Browse Source

Stop managing OpenStackID servers

The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.

OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.

Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
changes/98/806798/1
Jeremy Stanley 3 months ago
parent
commit
2fbf6d9e7a
  1. 147
      doc/source/openstackid.rst
  2. 1
      doc/source/systems.rst
  3. 2
      hiera/common.yaml
  4. 14
      inventory/base/hosts.yaml
  5. 15
      inventory/service/groups.yaml
  6. 4
      inventory/service/host_vars/openstackid01.openstack.org.yaml
  7. 103
      manifests/site.pp
  8. 1
      modules.env
  9. 185
      modules/openstack_project/manifests/openstackid_dev.pp
  10. 197
      modules/openstack_project/manifests/openstackid_prod.pp
  11. 3
      playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
  12. 2
      zuul.d/puppet.yaml

147
doc/source/openstackid.rst

@ -1,147 +0,0 @@
:title: OpenstackId
==================
OpenstackId Server
==================
OpenId Idp/ OAuth2.0 AS/RS
At a Glance
===========
:Wiki:
* https://wiki.openstack.org/wiki/OpenStackID
:Hosts:
* https://openstackid-dev.openstack.org
* https://openstackid.org
:Puppet:
* https://opendev.org/opendev/puppet-openstackid
* :git_file:`modules/openstack_project/manifests/openstackid_dev.pp`
:Projects:
* http://opendev.org/osf/openstackid/
:Bugs:
* https://storyboard.openstack.org/#!/project/728
:Resources:
* http://laravel.com/docs/installation
* http://laravel.com/docs/configuration
Objective
=========
OpenStackID has been developed to provide a unique online identity for
all OpenStack web properties. The intention is to replace Launchpad as
openID provider. The code provides authentication via OpenID and
authentication + authorization via OAuth2. More details about
OpenStackID server are on the wiki.
Servers
=======
openstackid-dev.openstack.org is configured to deploy
http://tarballs.openstack.org/openstackid/openstackid-latest.tar.gz
which is the automatically generated per-commit tarball of the master
branch. No action is necessary to update the deployment of
openstackid-dev to the latest merged commit in master.
openstackid.openstack.org is configured to deploy a specific tag. To
update this deployment, tag the repo to create a release, and then
update puppet to point to that release name.
Configuration
=============
Environment Configuration
_________________________
We need to instruct the Laravel Framework how to determine which
environment it is running in. The default environment is always
production. However, you may setup other environments within the
*bootstrap/start.php* file at the root of your installation.
It is include on folder bootstrap a file called bootstrap/environment.php.tpl
you must make a copy and rename it to bootstrap/environment.php
In this file you will find an **$app->detectEnvironment** call. The
array passed to this method is used to determine the current
environment. You may add other environments and machine names to the
array as needed.
.. code-block:: php
<?php
$env = $app->detectEnvironment(array(
'local' => array('your-machine-name'),
));
Database Configuration
______________________
It is often helpful to have different configuration values based on
the environment the application is running in. For example, you may
wish to use a different database configuration on your development
machine than on the production server. It is easy to accomplish this
using environment based configuration.
Simply create a folder within the config directory that matches your
environment name, such as **dev**. Next, create the configuration
files you wish to override and specify the options for that
environment. For example, to override the database configuration for
the local environment, you would create a database.php file in
app/config/dev.
OpenstackId server makes use of two database connections:
* openstackid
* os_members
**openstackid** is its own OpenstackId Server DB, where stores all
related configuration to openid/oauth2 protocol.
**os_members** is SS DB (http://www.openstack.org/).
both configuration are living on config file **database.php**, which
could be a set per environment as forementioned like
app/config/dev/database.php
Error Log Configuration
_______________________
Error log configuration is on file *app/config/log.php* but could be
overridden per environment such as *app/config/dev/log.php* , here you
set two variables:
* to_email : The receiver of the error log email.
* from_email: The sender of the error log email.
Recaptcha Configuration
_______________________
OpenstackId server uses recaptcha facility to discourage brute force
attacks attempts on login page, so in order to work properly recaptcha
plugin must be provided with a public and a private key
(http://www.google.com/recaptcha). These keys are set on file
*app/config/packages/greggilbert/recaptcha/config.php*, but also
could be set per environment using following directory structure
*app/config/packages/greggilbert/recaptcha/dev/config.php*.
Installation
____________
OpenstackId Server uses composer utility in order to install all
needed dependencies. After you get the source code from git, you must
run following commands on application root directory:
* curl -sS https://getcomposer.org/installer | php
* php composer.phar install
* php artisan migrate --env=YOUR ENVIRONMENT
* php artisan db:seed --env=YOUR ENVIRONMENT
** your virtual host must point to /public folder.
Permissions
___________
Laravel may require one set of permissions to be configured: folders
within app/storage require write access by the web server.

