST_API_URL, REST_API_VERSION), -} - -def get_setting(setting): - import pdc.settings - return getattr(pdc.settings, setting) - -# ======== Email configuration ========= -# Email addresses who would like to receive email -ADMINS = ( - # TODO -- eventually replace this with admin.fp.o - ('PDC Admins', 'rbean@redhat.com'), -) -MANAGERS = ADMINS - -# Email SMTP HOST configuration -EMAIL_HOST = 'bastion' -# Email sender's address -SERVER_EMAIL = 'nobody@fedoraproject.org' -EMAIL_SUBJECT_PREFIX = '[PDC]' - -{% if env == 'staging' %} -DIST_GIT_WEB_ROOT_URL = 'https://src.stg.fedoraproject.org/cgit/' -{% else %} -DIST_GIT_WEB_ROOT_URL = 'https://src.fedoraproject.org/cgit/' -{% endif %} -DIST_GIT_RPM_PATH = 'rpms/' -DIST_GIT_REPO_FORMAT = DIST_GIT_WEB_ROOT_URL + DIST_GIT_RPM_PATH + "%s" + ".git" - -# Use this to deny people creating new "epel" or "fedora" branches after we -# import the existing oldschool branches. -#COMPONENT_BRANCH_NAME_BLACKLIST_REGEX = r'^(epel\d+|el\d+|f\d+|fc\d+)' - -# un-comment below 4 lines if enable email notification as meet any error -#get_setting('LOGGING').get('loggers').update({'pdc.apps.common.handlers': { -# 'handlers': ['mail_admins'], -# 'level': 'ERROR', -#}}) diff --git a/roles/releng/tasks/main.yml b/roles/releng/tasks/main.yml index 1982430f10..b4b3a91409 100644 --- a/roles/releng/tasks/main.yml +++ b/roles/releng/tasks/main.yml @@ -133,7 +133,6 @@ - python3-productmd - ostree - python3-libmodulemd - - python3-pdc-client - python3-koji-cli-plugins - python3-fedfind # needed by clean-amis.py script - python3-boto3 # needed by clean-amis.py script diff --git a/scripts/public-db-copy b/scripts/public-db-copy index d7a1327f9a..55168ae911 100755 --- a/scripts/public-db-copy +++ b/scripts/public-db-copy @@ -9,7 +9,6 @@ scp db-koji01.iad2.fedoraproject.org:/backups/koji-$(date +%F).dump.xz /srv/web/ scp db01.iad2.fedoraproject.org:/backups/pkgdb2-$(date +%F).dump.xz /srv/web/infra/db-dumps/pkgdb2.dump.xz scp db01.iad2.fedoraproject.org:/backups/koschei-$(date +%F).dump.xz /srv/web/infra/db-dumps/koschei.dump.xz scp db01.iad2.fedoraproject.org:/backups/bodhi2-$(date +%F).dump.xz /srv/web/infra/db-dumps/bodhi2.dump.xz -scp db01.iad2.fedoraproject.org:/backups/pdc-$(date +%F).dump.xz /srv/web/infra/db-dumps/pdc.dump.xz scp db01.iad2.fedoraproject.org:/backups/anitya-public-$(date +%F).dump.xz /srv/web/infra/db-dumps/anitya.dump.xz scp db01.iad2.fedoraproject.org:/backups/mailman-$(date +%F).dump.xz /srv/web/infra/db-dumps/mailman.dump.xz scp db01.iad2.fedoraproject.org:/backups/odcs-$(date +%F).dump.xz /srv/web/infra/db-dumps/odcs.dump.xz