Deprovision Limesurvey config management and docs

The Limesurvey service hosted at survey.openstack.org was a beta which saw limited use. The platform it runs on, Xenial, is now EOL from Ubuntu/Canonical and in order to upgrade to a newer distribution release we would need to rewrite all the configuration management (the version of Puppet supported by newer Ubuntu is not backward-compatible with what we've been running). If a similar service becomes interesting to users of our collaboratory in the future, it will need to be reintroduced with freshly written configuration management anyway. The old configs and documentation remain in our Git history should anyone wish to use them as inspiration. Change-Id: I59b419cf112d32f20084ab93eb6f2417a7f93fdb
2021-05-01 15:12:00 +00:00 · 2021-05-01 15:12:00 +00:00 · 1df1001cb4
parent 8346b9ac6f
commit 1df1001cb4
10 changed files with 0 additions and 452 deletions
--- a/doc/source/survey.rst
+++ b/doc/source/survey.rst
@ -1,84 +0,0 @@
 :title: Survey
 .. _survey:
 Survey
 ######
 Survey runs an instance of the LimeSurvey software, an open source survey
 tool written in php.
 At a Glance
 ===========
 :Hosts:
  * https://survey.openstack.org
 :Puppet:
  * file:`modules/openstack_project/manifests/survey.pp`
 :Projects:
  * https://www.limesurvey.org/
 :Bugs:
  * https://www.limesurvey.org/community/bug-tracker
 Overview
 ========
 Apache is used with a Trove backend.
 Sysadmin
 ========
 After initially provisioning the server, enable the Authwebserver plugin via mysqlclient:
 .. code-block:: bash
    insert into plugins (name, active) values ('Authwebserver', 1);
    insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'strip_domain', '""');
    insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'serverkey', '"REMOTE_USER"');
    insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'is_default', '"1"');
 Log in as admin to auto-create your account:
 Admin sign-in: https://survey.openstack.org/admin
 Elevate your account to Superadmin via mysqlclient:
 .. code-block:: bash
    insert into permissions (entity, entity_id, uid, permission, read_p) values ("global", 0, 2, "superadmin", 1);
 (where the 2 in this example should be replaced with whatever the uid index
 value is in the users table for your OpenID-autocreated account)
 Refresh your browser. When logged in via the web-ui you should now have
 superadmin privileges allowing you to set the following values:
 Configuration > Global Settings > Email Settings
    Default site admin email: infra-root@openstack.org
    Administrator name: admin
 Configuration > Global Settings > Bounce Settings
    Default site admin email: infra-root@openstack.org
 Save and Close
 check admin name and email information on front page: survey.openstack.org
 to confirm change
 Admin Survey User
 =================
 Log in via https://survey.openstack.org/admin using OpenStackID.
 Navigate to your 'My Account' settings at:
 https://survey.openstack.org/index.php/admin/user/sa/personalsettings
 Change your Email from 'autouser@test.test' to the email you would like to
 use for the use of surveys.
 Change your Full Name from 'autouser' to your Full Name that survey
 participants can recognize.
 Save and Close using the button in the top right hand corner.