1
doc/source/systems.rst

@ -27,7 +27,6 @@ Major Systems
reprepro
lists
wiki
openstackid
storyboard
kerberos
afs

2
hiera/common.yaml

@ -69,8 +69,6 @@ cacti_hosts:
- nl04.opendev.org
- ns1.opendev.org
- ns2.opendev.org
- openstackid01.openstack.org
- openstackid.org
- paste.openstack.org
- puppetmaster.openstack.org
- meetpad.opendev.org

14
inventory/base/hosts.yaml

@ -590,20 +590,6 @@ all:
region_name: ca-ymq-1
public_v4: 162.253.55.16
public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447
openstackid-dev01.openstack.org:
ansible_host: 104.130.246.14
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.246.14
public_v6: 2001:4800:7819:103:be76:4eff:fe04:8719
openstackid01.openstack.org:
ansible_host: 104.130.159.12
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.159.12
public_v6: 2001:4800:7818:102:be76:4eff:fe04:673f
paste01.opendev.org:
ansible_host: 104.130.127.175
location:

15
inventory/service/groups.yaml

@ -43,7 +43,6 @@ groups:
control-plane-clouds:
- bridge.openstack.org
disabled:
- idp.openstackid.org
- wiki-dev01.openstack.org
- wiki-upgrade-test.openstack.org
dns:
@ -94,7 +93,6 @@ groups:
- meetpad[0-9]*.opendev.org
- mirror[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- openstackid[0-9]*.openstack.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- review[0-9]*.opendev.org
@ -124,11 +122,6 @@ groups:
- nl[0-9]*.open*.org
ns:
- ns[0-9]*.open*.org
openstackid-dev:
- openstackid-dev*.openstack.org
openstackid:
- openstackid.org
- openstackid[0-9]*.openstack.org
paste:
- paste[0-9]*.opendev.org
puppet:
@ -138,9 +131,6 @@ groups:
- health[0-9]*.openstack.org
- logstash-worker[0-9]*.open*.org
- logstash[0-9]*.open*.org
- openstackid-dev*.openstack.org
- openstackid.org
- openstackid[0-9]*.openstack.org
- status*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
@ -156,8 +146,6 @@ groups:
- health[0-9]*.openstack.org
- logstash-worker[0-9]*.open*.org
- logstash[0-9]*.open*.org
- openstackid[0-9]*.openstack.org
- openstackid-dev[0-9]*.openstack.org
- status*.open*.org
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
@ -200,9 +188,6 @@ groups:
- health[0-9]*.openstack.org
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
- openstackid-dev*.openstack.org
- openstackid.org
- openstackid[0-9]*.openstack.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- static[0-9]*.opendev.org

4
inventory/service/host_vars/openstackid01.openstack.org.yaml

@ -1,4 +0,0 @@
letsencrypt_certs:
openstackid01-openstack-org-main:
- openstackid.org
- www.openstackid.org

