Hi all,
The attached patch remove infinote from ansible. I would like to apply this then delete the virtual host and finally the run the nagios playbook so that we don't monitor this service anymore.
Content was backed up here --> https://infrastructure.fedoraproject.org/infra/retired/infinote.fedoraproject.org/infinote/.
Once all done, I ll communicate that the service was retired on the different lists the sunset was advertised.
+1s ?
Thanks
From e967e2ae0d2c0c18051cd52bcf58c3ccf143f9e1 Mon Sep 17 00:00:00 2001
From: Clement Verna <cverna@xxxxxxxxxxxx>
Date: Tue, 3 Sep 2019 21:02:04 +0200
Subject: [PATCH] Remove infinote from ansible
Signed-off-by: Clement Verna <cverna@xxxxxxxxxxxx>
---
inventory/backups | 3 +-
inventory/group_vars/infinote | 41 --------
inventory/inventory | 7 +-
master.yml | 1 -
playbooks/groups/infinote.yml | 45 ---------
playbooks/include/proxies-websites.yml | 7 +-
roles/cgit/base/files/cgitrc.infinote | 75 --------------
roles/cgit/base/tasks/main.yml | 5 -
.../files/cgit-projects-infinote | 1 -
roles/cgit/make_pkgs_list/tasks/main.yml | 5 -
roles/infinote/files/gitconfig | 3 -
roles/infinote/files/infinoted-git-commit | 4 -
roles/infinote/files/infinoted.service | 13 ---
roles/infinote/handlers/main.yml | 2 -
roles/infinote/tasks/main.yml | 95 ------------------
.../templates/infinote.fedoraproject.org.conf | 98 -------------------
roles/infinote/templates/infinoted.conf | 23 -----
17 files changed, 6 insertions(+), 422 deletions(-)
delete mode 100644 inventory/group_vars/infinote
delete mode 100644 playbooks/groups/infinote.yml
delete mode 100644 roles/cgit/base/files/cgitrc.infinote
delete mode 100644 roles/cgit/make_pkgs_list/files/cgit-projects-infinote
delete mode 100644 roles/infinote/files/gitconfig
delete mode 100755 roles/infinote/files/infinoted-git-commit
delete mode 100644 roles/infinote/files/infinoted.service
delete mode 100644 roles/infinote/handlers/main.yml
delete mode 100644 roles/infinote/tasks/main.yml
delete mode 100644 roles/infinote/templates/infinote.fedoraproject.org.conf
delete mode 100644 roles/infinote/templates/infinoted.conf
diff --git a/inventory/backups b/inventory/backups
index d072f1f8b..6eb8361d7 100644
--- a/inventory/backups
+++ b/inventory/backups
@@ -1,5 +1,5 @@
#
-# This is the list of clients we backup with rdiff-backup.
+# This is the list of clients we backup with rdiff-backup.
#
[backup_clients]
db01.phx2.fedoraproject.org
@@ -8,7 +8,6 @@ db-datanommer02.phx2.fedoraproject.org
db-fas01.phx2.fedoraproject.org
batcave01.phx2.fedoraproject.org
ci-cc-rdu01.fedoraproject.org
-infinote.fedoraproject.org
pagure01.fedoraproject.org
people02.fedoraproject.org
pkgs02.phx2.fedoraproject.org
diff --git a/inventory/group_vars/infinote b/inventory/group_vars/infinote
deleted file mode 100644
index 68ffd7484..000000000
--- a/inventory/group_vars/infinote
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# Define resources for this group of hosts here.
-lvm_size: 20000
-mem_size: 4096
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-custom_rules: [
- # Need for rsync from log01 for logs.
