Hi all,
I ll be deleting the hubs role and config from our ansible repository
since it is currently not used.
See the patch file attached.
Please let me know, if for any reason we should keep this role.
Thanks Clément.
---
inventory/group_vars/bodhi2 | 1 -
inventory/group_vars/bodhi2-stg | 1 -
inventory/group_vars/hubs-stg | 33 -------
master.yml | 1 -
playbooks/include/proxies-websites.yml | 6 --
roles/fedmsg/irc/templates/ircbot.py | 23 -----
roles/haproxy/templates/haproxy.cfg | 11 ---
roles/hubs/defaults/main.yml | 21 ----
roles/hubs/files/nginx_proxy_params | 9 --
roles/hubs/files/pg_hba.conf | 14 ---
roles/hubs/handlers/main.yml | 26 -----
roles/hubs/meta/main.yml | 3 -
roles/hubs/tasks/db-postgresql.yml | 52 ----------
roles/hubs/tasks/db-sqlite.yml | 9 --
roles/hubs/tasks/dev.yml | 82 ----------------
roles/hubs/tasks/dev_deps.yml | 64 ------------
roles/hubs/tasks/main.yml | 98 -------------------
roles/hubs/tasks/prod.yml | 19 ----
roles/hubs/tasks/prod_deps.yml | 2 -
roles/hubs/tasks/web-apache.yml | 42 --------
roles/hubs/tasks/web-nginx.yml | 80 ---------------
roles/hubs/templates/apache.conf | 27 -----
roles/hubs/templates/bashrc | 48 ---------
roles/hubs/templates/env | 2 -
roles/hubs/templates/fedmsg_config | 32 ------
roles/hubs/templates/gunicorn.py | 8 --
roles/hubs/templates/honcho-env | 3 -
roles/hubs/templates/honcho-procfile | 7 --
roles/hubs/templates/hubs_config | 28 ------
roles/hubs/templates/nginx.conf | 76 --------------
roles/hubs/templates/nginx_ssl_params | 5 -
roles/hubs/templates/oidc_client_secrets.json | 13 ---
From 4e2118cf7ba26815104b111061bd109a8439e3b2 Mon Sep 17 00:00:00 2001
From: Clement Verna <cverna@xxxxxxxxxxxx>
Date: Tue, 23 Apr 2019 11:56:47 +0200
Subject: [PATCH] fedora-hubs: delete unused ansible role + config
Signed-off-by: Clement Verna <cverna@xxxxxxxxxxxx>
---
inventory/group_vars/bodhi2 | 1 -
inventory/group_vars/bodhi2-stg | 1 -
inventory/group_vars/hubs-stg | 33 -------
master.yml | 1 -
playbooks/include/proxies-websites.yml | 6 --
roles/fedmsg/irc/templates/ircbot.py | 23 -----
roles/haproxy/templates/haproxy.cfg | 11 ---
roles/hubs/defaults/main.yml | 21 ----
roles/hubs/files/nginx_proxy_params | 9 --
roles/hubs/files/pg_hba.conf | 14 ---
roles/hubs/handlers/main.yml | 26 -----
roles/hubs/meta/main.yml | 3 -
roles/hubs/tasks/db-postgresql.yml | 52 ----------
roles/hubs/tasks/db-sqlite.yml | 9 --
roles/hubs/tasks/dev.yml | 82 ----------------
roles/hubs/tasks/dev_deps.yml | 64 ------------
roles/hubs/tasks/main.yml | 98 -------------------
roles/hubs/tasks/prod.yml | 19 ----
roles/hubs/tasks/prod_deps.yml | 2 -
roles/hubs/tasks/web-apache.yml | 42 --------
roles/hubs/tasks/web-nginx.yml | 80 ---------------
roles/hubs/templates/apache.conf | 27 -----
roles/hubs/templates/bashrc | 48 ---------
roles/hubs/templates/env | 2 -
roles/hubs/templates/fedmsg_config | 32 ------
roles/hubs/templates/gunicorn.py | 8 --
roles/hubs/templates/honcho-env | 3 -
roles/hubs/templates/honcho-procfile | 7 --
roles/hubs/templates/hubs_config | 28 ------
roles/hubs/templates/nginx.conf | 76 --------------
roles/hubs/templates/nginx_ssl_params | 5 -
roles/hubs/templates/oidc_client_secrets.json | 13 ---
32 files changed, 846 deletions(-)
delete mode 100644 inventory/group_vars/hubs-stg
delete mode 100644 roles/hubs/defaults/main.yml
delete mode 100644 roles/hubs/files/nginx_proxy_params
delete mode 100644 roles/hubs/files/pg_hba.conf
delete mode 100644 roles/hubs/handlers/main.yml
delete mode 100644 roles/hubs/meta/main.yml
delete mode 100644 roles/hubs/tasks/db-postgresql.yml
delete mode 100644 roles/hubs/tasks/db-sqlite.yml
delete mode 100644 roles/hubs/tasks/dev.yml
delete mode 100644 roles/hubs/tasks/dev_deps.yml
delete mode 100644 roles/hubs/tasks/main.yml
delete mode 100644 roles/hubs/tasks/prod.yml
delete mode 100644 roles/hubs/tasks/prod_deps.yml
delete mode 100644 roles/hubs/tasks/web-apache.yml
delete mode 100644 roles/hubs/tasks/web-nginx.yml
delete mode 100644 roles/hubs/templates/apache.conf
delete mode 100644 roles/hubs/templates/bashrc
delete mode 100644 roles/hubs/templates/env
delete mode 100644 roles/hubs/templates/fedmsg_config
delete mode 100644 roles/hubs/templates/gunicorn.py
delete mode 100644 roles/hubs/templates/honcho-env
delete mode 100644 roles/hubs/templates/honcho-procfile
delete mode 100644 roles/hubs/templates/hubs_config
delete mode 100644 roles/hubs/templates/nginx.conf
delete mode 100644 roles/hubs/templates/nginx_ssl_params
delete mode 100644 roles/hubs/templates/oidc_client_secrets.json
diff --git a/inventory/group_vars/bodhi2 b/inventory/group_vars/bodhi2
index 34444aa45..8e83bacf7 100644
--- a/inventory/group_vars/bodhi2
+++ b/inventory/group_vars/bodhi2
@@ -113,6 +113,5 @@ csi_relationship: |
* Blockerbugs checks bodhi for lists of updates.