103
manifests/site.pp

@ -203,109 +203,6 @@ node /^status\d*\.open.*\.org$/ {
}
}
# Node-OS: xenial
node /^openstackid\d*(\.openstack)?\.org$/ {
$group = "openstackid"
class { 'openstack_project::openstackid_prod':
site_admin_password => hiera('openstackid_site_admin_password'),
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_id_mysql_password'),
id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
id_db_name => hiera('openstackid_id_db_name'),
redis_password => hiera('openstackid_redis_password'),
ssl_cert_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
vhost_name => 'openstackid.org',
session_cookie_domain => 'openstackid.org',
serveradmin => 'webmaster@openstackid.org',
canonicalweburl => 'https://openstackid.org/',
app_url => 'https://openstackid.org',
app_key => hiera('openstackid_app_key'),
id_log_error_to_email => 'openstack@tipit.net',
id_log_error_from_email => 'noreply@openstack.org',
email_driver => 'sendgrid',
email_send_grid_api_key => hiera('openstackid_send_grid_api_key'),
php_version => 7,
mysql_ssl_enabled => true,
mysql_ssl_ca_file_contents => hiera('openstackid_mysql_ssl_ca_file_contents'),
mysql_ssl_client_key_file_contents => hiera('openstackid_mysql_ssl_client_key_file_contents'),
mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),
user_spam_processor_to => hiera('openstackid_user_spam_processor_to'),
message_broker_exchange_name => 'message-broker',
message_broker_host => hiera('openstackid_message_broker_host'),
message_broker_port => 5671,
message_broker_vhost => 'databus',
message_broker_login => hiera('openstackid_message_broker_login'),
message_broker_password => hiera('openstackid_message_broker_password'),
message_broker_ssl_enabled => true,
message_broker_ssl_ca_file_contents => hiera('openstackid_message_broker_ssl_ca_file_contents'),
message_broker_ssl_client_cert_file_contents => hiera('openstackid_message_broker_ssl_client_cert_file_contents'),
message_broker_ssl_client_key_file_contents => hiera('openstackid_message_broker_ssl_client_key_file_contents'),
message_broker_enabled => true,
cloud_storage_base_url => hiera('openstackid_cloud_storage_base_url'),
cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
cloud_storage_app_credential_id => hiera('openstackid_cloud_storage_app_credential_id'),
cloud_storage_app_credential_secret => hiera('openstackid_cloud_storage_app_credential_secret'),
cloud_storage_project_name => hiera('openstackid_cloud_storage_project_name'),
cloud_storage_region => 'ca-ymq-1',
cloud_storage_container => 'idp-osf',
}
}
# Node-OS: xenial
node /^openstackid-dev\d*\.openstack\.org$/ {
$group = "openstackid-dev"
class { 'openstack_project::openstackid_dev':
site_admin_password => hiera('openstackid_dev_site_admin_password'),
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
redis_password => hiera('openstackid_dev_redis_password'),
ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'),
vhost_name => 'openstackid-dev.openstack.org',
session_cookie_domain => 'openstackid-dev.openstack.org',
serveradmin => 'webmaster@openstackid-dev.openstack.org',
canonicalweburl => 'https://openstackid-dev.openstack.org/',
app_url => 'https://openstackid-dev.openstack.org',
app_key => hiera('openstackid_dev_app_key'),
id_log_error_to_email => 'openstack@tipit.net',
id_log_error_from_email => 'noreply@openstack.org',
email_driver => 'sendgrid',
email_send_grid_api_key => hiera('openstackid_dev_send_grid_api_key'),
php_version => 7,
mysql_ssl_enabled => true,
mysql_ssl_ca_file_contents => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),
mysql_ssl_client_key_file_contents => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),
mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),
user_spam_processor_to => hiera('openstackid_dev_user_spam_processor_to'),
message_broker_exchange_name => 'message-broker',
message_broker_host => hiera('openstackid_dev_message_broker_host'),
message_broker_port => 5671,
message_broker_vhost => 'databus',
message_broker_login => hiera('openstackid_dev_message_broker_login'),
message_broker_password => hiera('openstackid_dev_message_broker_password'),
message_broker_ssl_enabled => true,
message_broker_ssl_ca_file_contents => hiera('openstackid_dev_message_broker_ssl_ca_file_contents'),
message_broker_ssl_client_cert_file_contents => hiera('openstackid_dev_message_broker_ssl_client_cert_file_contents'),
message_broker_ssl_client_key_file_contents => hiera('openstackid_dev_message_broker_ssl_client_key_file_contents'),
message_broker_enabled => true,
cloud_storage_base_url => hiera('openstackid_dev_cloud_storage_base_url'),
cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
cloud_storage_app_credential_id => hiera('openstackid_dev_cloud_storage_app_credential_id'),
cloud_storage_app_credential_secret => hiera('openstackid_dev_cloud_storage_app_credential_secret'),
cloud_storage_project_name => hiera('openstackid_dev_cloud_storage_project_name'),
cloud_storage_region => 'ca-ymq-1',
cloud_storage_container => 'idp-osf',
}
}
# Node-OS: xenial
node /^translate\d+\.open.*\.org$/ {
$group = "translate"

