opendev/system-config
Code Issues Proposed changes

Deprovision Limesurvey config management and docs

Browse Source 
The Limesurvey service hosted at survey.openstack.org was a beta
which saw limited use. The platform it runs on, Xenial, is now EOL
from Ubuntu/Canonical and in order to upgrade to a newer
distribution release we would need to rewrite all the configuration
management (the version of Puppet supported by newer Ubuntu is not
backward-compatible with what we've been running).

If a similar service becomes interesting to users of our
collaboratory in the future, it will need to be reintroduced with
freshly written configuration management anyway. The old configs and
documentation remain in our Git history should anyone wish to use
them as inspiration.

Change-Id: I59b419cf112d32f20084ab93eb6f2417a7f93fdb
This commit is contained in:
Jeremy Stanley 2021-05-01 15:12:00 +00:00
parent 8346b9ac6f
commit 1df1001cb4
10 changed files with 0 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
doc/source/survey.rst
View File

@ -1,84 +0,0 @@
:title: Survey
.. _survey:
Survey
######
Survey runs an instance of the LimeSurvey software, an open source survey
tool written in php.
At a Glance
===========
:Hosts:
* https://survey.openstack.org
:Puppet:
* file:`modules/openstack_project/manifests/survey.pp`
:Projects:
* https://www.limesurvey.org/
:Bugs:
* https://www.limesurvey.org/community/bug-tracker
Overview
========
Apache is used with a Trove backend.
Sysadmin
========
After initially provisioning the server, enable the Authwebserver plugin via mysqlclient:
.. code-block:: bash
insert into plugins (name, active) values ('Authwebserver', 1);
insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'strip_domain', '""');
insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'serverkey', '"REMOTE_USER"');
insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'is_default', '"1"');
Log in as admin to auto-create your account:
Admin sign-in: https://survey.openstack.org/admin
Elevate your account to Superadmin via mysqlclient:
.. code-block:: bash
insert into permissions (entity, entity_id, uid, permission, read_p) values ("global", 0, 2, "superadmin", 1);
(where the 2 in this example should be replaced with whatever the uid index
value is in the users table for your OpenID-autocreated account)
Refresh your browser. When logged in via the web-ui you should now have
superadmin privileges allowing you to set the following values:
Configuration > Global Settings > Email Settings
Default site admin email: infra-root@openstack.org
Administrator name: admin
Configuration > Global Settings > Bounce Settings
Default site admin email: infra-root@openstack.org
Save and Close
check admin name and email information on front page: survey.openstack.org
to confirm change
Admin Survey User
=================
Log in via https://survey.openstack.org/admin using OpenStackID.
Navigate to your 'My Account' settings at:
https://survey.openstack.org/index.php/admin/user/sa/personalsettings
Change your Email from 'autouser@test.test' to the email you would like to
use for the use of surveys.
Change your Full Name from 'autouser' to your Full Name that survey
participants can recognize.
Save and Close using the button in the top right hand corner.

1
doc/source/systems.rst
View File

@ -40,6 +40,5 @@ Major Systems
github
activity
asterisk
survey
letsencrypt
ppa

7
inventory/base/hosts.yaml
View File

@ -696,13 +696,6 @@ all:
region_name: DFW
public_v4: 166.78.47.172
public_v6: 2001:4800:7817:101:be76:4eff:fe04:4a07
survey01.openstack.org:
ansible_host: 23.253.92.56
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 23.253.92.56
public_v6: 2001:4800:7815:105:be76:4eff:fe04:4af0
translate-dev01.openstack.org:
ansible_host: 172.99.124.99
location:

5
inventory/service/groups.yaml
View File

@ -152,7 +152,6 @@ groups:
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- subunit-worker[0-9]*.open*.org
- survey[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
- wiki-dev[0-9]*.openstack.org
@ -179,7 +178,6 @@ groups:
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- subunit-worker[0-9]*.open*.org
- survey[0-9]*.open*.org
- translate[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
- wiki[0-9]*.openstack.org
@ -205,8 +203,6 @@ groups:
- storyboard-dev[0-9]*.opendev.org
subunit-worker:
- subunit-worker[0-9]*.open*.org
survey:
- survey[0-9]*.open*.org
translate-dev:
- translate-dev[0-9]*.open*.org
translate:
@ -232,7 +228,6 @@ groups:
- status*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- survey[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
- wiki-dev[0-9]*.openstack.org

