opendev/system-config
Code Issues Proposed changes

Stop managing OpenStackID servers

Browse Source 
The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.

OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.

Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
This commit is contained in:
Jeremy Stanley 2021-08-31 19:51:27 +00:00
parent 861f4698aa
commit 2fbf6d9e7a
12 changed files with 0 additions and 674 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
doc/source/openstackid.rst
View File

@ -1,147 +0,0 @@
:title: OpenstackId
==================
OpenstackId Server
==================
OpenId Idp/ OAuth2.0 AS/RS
At a Glance
===========
:Wiki:
* https://wiki.openstack.org/wiki/OpenStackID
:Hosts:
* https://openstackid-dev.openstack.org
* https://openstackid.org
:Puppet:
* https://opendev.org/opendev/puppet-openstackid
* :git_file:`modules/openstack_project/manifests/openstackid_dev.pp`
:Projects:
* http://opendev.org/osf/openstackid/
:Bugs:
* https://storyboard.openstack.org/#!/project/728
:Resources:
* http://laravel.com/docs/installation
* http://laravel.com/docs/configuration
Objective
=========
OpenStackID has been developed to provide a unique online identity for
all OpenStack web properties. The intention is to replace Launchpad as
openID provider. The code provides authentication via OpenID and
authentication + authorization via OAuth2. More details about
OpenStackID server are on the wiki.
Servers
=======
openstackid-dev.openstack.org is configured to deploy
http://tarballs.openstack.org/openstackid/openstackid-latest.tar.gz
which is the automatically generated per-commit tarball of the master
branch. No action is necessary to update the deployment of
openstackid-dev to the latest merged commit in master.
openstackid.openstack.org is configured to deploy a specific tag. To
update this deployment, tag the repo to create a release, and then
update puppet to point to that release name.
Configuration
=============
Environment Configuration
_________________________
We need to instruct the Laravel Framework how to determine which
environment it is running in. The default environment is always
production. However, you may setup other environments within the
*bootstrap/start.php* file at the root of your installation.
It is include on folder bootstrap a file called bootstrap/environment.php.tpl
you must make a copy and rename it to bootstrap/environment.php
In this file you will find an **$app->detectEnvironment** call. The
array passed to this method is used to determine the current
environment. You may add other environments and machine names to the
array as needed.
.. code-block:: php
<?php
$env = $app->detectEnvironment(array(
'local' => array('your-machine-name'),
));
Database Configuration
______________________
It is often helpful to have different configuration values based on
the environment the application is running in. For example, you may
wish to use a different database configuration on your development
machine than on the production server. It is easy to accomplish this
using environment based configuration.
Simply create a folder within the config directory that matches your
environment name, such as **dev**. Next, create the configuration
files you wish to override and specify the options for that
environment. For example, to override the database configuration for
the local environment, you would create a database.php file in
app/config/dev.
OpenstackId server makes use of two database connections:
* openstackid
* os_members
**openstackid** is its own OpenstackId Server DB, where stores all
related configuration to openid/oauth2 protocol.
**os_members** is SS DB (http://www.openstack.org/).
both configuration are living on config file **database.php**, which
could be a set per environment as forementioned like
app/config/dev/database.php
Error Log Configuration
_______________________
Error log configuration is on file *app/config/log.php* but could be
overridden per environment such as *app/config/dev/log.php* , here you
set two variables:
* to_email : The receiver of the error log email.
* from_email: The sender of the error log email.
Recaptcha Configuration
_______________________
OpenstackId server uses recaptcha facility to discourage brute force
attacks attempts on login page, so in order to work properly recaptcha
plugin must be provided with a public and a private key
(http://www.google.com/recaptcha). These keys are set on file
*app/config/packages/greggilbert/recaptcha/config.php*, but also
could be set per environment using following directory structure
*app/config/packages/greggilbert/recaptcha/dev/config.php*.
Installation
____________
OpenstackId Server uses composer utility in order to install all
needed dependencies. After you get the source code from git, you must
run following commands on application root directory:
* curl -sS https://getcomposer.org/installer | php
* php composer.phar install
* php artisan migrate --env=YOUR ENVIRONMENT
* php artisan db:seed --env=YOUR ENVIRONMENT
** your virtual host must point to /public folder.
Permissions
___________
Laravel may require one set of permissions to be configured: folders
within app/storage require write access by the web server.