1
modules.env

@ -72,7 +72,6 @@ INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-mediawiki"]="origin/mast
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-meetbot"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-mysql_backup"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-openstack_health"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-openstackid"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-pgsql_backup"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-pip"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-project_config"]="origin/master"

185
modules/openstack_project/manifests/openstackid_dev.pp

@ -1,185 +0,0 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# openstackid idp(sso-openid) dev server
#
class openstack_project::openstackid_dev (
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
$id_mysql_password = '',
$id_db_name = 'openstackid_dev',
$redis_port = '6378',
$redis_max_memory = '1gb',
$redis_bind = '127.0.0.1',
$redis_password = '',
$redis_version = '2.8.4',
$id_recaptcha_public_key = '',
$id_recaptcha_private_key = '',
$id_recaptcha_template = '',
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'dev',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$vhost_name = '',
$serveradmin = '',
$canonicalweburl = '',
$session_cookie_domain = '',
$app_url = '',
$app_key = '',
$email_driver = 'mail',
$email_send_grid_api_key = '',
$email_smtp_server = 'smtp.mailgun.org',
$email_smtp_server_port = 587,
$email_smtp_server_user = '',
$email_smtp_server_password = '',
$laravel_version = 5,
$app_log_level = 'debug',
$app_log_email_level = 'error',
$db_log_enabled = false,
$banning_enabled = false,
$app_debug = false,
$app_locale = 'en',
$curl_verify_ssl_cert = false,
$curl_allow_redirect = false,
$curl_timeout = 60,
$assets_base_url = 'https://devbranch.openstack.org/',
$cache_driver = 'redis',
$session_driver = 'redis',
$session_cookie_secure = false,
$php_version = 7,
$mysql_ssl_enabled = false,
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
$mysql_ssl_ca_file_contents = '',
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
$mysql_ssl_client_key_file_contents = '',
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
$mysql_ssl_client_cert_file_contents = '',
$user_spam_processor_to = '',
$message_broker_exchange_name = 'message-broker',
$message_broker_host = '',
$message_broker_port = 5672,
$message_broker_vhost = 'databus',
$message_broker_login = '',
$message_broker_password = '',
$message_broker_ssl_enabled = false,
$message_broker_ssl_ca_file = '/etc/rabbitmq-client-ssl/ca-cert.pem',
$message_broker_ssl_ca_file_contents = '',
$message_broker_ssl_client_cert_file = '/etc/rabbitmq-client-ssl/client-cert.pem',
$message_broker_ssl_client_cert_file_contents = '',
$message_broker_ssl_client_key_file = '/etc/rabbitmq-client-ssl/client-key.pem',
$message_broker_ssl_client_key_file_contents = '',
$message_broker_enabled = false,
$cloud_storage_base_url = '',
$cloud_storage_auth_url = '',
$cloud_storage_app_credential_id = '',
$cloud_storage_app_credential_secret = '',
$cloud_storage_project_name = '',
$cloud_storage_region = '',
$cloud_storage_container = '',
) {
class { 'openstack_project::server': }
class { 'openstackid':
site_admin_password => $site_admin_password,