* fedora-packages will try to query bodhi for the release status of
updates.
- * fedora-hubs has some widgets that display bodhi update information.
* fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other
client tools make queries to the bodhi webapp here.
diff --git a/inventory/group_vars/bodhi2-stg b/inventory/group_vars/bodhi2-stg
index d3b323ae4..174806ca1 100644
--- a/inventory/group_vars/bodhi2-stg
+++ b/inventory/group_vars/bodhi2-stg
@@ -116,6 +116,5 @@ csi_relationship: |
* Blockerbugs checks bodhi for lists of updates.
* fedora-packages will try to query bodhi for the release status of
updates.
- * fedora-hubs has some widgets that display bodhi update information.
* fedora-easy-karma, abrt, 'fedpkg update', an eclipse plugin and other
client tools make queries to the bodhi webapp here.
diff --git a/inventory/group_vars/hubs-stg b/inventory/group_vars/hubs-stg
deleted file mode 100644
index c52aecc1b..000000000
--- a/inventory/group_vars/hubs-stg
+++ /dev/null
@@ -1,33 +0,0 @@
----
-# Define resources for this group of hosts here.
-lvm_size: 20000
-mem_size: 4096
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 80 ]
-
-fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-hubs,sysadmin-veteran
-
-# These are consumed by a task in roles/fedmsg/base/tasks/main.yml
-fedmsg_certs:
-- service: shell
- owner: hubs
- group: hubs
- can_send:
- - logger.log
- - hubs.user.created
- - hubs.user.role.added
- - hubs.user.role.changed
- - hubs.user.role.removed
- - hubs.hub.created
- - hubs.hub.updated
- - hubs.widget.updated
-
-# Used by the hubs role
-hubs_url_hostname: hubs.stg.fedoraproject.org
-hubs_db_host: db01.stg.phx2.fedoraproject.org
-hubs_oidc_url: id.stg.fedoraproject.org
-hubs_oidc_secret: "{{ hubs_stg_oidc_secret }}"
diff --git a/master.yml b/master.yml
index 0353da09a..84b3a1218 100644
--- a/master.yml
+++ b/master.yml
@@ -138,7 +138,6 @@
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedora-bootstrap.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/fedimg-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/glittergallery-dev.fedorainfracloud.org.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/iddev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
- import_playbook: /srv/web/infra/ansible/playbooks/hosts/magazine2.fedorainfracloud.org.yml
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 6c1dbc098..514fa794a 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -290,12 +290,6 @@
cert_name: "{{wildcard_cert_name}}"
tags: ostree
- - role: httpd/website
- site_name: hubs.fedoraproject.org
- sslonly: true
- server_aliases: [hubs.stg.fedoraproject.org]
- cert_name: "{{wildcard_cert_name}}"
-
- role: httpd/website
site_name: flocktofedora.org
server_aliases:
diff --git a/roles/fedmsg/irc/templates/ircbot.py b/roles/fedmsg/irc/templates/ircbot.py
index 04fa15487..6ea0a9d3c 100644
--- a/roles/fedmsg/irc/templates/ircbot.py
+++ b/roles/fedmsg/irc/templates/ircbot.py
@@ -78,29 +78,6 @@ config = dict(
),
),
- # For fedora-hubs (not fedora-apps)
- dict(
- network='chat.freenode.net',
- port=6667,
- make_pretty=True,
- make_terse=True,
-
- {% if env == 'staging' %}
- nickname='fn-stg-hubs',
- {% else %}
- nickname='fm-hubs',
- {% endif %}
- channel='fedora-hubs',
- filters=dict(
- topic=[
- '^((?!(github\.create|github\.issue\.|github\.pull_request\.|github\.commit_comment|github\.star|pagure)).)*$',
