From ad2fe29c04808ab04d13c6da84fa5166b1f6bbe2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Fri, 17 Jun 2022 12:24:20 -0700 Subject: [PATCH] fas: drop yubiukey and totpcgi, nuke fas-stg test playbook. Signed-off-by: Kevin Fenzi --- playbooks/openshift-apps/fas-stg.yml | 162 ------------------ playbooks/openshift-apps/fas.yml | 77 +-------- .../fas/files/service-totpcgi-vpn.yml | 15 -- .../fas/files/service-totpcgi.yml | 18 -- .../fas/files/service-yubikey.yml | 15 -- .../fas/templates/buildconfig-totpcgi.yml | 42 ----- .../fas/templates/buildconfig-yubikey.yml | 43 ----- .../templates/deploymentconfig-totpcgi.yml | 85 --------- .../templates/deploymentconfig-yubikey.yml | 73 -------- 9 files changed, 1 insertion(+), 529 deletions(-) delete mode 100644 playbooks/openshift-apps/fas-stg.yml delete mode 100644 roles/openshift-apps/fas/files/service-totpcgi-vpn.yml delete mode 100644 roles/openshift-apps/fas/files/service-totpcgi.yml delete mode 100644 roles/openshift-apps/fas/files/service-yubikey.yml delete mode 100644 roles/openshift-apps/fas/templates/buildconfig-totpcgi.yml delete mode 100644 roles/openshift-apps/fas/templates/buildconfig-yubikey.yml delete mode 100644 roles/openshift-apps/fas/templates/deploymentconfig-totpcgi.yml delete mode 100644 roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml diff --git a/playbooks/openshift-apps/fas-stg.yml b/playbooks/openshift-apps/fas-stg.yml deleted file mode 100644 index 7425e3075b..0000000000 --- a/playbooks/openshift-apps/fas-stg.yml +++ /dev/null @@ -1,162 +0,0 @@ -- name: make the app be real - hosts: os_control_stg[0] - user: root - gather_facts: False - - vars_files: - - /srv/web/infra/ansible/vars/global.yml - - "/srv/private/ansible/vars.yml" - - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml - - vars: - fas_db_host: "db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org" - gen_cert: false - wsgi_procs: 4 - wsgi_threads: 1 - - pre_tasks: - - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - - roles: - - role: openshift/project - app: fas - description: FAS - appowners: - - puiterwijk - - pingou - - scoady - - mobrien - allow_fas_db: true - - role: openshift/imagestream - app: fas - imagename: fas - - role: openshift/imagestream - app: fas - imagename: totpcgi - - role: openshift/imagestream - app: fas - imagename: yubikey - - role: openshift/object - app: fas - template: buildconfig-fas.yml - objectname: buildconfig-fas.yml - - role: openshift/object - app: fas - template: buildconfig-yubikey.yml - objectname: buildconfig-yubikey.yml - - role: openshift/object - app: fas - template: buildconfig-totpcgi.yml - objectname: buildconfig-totpcgi.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/fas_server/templates/configmap.yml" - objectname: configmap-fas.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/yubikey/templates/configmap.yml" - objectname: configmap-yubikey.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" - objectname: configmap-totpcgi.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" - objectname: configmap-totpcgi-vpn.yml - when: env == "production" - - role: openshift/secret-file - app: fas - privatefile: "keytabs/{{env}}/fas_sync" - key: fas_sync_keytab - secret_name: fas-sync-keytab - - role: openshift/secret-file - app: fas - privatefile: "fas-gpg/pubring.gpg" - key: pubring.gpg - secret_name: fas-gpg-pubring - - role: openshift/object - app: fas - file: service-fas.yml - objectname: service-fas.yml - - role: openshift/object - app: fas - file: service-yubikey.yml - objectname: service-yubikey.yml - - role: openshift/object - app: fas - file: service-totpcgi.yml - objectname: service-totpcgi.yml - - role: openshift/object - app: fas - file: service-totpcgi-vpn.yml - objectname: service-totpcgi-vpn.yml - when: env == "production" - - role: openshift/route - app: fas - routename: fas - host: "admin-test.stg.fedoraproject.org" - path: "/accounts" - serviceport: dynamic - servicename: fas - annotations: - haproxy.router.openshift.io/timeout: 5m - - role: openshift/route - app: fas - routename: fas-static - host: "admin-test.stg.fedoraproject.org" - path: "/accounts/static" - serviceport: static - servicename: fas - - role: openshift/route - app: fas - routename: totpcgi-provision - host: "admin-test.stg.fedoraproject.org" - path: "/totpcgiprovision" - serviceport: provision - servicename: totpcgi - - role: openshift/route - app: fas - routename: totpcgi - host: "fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org" - serviceport: totp - servicename: totpcgi - termination_passthrough: true - - role: openshift/route - app: fas - routename: totpcgi-vpn - host: "fas-all.vpn.fedoraproject.org" - serviceport: totp - servicename: totpcgi-vpn - termination_passthrough: true - when: env == "production" - - role: openshift/object - app: fas - template: deploymentconfig-fas.yml - objectname: deploymentconfig-fas.yml - - role: openshift/object - app: fas - template: deploymentconfig-yubikey.yml - objectname: deploymentconfig-yubikey.yml - - role: openshift/object - app: fas - template: deploymentconfig-totpcgi.yml - objectname: deploymentconfig-totpcgi.yml - - role: openshift/object - app: fas - template: deploymentconfig-totpcgi.yml - objectname: deploymentconfig-totpcgi-vpn.yml - when: env == "production" - - role: openshift/secret-tls - app: fas - key: tls-cert-primary - secret_name: tls-cert-primary - private_cert: "2fa-certs/keys/fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org.crt" - private_key: "2fa-certs/keys/fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org.key" - - role: openshift/secret-tls - app: fas - key: tls-cert-vpn - secret_name: tls-cert-vpn - private_cert: "2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt" - private_key: "2fa-certs/keys/fas-all.vpn.fedoraproject.org.key" - when: env == "production" diff --git a/playbooks/openshift-apps/fas.yml b/playbooks/openshift-apps/fas.yml index caedde604e..1b1a35a429 100644 --- a/playbooks/openshift-apps/fas.yml +++ b/playbooks/openshift-apps/fas.yml @@ -1,5 +1,5 @@ - name: make the app be real - hosts: os_masters[0]:os_masters_stg[0] + hosts: os_masters[0]:os_control_stg[0] user: root gather_facts: False @@ -28,41 +28,14 @@ - role: openshift/imagestream app: fas imagename: fas - - role: openshift/imagestream - app: fas - imagename: totpcgi - - role: openshift/imagestream - app: fas - imagename: yubikey - role: openshift/object app: fas template: buildconfig-fas.yml objectname: buildconfig-fas.yml - - role: openshift/object - app: fas - template: buildconfig-yubikey.yml - objectname: buildconfig-yubikey.yml - - role: openshift/object - app: fas - template: buildconfig-totpcgi.yml - objectname: buildconfig-totpcgi.yml - role: openshift/object app: fas template_fullpath: "{{roles_path}}/fas_server/templates/configmap.yml" objectname: configmap-fas.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/yubikey/templates/configmap.yml" - objectname: configmap-yubikey.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" - objectname: configmap-totpcgi.yml - - role: openshift/object - app: fas - template_fullpath: "{{roles_path}}/totpcgi/templates/configmap.yml" - objectname: configmap-totpcgi-vpn.yml - when: env == "production" - role: openshift/secret-file app: fas privatefile: "keytabs/{{env}}/fas_sync" @@ -77,19 +50,6 @@ app: fas file: service-fas.yml objectname: service-fas.yml - - role: openshift/object - app: fas - file: service-yubikey.yml - objectname: service-yubikey.yml - - role: openshift/object - app: fas - file: service-totpcgi.yml - objectname: service-totpcgi.yml - - role: openshift/object - app: fas - file: service-totpcgi-vpn.yml - objectname: service-totpcgi-vpn.yml - when: env == "production" - role: openshift/route app: fas routename: fas @@ -106,45 +66,10 @@ path: "/accounts/static" serviceport: static servicename: fas - - role: openshift/route - app: fas - routename: totpcgi-provision - host: "admin{{ env_suffix }}.fedoraproject.org" - path: "/totpcgiprovision" - serviceport: provision - servicename: totpcgi - - role: openshift/route - app: fas - routename: totpcgi - host: "fas-all{{ env_suffix }}.