Prepare Noggin & FASJSON for prod

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

playbooks/include/proxies-reverseproxy.yml

@@ -162,10 +162,8 @@
     - fas
 
   - role: httpd/reverseproxy
-    website: admin.fedoraproject.org
+    website: "accounts{{ env_suffix }}.fedoraproject.org"
     destname: noggin
-    remotepath: /accounts
-    localpath: /accounts
     balancer_name: app-os
     targettype: openshift
     keephost: true
@@ -176,7 +174,6 @@
     balancer_name: app-os
     targettype: openshift
     keephost: true
-    when: env == "staging"
 
   - role: httpd/reverseproxy
     website: "id{{ env_suffix }}.fedoraproject.org"

playbooks/include/proxies-websites.yml

@@ -385,7 +385,6 @@
     site_name: fas.fedoraproject.org
     server_aliases:
     - fas.stg.fedoraproject.org
-    - accounts.fedoraproject.org
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
 

playbooks/openshift-apps/fasjson.yml

@@ -17,6 +17,9 @@
     appowners:
     - abompard
     - pingou
+    - nils
+    - ryanlerch
+    - scoady
     tags:
       - apply-appowners
     when: env == "production"

playbooks/openshift-apps/noggin-centos.yml

@@ -20,6 +20,9 @@
     appowners:
     - abompard
     - pingou
+    - nils
+    - ryanlerch
+    - scoady
     tags:
       - apply-appowners
     when: env == "production"

playbooks/openshift-apps/noggin.yml

@@ -20,6 +20,9 @@
     appowners:
     - abompard
     - pingou
+    - nils
+    - ryanlerch
+    - scoady
     tags:
       - apply-appowners
     when: env == "production"
@@ -66,7 +69,6 @@
     template: configmap.yml
     objectname: configmap.yml
     noggin_theme: fas
-    subdir: "/accounts"
 
   - role: openshift/ipa-client
     app: noggin
@@ -79,8 +81,7 @@
   - role: openshift/route
     app: noggin
     routename: noggin
-    host: "admin{{ env_suffix }}.fedoraproject.org"
+    host: "accounts{{ env_suffix }}.fedoraproject.org"
-    path: "/accounts"
     serviceport: web
     servicename: noggin-web
     annotations:
@@ -100,7 +101,6 @@
     app: noggin
     template: deploymentconfig.yml
     objectname: deploymentconfig.yml
-    subdir: "/accounts"
 
   # - role: openshift/start-build
   #   app: noggin

roles/apps-fp-o/files/apps.yaml

@@ -44,16 +44,16 @@ children:
                 files to share them with the community.
     -   name:   FAS
         data:
-            url:    https://admin.fedoraproject.org/accounts
+            url:    https://accounts.fedoraproject.org/
-            user_url: https://admin.fedoraproject.org/accounts/user/view/{user}
+            user_url: https://accounts.fedoraproject.org/user/{user}
-            source_url: https://github.com/fedora-infra/fas/
+            source_url: https://github.com/fedora-infra/noggin/
-            bugs_url:   https://github.com/fedora-infra/fas/issues/
+            bugs_url:   https://github.com/fedora-infra/noggin/issues/
-            docs_url:   https://github.com/fedora-infra/fas/blob/develop/README.rst
+            docs_url:   https://noggin-aaa.readthedocs.io/en/latest/
             sops:
-                - https://infrastructure.fedoraproject.org/infra/docs/fas-notes.rst
+                - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-notes.html
-                - https://infrastructure.fedoraproject.org/infra/docs/fas-openid.rst
+                - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/fas-openid.html
-                - https://infrastructure.fedoraproject.org/infra/docs/accountdeletion.rst
+                - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/accountdeletion.html
-                - https://infrastructure.fedoraproject.org/infra/docs/nonhumanaccounts.rst
+                - https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/nonhumanaccounts.html
             status_mappings: ['fas']
             description: >
                 The Fedora Account System.  Update your profile

roles/badges/frontend/files/fedora-sitedocs/about.rst

@@ -9,7 +9,7 @@ Fedora Badges
 How does Badges work?
 ---------------------
 
-It's really easy! Just `sign in to Badges <https://badges.fedoraproject.org/login>`_ with your `Fedora account <https://admin.fedoraproject.org/accounts/>`_, and you'll see you have at least one badge right away. Congratulations - you're a Badger! If you participate in Fedora in any way, you'll probably notice Badges popping up on your profile as you go about your business, though sadly we don't cover every area of Fedora yet - we're doing our best to make sure we reward as many forms of participation as we can!
+It's really easy! Just `sign in to Badges <https://badges.fedoraproject.org/login>`_ with your `Fedora account <https://accounts.fedoraproject.org/>`_, and you'll see you have at least one badge right away. Congratulations - you're a Badger! If you participate in Fedora in any way, you'll probably notice Badges popping up on your profile as you go about your business, though sadly we don't cover every area of Fedora yet - we're doing our best to make sure we reward as many forms of participation as we can!
 