id_mysql_host => $id_mysql_host,
id_mysql_user => $id_mysql_user,
id_mysql_password => $id_mysql_password,
id_db_name => $id_db_name,
redis_port => $redis_port,
redis_host => $redis_bind,
redis_password => $redis_password,
id_recaptcha_public_key => $id_recaptcha_public_key,
id_recaptcha_private_key => $id_recaptcha_private_key,
id_recaptcha_template => $id_recaptcha_template,
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
vhost_name => $vhost_name,
serveradmin => $serveradmin,
canonicalweburl => $canonicalweburl,
session_cookie_domain => $session_cookie_domain,
app_url => $app_url,
app_key => $app_key,
email_driver => $email_driver,
email_send_grid_api_key => $email_send_grid_api_key,
email_smtp_server => $email_smtp_server,
email_smtp_server_port => $email_smtp_server_port,
email_smtp_server_user => $email_smtp_server_user,
email_smtp_server_password => $email_smtp_server_password,
laravel_version => $laravel_version,
app_log_level => $app_log_level,
app_log_email_level => $app_log_email_level,
db_log_enabled => $db_log_enabled,
banning_enabled => $banning_enabled,
app_debug => $app_debug,
app_locale => $app_locale,
curl_verify_ssl_cert => $curl_verify_ssl_cert,
curl_allow_redirect => $curl_allow_redirect,
curl_timeout => $curl_timeout,
assets_base_url => $assets_base_url,
cache_driver => $cache_driver,
session_driver => $session_driver,
session_cookie_secure => $session_cookie_secure,
php_version => $php_version,
mysql_ssl_enabled => $mysql_ssl_enabled,
mysql_ssl_ca_file => $mysql_ssl_ca_file,
mysql_ssl_ca_file_contents => $mysql_ssl_ca_file_contents,
mysql_ssl_client_key_file => $mysql_ssl_client_key_file,
mysql_ssl_client_key_file_contents => $mysql_ssl_client_key_file_contents,
mysql_ssl_client_cert_file => $mysql_ssl_client_cert_file,
mysql_ssl_client_cert_file_contents => $mysql_ssl_client_cert_file_contents,
user_spam_processor_to => $user_spam_processor_to,
message_broker_exchange_name => $message_broker_exchange_name,
message_broker_host => $message_broker_host,
message_broker_port => $message_broker_port,
message_broker_vhost => $message_broker_vhost,
message_broker_login => $message_broker_login,
message_broker_password => $message_broker_password,
message_broker_ssl_enabled => $message_broker_ssl_enabled,
message_broker_ssl_ca_file => $message_broker_ssl_ca_file,
message_broker_ssl_ca_file_contents => $message_broker_ssl_ca_file_contents,
message_broker_ssl_client_cert_file => $message_broker_ssl_client_cert_file,
message_broker_ssl_client_cert_file_contents => $message_broker_ssl_client_cert_file_contents,
message_broker_ssl_client_key_file => $message_broker_ssl_client_key_file,
message_broker_ssl_client_key_file_contents => $message_broker_ssl_client_key_file_contents,
message_broker_enabled => $message_broker_enabled,
cloud_storage_base_url => $cloud_storage_base_url,
cloud_storage_auth_url => $cloud_storage_auth_url,
cloud_storage_app_credential_id => $cloud_storage_app_credential_id,
cloud_storage_app_credential_secret => $cloud_storage_app_credential_secret,
cloud_storage_project_name => $cloud_storage_project_name,
cloud_storage_region => $cloud_storage_region,
cloud_storage_container => $cloud_storage_container,
}
# redis (custom module written by tipit)
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
version => $redis_version ,
}
}

