From 1df1001cb438641d609602eb53eb65c9ed20b6b4 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Sat, 1 May 2021 15:12:00 +0000 Subject: [PATCH] Deprovision Limesurvey config management and docs The Limesurvey service hosted at survey.openstack.org was a beta which saw limited use. The platform it runs on, Xenial, is now EOL from Ubuntu/Canonical and in order to upgrade to a newer distribution release we would need to rewrite all the configuration management (the version of Puppet supported by newer Ubuntu is not backward-compatible with what we've been running). If a similar service becomes interesting to users of our collaboratory in the future, it will need to be reintroduced with freshly written configuration management anyway. The old configs and documentation remain in our Git history should anyone wish to use them as inspiration. Change-Id: I59b419cf112d32f20084ab93eb6f2417a7f93fdb --- doc/source/survey.rst | 84 ------- doc/source/systems.rst | 1 - inventory/base/hosts.yaml | 7 - inventory/service/groups.yaml | 5 - manifests/site.pp | 19 -- .../files/ssl_cert_check/ssldomains | 1 - modules/openstack_project/manifests/survey.pp | 218 ------------------ .../templates/survey.config.php.erb | 65 ------ .../templates/survey.vhost.erb | 51 ---- playbooks/group_vars/certcheck.yaml | 1 - 10 files changed, 452 deletions(-) delete mode 100644 doc/source/survey.rst delete mode 100644 modules/openstack_project/manifests/survey.pp delete mode 100644 modules/openstack_project/templates/survey.config.php.erb delete mode 100644 modules/openstack_project/templates/survey.vhost.erb diff --git a/doc/source/survey.rst b/doc/source/survey.rst deleted file mode 100644 index 3d7a7ffb77..0000000000 --- a/doc/source/survey.rst +++ /dev/null @@ -1,84 +0,0 @@ -:title: Survey - -.. _survey: - -Survey -###### - -Survey runs an instance of the LimeSurvey software, an open source survey -tool written in php. - -At a Glance -=========== - -:Hosts: - * https://survey.openstack.org -:Puppet: - * file:`modules/openstack_project/manifests/survey.pp` -:Projects: - * https://www.limesurvey.org/ -:Bugs: - * https://www.limesurvey.org/community/bug-tracker - -Overview -======== - -Apache is used with a Trove backend. - -Sysadmin -======== - -After initially provisioning the server, enable the Authwebserver plugin via mysqlclient: - -.. code-block:: bash - - insert into plugins (name, active) values ('Authwebserver', 1); - - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'strip_domain', '""'); - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'serverkey', '"REMOTE_USER"'); - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'is_default', '"1"'); - -Log in as admin to auto-create your account: -Admin sign-in: https://survey.openstack.org/admin - -Elevate your account to Superadmin via mysqlclient: - -.. code-block:: bash - - insert into permissions (entity, entity_id, uid, permission, read_p) values ("global", 0, 2, "superadmin", 1); - -(where the 2 in this example should be replaced with whatever the uid index -value is in the users table for your OpenID-autocreated account) - -Refresh your browser. When logged in via the web-ui you should now have -superadmin privileges allowing you to set the following values: - -Configuration > Global Settings > Email Settings - - Default site admin email: infra-root@openstack.org - - Administrator name: admin - -Configuration > Global Settings > Bounce Settings - - Default site admin email: infra-root@openstack.org - -Save and Close -check admin name and email information on front page: survey.openstack.org -to confirm change - -Admin Survey User -================= - -Log in via https://survey.openstack.org/admin using OpenStackID. - -Navigate to your 'My Account' settings at: -https://survey.openstack.org/index.php/admin/user/sa/personalsettings - -Change your Email from 'autouser@test.test' to the email you would like to -use for the use of surveys. - -Change your Full Name from 'autouser' to your Full Name that survey -participants