diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave index b9eeb7e6f7..ca2fa8c690 100644 --- a/inventory/group_vars/batcave +++ b/inventory/group_vars/batcave @@ -24,7 +24,6 @@ ipa_client_shell_groups: - sysadmin-datanommer - sysadmin-debuginfod - sysadmin-fedimg -- sysadmin-fpdc - sysadmin-koschei - sysadmin-libravatar - sysadmin-mbs diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml index dbc030be9e..3088338ec1 100644 --- a/playbooks/include/proxies-reverseproxy.yml +++ b/playbooks/include/proxies-reverseproxy.yml @@ -730,14 +730,6 @@ keephost: true tags: whatcanidoforfedora.org - - role: httpd/reverseproxy - website: fpdc.fedoraproject.org - destname: fpdc - balancer_name: app-os - targettype: openshift - keephost: true - tags: fpdc - - role: httpd/reverseproxy website: testdays.fedoraproject.org destname: testdays diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 15360ce5ba..4f661e60e3 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -966,13 +966,6 @@ cert_name: "{{wildcard_cert_name}}" tags: languages - - role: httpd/website - site_name: fpdc.fedoraproject.org - sslonly: true - server_aliases: [fpdc.stg.fedoraproject.org] - cert_name: "{{wildcard_cert_name}}" - tags: fpdc - - role: httpd/website site_name: neuro.fedoraproject.org sslonly: true diff --git a/playbooks/openshift-apps/fpdc.yml b/playbooks/openshift-apps/fpdc.yml deleted file mode 100644 index 30eaf4d17a..0000000000 --- a/playbooks/openshift-apps/fpdc.yml +++ /dev/null @@ -1,62 +0,0 @@ -- name: make the app be real - hosts: os_masters[0]:os_masters_stg[0] - user: root - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - roles: - - role: openshift/project - app: fpdc - description: Fedora Product Definition Center - appowners: - - cverna - - abompard - - role: openshift/imagestream - app: fpdc - imagename: fpdc - - - role: openshift/object - app: fpdc - template: buildconfig.yml - objectname: buildconfig.yml - - - role: openshift/object - app: fpdc - template: configmap.yml - objectname: configmap.yml - - - role: openshift/start-build - app: fpdc - buildname: fpdc-build - objectname: fpdc-build - - - role: openshift/object - app: fpdc - file: service.yml - objectname: service.yml - - - role: openshift/route - app: fpdc - routename: fpdc - host: "fpdc{{ env_suffix }}.fedoraproject.org" - serviceport: 8080-tcp - servicename: fpdc - - - role: openshift/object - app: fpdc - file: deploymentconfig.yml - objectname: deploymentconfig.yml - -############################################### -# actions to delete the project from OpenShift -############################################### -# to run: sudo rbac-playbook -l staging -t delete openshift-apps/fpdc.yml - - role: openshift/object-delete - app: fpdc - objecttype: project - objectname: fpdc - tags: [ never, delete ] diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf index a735c3ff55..2cd20abaf7 100644 --- a/roles/ipsilon/templates/configuration.conf +++ b/roles/ipsilon/templates/configuration.conf @@ -11,7 +11,7 @@ global enabled=allow [provider_config] global enabled=openid,saml2,openidc -openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs,wiki,src,fpdc,kerneltest +openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs,wiki,src,kerneltest {% if env == 'staging' %} openidc subject salt={{ ipsilon_stg_openidc_subject_salt }} diff --git a/roles/openshift-apps/fpdc/files/deploymentconfig.yml b/roles/openshift-apps/fpdc/files/deploymentconfig.yml deleted file mode 100644 index 37b14251f5..0000000000 --- a/roles/openshift-apps/fpdc/files/deploymentconfig.