19
manifests/site.pp
View File

@ -238,25 +238,6 @@ node /^status\d*\.open.*\.org$/ {
}
}
# Node-OS: xenial
node /^survey\d+\.open.*\.org$/ {
$group = "survey"
class { 'openstack_project::server': }
class { 'openstack_project::survey':
vhost_name => 'survey.openstack.org',
auth_openid => true,
ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
ssl_key_file_contents => hiera('ssl_key_file_contents'),
ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
dbpassword => hiera('dbpassword'),
dbhost => hiera('dbhost'),
adminuser => hiera('adminuser'),
adminpass => hiera('adminpass'),
adminmail => hiera('adminmail'),
}
}
# Node-OS: xenial
node /^nb\d+\.open.*\.org$/ {
$group = 'nodepool'

1
modules/openstack_project/files/ssl_cert_check/ssldomains
View File

@ -48,7 +48,6 @@ security.openstack.org 443
static.openstack.org 443
storyboard.openstack.org 443
summit.openstack.org 443
survey.openstack.org 443
static.opendev.org 443
static.openstack.org 443
swift.openstack.org 443

218
modules/openstack_project/manifests/survey.pp
View File

@ -1,218 +0,0 @@
# Copyright 2016 Markus Opolka <markus@martiablog.de>
# Copyright 2018 Anita Kuno <anteaya@anteaya.info>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Inspiration for this patch as well as portions of it
# come from the work of Markus Opolka and his
# LimeSurvey Puppet module:
# https://github.com/martialblog/puppet-limesurvey
#
class openstack_project::survey (
$vhost_name = $::fqdn,
$ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem',
$ssl_key_file = '/etc/ssl/private/survey.openstack.org.key',
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$dbpassword = '',
$dbhost = '',
# Table containing openid auth details. If undef not enabled
# Example dict:
# {
# banner => "Welcome",
# singleIdp => "https://openstackid.org",
# trusted => '^https://openstackid.org/.*$',
# any_valid_user => false,
# users => ['https://openstackid.org/foo',
# 'https://openstackid.org/bar'],
# }
# Note that if you care which users get access set any_valid_user to false
# and then provide an explicit list of openids in the users list. Otherwise
# set any_valid_user to true and any successfully authenticated user will
# get access.
$auth_openid = undef,
$docroot = '/var/www',
$runtime_dir_mode = '0755',
$download_url = 'https://download.limesurvey.org/latest-stable-release/',
$version = '3.15.6+190108',
$www_group = 'www-data',
$www_user = 'www-data',
# These are required for bootstrapping, so do not have defaults.
$adminuser,
$adminpass,
$adminmail,
) {
$distro_packages = [
'libapache2-mod-php',
'php',
'php-gd',
'php-imap',
'php-ldap',
'php-mbstring',
'php-mcrypt',
'php-mysql',
'php-xml',
'php-zip',
'ssl-cert',
]
package { $distro_packages:
ensure => present,
}
exec { 'limesurvey-download':
path => '/bin:/usr/bin',
creates => "${docroot}/tmp/runtime",
command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'",
require => File[$docroot],
user => $www_user,
}
exec { 'limesurvey-unzip':
path => '/bin:/usr/bin',
cwd => '/tmp',
creates => "${docroot}/tmp/runtime",
command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'",
notify => Exec['limesurvey-install'],
require => Exec['limesurvey-download'],
user => $www_user,
}
exec { 'limesurvey-install':
command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}",
cwd => "${docroot}/application/commands",
refreshonly => true,
require => [
File["${docroot}/application/config/config.php"],
Package[$distro_packages],
],
user => $www_user,
}
file { "/tmp/limesurvey${version}.tar.gz":
ensure => absent,
require => Exec['limesurvey-unzip'],
}
file { "${docroot}/tmp/runtime/":
ensure => directory,
mode => $runtime_dir_mode,
require => Exec['limesurvey-install'],
}
file { "${docroot}/application/config/config.php":
ensure => present,
owner => $www_user,
group => $www_group,
mode => '0660',
content => template ('openstack_project/survey.config.php.erb'),
replace => true,
require => Exec['limesurvey-unzip'],
}
include ::httpd
::httpd::vhost { $vhost_name:
port => 443,
docroot => $docroot,
priority => '50',
template => 'openstack_project/survey.vhost.erb',
ssl => true,
}
if !defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite':
ensure => present,
}
}
if ($auth_openid != undef) {
if !defined(Package['libapache2-mod-auth-openid']) {
package { 'libapache2-mod-auth-openid':
ensure => present,
}
}
if !defined(Httpd::Mod['auth_openid']) {
# Workaround for https://bugs.debian.org/759209
file { '/etc/apache2/mods-available/auth_openid.load':
ensure => present,
content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so',
replace => true,
require => Package['libapache2-mod-auth-openid'],
}
httpd::mod { 'auth_openid':
ensure => present,
require => File['/etc/apache2/mods-available/auth_openid.load'],
}
}
}
file { $docroot:
ensure => directory,
owner => $www_user,
group => $www_group,
}
file { "${docroot}/robots.txt":
ensure => present,
source => 'puppet:///modules/openstack_project/disallow_robots.txt',
owner => 'root',
group => 'root',
mode => '0444',
require => File[$docroot],
}
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
mode => '0700',
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
}