- ],
- body=[
- "^((?!(fedora-hubs)).)*$",
- ],
- ),
- ),
-
# For that commops crew!
dict(
network='chat.freenode.net',
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index ca7fc8526..be68fa52f 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -178,17 +178,6 @@ backend fedocal-backend
{% endif %}
option httpchk GET /calendar
-frontend hubs-frontend
- bind 0.0.0.0:10068
- default_backend hubs-backend
-
-backend hubs-backend
- balance hdr(appserver)
-{% if env != "production" %}
- server hubs01 hubs01:80 check inter 10s rise 1 fall 2
-{% endif %}
- option httpchk GET /
-
# IMPORTANT: 10023-10026 will NOT work because of selinux policies
frontend datagrepper-frontend
diff --git a/roles/hubs/defaults/main.yml b/roles/hubs/defaults/main.yml
deleted file mode 100644
index 2cec92848..000000000
--- a/roles/hubs/defaults/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-main_user: hubs
-hubs_dev_mode: false
-hubs_secret_key: changeme
-hubs_base_dir: "/srv/hubs"
-hubs_code_dir: "{{ hubs_base_dir }}/fedora-hubs"
-hubs_conf_dir: "{{ hubs_base_dir }}/config"
-hubs_var_dir: "{{ hubs_base_dir }}/var"
-hubs_log_dir: "{{ hubs_base_dir }}/log"
-hubs_db_type: sqlite
-hubs_db_user: hubs
-hubs_db_password: changeme
-hubs_db_host: localhost
-hubs_db_name: hubs
-hubs_url_hostname: "{{ ansible_fqdn }}"
-hubs_url: http{% if not hubs_dev_mode %}s{% endif %}://{{ hubs_url_hostname }}{% if hubs_dev_mode %}:5000{% endif %}
-hubs_ssl_cert: /etc/pki/tls/certs/{{ hubs_url_hostname }}.crt
-hubs_ssl_key: /etc/pki/tls/private/{{ hubs_url_hostname }}.key
-hubs_fas_username: null
-hubs_fas_password: null
-hubs_oidc_url: iddev.fedorainfracloud.org
-hubs_oidc_secret: changeme
diff --git a/roles/hubs/files/nginx_proxy_params b/roles/hubs/files/nginx_proxy_params
deleted file mode 100644
index 8d2223990..000000000
--- a/roles/hubs/files/nginx_proxy_params
+++ /dev/null
@@ -1,9 +0,0 @@
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_set_header X-Forwarded-Proto $scheme;
-proxy_set_header Host $http_host;
-# we don't want nginx trying to do something clever with
-# redirects, we set the Host: header above already.
-proxy_redirect off;
-# OpenID Connect uses large headers, we need bigger buffers.
-proxy_buffer_size 128k;
-proxy_buffers 8 256k;
diff --git a/roles/hubs/files/pg_hba.conf b/roles/hubs/files/pg_hba.conf
deleted file mode 100644
index c703fd9f9..000000000
--- a/roles/hubs/files/pg_hba.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# PostgreSQL Client Authentication Configuration File
-# ===================================================
-#
-# Refer to the "Client Authentication" section in the PostgreSQL
-# documentation for a complete description of this file.
-
-# TYPE DATABASE USER ADDRESS METHOD
-
-# "local" is for Unix domain socket connections only
-local all all peer
-# IPv4 local connections:
-host all all 127.0.0.1/32 md5
-# IPv6 local connections:
-host all all ::1/128 md5
diff --git a/roles/hubs/handlers/main.yml b/roles/hubs/handlers/main.yml
deleted file mode 100644
index 4bc0f9389..000000000
--- a/roles/hubs/handlers/main.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-- name: restart postgresql
- service: name=postgresql state=restarted
-
-- name: restart hubs triage
- service: name=fedora-hubs-triage@* state=restarted
- listen: "hubs configuration change"
- when: not hubs_dev_mode
-
-- name: restart hubs workers
- service: name=fedora-hubs-worker@* state=restarted
- listen: "hubs configuration change"
- when: not hubs_dev_mode
-
-- name: restart hubs SSE server
- service: name=fedora-hubs-sse state=restarted
- listen: "hubs configuration change"
- when: not hubs_dev_mode
-
-# Webserver
-- name: restart hubs webapp
- service: name=fedora-hubs-webapp state=restarted
- listen: "hubs configuration change"
- when: not hubs_dev_mode
-
-- name: restart nginx
- service: name=nginx state=restarted
diff --git a/roles/hubs/meta/main.yml b/roles/hubs/meta/main.yml
deleted file mode 100644
index a5f89de10..000000000
--- a/roles/hubs/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies:
- - certbot
- - mongodb
diff --git a/roles/hubs/tasks/db-postgresql.yml b/roles/hubs/tasks/db-postgresql.yml
deleted file mode 100644
index 229c7a318..000000000
--- a/roles/hubs/tasks/db-postgresql.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-# Set up Postgres, create the database, and populate it.