- '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
- '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
- ]
-
-tcp_ports: [80, 443, 6523, 9418]
-
-fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-veteran
-
-freezes: false
-
-git_port: 9418
-git_server: /usr/libexec/git-core/git-daemon
-git_server_args: --export-all --syslog --inetd --verbose
-git_basepath: /srv/web
-git_daemon_user: nobody
-
-# For the MOTD
-csi_security_category: Low
-csi_primary_contact: Fedora admins - admin@xxxxxxxxxxxxxxxxx
-csi_purpose: Run the 'infinote' backend for gobby
-csi_relationship: |
- There are a few things running here:
-
- - infinote server for gobby
- - cgit server to serve gobby content
- - web server
-
- - This host relies on: Nothing
-
- - Things that rely on this host: Nothing
diff --git a/inventory/inventory b/inventory/inventory
index 6d19ed38c..5831252c0 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -997,8 +997,8 @@ value
[fedmsg_ircs_stg:children]
value_stg
-# This group is for "instances" we have in inventory but do not
-# want to monitor in nagios because they don't really exist as
+# This group is for "instances" we have in inventory but do not
+# want to monitor in nagios because they don't really exist as
# hosts you can monitor.
[nixnagios]
# This is the centos-ci relay hosts as fedmsg sees it
@@ -1284,9 +1284,6 @@ pagure01.fedoraproject.org
[pagure_stg]
pagure-stg01.fedoraproject.org
-[infinote]
-infinote.fedoraproject.org
-
[gnome_backups]
gnome-backups01.phx2.fedoraproject.org
diff --git a/master.yml b/master.yml
index 04074296d..fe75d37be 100644
--- a/master.yml
+++ b/master.yml
@@ -48,7 +48,6 @@
- import_playbook: /srv/web/infra/ansible/playbooks/groups/freshmaker.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/github2fedmsg.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/gnome-backups.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/groups/infinote.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/ipa.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/kerneltest.yml
- import_playbook: /srv/web/infra/ansible/playbooks/groups/keyserver.yml
diff --git a/playbooks/groups/infinote.yml b/playbooks/groups/infinote.yml
deleted file mode 100644
index 41bef62f8..000000000
--- a/playbooks/groups/infinote.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-# create a new infinote server
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=infinote"
-
-- name: make the boxen be real for real
- hosts: infinote
- user: root
- gather_facts: True
-
- vars_files:
- - /srv/web/infra/ansible/vars/global.yml
- - "/srv/private/ansible/vars.yml"
- - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
- roles:
- - base
- - rkhunter
- - nagios_client
- - hosts
- - fas_client
- - sudo
- - collectd/base
- - openvpn/client
- - cgit/base
- - cgit/clean_lock_cron
- - cgit/make_pkgs_list
- - git/server
- - role: apache
- - role: httpd/mod_ssl
- - infinote
- - role: letsencrypt
- site_name: 'infinote.fedoraproject.org'
- certbot_addhost: 'infinote.fedoraproject.org'
-
- pre_tasks:
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
-
- tasks:
- - import_tasks: "{{ tasks_path }}/2fa_client.yml"
- - import_tasks: "{{ tasks_path }}/motd.yml"
-
- - name: tweak ssl key
- file: path=/etc/pki/tls/private/infinote.fedoraproject.org.key group=infinote mode=640
-
- handlers:
- - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 69c2e4d09..8dd17404a 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -58,7 +58,6 @@
- localhost
- www.fedoraproject.org
- hotspot-nocache.fedoraproject.org
- - infinote.fedoraproject.org
# This is for all the other domains we own
# that redirect to https://fedoraproject.org
@@ -478,7 +477,7 @@
sslonly: true
server_aliases: [transtats.stg.fedoraproject.org]
cert_name: "{{wildcard_cert_name}}"
- tags:
+ tags:
- transtats
- role: httpd/website
@@ -1051,8 +1050,8 @@
#
# We setup this site for old ols papers
-# This used to be on fedorapeople.org, but a new 'ols' user showed up, so
-# that no longer works.
+# This used to be on fedorapeople.org, but a new 'ols' user showed up, so
+# that no longer works.