--- a/doc/source/systems.rst
+++ b/doc/source/systems.rst
@ -40,6 +40,5 @@ Major Systems
   github
   activity
   asterisk
   survey
   letsencrypt
   ppa
--- a/inventory/base/hosts.yaml
+++ b/inventory/base/hosts.yaml
@ -696,13 +696,6 @@ all:
        region_name: DFW
      public_v4: 166.78.47.172
      public_v6: 2001:4800:7817:101:be76:4eff:fe04:4a07
    survey01.openstack.org:
      ansible_host: 23.253.92.56
      location:
        cloud: openstackci-rax
        region_name: DFW
      public_v4: 23.253.92.56
      public_v6: 2001:4800:7815:105:be76:4eff:fe04:4af0
    translate-dev01.openstack.org:
      ansible_host: 172.99.124.99
      location:
--- a/inventory/service/groups.yaml
+++ b/inventory/service/groups.yaml
@ -152,7 +152,6 @@ groups:
    - storyboard-dev[0-9]*.opendev.org
    - storyboard[0-9]*.opendev.org
    - subunit-worker[0-9]*.open*.org
    - survey[0-9]*.open*.org
    - translate-dev[0-9]*.open*.org
    - translate[0-9]*.open*.org
    - wiki-dev[0-9]*.openstack.org
@ -179,7 +178,6 @@ groups:
    - storyboard[0-9]*.opendev.org
    - storyboard-dev[0-9]*.opendev.org
    - subunit-worker[0-9]*.open*.org
    - survey[0-9]*.open*.org
    - translate[0-9]*.open*.org
    - translate-dev[0-9]*.open*.org
    - wiki[0-9]*.openstack.org
@ -205,8 +203,6 @@ groups:
    - storyboard-dev[0-9]*.opendev.org
  subunit-worker:
    - subunit-worker[0-9]*.open*.org
  survey:
    - survey[0-9]*.open*.org
  translate-dev:
    - translate-dev[0-9]*.open*.org
  translate:
@ -232,7 +228,6 @@ groups:
    - status*.open*.org
    - storyboard-dev[0-9]*.opendev.org
    - storyboard[0-9]*.opendev.org
    - survey[0-9]*.open*.org
    - translate-dev[0-9]*.open*.org
    - translate[0-9]*.open*.org
    - wiki-dev[0-9]*.openstack.org
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -238,25 +238,6 @@ node /^status\d*\.open.*\.org$/ {
  }
 }
 # Node-OS: xenial
 node /^survey\d+\.open.*\.org$/ {
  $group = "survey"
  class { 'openstack_project::server': }
  class { 'openstack_project::survey':
    vhost_name              => 'survey.openstack.org',
    auth_openid             => true,
    ssl_cert_file_contents  => hiera('ssl_cert_file_contents'),
    ssl_key_file_contents   => hiera('ssl_key_file_contents'),
    ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
    dbpassword              => hiera('dbpassword'),
    dbhost                  => hiera('dbhost'),
    adminuser               => hiera('adminuser'),
    adminpass               => hiera('adminpass'),
    adminmail               => hiera('adminmail'),
  }
 }
 # Node-OS: xenial
 node /^nb\d+\.open.*\.org$/ {
  $group = 'nodepool'
--- a/modules/openstack_project/files/ssl_cert_check/ssldomains
+++ b/modules/openstack_project/files/ssl_cert_check/ssldomains
@ -48,7 +48,6 @@ security.openstack.org 443
 static.openstack.org 443
 storyboard.openstack.org 443
 summit.openstack.org 443
 survey.openstack.org 443
 static.opendev.org 443
 static.openstack.org 443
 swift.openstack.org 443
--- a/modules/openstack_project/manifests/survey.pp
+++ b/modules/openstack_project/manifests/survey.pp
@ -1,218 +0,0 @@
 # Copyright 2016 Markus Opolka <markus@martiablog.de>
 # Copyright 2018 Anita Kuno <anteaya@anteaya.info>
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 # Inspiration for this patch as well as portions of it