can recognize. - -Save and Close using the button in the top right hand corner. diff --git a/doc/source/systems.rst b/doc/source/systems.rst index 681ffc955d..a08be32ffd 100644 --- a/doc/source/systems.rst +++ b/doc/source/systems.rst @@ -40,6 +40,5 @@ Major Systems github activity asterisk - survey letsencrypt ppa diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 0374437cdd..8a34f3abc5 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -696,13 +696,6 @@ all: region_name: DFW public_v4: 166.78.47.172 public_v6: 2001:4800:7817:101:be76:4eff:fe04:4a07 - survey01.openstack.org: - ansible_host: 23.253.92.56 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 23.253.92.56 - public_v6: 2001:4800:7815:105:be76:4eff:fe04:4af0 translate-dev01.openstack.org: ansible_host: 172.99.124.99 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 806faa478b..cd94220e22 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -152,7 +152,6 @@ groups: - storyboard-dev[0-9]*.opendev.org - storyboard[0-9]*.opendev.org - subunit-worker[0-9]*.open*.org - - survey[0-9]*.open*.org - translate-dev[0-9]*.open*.org - translate[0-9]*.open*.org - wiki-dev[0-9]*.openstack.org @@ -179,7 +178,6 @@ groups: - storyboard[0-9]*.opendev.org - storyboard-dev[0-9]*.opendev.org - subunit-worker[0-9]*.open*.org - - survey[0-9]*.open*.org - translate[0-9]*.open*.org - translate-dev[0-9]*.open*.org - wiki[0-9]*.openstack.org @@ -205,8 +203,6 @@ groups: - storyboard-dev[0-9]*.opendev.org subunit-worker: - subunit-worker[0-9]*.open*.org - survey: - - survey[0-9]*.open*.org translate-dev: - translate-dev[0-9]*.open*.org translate: @@ -232,7 +228,6 @@ groups: - status*.open*.org - storyboard-dev[0-9]*.opendev.org - storyboard[0-9]*.opendev.org - - survey[0-9]*.open*.org - translate-dev[0-9]*.open*.org - translate[0-9]*.open*.org - wiki-dev[0-9]*.openstack.org diff --git a/manifests/site.pp b/manifests/site.pp index e50d9011e3..a040784308 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -238,25 +238,6 @@ node /^status\d*\.open.*\.org$/ { } } -# Node-OS: xenial -node /^survey\d+\.open.*\.org$/ { - $group = "survey" - class { 'openstack_project::server': } - - class { 'openstack_project::survey': - vhost_name => 'survey.openstack.org', - auth_openid => true, - ssl_cert_file_contents => hiera('ssl_cert_file_contents'), - ssl_key_file_contents => hiera('ssl_key_file_contents'), - ssl_chain_file_contents => hiera('ssl_chain_file_contents'), - dbpassword => hiera('dbpassword'), - dbhost => hiera('dbhost'), - adminuser => hiera('adminuser'), - adminpass => hiera('adminpass'), - adminmail => hiera('adminmail'), - } -} - # Node-OS: xenial node /^nb\d+\.open.*\.org$/ { $group = 'nodepool' diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains index f3a6c208f8..0007f500fb 100644 --- a/modules/openstack_project/files/ssl_cert_check/ssldomains +++ b/modules/openstack_project/files/ssl_cert_check/ssldomains @@ -48,7 +48,6 @@ security.openstack.org 443 static.openstack.org 443 storyboard.openstack.org 443 summit.openstack.org 443 -survey.openstack.org 443 static.opendev.org 443 static.openstack.org 443 swift.openstack.org 443 diff --git a/modules/openstack_project/manifests/survey.pp b/modules/openstack_project/manifests/survey.pp deleted file mode 100644 index 83afbcb542..0000000000 --- a/modules/openstack_project/manifests/survey.pp +++ /dev/null @@ -1,218 +0,0 @@ -# Copyright 2016 Markus Opolka -# Copyright 2018 Anita Kuno -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Inspiration for this patch as well as portions of it -# come from the work of Markus Opolka and his -# LimeSurvey Puppet module: -# https://github.com/martialblog/puppet-limesurvey -# -class openstack_project::survey ( - $vhost_name = $::fqdn, - $ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem', - $ssl_key_file = '/etc/ssl/private/survey.openstack.org.key', - $ssl_chain_file = '/etc/ssl/certs/intermediate.pem', - $ssl_cert_file_contents = '', - $ssl_key_file_contents = '', - $ssl_chain_file_contents = '', - $dbpassword = '', - $dbhost = '', - # Table containing openid auth details. If undef not enabled - # Example dict: - # { - # banner => "Welcome", - # singleIdp => "https://openstackid.org", - # trusted => '^https://openstackid.org/.