-
-- name: Install dependencies
- dnf: name={{ item }} state=present
- with_items:
- - postgresql-server
- - python3-psycopg2
- # For the ansible module
- - python-psycopg2
-
-- name: Set up postgresql database
- command: postgresql-setup --initdb
- args:
- creates: /var/lib/pgsql/data/base
-
-- name: Set up postgresql access rules to allow local access
- copy:
- src: pg_hba.conf
- dest: /var/lib/pgsql/data/pg_hba.conf
- owner: postgres
- group: postgres
- mode: 0600
- notify: restart postgresql
-
-- name: Start and enable postgresql
- service: name=postgresql state=started enabled=yes
-
-- name: Set up the DB user
- postgresql_user:
- name: hubs
- password: "{{ hubs_db_password }}"
- role_attr_flags: NOSUPERUSER,NOCREATEROLE,NOCREATEDB
- become: true
- become_user: postgres
-
-- name: Create the database
- postgresql_db:
- name: hubs
- owner: hubs
- register: db_creation
- become: true
- become_user: postgres
-
-- name: Populate the Fedora Hubs database
- command: "python3 {{ hubs_code_dir }}/populate.py"
- args:
- chdir: "{{ hubs_code_dir }}"
- environment:
- HUBS_CONFIG: "{{ hubs_conf_dir }}/hubs.py"
- become: true
- become_user: "{{ main_user }}"
- when: db_creation|succeeded and db_creation is changed and hubs_dev_mode
diff --git a/roles/hubs/tasks/db-sqlite.yml b/roles/hubs/tasks/db-sqlite.yml
deleted file mode 100644
index e8397277e..000000000
--- a/roles/hubs/tasks/db-sqlite.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: Create and populate the Fedora Hubs database
- command: "python3 {{ hubs_code_dir }}/populate.py"
- args:
- creates: "{{ hubs_var_dir }}/hubs.db"
- chdir: "{{ hubs_code_dir }}"
- environment:
- HUBS_CONFIG: "{{ hubs_conf_dir }}/hubs.py"
- become: true
- become_user: "{{ main_user }}"
diff --git a/roles/hubs/tasks/dev.yml b/roles/hubs/tasks/dev.yml
deleted file mode 100644
index 91d7bfa3c..000000000
--- a/roles/hubs/tasks/dev.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-# Set up the Python development environment
-
-- name: Install Fedora Hubs requirements.txt into hubs virtualenv
- pip:
- requirements: "{{ hubs_code_dir }}/requirements.txt"
- executable: pip3
-
-- name: Install Fedora Hubs test-requirements.txt into hubs virtualenv
- pip:
- requirements: "{{ hubs_code_dir }}/test-requirements.txt"
- executable: pip3
-
-- name: Install other packages into hubs virtualenv
- pip:
- name: "{{ item }}"
- executable: pip3
- with_items:
- - bleach
-
-- name: Install Fedora Hubs into the virtualenv
- command: "pip3 install -e {{ hubs_code_dir }}"
- args:
- creates: "/usr/lib/python3.6/site-packages/fedora-hubs.egg-link"
-
-
-# Set up JavaScript requirements
-
-- name: Install npm packages
- command: npm install
- become: true
- become_user: "{{ main_user }}"
- args:
- creates: node_modules
- chdir: "{{ hubs_code_dir }}/js"
-
-- name: Build JavaScript assets
- command: npm run build
- become: true
- become_user: "{{ main_user }}"
- args:
- chdir: "{{ hubs_code_dir }}/js"
- creates: "{{ hubs_code_dir }}/hubs/static/js/build/common.js"
-
-
-# Development tools
-
-- name: Install helpful development packages
- dnf: name={{ item }} state=present
- with_items:
- - git
- - vim-enhanced
-
-- name: Install Fedora Hubs development tools
- dnf: name={{ item }} state=present
- with_items:
- - python3-honcho
- - python3-tox
-
-- name: Ease local access to the database
- copy:
- content: "*:*:hubs:hubs:{{ hubs_db_password }}"
- dest: /home/{{ main_user }}/.pgpass
- mode: 600
- owner: "{{ main_user }}"
- group: "{{ main_user }}"
- when: hubs_db_type == "postgresql"
-
-- name: Install a custom bashrc
- template: src=bashrc dest=/home/{{ main_user }}/.bashrc
-
-- name: Install Honcho's env file
- template: src=honcho-env dest={{ hubs_base_dir }}/.env
-
-- name: Install Honcho's procfile
- template: src=honcho-procfile dest={{ hubs_base_dir }}/Procfile
-
-- name: Link to the FAS credentials file if any