#
- role: httpd/website
site_name: ols.fedoraproject.org
diff --git a/roles/cgit/base/files/cgitrc.infinote b/roles/cgit/base/files/cgitrc.infinote
deleted file mode 100644
index 28d50a92a..000000000
--- a/roles/cgit/base/files/cgitrc.infinote
+++ /dev/null
@@ -1,75 +0,0 @@
-#
-# See cgitrc(5) or /usr/share/doc/cgit-*/cgitrc.5.html for details
-#
-
-# Enable caching of up to 1000 output entries
-cache-size=1000
-
-# Specify some default clone prefixes
-clone-prefix=https://infinote.fedoraproject.org/
-
-# Specify the css url
-css=/cgit-data/cgit.css
-
-# Show extra links for each repository on the index page
-enable-index-links=1
-
-# Enable ASCII art commit history graph on the log pages
-enable-commit-graph=1
-
-# Show number of affected files per commit on the log pages
-enable-log-filecount=1
-
-# Show number of added/removed lines per commit on the log pages
-enable-log-linecount=1
-
-# Add a cgit favicon
-#favicon=/favicon.ico
-
-# Use a custom logo
-logo=/cgit-data/cgit.png
-
-# Enable statistics per week, month and quarter
-max-stats=quarter
-
-# Set the title and heading of the repository index page
-root-title=Fedora Project infinote document changes
-
-# Set a subheading for the repository index page
-#root-desc=tracking the foobar development
-
-# Include some more info about this site on the index page
-#root-readme=/var/www/html/about.html
-
-# Allow download of tar.gz, tar.bz2 and zip-files
-snapshots=tar.gz tar.xz zip
-
-##
-## List of common mimetypes
-##
-
-mimetype.gif=image/gif
-mimetype.html=text/html
-mimetype.jpg=image/jpeg
-mimetype.jpeg=image/jpeg
-mimetype.pdf=application/pdf
-mimetype.png=image/png
-mimetype.svg=image/svg+xml
-
-# Enable syntax highlighting (requires the highlight package)
-#source-filter=/usr/libexec/cgit/filters/syntax-highlighting.sh
-#email-filter=lua:/usr/libexec/cgit/filters/email-libravatar-korg.lua
-
-
-##
-## List of repositories.
-## PS: Any repositories listed when section is unset will not be
-## displayed under a section heading
-## PPS: This list could be kept in a different file (e.g. '/etc/cgitrepos')
-## and included like this:
-
-repo.name=infinote
-repo.url=infinote
-repo.path=/srv/web/infinote/.git/
-repo.owner=infinote
-repo.desc=Fedoraproject infinote git backing store
diff --git a/roles/cgit/base/tasks/main.yml b/roles/cgit/base/tasks/main.yml
index d19993dd5..d6bcff73b 100644
--- a/roles/cgit/base/tasks/main.yml
+++ b/roles/cgit/base/tasks/main.yml
@@ -43,11 +43,6 @@
when: inventory_hostname.startswith('batcave')
tags: cgit
-- name: put cgitrc in place for infinote
- copy: src=cgitrc.infinote dest=/etc/cgitrc owner=root mode=0644
- when: inventory_hostname.startswith('infinote')
- tags: cgit
-
#- name: install the libravatar filter
# copy: src=email-libravatar-korg.lua dest=/usr/libexec/cgit/filters/email-libravatar-korg.lua owner=root group=root mode=0755
# tags: cgit
diff --git a/roles/cgit/make_pkgs_list/files/cgit-projects-infinote b/roles/cgit/make_pkgs_list/files/cgit-projects-infinote
deleted file mode 100644
index b020a2a61..000000000
--- a/roles/cgit/make_pkgs_list/files/cgit-projects-infinote
+++ /dev/null
@@ -1 +0,0 @@
-infinote.git
diff --git a/roles/cgit/make_pkgs_list/tasks/main.yml b/roles/cgit/make_pkgs_list/tasks/main.yml
index a0fc5e083..0fb73f767 100644
--- a/roles/cgit/make_pkgs_list/tasks/main.yml
+++ b/roles/cgit/make_pkgs_list/tasks/main.yml
@@ -31,11 +31,6 @@
when: inventory_hostname.startswith('batcave')
tags: cgit
-- name: install the file for infinote
- copy: src=cgit-projects-infinote dest=/etc/cgit-projects-infinote mode=0644
- when: inventory_hostname.startswith('infinote')
- tags: cgit
-
- name: install the cron job
cron: >
name="make-cgit-pkgs-list" cron_file="ansible-make-cgit-pkgs-list"
diff --git a/roles/infinote/files/gitconfig b/roles/infinote/files/gitconfig
deleted file mode 100644
index d66e75299..000000000
--- a/roles/infinote/files/gitconfig
+++ /dev/null
@@ -1,3 +0,0 @@
-[user]