 # come from the work of Markus Opolka and his
 # LimeSurvey Puppet module:
 # https://github.com/martialblog/puppet-limesurvey
 #
 class openstack_project::survey (
  $vhost_name = $::fqdn,
  $ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem',
  $ssl_key_file = '/etc/ssl/private/survey.openstack.org.key',
  $ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
  $ssl_cert_file_contents = '',
  $ssl_key_file_contents = '',
  $ssl_chain_file_contents = '',
  $dbpassword = '',
  $dbhost = '',
  # Table containing openid auth details. If undef not enabled
  # Example dict:
  # {
  #   banner         => "Welcome",
  #   singleIdp      => "https://openstackid.org",
  #   trusted        => '^https://openstackid.org/.*$',
  #   any_valid_user => false,
  #   users          => ['https://openstackid.org/foo',
  #                      'https://openstackid.org/bar'],
  # }
  # Note that if you care which users get access set any_valid_user to false
  # and then provide an explicit list of openids in the users list. Otherwise
  # set any_valid_user to true and any successfully authenticated user will
  # get access.
  $auth_openid = undef,
  $docroot = '/var/www',
  $runtime_dir_mode = '0755',
  $download_url = 'https://download.limesurvey.org/latest-stable-release/',
  $version = '3.15.6+190108',
  $www_group = 'www-data',
  $www_user = 'www-data',
  # These are required for bootstrapping, so do not have defaults.
  $adminuser,
  $adminpass,
  $adminmail,
 ) {
  $distro_packages = [
    'libapache2-mod-php',
    'php',
    'php-gd',
    'php-imap',
    'php-ldap',
    'php-mbstring',
    'php-mcrypt',
    'php-mysql',
    'php-xml',
    'php-zip',
    'ssl-cert',
  ]
  package { $distro_packages:
    ensure => present,
  }
  exec { 'limesurvey-download':
    path    => '/bin:/usr/bin',
    creates => "${docroot}/tmp/runtime",
    command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'",
    require => File[$docroot],
    user    => $www_user,
  }
  exec { 'limesurvey-unzip':
    path    => '/bin:/usr/bin',
    cwd     => '/tmp',
    creates => "${docroot}/tmp/runtime",
    command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'",
    notify  => Exec['limesurvey-install'],
    require => Exec['limesurvey-download'],
    user    => $www_user,
  }
  exec { 'limesurvey-install':
    command     => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}",
    cwd         => "${docroot}/application/commands",
    refreshonly => true,
    require     => [
      File["${docroot}/application/config/config.php"],
      Package[$distro_packages],
    ],
    user        => $www_user,
  }
  file { "/tmp/limesurvey${version}.tar.gz":
    ensure  => absent,
    require => Exec['limesurvey-unzip'],
  }
  file { "${docroot}/tmp/runtime/":
    ensure  => directory,
    mode    => $runtime_dir_mode,
    require => Exec['limesurvey-install'],
  }
  file { "${docroot}/application/config/config.php":
    ensure  => present,
    owner   => $www_user,
    group   => $www_group,
    mode    => '0660',
    content => template ('openstack_project/survey.config.php.erb'),
    replace => true,
    require => Exec['limesurvey-unzip'],
  }
  include ::httpd
  ::httpd::vhost { $vhost_name:
    port     => 443,
    docroot  => $docroot,
    priority => '50',
    template => 'openstack_project/survey.vhost.erb',
    ssl      => true,
  }
  if !defined(Httpd::Mod['rewrite']) {
    httpd::mod { 'rewrite':
      ensure => present,
    }
  }
  if ($auth_openid != undef) {
    if !defined(Package['libapache2-mod-auth-openid']) {
      package { 'libapache2-mod-auth-openid':
        ensure => present,
      }
    }
    if !defined(Httpd::Mod['auth_openid']) {
      # Workaround for https://bugs.debian.org/759209
      file { '/etc/apache2/mods-available/auth_openid.load':
        ensure  => present,
        content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so',
        replace => true,
        require => Package['libapache2-mod-auth-openid'],
      }
      httpd::mod { 'auth_openid':
        ensure  => present,
        require => File['/etc/apache2/mods-available/auth_openid.load'],
      }
    }
  }
  file { $docroot:
    ensure => directory,
    owner  => $www_user,
    group  => $www_group,
  }
  file { "${docroot}/robots.txt":
    ensure  => present,
    source  => 'puppet:///modules/openstack_project/disallow_robots.txt',
    owner   => 'root',
    group   => 'root',
    mode    => '0444',
    require => File[$docroot],
  }
  file { '/etc/ssl/certs':
    ensure => directory,
    owner  => 'root',
    mode   => '0755',
  }
  file { '/etc/ssl/private':
    ensure => directory,
    owner  => 'root',
    mode   => '0700',
  }
  if $ssl_cert_file_contents != '' {
    file { $ssl_cert_file:
      owner   => 'root',
      group   => 'root',
      mode    => '0640',
      content => $ssl_cert_file_contents,
      before  => Httpd::Vhost[$vhost_name],
    }
  }
  if $ssl_key_file_contents != '' {
    file { $ssl_key_file:
      owner   => 'root',
      group   => 'ssl-cert',
      mode    => '0640',
      content => $ssl_key_file_contents,
      require => Package['ssl-cert'],
      before  => Httpd::Vhost[$vhost_name],
    }
  }
  if $ssl_chain_file_contents != '' {
    file { $ssl_chain_file:
      owner   => 'root',
      group   => 'root',
      mode    => '0640',
      content => $ssl_chain_file_contents,
      before  => Httpd::Vhost[$vhost_name],
    }
  }
 }
--- a/modules/openstack_project/templates/survey.config.php.erb
+++ b/modules/openstack_project/templates/survey.config.php.erb
@ -1,65 +0,0 @@
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
 /*
 | -------------------------------------------------------------------
 | DATABASE CONNECTIVITY SETTINGS
 | -------------------------------------------------------------------
 | This file will contain the settings needed to access your database.