 Want to see how your badge collection compares with others? Check the `Leaderboard <https://badges.fedoraproject.org/leaderboard>`_. Jonesing for more badges? You can check the `Badge index <https://badges.fedoraproject.org/explore/badges>`_ to see all the badges and get to work on your collection! Click on a badge to see how to get it - but
 we intentionally didn't spell it all out exactly. Part of the fun is figuring it out!
@@ -75,7 +75,7 @@ Why exactly can't badges for events be automatically awarded retrospectively?
 First, remember that the badge awarding daemon wakes up in response to new `fedmsg`_ events and that it checks the `history of fedmsg <https://apps.fedoraproject.org/datagrepper>`_ in order to make determinations
 about who gets what badge at that moment.
 
-To award that Proven Packager badge, the awarder waits for `a message <http://www.fedmsg.com/en/latest/topics/#fas-group-member-sponsor>`_ from the `Fedora Account System (FAS) <https://admin.fedoraproject.org/accounts>`_ indicating that a user has been added to that group. When we receive it, we wake up, verify it, and award the badge.
+To award that Proven Packager badge, the awarder waits for `a message <http://www.fedmsg.com/en/latest/topics/#fas-group-member-sponsor>`_ from the `Fedora Account System (FAS) <https://accounts.fedoraproject.org/>`_ indicating that a user has been added to that group. When we receive it, we wake up, verify it, and award the badge.
 
 Since you've been a member of that group for longer than the badge awarder has been running it has never had the occasion to check if you should be awarded the badge. At the time of the launch of Fedora Badges, we've been working
 around this by manually running a script every few days that doles out these group-based badges to newly-logged-in users. We really should put it in a cronjob to make our lives easier.

roles/easyfix/gather/files/template.html

@@ -220,7 +220,7 @@
                             <dd><a href="https://fedoraproject.org/en/join-fedora">Join Fedora</a></dd>
 
                             <dd><a href="https://fedoraproject.org/wiki/SIGs">Fedora SIGs</a></dd>
-                            <dd><a href="https://admin.fedoraproject.org/accounts/">Fedora Account System</a></dd>
+                            <dd><a href="https://accounts.fedoraproject.org/">Fedora Account System</a></dd>
                             <dd><a href="https://admin.fedoraproject.org/community/">Fedora Community</a></dd>
                         </dl>
                 </div>

roles/ipa/server/tasks/main.yml

@@ -489,7 +489,7 @@
   tags:
   - ipa/server
   - config
-  when: ipa_initial and env == 'staging'
+  when: ipa_initial
 
 
 - name: Setup the selfservice permission for addressbook attributes
@@ -521,7 +521,7 @@
   tags:
   - ipa/server
   - config
-  when: ipa_initial and env == 'staging'
+  when: ipa_initial
 
 
 - name: Destroy admin ticket

roles/ipsilon/files/templates/login/form.html

@@ -24,7 +24,7 @@
                             <input class="form-control" id="password" name="login_password" type="password" placeholder="Password" />
                         </div>
                         <div class="col-xs-12 text-xs-right">
-                            <small class="text-muted"><a target="_blank" href="https://admin.fedoraproject.org/accounts/user/resetpass">Forgot password?</a></small>
+                            <small class="text-muted"><a target="_blank" href="https://accounts.fedoraproject.org/forgot-password/ask">Forgot password?</a></small>
                         </div>
                     </div>
                     <div class="form-group row m-b-0">
@@ -42,6 +42,6 @@
 
 {% block after_card %}
 
-<div class="text-xs-center"><small class="text-muted">Don't have a FAS account? <a target="_blank" href="https://admin.fedoraproject.org/accounts/user/new">Sign up now</a>.</small></div>
+<div class="text-xs-center"><small class="text-muted">Don't have a FAS account? <a target="_blank" href="https://accounts.fedoraproject.org/">Sign up now</a>.</small></div>
 
 {% endblock %}

roles/openshift-apps/noggin/templates/buildconfig.yml

@@ -31,11 +31,14 @@ spec:
   triggers:
   - type: ConfigChange
   - type: ImageChange
-  - type: GitHub
 {% if noggin_stg_github_secret is defined and env == 'staging' %}
+  - type: GitHub
     github:
       secret: "{{ noggin_stg_github_secret }}"
-{% elif noggin_github_secret is defined and env == 'production' %}
+{% endif %}
-    github:
+{% if noggin_github_secret is defined and env == 'production' %}
-      secret: "{{ noggin_github_secret }}"
+  # Do we really want auto rebuilds in prod?
+  # - type: GitHub
+  #   github:
+  #     secret: "{{ noggin_github_secret }}"
 {% endif %}

roles/openshift-apps/noggin/templates/noggin.cfg.py

@@ -46,5 +46,5 @@ SECRET_KEY = from_file('/etc/noggin-secrets/session').encode('utf-8')
 # Spam checking
 # BASSET_URL = None
 
-# Disable registration until the account import is complete
+# To disable registration:
-REGISTRATION_OPEN = False
+# REGISTRATION_OPEN = False