197
modules/openstack_project/manifests/openstackid_prod.pp

@ -1,197 +0,0 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# openstackid idp(sso-openid) server
#
class openstack_project::openstackid_prod (
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
$id_mysql_password = '',
$id_db_name = '',
$redis_port = '6378',
$redis_max_memory = '1gb',
$redis_bind = '127.0.0.1',
$redis_password = '',
$redis_version = '2.8.4',
$id_recaptcha_public_key = '',
$id_recaptcha_private_key = '',
$id_recaptcha_template = '',
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'production',
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$vhost_name = '',
$serveradmin = '',
$canonicalweburl = '',
$session_cookie_domain = '',
$release = '3.0.18',
$app_url = '',
$app_key = '',
$email_driver = 'mail',
$email_send_grid_api_key = '',
$email_smtp_server = 'smtp.mailgun.org',
$email_smtp_server_port = 587,
$email_smtp_server_user = '',
$email_smtp_server_password = '',
$laravel_version = 5,
$app_log_level = 'error',
$app_log_email_level = 'error',
$db_log_enabled = false,
$banning_enabled = true,
$app_debug = false,
$app_locale = 'en',
$curl_verify_ssl_cert = true,
$curl_allow_redirect = false,
$curl_timeout = 60,
$assets_base_url = 'https://www.openstack.org/',
$cache_driver = 'redis',
$session_driver = 'redis',
$session_cookie_secure = false,
$php_version = 7,
$mysql_ssl_enabled = false,
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
$mysql_ssl_ca_file_contents = '',
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
$mysql_ssl_client_key_file_contents = '',
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
$mysql_ssl_client_cert_file_contents = '',
$user_spam_processor_to = '',
$message_broker_exchange_name = 'message-broker',
$message_broker_host = '',
$message_broker_port = 5672,
$message_broker_vhost = 'databus',
$message_broker_login = '',
$message_broker_password = '',
$message_broker_ssl_enabled = false,
$message_broker_ssl_ca_file = '/etc/rabbitmq-client-ssl/ca-cert.pem',
$message_broker_ssl_ca_file_contents = '',
$message_broker_ssl_client_cert_file = '/etc/rabbitmq-client-ssl/client-cert.pem',
$message_broker_ssl_client_cert_file_contents = '',
$message_broker_ssl_client_key_file = '/etc/rabbitmq-client-ssl/client-key.pem',
$message_broker_ssl_client_key_file_contents = '',
$message_broker_enabled = false,
$cloud_storage_base_url = '',
$cloud_storage_auth_url = '',
$cloud_storage_app_credential_id = '',
$cloud_storage_app_credential_secret = '',
$cloud_storage_project_name = '',
$cloud_storage_region = '',
$cloud_storage_container = '',
) {
class { 'openstack_project::server': }
class { 'openstackid':
site_admin_password => $site_admin_password,
id_mysql_host => $id_mysql_host,
id_mysql_user => $id_mysql_user,
id_mysql_password => $id_mysql_password,
id_db_name => $id_db_name,
redis_port => $redis_port,
redis_host => $redis_bind,
redis_password => $redis_password,
id_recaptcha_public_key => $id_recaptcha_public_key,
id_recaptcha_private_key => $id_recaptcha_private_key,
id_recaptcha_template => $id_recaptcha_template,
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
vhost_name => $vhost_name,
serveradmin => $serveradmin,
canonicalweburl => $canonicalweburl,
session_cookie_domain => $session_cookie_domain,
openstackid_release => $release,
app_url => $app_url,
app_key => $app_key,
app_version => $release,
email_driver => $email_driver,
email_send_grid_api_key => $email_send_grid_api_key,
email_smtp_server => $email_smtp_server,