- file:
- state: link
- path: "/etc/fedmsg.d/fas_credentials.py"
- src: "{{ hubs_code_dir }}/fedmsg.d/fas_credentials.py"
- notify: "hubs configuration change"
diff --git a/roles/hubs/tasks/dev_deps.yml b/roles/hubs/tasks/dev_deps.yml
deleted file mode 100644
index 38ba4ba7f..000000000
--- a/roles/hubs/tasks/dev_deps.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-- name: Install Fedora Hubs development packages
- dnf: name={{ item }} state=present
- with_items:
- - gcc
- - gcc-c++
- - libffi-devel
- - openssl-devel
- - python-sphinx
- - python2-devel
- - python3-devel
- - python3-virtualenv
- - python3-flask-oidc
- - python3-moksha-common
- - redhat-rpm-config
- - sqlite-devel
- - npm
- - fedmsg-hub
-
-- name: Install the distribution versions of requirements.txt
- dnf: name={{ item }} state=present
- with_items:
- - python3-alembic
- - python3-arrow
- - python3-beautifulsoup4
- - python3-bleach
- - python3-blinker
- - python3-dateutil
- - python3-decorator
- - python3-dogpile-cache
- - python3-fedmsg
- - python3-fedmsg-meta-fedora-infrastructure
- - python3-fedora
- - python3-flask
- - python3-flask-oidc
- - python3-html5lib
- - python3-humanize
- - python3-iso3166
- - python3-markdown
- - python3-munch
- - python3-pkgwat-api
- - python3-pygments
- - python3-pygments-markdown-lexer
- - python3-pymongo
- - python3-pytz
- - python3-redis
- - python3-requests
- - python3-retask
- - python3-six
- - python3-sqlalchemy
- - python3-twisted
-
-
-- name: Create the directory structure
- file:
- path: "{{ item.path }}"
- state: directory
- owner: "{{ main_user }}"
- group: "{{ main_user }}"
- mode: "{{ item.mode }}"
- #setype: httpd_sys_content_rw_t
- with_items:
- - {path: "{{ hubs_base_dir }}", mode: 755}
- - {path: "{{ hubs_conf_dir }}", mode: 750}
- - {path: "{{ hubs_var_dir }}", mode: 750}
diff --git a/roles/hubs/tasks/main.yml b/roles/hubs/tasks/main.yml
deleted file mode 100644
index 4f4951037..000000000
--- a/roles/hubs/tasks/main.yml
+++ /dev/null
@@ -1,98 +0,0 @@
----
-- name: Install external dependencies
- dnf: name={{ item }} state=present
- with_items:
- - redis
- - python3-fedmsg
- - postfix
-
-
-- include_tasks: dev_deps.yml
- when: hubs_dev_mode
-
-- include_tasks: prod_deps.yml
- when: not hubs_dev_mode
-
-
-- name: Add a basic Hubs configuration file
- template:
- src: "{{ item }}"
- dest: "{{ hubs_conf_dir }}/hubs.py"
- owner: root
- group: "{{ main_user }}"
- mode: 0640
- with_first_found:
- - hubs_config.{{ ansible_hostname }}
- - hubs_config
- notify: "hubs configuration change"
-
-
-- name: Add a basic fedmsg configuration file
- template:
- src: "{{ item }}"
- dest: "/etc/fedmsg.d/fedora-hubs.py"
- with_first_found:
- - fedmsg_config.{{ ansible_hostname }}
- - fedmsg_config
- notify: "hubs configuration change"
-
-
-- name: Configure application to authenticate with the OIDC provider (dev)
- block:
- - dnf: name=python3-flask-oidc state=present
- - command:
- oidc-register
- --output-file {{ hubs_conf_dir }}/client_secrets.json
- https://{{ hubs_oidc_url }}/ {{ hubs_url }}
- args:
- creates: "{{ hubs_conf_dir }}/client_secrets.json"
- notify: "hubs configuration change"
- when: hubs_oidc_url == "iddev.fedorainfracloud.org"
-
-
-- name: Configure application to authenticate with the OIDC provider
- template:
- src: oidc_client_secrets.json
- dest: "{{ hubs_conf_dir }}/client_secrets.json"
- owner: root
- group: "{{ main_user }}"
- mode: 0640
- notify: "hubs configuration change"
- when: hubs_oidc_url != "iddev.fedorainfracloud.org"
-
-
-- name: Fix the permissions on the OIDC secrets file
- file:
- path: "{{ hubs_conf_dir }}/client_secrets.json"
- owner: root
- group: "{{ main_user }}"
- mode: 0640
-
-
-- name: Start and enable the common services
- service: name={{ item }} state=started enabled=yes
- with_items:
- - redis
- - postfix
-
-# Set up, create, and populate the database.