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: v1 -kind: DeploymentConfig -metadata: - labels: - app: fpdc - service: fpdc - name: fpdc -spec: - replicas: 1 - selector: - app: fpdc - deploymentconfig: fpdc - template: - metadata: - labels: - app: fpdc - deploymentconfig: fpdc - spec: - containers: - - name: fpdc - image: fpdc:latest - ports: - - containerPort: 8080 - resources: {} - volumeMounts: - - name: config-volume - mountPath: /etc/kinto/ - readOnly: true - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 5 - httpGet: - path: /v1/ - port: 8080 - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 - httpGet: - path: /v1/ - port: 8080 - volumes: - - name: config-volume - configMap: - name: fpdc-configmap - - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - fpdc - from: - kind: ImageStreamTag - name: fpdc:latest diff --git a/roles/openshift-apps/fpdc/files/imagestream.yml b/roles/openshift-apps/fpdc/files/imagestream.yml deleted file mode 100644 index 5ce5498aec..0000000000 --- a/roles/openshift-apps/fpdc/files/imagestream.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -items: -- apiVersion: v1 - kind: ImageStream - metadata: - name: fpdc - labels: - build: fpdc-build -kind: List -metadata: {} diff --git a/roles/openshift-apps/fpdc/files/service.yml b/roles/openshift-apps/fpdc/files/service.yml deleted file mode 100644 index 4c849e26c7..0000000000 --- a/roles/openshift-apps/fpdc/files/service.yml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: fpdc - name: fpdc -spec: - ports: - - name: 8080-tcp - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - app: fpdc - deploymentconfig: fpdc - diff --git a/roles/openshift-apps/fpdc/templates/buildconfig.yml b/roles/openshift-apps/fpdc/templates/buildconfig.yml deleted file mode 100644 index dba370094d..0000000000 --- a/roles/openshift-apps/fpdc/templates/buildconfig.yml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - name: fpdc-build - labels: - environment: "fpdc" -spec: - runPolicy: Serial - source: - dockerfile: |- - FROM fedora:30 - - RUN dnf install -y python3-ujson python3-gunicorn python3-psycopg2 python3-sqlalchemy python3-zope-sqlalchemy \ - && dnf clean all \ - && mkdir /app \ - && pip3 install --no-cache-dir kinto - - EXPOSE 8080 - - ENV KINTO_INI=/etc/kinto/kinto.ini \ - PYTHONPATH=/app/ - - WORKDIR /app - ADD https://raw.githubusercontent.com/mozilla-services/kinto-dist/master/app.wsgi /app - - USER 1001 - CMD ["gunicorn-3", "-b", ":8080", "--paste", "/etc/kinto/kinto.ini"] - strategy: - type: Docker - output: - to: - kind: ImageStreamTag - name: fpdc:latest - triggers: - - type: ConfigChange - - type: ImageChange diff --git a/roles/openshift-apps/fpdc/templates/configmap.yml b/roles/openshift-apps/fpdc/templates/configmap.yml deleted file mode 100644 index c4a122618f..0000000000 --- a/roles/openshift-apps/fpdc/templates/configmap.yml +++ /dev/null @@ -1,11 +0,0 @@ -{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: fpdc-configmap - labels: - app: fpdc -data: - kinto.ini: |- - {{ load_file('kinto.ini') | indent }} diff --git a/roles/openshift-apps/fpdc/templates/kinto.ini b/roles/openshift-apps/fpdc/templates/kinto.ini deleted file mode 100644 index b861bacbec..0000000000 --- a/roles/openshift-apps/fpdc/templates/kinto.ini +++ /dev/null @@ -1,265 +0,0 @@ -# Created at Wed, 28 Aug 2019 19:28:06 +0000 -# Using Kinto version 13.3.0 -# Full options list for .ini file -# https://kinto.readthedocs.io/en/latest/configuration/settings.html - - -[server:main] -use = egg:waitress#main -host = 0.0.0.0 -port = 8080 - - -[app:main] -use = egg:kinto - -# Feature settings -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#feature-settings -# -# kinto.readonly = false -# kinto.batch_max_requests = 25 -# kinto.paginate_by = -# Experimental JSON-schema on collection -# kinto.experimental_collection_schema_validation = false -# -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#activating-the-permissions-endpoint -# kinto.experimental_permissions_endpoint = false -# -# kinto.trailing_slash_redirect_enabled = true -# kinto.heartbeat_timeout_seconds = 10 - -# Plugins -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#plugins -# https://github.com/uralbash/awesome-pyramid -kinto.includes = kinto.plugins.openid -# Backends -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#storage -# -kinto.storage_backend = kinto.core.storage.postgresql -kinto.storage_url = postgresql://fpdc:{{fpdc_stg_db_pass}}@{{fpdc_stg_db_server}}/fpdc -# kinto.storage_max_fetch_size = 10000 -# kinto.storage_pool_size = 25 -# kinto.storage_max_overflow = 5 -# kinto.storage_pool_recycle = -1 -# kinto.storage_pool_timeout = 30 -# kinto.storage_max_backlog = -1 - -# Cache -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cache -# -kinto.cache_backend = kinto.core.cache.memory -kinto.cache_url = -# kinto.cache_prefix = -# kinto.cache_max_size_bytes = 524288 -# kinto.cache_pool_size = 25 -# kinto.cache_max_overflow = 5 -# kinto.cache_pool_recycle = -1 -# kinto.cache_pool_timeout = 30 -# kinto.cache_max_backlog = -1 - -# kinto.cache_backend = kinto.core.cache.memcached -# kinto.cache_hosts = 127.0.0.1:11211 - -# Permissions. -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#permissions -# -kinto.permission_backend = kinto.core.permission.postgresql -kinto.permission_url = postgresql://fpdc:{{fpdc_stg_db_pass}}@{{fpdc_stg_db_server}}/fpdc -# kinto.permission_pool_size = 25 -# kinto.permission_max_overflow = 5 -# kinto.permission_pool_recycle = 1 -# kinto.permission_pool_timeout = 30 -# kinto.permission_max_backlog - 1 -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#bypass-permissions-with-configuration -# kinto.bucket_create_principals = system.Authenticated - -# Authentication -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#authentication -# -kinto.userid_hmac_secret = {{ stg_fpdc_secret_key }} -multiauth.policies = fedora -# Any pyramid multiauth setting can be specified for custom authentication -# https://github.com/uralbash/awesome-pyramid#authentication -# -# Accounts API configuration -# -# Enable built-in plugin. -# Set `kinto.includes` to `kinto.plugins.accounts` -# Enable authenticated policy. -# Set `multiauth.policies` to `account` -multiauth.policy.fedora.use = kinto.plugins.openid.OpenIDConnectPolicy -multiauth.policy.fedora.issuer = https://id{{env_suffix}}.fedoraproject.org/openidc/ -multiauth.policy.fedora.client_id = {{fpdc_stg_client_id}} -multiauth.policy.fedora.client_secret = {{fpdc_stg_client_secret}} -multiauth.policy.fedora.userid_field = email -# Allow anyone to create accounts. -#kinto.account_create_principals = system.Everyone -# Set user 'account:admin' as the administrator. -#kinto.account_write_principals = account:admin -# Allow administrators to create buckets -#kinto.bucket_create_principals = account:admin -# Enable the "account_validation" option. -# kinto.account_validation = true -# Set the sender for the validation email. -# kinto.account_validation.email_sender = "admin@example.com" -# Set the regular expression used to validate a proper email address. -# kinto.account_validation.email_regexp = "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" - -# Mail configuration (needed for the account validation option), see https://docs.pylonsproject.org/projects/pyramid_mailer/en/latest/#configuration -# mail.host = localhost -# mail.port = 25 -# mail.username = someusername -# mail.password = somepassword - -# Notifications -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#notifications -# -# Configuration example: -# kinto.event_listeners = redis -# kinto.event_listeners.redis.use = kinto_redis.listeners -# kinto.event_listeners.redis.url = redis://localhost:6379/0 -# kinto.event_listeners.redis.pool_size = 5 -# kinto.event_listeners.redis.listname = queue -# kinto.event_listeners.redis.actions = create -# kinto.event_listeners.redis.resources = bucket collection - -# Production settings -# -# https://kinto.readthedocs.io/en/latest/configuration/production.html - -kinto.http_scheme = https -# kinto.http_host = kinto.services.mozilla.com - -# Cross Origin Requests -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#cross-origin-requests-cors -# -# kinto.cors_origins = * - -# Backoff indicators/end of service -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#backoff-indicators -# https://kinto.readthedocs.io/en/latest/api/1.x/backoff.html#id1 -# -# kinto.backoff = -# kinto.backoff_percentage = -# kinto.retry_after_seconds = 3 -# kinto.eos = -# kinto.eos_message = -# kinto.eos_url = - -# Project information -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#project-information -# -# kinto.version_json_path = ./version.json -# kinto.error_info_link = https://github.com/kinto/kinto/issues/ -# kinto.project_docs = https://kinto.readthedocs.io -# kinto.project_name = kinto -# kinto.project_version = -# kinto.version_prefix_redirect_enabled = true - -# Application profilling -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#application-profiling -# kinto.profiler_enabled = true -# kinto.profiler_dir = /tmp/profiling - -# Client cache headers -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#client-caching -# -# Every bucket objects objects and list -# kinto.bucket_cache_expires_seconds = 3600 -# -# Every collection objects and list of every buckets -# kinto.collection_cache_expires_seconds = 3600 -# -# Every group objects and list of every buckets -# kinto.group_cache_expires_seconds = 3600 -# -# Every records objects and list of every collections -# kinto.record_cache_expires_seconds = 3600 -# -# Records in a specific bucket -# kinto.blog_record_cache_expires_seconds = 3600 -# -# Records in a specific collection in a specific bucket -# kinto.blog_article_record_cache_expires_seconds = 3600 - -# Custom ID generator for POST Requests -# https://kinto.readthedocs.io/en/latest/tutorials/custom-id-generator.html#tutorial-id-generator -# -# Default generator -# kinto.bucket_id_generator=kinto.views.NameGenerator -# Custom example -# kinto.collection_id_generator = name_generator.CollectionGenerator -# kinto.group_id_generator = name_generator.GroupGenerator -# kinto.record_id_generator = name_generator.RecordGenerator - -# Enabling or disabling endpoints -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#enabling-or-disabling-endpoints -# -# This is a rather confusing setting due to naming conventions used in kinto.core -# For a more in depth explanation, refer to https://github.com/Kinto/kinto/issues/710 -# kinto.endpoint_type_resource_name_method_enabled = false -# Where: -# endpoint_type: is either ``collection`` (plural, e.g. ``/buckets``) or ``record`` (single, e.g. ``/buckets/abc``); -# resource_name: is the name of the resource (e.g. ``bucket``, ``group``, ``collection``, ``record``); -# method: is the http method (in lower case) (e.g. ``get``, ``post``, ``put``, ``patch``, ``delete``). -# For example, to disable the POST on the list of buckets and DELETE on single records -# kinto.collection_bucket_post_enabled = false -# kinto.record_record_delete_enabled = false - -#[uwsgi] -#wsgi-file = app.wsgi -#enable-threads = true -#thunder-lock = true -#socket = /tmp/kinto.sock -#chmod-socket = 666 -#processes = 3 -#master = true -#module = kinto -#harakiri = 120 -#uid = 10001 -#gid = 10001 -#lazy = true -#lazy-apps = true -#single-interpreter = true -#buffer-size = 65535 -#post-buffering = 65535 -#plugin = python3,http - -# Logging and Monitoring -# -# https://kinto.readthedocs.io/en/latest/configuration/settings.html#logging-and-monitoring -# kinto.statsd_backend = kinto.core.statsd -# kinto.statsd_prefix = kinto -# kinto.statsd_url = - -# kinto.newrelic_config = -# kinto.newrelic_env = dev - -# Logging configuration - -[loggers] -keys = root, kinto - -[handlers] -keys = console - -[formatters] -keys = color - -[logger_root] -level = INFO -handlers = console - -[logger_kinto] -level = DEBUG -handlers = console -qualname = kinto - -[handler_console] -class = StreamHandler -args = (sys.stderr,) -level = NOTSET -formatter = color - -[formatter_color] -class = logging_color_formatter.ColorFormatter diff --git a/roles/openshift-apps/ipsilon/vars/build.yml b/roles/openshift-apps/ipsilon/vars/build.yml index 28384546a8..29854e91f1 100644 --- a/roles/openshift-apps/ipsilon/vars/build.yml +++ b/roles/openshift-apps/ipsilon/vars/build.yml @@ -7,5 +7,4 @@ oidc_scope_filenames: - odcs - wiki - src -- fpdc - kerneltest