 |
 | For complete instructions please consult the 'Database Connection'
 | page of the User Guide.
 |
 | -------------------------------------------------------------------
 | EXPLANATION OF VARIABLES
 | -------------------------------------------------------------------
 |
 |    'connectionString' Hostname, database, port and database type for
 |     the connection. Driver example: mysql. Currently supported:
 |                 mysql, pgsql, mssql, sqlite, oci
 |    'username' The username used to connect to the database
 |    'password' The password used to connect to the database
 |    'tablePrefix' You can add an optional prefix, which will be added
 |                 to the table name when using the Active Record class
 |
 */
 return array(
        'components' => array(
                'db' => array(
                        'connectionString' => 'mysql:host=<%= @dbhost %>;port=3306;dbname=limesurvey;',
                        'emulatePrepare' => true,
                        'username' => 'limesurvey',
                        'password' => '<%= @dbpassword %>',
                        'charset' => 'utf8mb4',
                        'tablePrefix' => '',
                ),
                // Uncomment the following line if you need table-based sessions
                // 'session' => array (
                        // 'class' => 'application.core.web.DbHttpSession',
                        // 'connectionID' => 'db',
                        // 'sessionTableName' => '{{sessions}}',
                // ),
                'urlManager' => array(
                        'urlFormat' => 'path',
                        'rules' => array(
                                // You can add your own rules here
                        ),
                        'showScriptName' => true,
                ),
        ),
        // Use the following config variable to set modified optional settings copied from config-defaults.php
        'config'=>array(
        // debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
        // then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
        // on your webspace.
        // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
                'debug'=>0,
                'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
                // Update default LimeSurvey config here
                'auth_webserver'=>true,
                'auth_webserver_autocreate_user'=>true,
        )
 );
 /* End of file config.php */
 /* Location: ./application/config/config.php */
--- a/modules/openstack_project/templates/survey.vhost.erb
+++ b/modules/openstack_project/templates/survey.vhost.erb
@ -1,51 +0,0 @@
 # ************************************
 # Managed by Puppet
 # ************************************
 <VirtualHost <%= @vhost_name %>:80>
  ServerName <%= @srvname %>
  ReWriteEngine On
  ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
  LogLevel warn
  ErrorLog /var/log/apache2/<%= @name %>_error.log
  CustomLog /var/log/apache2/<%= @name %>_access.log combined
  ServerSignature Off
 </VirtualHost>
 <VirtualHost <%= @vhost_name %>:<%= @port %>>
  ServerName <%= @srvname %>
  DocumentRoot <%= @docroot %>
  <Directory <%= @docroot %>>
    Options <%= @options %>
    AllowOverride None
    Require all granted
  </Directory>
  <% if scope.lookupvar("openstack_project::survey::auth_openid") != nil %>
    <Location /index.php/admin/>
      AuthType OpenID
      AuthName "Welcome"
      AuthOpenIDSecureCookie On
      AuthOpenIDCookieLifespan 3600
      AuthOpenIDTrustRoot https://<%= @srvname %>
      AuthOpenIDServerName https://<%= @srvname %>
      AuthOpenIDSingleIdP https://openstackid.org
      AuthOpenIDTrusted ^https://openstackid.org/.*$
      Require valid-user
    </Location>
  <% end %>
  SSLEngine on
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %>
  SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %>
  <% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %>
    SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %>
  <% end %>
  ErrorLog /var/log/apache2/<%= @name %>_error.log
  LogLevel warn
  CustomLog /var/log/apache2/<%= @name %>_access.log combined
  ServerSignature Off
 </VirtualHost>
--- a/playbooks/group_vars/certcheck.yaml
+++ b/playbooks/group_vars/certcheck.yaml
@ -7,7 +7,6 @@ letsencrypt_certcheck_additional_domains:
  - openstackid.org 443
  - review.openstack.org 443
  - storyboard.openstack.org 443
  - survey.openstack.org 443
  - static.openstack.org 443
  - translate.openstack.org 443
  - wiki.openstack.org 443