- email = nobody@xxxxxxxxxxxxxxxxx
- name = infinote
diff --git a/roles/infinote/files/infinoted-git-commit b/roles/infinote/files/infinoted-git-commit
deleted file mode 100755
index 478786249..000000000
--- a/roles/infinote/files/infinoted-git-commit
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-cd /srv/web/infinote
-git add . >/dev/null
-git commit -a --author="infinote <nobody@xxxxxxxxxxxxxxxxx>" -m "Automated Commit of $1" >/dev/null
diff --git a/roles/infinote/files/infinoted.service b/roles/infinote/files/infinoted.service
deleted file mode 100644
index c547393f7..000000000
--- a/roles/infinote/files/infinoted.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=infinoted server
-After=network.target
-Documentation=https://github.com/gobby/libinfinity
-
-[Service]
-ExecStart=/usr/bin/infinoted-0.6
-User=infinote
-Group=infinote
-Type=simple
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/infinote/handlers/main.yml b/roles/infinote/handlers/main.yml
deleted file mode 100644
index 55133ecf2..000000000
--- a/roles/infinote/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-- name: restart infinoted
- service: name=infinoted state=restarted
diff --git a/roles/infinote/tasks/main.yml b/roles/infinote/tasks/main.yml
deleted file mode 100644
index 1b50ac43d..000000000
--- a/roles/infinote/tasks/main.yml
+++ /dev/null
@@ -1,95 +0,0 @@
-#
-# This role sets up the various packages and scripts needed for a infinote server
-#
-
-
-
-#
-# make directory for nfs mounts to live in
-#
-
-- name: create an infinoted user
- user: name=infinote state=present home=/home/infinote createhome=yes shell=/sbin/nologin
- tags:
- - infinote
- - config
-
-- name: Setup basic git config for infinote user
- copy: src=gitconfig dest=/home/infinote/.gitconfig
- tags:
- - infinote
- - config
-
-- name: Setup basic apache config
- template: src=infinote.fedoraproject.org.conf dest=/etc/httpd/conf.d/infinote.fedoraproject.org.conf
- tags:
- - infinote
- - config
-
-- name: create /srv/web for web content
- file: dest=/srv/web state=directory mode=755 owner=infinote group=infinote
- tags:
- - infinote
- - config
-
-- name: check the selinux context of /srv/web
- command: matchpathcon /srv/web
- register: webdir
- check_mode: no
- changed_when: "1 != 1"
- tags:
- - infinote
- - config
- - selinux
- - httpd
- - httpd/website
-
-- name: /srv/web selinux context
- command: semanage fcontext -a -t git_content_t "/srv/web(/.*)?"
- when: webdir.stdout.find('git_content_t') == -1
- tags:
- - infinote
- - config
- - selinux
- - httpd
- - httpd/website
-
-- name: create /srv/infinote for infinote content
- file: dest=/srv/infinote state=directory mode=755 owner=infinote group=infinote
- tags:
- - infinote
- - config
-
-- name: install packages needed
- package: name={{ item }} state=present
- with_items:
- - infinoted
- tags:
- - infinote
- - config
-
-- name: add systemd unit file to start infinote daemon
- copy: src=infinoted.service dest=/etc/systemd/system/infinoted.service
- notify: reload systemd
- tags:
- - infinote
- - config
-
-- name: enable infinoted
- service: name=infinoted state=started enabled=true
- tags:
- - infinote
- - config
-
-- name: add config file for infinoted
- template: src=infinoted.conf dest=/etc/xdg/infinoted.conf
- notify: restart infinoted
- tags:
- - infinote
- - config
-
-- name: add git commit script for infinote
- copy: src=infinoted-git-commit dest=/usr/local/bin/infinoted-git-commit mode=0755
- tags:
- - infinote
- - config
diff --git a/roles/infinote/templates/infinote.fedoraproject.org.conf b/roles/infinote/templates/infinote.fedoraproject.org.conf
deleted file mode 100644
index 48e1fde23..000000000
--- a/roles/infinote/templates/infinote.fedoraproject.org.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-Listen 443
-<VirtualHost *:80>
- ServerName infinote.fedoraproject.org
- ServerAdmin webmaster@xxxxxxxxxxxxxxxxx
- TraceEnable Off
-
- # enable git smart http cloning.