email_smtp_server_port => $email_smtp_server_port,
email_smtp_server_user => $email_smtp_server_user,
email_smtp_server_password => $email_smtp_server_password,
laravel_version => $laravel_version,
app_log_level => $app_log_level,
app_log_email_level => $app_log_email_level,
db_log_enabled => $db_log_enabled,
banning_enabled => $banning_enabled,
app_debug => $app_debug,
app_locale => $app_locale,
curl_verify_ssl_cert => $curl_verify_ssl_cert,
curl_allow_redirect => $curl_allow_redirect,
curl_timeout => $curl_timeout,
assets_base_url => $assets_base_url,
cache_driver => $cache_driver,
session_driver => $session_driver,
session_cookie_secure => $session_cookie_secure,
php_version => $php_version,
mysql_ssl_enabled => $mysql_ssl_enabled,
mysql_ssl_ca_file => $mysql_ssl_ca_file,
mysql_ssl_ca_file_contents => $mysql_ssl_ca_file_contents,
mysql_ssl_client_key_file => $mysql_ssl_client_key_file,
mysql_ssl_client_key_file_contents => $mysql_ssl_client_key_file_contents,
mysql_ssl_client_cert_file => $mysql_ssl_client_cert_file,
mysql_ssl_client_cert_file_contents => $mysql_ssl_client_cert_file_contents,
user_spam_processor_to => $user_spam_processor_to,
message_broker_exchange_name => $message_broker_exchange_name,
message_broker_host => $message_broker_host,
message_broker_port => $message_broker_port,
message_broker_vhost => $message_broker_vhost,
message_broker_login => $message_broker_login,
message_broker_password => $message_broker_password,
message_broker_ssl_enabled => $message_broker_ssl_enabled,
message_broker_ssl_ca_file => $message_broker_ssl_ca_file,
message_broker_ssl_ca_file_contents => $message_broker_ssl_ca_file_contents,
message_broker_ssl_client_cert_file => $message_broker_ssl_client_cert_file,
message_broker_ssl_client_cert_file_contents => $message_broker_ssl_client_cert_file_contents,
message_broker_ssl_client_key_file => $message_broker_ssl_client_key_file,
message_broker_ssl_client_key_file_contents => $message_broker_ssl_client_key_file_contents,
message_broker_enabled => $message_broker_enabled,
cloud_storage_base_url => $cloud_storage_base_url,
cloud_storage_auth_url => $cloud_storage_auth_url,
cloud_storage_app_credential_id => $cloud_storage_app_credential_id,
cloud_storage_app_credential_secret => $cloud_storage_app_credential_secret,
cloud_storage_project_name => $cloud_storage_project_name,
cloud_storage_region => $cloud_storage_region,
cloud_storage_container => $cloud_storage_container,
}
# redis (custom module written by tipit)
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
version => $redis_version ,
}
mysql_backup::backup_remote { $id_db_name:
database_host => $id_mysql_host,
database_user => $id_mysql_user,
database_password => $id_mysql_password,
}
}

3
playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@ -246,9 +246,6 @@
- name: letsencrypt updated ethercalc02-openstack-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated openstackid01-openstack-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated storyboard01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

2
zuul.d/puppet.yaml

@ -27,7 +27,6 @@
- opendev/puppet-meetbot
- opendev/puppet-mysql_backup
- opendev/puppet-openstack_health
- opendev/puppet-openstackid
- opendev/puppet-openstack_infra_spec_helper
- opendev/puppet-pgsql_backup
- opendev/puppet-pip
@ -97,7 +96,6 @@
- opendev/puppet-mysql_backup
- opendev/puppet-meetbot
- opendev/puppet-pip
- opendev/puppet-openstackid
- opendev/puppet-project_config
- opendev/puppet-ethercalc
- opendev/puppet-httpd

Loading…
Cancel
Save