-- include_tasks: db-{{ hubs_db_type }}.yml
-
-
-# Services
-- name: Disable the system-wide fedmsg daemons
- service: name={{ item }} state=stopped enabled=no
- with_items:
- # We use honcho in dev mode and fedmsg-hub-3 in prod mode
- - fedmsg-hub
- # We use honcho in dev mode and fedmsg-relay-3 in prod mode
- - fedmsg-relay
-
-
-# Include mode-specific tasks
-
-- include_tasks: dev.yml
- when: hubs_dev_mode
-
-- include_tasks: prod.yml
- when: not hubs_dev_mode
diff --git a/roles/hubs/tasks/prod.yml b/roles/hubs/tasks/prod.yml
deleted file mode 100644
index 7900abd36..000000000
--- a/roles/hubs/tasks/prod.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-- name: Install the service environment file
- template:
- src: env
- dest: /etc/sysconfig/fedora-hubs
-
-- name: Start and enable the services in prod mode
- service: name={{ item }} state=started enabled=yes
- with_items:
- - fedmsg-relay-3
- - fedmsg-hub-3
- - fedora-hubs-triage@1
- - fedora-hubs-triage@2
- - fedora-hubs-worker@1
- - fedora-hubs-worker@2
- - fedora-hubs-worker@3
- - fedora-hubs-worker@4
- - fedora-hubs-sse
-
-- include_tasks: web-apache.yml
diff --git a/roles/hubs/tasks/prod_deps.yml b/roles/hubs/tasks/prod_deps.yml
deleted file mode 100644
index b078a6470..000000000
--- a/roles/hubs/tasks/prod_deps.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: Install the Fedora Hubs package
- dnf: name=fedora-hubs state=present
diff --git a/roles/hubs/tasks/web-apache.yml b/roles/hubs/tasks/web-apache.yml
deleted file mode 100644
index 33fa4b7e1..000000000
--- a/roles/hubs/tasks/web-apache.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-# Webserver config
-
-- name: Install the webserver packages
- dnf: name={{ item }} state=present
- with_items:
- - python3-mod_wsgi
- - libselinux-python
- - policycoreutils-python
-
-
-- name: Apache configuration for hubs
- template:
- src: apache.conf
- dest: /etc/httpd/conf.d/fedora-hubs.conf
- notify:
- - restart apache
-
-
-- name: Allow network connection for Apache
- seboolean:
- name: httpd_can_network_connect
- state: yes
- persistent: yes
-
-
-- name: Allow execmem for Apache
- seboolean:
- name: httpd_execmem
- state: yes
- persistent: yes
-
-
-- name: Allow Apache to write to the cache files
- sefcontext:
- setype: httpd_sys_rw_content_t
- target: "/var/lib/fedora-hubs(/.*)?"
-
-
-- name: Start and enable the services
- service: name={{ item }} state=started enabled=yes
- with_items:
- - httpd
diff --git a/roles/hubs/tasks/web-nginx.yml b/roles/hubs/tasks/web-nginx.yml
deleted file mode 100644
index 1c523782c..000000000
--- a/roles/hubs/tasks/web-nginx.yml
+++ /dev/null
@@ -1,80 +0,0 @@
-# Webserver config
-
-- name: Install the webserver packages
- dnf: name={{ item }} state=present
- with_items:
- - python3-gunicorn
- - nginx
- - libsemanage-python
-
-
-- name: install python3-certbot-nginx
- dnf: name=python3-certbot-nginx state=present
- when: hubs_ssl_cert != None
-
-- name: get the letsencrypt cert
- command: certbot certonly -n --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d {{ hubs_url_hostname }} --agree-tos --email admin@xxxxxxxxxxxxxxxxx
- args:
- creates: "{{ hubs_ssl_key }}"
- when: hubs_ssl_cert != None
- notify:
- - restart nginx
-
-
-- name: Nginx configuration for hubs
- template:
- src: nginx.conf
- dest: /etc/nginx/conf.d/fedora-hubs.conf
- notify:
- - restart nginx
-
-
-- name: Nginx SSL configuration
- template:
- src: "{{ item }}"
- dest: /etc/nginx/ssl_params
- with_first_found:
- - nginx_ssl_params.{{ ansible_hostname }}
- - nginx_ssl_params
- when: hubs_ssl_cert != None
- notify:
- - restart nginx
-
-
-- name: Nginx proxy configuration
- copy:
- src: "{{ item }}"
- dest: /etc/nginx/proxy_params
- with_first_found:
- - nginx_proxy_params.{{ ansible_hostname }}
- - nginx_proxy_params
- notify:
- - restart nginx
-
-
-- name: Allow network connection for Nginx
- seboolean:
- name: httpd_can_network_connect
- state: yes
- persistent: yes
-
-
-- name: Create the log directory
- file:
- path: "{{ hubs_log_dir }}"
- owner: "{{ main_user }}"
- state: directory
-
-
-- name: Install the Gunicorn config file
- template:
- src: gunicorn.py
- dest: "{{ hubs_conf_dir }}/gunicorn.py"
- notify: "hubs configuration change"
-
-
-- name: Start and enable the services
- service: name={{ item }} state=started enabled=yes
- with_items:
- - fedora-hubs-webapp
- - nginx
diff --git a/roles/hubs/templates/apache.conf b/roles/hubs/templates/apache.conf
deleted file mode 100644
index e283e5674..000000000
--- a/roles/hubs/templates/apache.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-Alias /static /usr/lib/python3.6/site-packages/hubs/static
-
-WSGIScriptAlias / /usr/share/fedora-hubs/hubs.wsgi
-WSGIDaemonProcess hubs user=hubs group=hubs display-name=hubs maximum-requests=1000 processes=4 threads=30
-WSGISocketPrefix run/wsgi
-WSGIRestrictStdout On
-WSGIRestrictSignal Off
-WSGIPythonOptimize 1
-
-<Directory "/usr/share/fedora-hubs">
- <Files hubs.wsgi>
- Order deny,allow
- Allow from all