- SetEnv GIT_PROJECT_ROOT /srv/web/infra/
- SetEnv GIT_HTTP_EXPORT_ALL
- ScriptAliasMatch \
- "(?x)^/(.*/(HEAD | \
- info/refs | \
- objects/(info/[^/]+ | \
- [0-9a-f]{2}/[0-9a-f]{38} | \
- pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
- git-(upload|receive)-pack))$" \
- /usr/libexec/git-core/git-http-backend/$1
-
- #
- # redirect everyone to use https
- #
- # We can't do this until virt-install can handle https
-
- RewriteEngine on
- RewriteRule ^/\.well-known/(.*) "http://fedoraproject.org/\.well-known/$1"; [L,R=301,NE]
- RewriteCond %{SERVER_PORT} !^443$
- RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
-
-# robots location
-Alias /robots.txt /srv/web/robots.txt.infinote
-
-DocumentRoot /srv/web
-<Directory /srv/web>
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-</Directory>
-
-# Needed for cgit cgi
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-<Directory "/var/www/cgi-bin">
- AllowOverride None
- Options None
- Require all granted
-</Directory>
-<Directory "/usr/share/cgit">
- AllowOverride None
- Options None
- Require all granted
-</Directory>
-<Directory "/usr/libexec/git-core">
- AllowOverride None
- Options None
- Require all granted
-</Directory>
-</VirtualHost>
-
-<VirtualHost *:443>
- ServerName infinote.fedoraproject.org
- ServerAdmin webmaster@xxxxxxxxxxxxxxxxx
-
- # enable git smart http cloning.
- SetEnv GIT_PROJECT_ROOT /srv/web/infra/
- SetEnv GIT_HTTP_EXPORT_ALL
- ScriptAliasMatch \
- "(?x)^/(.*/(HEAD | \
- info/refs | \
- objects/(info/[^/]+ | \
- [0-9a-f]{2}/[0-9a-f]{38} | \
- pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
- git-(upload|receive)-pack))$" \
- /usr/libexec/git-core/git-http-backend/$1
-
- SSLEngine on
- SSLCertificateFile /etc/pki/tls/certs/infinote.fedoraproject.org.cert
- SSLCertificateKeyFile /etc/pki/tls/private/infinote.fedoraproject.org.key
- SSLCertificateChainFile /etc/pki/tls/certs/infinote.fedoraproject.org.intermediate.cert
-
- Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-
- SSLHonorCipherOrder On
-
- # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
- # If you change the protocols or cipher suites, you should probably update
- # modules/squid/files/squid.conf-el6 too, to keep it in sync.
- SSLProtocol {{ ssl_protocols }}
- SSLCipherSuite {{ ssl_ciphers }}
-
-# robots location
-Alias /robots.txt /srv/web/robots.txt.lockbox01
-
-DocumentRoot /srv/web
-<Directory /srv/web>
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-</Directory>
-</VirtualHost>
diff --git a/roles/infinote/templates/infinoted.conf b/roles/infinote/templates/infinoted.conf
deleted file mode 100644
index 988d72951..000000000
--- a/roles/infinote/templates/infinoted.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-[infinoted]
-certificate-file=/etc/pki/tls/certs/infinote.fedoraproject.org.cert
-key-file=/etc/pki/tls/private/infinote.fedoraproject.org.key
-certificate-chain=/etc/pki/tls/certs/infinote.fedoraproject.org.intermediate.cert
-
-port=6523
-security-policy=require-tls
-root-directory=/srv/infinote
-plugins=note-text;autosave;directory-sync;logging
-
-[autosave]
-interval=60
-
-[directory-sync]
-directory=/srv/web/infinote
-interval=60
-hook=/usr/local/bin/infinoted-git-commit
-
-[logging]
-log-connections=true
-log-connection-errors=true
-log-session-errors=true
-log-session-request-extra=true
--
2.21.0
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