{{ datacenter }}.fedoraproject.org" - serviceport: totp - servicename: totpcgi - termination_passthrough: true - - role: openshift/route - app: fas - routename: totpcgi-vpn - host: "fas-all.vpn.fedoraproject.org" - serviceport: totp - servicename: totpcgi-vpn - termination_passthrough: true - when: env == "production" - role: openshift/object app: fas template: deploymentconfig-fas.yml objectname: deploymentconfig-fas.yml - - role: openshift/object - app: fas - template: deploymentconfig-yubikey.yml - objectname: deploymentconfig-yubikey.yml - - role: openshift/object - app: fas - template: deploymentconfig-totpcgi.yml - objectname: deploymentconfig-totpcgi.yml - - role: openshift/object - app: fas - template: deploymentconfig-totpcgi.yml - objectname: deploymentconfig-totpcgi-vpn.yml - when: env == "production" - role: openshift/secret-tls app: fas key: tls-cert-primary diff --git a/roles/openshift-apps/fas/files/service-totpcgi-vpn.yml b/roles/openshift-apps/fas/files/service-totpcgi-vpn.yml deleted file mode 100644 index c34a4b4df9..0000000000 --- a/roles/openshift-apps/fas/files/service-totpcgi-vpn.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: totpcgi-vpn - labels: - app: fas - service: totpcgi-vpn - namespace: fas -spec: - ports: - - name: totp - port: 8443 - targetPort: 8443 - selector: - deploymentconfig: totpcgi-vpn diff --git a/roles/openshift-apps/fas/files/service-totpcgi.yml b/roles/openshift-apps/fas/files/service-totpcgi.yml deleted file mode 100644 index fbe78337e9..0000000000 --- a/roles/openshift-apps/fas/files/service-totpcgi.yml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: totpcgi - labels: - app: fas - service: totpcgi - namespace: fas -spec: - ports: - - name: provision - port: 8080 - targetPort: 8080 - - name: totp - port: 8443 - targetPort: 8443 - selector: - deploymentconfig: totpcgi diff --git a/roles/openshift-apps/fas/files/service-yubikey.yml b/roles/openshift-apps/fas/files/service-yubikey.yml deleted file mode 100644 index 4e772380e3..0000000000 --- a/roles/openshift-apps/fas/files/service-yubikey.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: yubikey - labels: - app: fas - service: yubikey - namespace: fas -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - deploymentconfig: yubikey diff --git a/roles/openshift-apps/fas/templates/buildconfig-totpcgi.yml b/roles/openshift-apps/fas/templates/buildconfig-totpcgi.yml deleted file mode 100644 index d4db7b5be5..0000000000 --- a/roles/openshift-apps/fas/templates/buildconfig-totpcgi.yml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - labels: - build: totpcgi - name: totpcgi -spec: - runPolicy: Serial - source: - dockerfile: |- - FROM registry.access.redhat.com/rhel6 - RUN curl -v -o /etc/yum.repos.d/rhel6.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel6.repo && \ - curl -v -o /etc/yum.repos.d/epel6.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/epel6.repo && \ -{% if env == "staging" %} - curl -v -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel-infra-tags-stg.repo && \ -{% endif %} - curl -v -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel-infra-tags.repo - - RUN yum install -y \ - mod_auth_pgsql \ - totpcgi \ - totpcgi-provisioning \ - python-qrcode \ - httpd \ - mod_ssl \ - python-fedora \ - python-psycopg2 - - RUN curl https://infrastructure.fedoraproject.org/infra/ansible/roles/totpcgi/files/index.cgi -o /var/www/totpcgi/index.cgi - RUN curl https://infrastructure.fedoraproject.org/infra/ansible/roles/totpcgi/files/provisioning.cgi -o /var/www/totpcgi-provisioning/index.cgi - - RUN chmod -R o+rx /var/www/totpcgi* - - EXPOSE 8080 - ENTRYPOINT bash /etc/totpcgi/start.sh - type: Dockerfile - strategy: - type: Docker - output: - to: - kind: ImageStreamTag - name: totpcgi:latest diff --git a/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml b/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml deleted file mode 100644 index 317a8746d8..0000000000 --- a/roles/openshift-apps/fas/templates/buildconfig-yubikey.yml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - labels: - build: yubikey - name: yubikey -spec: - runPolicy: Serial - source: - dockerfile: |- - FROM registry.access.redhat.com/rhel6 - RUN curl -o /etc/yum.repos.d/rhel6.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel6.repo && \ - curl -o /etc/yum.repos.d/epel6.