65
modules/openstack_project/templates/survey.config.php.erb
View File

@ -1,65 +0,0 @@
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/*
| -------------------------------------------------------------------
| DATABASE CONNECTIVITY SETTINGS
| -------------------------------------------------------------------
| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the 'Database Connection'
| page of the User Guide.
|
| -------------------------------------------------------------------
| EXPLANATION OF VARIABLES
| -------------------------------------------------------------------
|
| 'connectionString' Hostname, database, port and database type for
| the connection. Driver example: mysql. Currently supported:
| mysql, pgsql, mssql, sqlite, oci
| 'username' The username used to connect to the database
| 'password' The password used to connect to the database
| 'tablePrefix' You can add an optional prefix, which will be added
| to the table name when using the Active Record class
|
*/
return array(
'components' => array(
'db' => array(
'connectionString' => 'mysql:host=<%= @dbhost %>;port=3306;dbname=limesurvey;',
'emulatePrepare' => true,
'username' => 'limesurvey',
'password' => '<%= @dbpassword %>',
'charset' => 'utf8mb4',
'tablePrefix' => '',
),
// Uncomment the following line if you need table-based sessions
// 'session' => array (
// 'class' => 'application.core.web.DbHttpSession',
// 'connectionID' => 'db',
// 'sessionTableName' => '{{sessions}}',
// ),
'urlManager' => array(
'urlFormat' => 'path',
'rules' => array(
// You can add your own rules here
),
'showScriptName' => true,
),
),
// Use the following config variable to set modified optional settings copied from config-defaults.php
'config'=>array(
// debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
// then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
// on your webspace.
// LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
'debug'=>0,
'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
// Update default LimeSurvey config here
'auth_webserver'=>true,
'auth_webserver_autocreate_user'=>true,
)
);
/* End of file config.php */
/* Location: ./application/config/config.php */

51
modules/openstack_project/templates/survey.vhost.erb
View File

@ -1,51 +0,0 @@
# ************************************
# Managed by Puppet
# ************************************
<VirtualHost <%= @vhost_name %>:80>
ServerName <%= @srvname %>
ReWriteEngine On
ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/<%= @name %>_error.log
CustomLog /var/log/apache2/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost <%= @vhost_name %>:<%= @port %>>
ServerName <%= @srvname %>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options <%= @options %>
AllowOverride None
Require all granted
</Directory>
<% if scope.lookupvar("openstack_project::survey::auth_openid") != nil %>
<Location /index.php/admin/>
AuthType OpenID
AuthName "Welcome"
AuthOpenIDSecureCookie On
AuthOpenIDCookieLifespan 3600
AuthOpenIDTrustRoot https://<%= @srvname %>
AuthOpenIDServerName https://<%= @srvname %>
AuthOpenIDSingleIdP https://openstackid.org
AuthOpenIDTrusted ^https://openstackid.org/.*$
Require valid-user
</Location>
<% end %>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %>
<% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %>
<% end %>
ErrorLog /var/log/apache2/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/apache2/<%= @name %>_access.log combined
ServerSignature Off
</VirtualHost>

1
playbooks/group_vars/certcheck.yaml
View File

@ -7,7 +7,6 @@ letsencrypt_certcheck_additional_domains:
- openstackid.org 443
- review.openstack.org 443
- storyboard.openstack.org 443
- survey.openstack.org 443
- static.openstack.org 443
- translate.openstack.org 443
- wiki.openstack.org 443