- Require all granted
- </Files>
- WSGIProcessGroup hubs
-</Directory>
-
-<Directory "/usr/lib/python3.6/site-packages/hubs/static">
- Order deny,allow
- Allow from all
- Require all granted
-</Directory>
-
-# SSE
-ProxyPass /sse http://localhost:8080
-ProxyPassReverse /sse http://localhost:8080
diff --git a/roles/hubs/templates/bashrc b/roles/hubs/templates/bashrc
deleted file mode 100644
index 93fd757a1..000000000
--- a/roles/hubs/templates/bashrc
+++ /dev/null
@@ -1,48 +0,0 @@
-# .bashrc
-
-# Source global definitions
-if [ -f /etc/bashrc ]; then
- . /etc/bashrc
-fi
-
-alias vi=vim
-
-
-# Uncomment the following line if you don't like systemctl's auto-paging feature:
-# export SYSTEMD_PAGER=
-
-# User specific aliases and functions
-# If adding new functions to this file, note that you can add help text to the function
-# by defining a variable with name _<function>_help containing the help text
-
-
-# Honcho has issues outputing UTF-8 in Vagrant SSH
-# https://github.com/nickstenning/honcho/issues/51
-export PYTHONIOENCODING=utf-8
-
-export HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py
-export FLASK_APP={{ hubs_code_dir }}/hubs/app.py
-
-
-workon() {
- [ "$1" == "hubs" ] || ( echo "No such virtualenv."; exit 1 )
- cd {{ hubs_code_dir }}
-}
-
-alias hup="pushd ~ ; honcho start ; popd"
-
-hreset() {
- {% if hubs_db_type == "postgresql" %}
- sudo -u postgres dropdb hubs
- sudo -u postgres createdb -O hubs hubs
- {% else %}
- rm {{ hubs_var_dir }}/hubs.db
- {% endif %}
- rm {{ hubs_var_dir }}/cache.db
- pushd {{ hubs_code_dir }}
- python3 populate.py
- popd
-}
-
-# Enable autocomplete for the fedora-hubs command
-eval "$(_FEDORA_HUBS_COMPLETE=source fedora-hubs)"
diff --git a/roles/hubs/templates/env b/roles/hubs/templates/env
deleted file mode 100644
index 058139eb7..000000000
--- a/roles/hubs/templates/env
+++ /dev/null
@@ -1,2 +0,0 @@
-HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py
-WEBAPP_CONFIG={{ hubs_conf_dir }}/gunicorn.py
diff --git a/roles/hubs/templates/fedmsg_config b/roles/hubs/templates/fedmsg_config
deleted file mode 100644
index b8f7d276c..000000000
--- a/roles/hubs/templates/fedmsg_config
+++ /dev/null
@@ -1,32 +0,0 @@
-config = {
-
- # Database
- {% if hubs_db_type == "postgresql" %}
- 'hubs.sqlalchemy.uri': 'postgresql://{{ hubs_db_user }}:{{ hubs_db_password }}@{{ hubs_db_host }}/{{ hubs_db_name }}',
- {% else %}
- 'hubs.sqlalchemy.uri': 'sqlite:///{{ hubs_var_dir }}/hubs.db',
- {% endif %}
-
- # Some configuration for the general hubs cache.
- "fedora-hubs.cache": {
- "backend": "dogpile.cache.dbm",
- #"expiration_time": 0,
- "arguments": {
- "filename": "{{ hubs_var_dir }}/cache.db",
- },
- },
-
- {% if hubs_fas_username and hubs_fas_password %}
- # FAS credentials
- 'fas_credentials': {
- 'username': '{{ hubs_fas_username }}',
- 'password': '{{ hubs_fas_password }}',
- {% if env == "staging" %}
- 'base_url': "https://admin.stg.fedoraproject.org/accounts/";,
- {% endif %}
- },
- {% endif %}
-
- # Use fedmsg-relay to publish messages
- 'active': True,
-}
diff --git a/roles/hubs/templates/gunicorn.py b/roles/hubs/templates/gunicorn.py
deleted file mode 100644
index 1e65b3a00..000000000
--- a/roles/hubs/templates/gunicorn.py
+++ /dev/null
@@ -1,8 +0,0 @@
-# flake8:noqa
-
-bind = "127.0.0.1:8000"
-threads = 12
-logconfig = "{{ hubs_conf_dir }}/logging.ini"
-accesslog = "{{ hubs_log_dir }}/access.log"
-errorlog = "{{ hubs_log_dir }}/error.log"
-access_log_format = '%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" (%(L)ss)'
diff --git a/roles/hubs/templates/honcho-env b/roles/hubs/templates/honcho-env
deleted file mode 100644
index a9d806fdd..000000000
--- a/roles/hubs/templates/honcho-env
+++ /dev/null
@@ -1,3 +0,0 @@
-FLASK_DEBUG=1
-FLASK_APP={{ hubs_code_dir }}/hubs/app.py
-HUBS_CONFIG={{ hubs_conf_dir }}/hubs.py
diff --git a/roles/hubs/templates/honcho-procfile b/roles/hubs/templates/honcho-procfile
deleted file mode 100644
index 77692dafd..000000000
--- a/roles/hubs/templates/honcho-procfile
+++ /dev/null
@@ -1,7 +0,0 @@
-web: /usr/bin/flask-3 run --host 0.0.0.0 --port 5000
-triage: fedora-hubs run triage
-worker: fedora-hubs run worker
-sse: /usr/bin/twistd-3 -l - --pidfile= -n hubs-sse
-fedmsg_hub: /usr/bin/fedmsg-hub-3
-fedmsg_relay: /usr/bin/fedmsg-relay-3
-js_build: cd {{ hubs_code_dir }}/js && npm run dev
diff --git a/roles/hubs/templates/hubs_config b/roles/hubs/templates/hubs_config
deleted file mode 100644
index 0ddfa5358..000000000
--- a/roles/hubs/templates/hubs_config
+++ /dev/null
@@ -1,28 +0,0 @@
-# Enter any hubs configuration here
-
-SECRET_KEY = "{{ hubs_secret_key }}"
-
-{% if hubs_dev_mode %}
-# Allow the cookie to be sent of http since we work on localhost
-OIDC_ID_TOKEN_COOKIE_SECURE = False
-{% endif %}
-
-OIDC_CLIENT_SECRETS = "{{ hubs_conf_dir }}/client_secrets.json"
-OIDC_OPENID_REALM = "{{ hubs_url }}/oidc_callback"
-{% if hubs_ssl_cert == None %}
-# There's an SSL proxy, flask_oidc will generate a redirect_uri without https
-# if we don't overwrite it here.