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/epel6.repo && \ -{% if env == "staging" %} - curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel-infra-tags-stg.repo && \ -{% endif %} - curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/rhel-infra-tags.repo - - RUN yum install -y \ - httpd \ - yubikey-ksm \ - yubikey-val \ - php-pgsql - - # Set up config symlinks - RUN rm -f /usr/share/ykval/ykval-config.php && \ - rm -f /usr/share/ykksm/ykksm-config.php && \ - ln -sf /etc/ykksm/ykksm-config.php /usr/share/ykksm/ykksm-config.php && \ - ln -sf /etc/ykval/ykval-config.php /usr/share/ykval/ykval-config.php && \ - rm -f /usr/share/ykksm/ykksm-config.php && \ - rm -f /usr/share/ykval/ykval-config.php && \ - ln -sf /etc/yubikey/ykksm-config.php /usr/share/ykksm/ykksm-config.php && \ - ln -sf /etc/yubikey/ykval-config.php /usr/share/ykval/ykval-config.php - - EXPOSE 8080 - ENTRYPOINT bash /etc/yubikey/start.sh - type: Dockerfile - strategy: - type: Docker - output: - to: - kind: ImageStreamTag - name: yubikey:latest diff --git a/roles/openshift-apps/fas/templates/deploymentconfig-totpcgi.yml b/roles/openshift-apps/fas/templates/deploymentconfig-totpcgi.yml deleted file mode 100644 index 8937de4e31..0000000000 --- a/roles/openshift-apps/fas/templates/deploymentconfig-totpcgi.yml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: v1 -kind: DeploymentConfig -metadata: - labels: - app: fas -{% if objectname == "deploymentconfig-totpcgi-vpn.yml" %} - service: totpcgi-vpn - name: totpcgi-vpn -{% else %} - service: totpcgi - name: totpcgi -{% endif %} -spec: - replicas: 3 - selector: -{% if objectname == "deploymentconfig-totpcgi-vpn.yml" %} - deploymentconfig: totpcgi-vpn -{% else %} - deploymentconfig: totpcgi -{% endif %} - strategy: - activeDeadlineSeconds: 21600 - recreateParams: - timeoutSeconds: 600 - resources: {} - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Rolling - template: - metadata: - creationTimestamp: null - labels: - app: fas -{% if objectname == "deploymentconfig-totpcgi-vpn.yml" %} - deploymentconfig: totpcgi-vpn -{% else %} - deploymentconfig: totpcgi -{% endif %} - spec: - containers: - - name: totpcgi - image: totpcgi:latest - env: - - name: TZ - value: UTC - ports: - - containerPort: 8080 - - containerPort: 8443 - volumeMounts: - - name: config-volume - mountPath: /etc/totpcgi - readOnly: true - - name: httpdir-volume - mountPath: /httpdir - - name: secret-tls - mountPath: /etc/pki/totp - readOnly: true - volumes: - - name: config-volume - configMap: - name: totpcgi - - name: httpdir-volume - emptyDir: {} - - name: secret-tls - secret: -{% if objectname == "deploymentconfig-totpcgi-vpn.yml" %} - secretName: tls-cert-vpn -{% else %} - secretName: tls-cert-primary -{% endif %} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - totpcgi - from: - kind: ImageStreamTag - name: totpcgi:latest - namespace: fas - type: ImageChange - - type: ConfigChange diff --git a/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml b/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml deleted file mode 100644 index c73c6c6492..0000000000 --- a/roles/openshift-apps/fas/templates/deploymentconfig-yubikey.yml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: v1 -kind: DeploymentConfig -metadata: - labels: - app: fas - service: yubikey - name: yubikey -spec: - replicas: 3 - selector: - deploymentconfig: yubikey - strategy: - activeDeadlineSeconds: 21600 - recreateParams: - timeoutSeconds: 600 - resources: {} - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Rolling - template: - metadata: - creationTimestamp: null - labels: - app: fas - deploymentconfig: yubikey - spec: - containers: - - name: yubikey - image: yubikey:latest - env: - - name: TZ - value: UTC - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/yubikey - readOnly: true - - name: httpdir-volume - mountPath: /httpdir - readinessProbe: - timeoutSeconds: 5 - initialDelaySeconds: 1 - httpGet: - path: /yk-ksm - port: 8080 - livenessProbe: - timeoutSeconds: 5 - initialDelaySeconds: 1 - httpGet: - path: /yk-ksm - port: 8080 - volumes: - - name: config-volume - configMap: - name: yubikey - - name: httpdir-volume - emptyDir: {} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - yubikey - from: - kind: ImageStreamTag - name: yubikey:latest - namespace: fas - type: ImageChange - - type: ConfigChange