*$', - # any_valid_user => false, - # users => ['https://openstackid.org/foo', - # 'https://openstackid.org/bar'], - # } - # Note that if you care which users get access set any_valid_user to false - # and then provide an explicit list of openids in the users list. Otherwise - # set any_valid_user to true and any successfully authenticated user will - # get access. - $auth_openid = undef, - $docroot = '/var/www', - $runtime_dir_mode = '0755', - $download_url = 'https://download.limesurvey.org/latest-stable-release/', - $version = '3.15.6+190108', - $www_group = 'www-data', - $www_user = 'www-data', - # These are required for bootstrapping, so do not have defaults. - $adminuser, - $adminpass, - $adminmail, -) { - - $distro_packages = [ - 'libapache2-mod-php', - 'php', - 'php-gd', - 'php-imap', - 'php-ldap', - 'php-mbstring', - 'php-mcrypt', - 'php-mysql', - 'php-xml', - 'php-zip', - 'ssl-cert', - ] - - package { $distro_packages: - ensure => present, - } - - exec { 'limesurvey-download': - path => '/bin:/usr/bin', - creates => "${docroot}/tmp/runtime", - command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'", - require => File[$docroot], - user => $www_user, - } - - exec { 'limesurvey-unzip': - path => '/bin:/usr/bin', - cwd => '/tmp', - creates => "${docroot}/tmp/runtime", - command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'", - notify => Exec['limesurvey-install'], - require => Exec['limesurvey-download'], - user => $www_user, - } - - exec { 'limesurvey-install': - command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}", - cwd => "${docroot}/application/commands", - refreshonly => true, - require => [ - File["${docroot}/application/config/config.php"], - Package[$distro_packages], - ], - user => $www_user, - } - - file { "/tmp/limesurvey${version}.tar.gz": - ensure => absent, - require => Exec['limesurvey-unzip'], - } - - file { "${docroot}/tmp/runtime/": - ensure => directory, - mode => $runtime_dir_mode, - require => Exec['limesurvey-install'], - } - - file { "${docroot}/application/config/config.php": - ensure => present, - owner => $www_user, - group => $www_group, - mode => '0660', - content => template ('openstack_project/survey.config.php.erb'), - replace => true, - require => Exec['limesurvey-unzip'], - } - - include ::httpd - ::httpd::vhost { $vhost_name: - port => 443, - docroot => $docroot, - priority => '50', - template => 'openstack_project/survey.vhost.erb', - ssl => true, - } - - if !defined(Httpd::Mod['rewrite']) { - httpd::mod { 'rewrite': - ensure => present, - } - } - if ($auth_openid != undef) { - if !defined(Package['libapache2-mod-auth-openid']) { - package { 'libapache2-mod-auth-openid': - ensure => present, - } - } - if !defined(Httpd::Mod['auth_openid']) { - # Workaround for https://bugs.debian.org/759209 - file { '/etc/apache2/mods-available/auth_openid.load': - ensure => present, - content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so', - replace => true, - require => Package['libapache2-mod-auth-openid'], - } - httpd::mod { 'auth_openid': - ensure => present, - require => File['/etc/apache2/mods-available/auth_openid.load'], - } - } - } - - file { $docroot: - ensure => directory, - owner => $www_user, - group => $www_group, - } - - file { "${docroot}/robots.txt": - ensure => present, - source => 'puppet:///modules/openstack_project/disallow_robots.txt', - owner => 'root', - group => 'root', - mode => '0444', - require => File[$docroot], - } - - file { '/etc/ssl/certs': - ensure => directory, - owner => 'root', - mode => '0755', - } - - file { '/etc/ssl/private': - ensure => directory, - owner => 'root', - mode => '0700', - } - - if $ssl_cert_file_contents != '' { - file { $ssl_cert_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_cert_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } - - if $ssl_key_file_contents != '' { - file { $ssl_key_file: - owner => 'root', - group => 'ssl-cert', - mode => '0640', - content => $ssl_key_file_contents, - require => Package['ssl-cert'], - before => Httpd::Vhost[$vhost_name], - } - } - - if $ssl_chain_file_contents != '' { - file { $ssl_chain_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_chain_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } -} diff --git a/modules/openstack_project/templates/survey.config.php.erb b/modules/openstack_project/templates/survey.config.php.erb deleted file mode 100644 index 9e398b7236..0000000000 --- a/modules/openstack_project/templates/survey.config.php.erb +++ /dev/null @@ -1,65 +0,0 @@ - array( - 'db' => array( - 'connectionString' => 'mysql:host=<%= @dbhost %>;port=3306;dbname=limesurvey;', - 'emulatePrepare' => true, - 'username' => 'limesurvey', - 'password' => '<%= @dbpassword %>', - 'charset' => 'utf8mb4', - 'tablePrefix' => '', - ), - - // Uncomment the following line if you need table-based sessions - // 'session' => array ( - // 'class' => 'application.core.web.DbHttpSession', - // 'connectionID' => 'db', - // 'sessionTableName' => '{{sessions}}', - // ), - - 'urlManager' => array( - 'urlFormat' => 'path', - 'rules' => array( - // You can add your own rules here - ), - 'showScriptName' => true, - ), - - ), - // Use the following config variable to set modified optional settings copied from config-defaults.php - 'config'=>array( - // debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this - // then please check your error-logs - either in your hosting provider admin panel or in some /logs directory - // on your webspace. - // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates - 'debug'=>0, - 'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2 - // Update default LimeSurvey config here - 'auth_webserver'=>true, - 'auth_webserver_autocreate_user'=>true, - ) -); -/* End of file config.php */ -/* Location: ./application/config/config.php */ diff --git a/modules/openstack_project/templates/survey.vhost.erb b/modules/openstack_project/templates/survey.vhost.erb deleted file mode 100644 index 7fbc44cc35..0000000000 --- a/modules/openstack_project/templates/survey.vhost.erb +++ /dev/null @@ -1,51 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - -:80> - ServerName <%= @srvname %> - ReWriteEngine On - ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent] - LogLevel warn - ErrorLog /var/log/apache2/<%= @name %>_error.log - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off - - -:<%= @port %>> - ServerName <%= @srvname %> - - DocumentRoot <%= @docroot %> - > - Options <%= @options %> - AllowOverride None - Require all granted - - - <% if scope.lookupvar("openstack_project::survey::auth_openid") != nil %> - - AuthType OpenID - AuthName "Welcome" - AuthOpenIDSecureCookie On - AuthOpenIDCookieLifespan 3600 - AuthOpenIDTrustRoot https://<%= @srvname %> - AuthOpenIDServerName https://<%= @srvname %> - AuthOpenIDSingleIdP https://openstackid.org - AuthOpenIDTrusted ^https://openstackid.org/.*$ - Require valid-user - - <% end %> - - SSLEngine on - SSLProtocol ALL -SSLv2 -SSLv3 - SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %> - SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %> - <% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %> - SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %> - <% end %> - - ErrorLog /var/log/apache2/<%= @name %>_error.log - LogLevel warn - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off - diff --git a/playbooks/group_vars/certcheck.yaml b/playbooks/group_vars/certcheck.yaml index b2e647db77..81fe96a12c 100644 --- a/playbooks/group_vars/certcheck.yaml +++ b/playbooks/group_vars/certcheck.yaml @@ -7,7 +7,6 @@ letsencrypt_certcheck_additional_domains: - openstackid.org 443 - review.openstack.org 443 - storyboard.openstack.org 443 - - survey.openstack.org 443 - static.openstack.org 443 - translate.openstack.org 443 - wiki.openstack.org 443