-OVERWRITE_REDIRECT_URI = "{{ hubs_url }}/oidc_callback"
-{% endif %}
-
-SSE_URL = {
- # "host": "sse.example.com",
- {% if hubs_dev_mode %}
- "port": "8080",
- {% else %}
- {% if hubs_ssl_cert == None %}
- "scheme": "https", # Because of the SSL proxy
- {% endif %}
- "path": "/sse",
- {% endif %}
-}
diff --git a/roles/hubs/templates/nginx.conf b/roles/hubs/templates/nginx.conf
deleted file mode 100644
index d36c412ee..000000000
--- a/roles/hubs/templates/nginx.conf
+++ /dev/null
@@ -1,76 +0,0 @@
-upstream hubs {
- # fail_timeout=0 means we always retry an upstream even if it failed
- # to return a good HTTP response
-
- # for UNIX domain socket setups
- #server unix:/tmp/gunicorn.sock fail_timeout=0;
-
- # for a TCP configuration
- server 127.0.0.1:8000 fail_timeout=0;
-}
-
-upstream hubs-sse {
- # SSE server (twisted-based)
- server 127.0.0.1:8080 fail_timeout=0;
-}
-
-# Main server block
-server {
-{% if hubs_ssl_cert == None %}
- listen 80;
- listen [::]:80;
-{% else %}
- listen 443 deferred;
- listen [::]:443 deferred;
- include ssl_params;
-{% endif %}
-
- server_name {{ hubs_url_hostname }};
-
- client_max_body_size 4G;
- keepalive_timeout 5;
-
- location / {
- # checks for static file, if not found proxy to app
- try_files $uri @proxy_to_app;
- }
-
- # path for static files
- location /static {
- alias /usr/lib/python3.6/site-packages/hubs/static;
- }
-
- location /sse/ {
- include proxy_params;
- proxy_pass http://hubs-sse/;
- # Allow long-running queries (SSE):
- proxy_buffering off;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- proxy_cache off;
- chunked_transfer_encoding off;
- keepalive_timeout 0;
- proxy_read_timeout 30m;
- }
-
- location @proxy_to_app {
- include proxy_params;
- proxy_pass http://hubs;
- }
-
- #error_page 500 502 503 504 /500.html;
- #location = /500.html {
- # root /path/to/app/current/public;
- #}
- }
-
-
-{% if hubs_ssl_cert != None %}
-# Redirect cleartext traffic to HTTPS
-server {
- listen 80;
- listen [::]:80;
- server_name {{ hubs_url_hostname }};
- return 301 https://$server_name$request_uri;
-}
-{% endif %}
diff --git a/roles/hubs/templates/nginx_ssl_params b/roles/hubs/templates/nginx_ssl_params
deleted file mode 100644
index 9a411c415..000000000
--- a/roles/hubs/templates/nginx_ssl_params
+++ /dev/null
@@ -1,5 +0,0 @@
-ssl on;
-ssl_certificate {{ hubs_ssl_cert }};
-ssl_certificate_key {{ hubs_ssl_key }};
-include /etc/letsencrypt/options-ssl-nginx.conf;
-ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
diff --git a/roles/hubs/templates/oidc_client_secrets.json b/roles/hubs/templates/oidc_client_secrets.json
deleted file mode 100644
index 909813883..000000000
--- a/roles/hubs/templates/oidc_client_secrets.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "web": {
- "client_id": "hubs",
- "auth_uri": "https://{{ hubs_oidc_url }}/openidc/Authorization",
- "issuer": "https://{{ hubs_oidc_url }}/openidc/",
- "client_secret": "{{ hubs_oidc_secret }}",
- "token_uri": "https://{{ hubs_oidc_url }}/openidc/Token",
- "userinfo_uri": "https://{{ hubs_oidc_url }}/openidc/UserInfo",
- "redirect_uris": [
- "{{ hubs_url }}/oidc_callback"
- ]
- }
-}
--
2.21.0
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