1
doc/source/systems.rst
View File

@ -27,7 +27,6 @@ Major Systems
reprepro
lists
wiki
openstackid
storyboard
kerberos
afs

2
hiera/common.yaml
View File

@ -69,8 +69,6 @@ cacti_hosts:
- nl04.opendev.org
- ns1.opendev.org
- ns2.opendev.org
- openstackid01.openstack.org
- openstackid.org
- paste.openstack.org
- puppetmaster.openstack.org
- meetpad.opendev.org

14
inventory/base/hosts.yaml
View File

@ -590,20 +590,6 @@ all:
region_name: ca-ymq-1
public_v4: 162.253.55.16
public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447
openstackid-dev01.openstack.org:
ansible_host: 104.130.246.14
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.246.14
public_v6: 2001:4800:7819:103:be76:4eff:fe04:8719
openstackid01.openstack.org:
ansible_host: 104.130.159.12
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.159.12
public_v6: 2001:4800:7818:102:be76:4eff:fe04:673f
paste01.opendev.org:
ansible_host: 104.130.127.175
location:

15
inventory/service/groups.yaml
View File

@ -43,7 +43,6 @@ groups:
control-plane-clouds:
- bridge.openstack.org
disabled:
- idp.openstackid.org
- wiki-dev01.openstack.org
- wiki-upgrade-test.openstack.org
dns:
@ -94,7 +93,6 @@ groups:
- meetpad[0-9]*.opendev.org
- mirror[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- openstackid[0-9]*.openstack.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- review[0-9]*.opendev.org
@ -124,11 +122,6 @@ groups:
- nl[0-9]*.open*.org
ns:
- ns[0-9]*.open*.org
openstackid-dev:
- openstackid-dev*.openstack.org
openstackid:
- openstackid.org
- openstackid[0-9]*.openstack.org
paste:
- paste[0-9]*.opendev.org
puppet:
@ -138,9 +131,6 @@ groups:
- health[0-9]*.openstack.org
- logstash-worker[0-9]*.open*.org
- logstash[0-9]*.open*.org
- openstackid-dev*.openstack.org
- openstackid.org
- openstackid[0-9]*.openstack.org
- status*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
@ -156,8 +146,6 @@ groups:
- health[0-9]*.openstack.org
- logstash-worker[0-9]*.open*.org
- logstash[0-9]*.open*.org
- openstackid[0-9]*.openstack.org
- openstackid-dev[0-9]*.openstack.org
- status*.open*.org
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
@ -200,9 +188,6 @@ groups:
- health[0-9]*.openstack.org
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
- openstackid-dev*.openstack.org
- openstackid.org
- openstackid[0-9]*.openstack.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- static[0-9]*.opendev.org

4
inventory/service/host_vars/openstackid01.openstack.org.yaml
View File

@ -1,4 +0,0 @@
letsencrypt_certs:
openstackid01-openstack-org-main:
- openstackid.org
- www.openstackid.org

103
manifests/site.pp
View File

@ -203,109 +203,6 @@ node /^status\d*\.open.*\.org$/ {
}
}
# Node-OS: xenial
node /^openstackid\d*(\.openstack)?\.org$/ {
$group = "openstackid"
class { 'openstack_project::openstackid_prod':
site_admin_password => hiera('openstackid_site_admin_password'),
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_id_mysql_password'),
id_mysql_user => hiera('openstackid_id_mysql_user', 'username'),
id_db_name => hiera('openstackid_id_db_name'),
redis_password => hiera('openstackid_redis_password'),
ssl_cert_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.cer',
ssl_key_file => '/etc/letsencrypt-certs/openstackid.org/openstackid.org.key',
ssl_chain_file => '/etc/letsencrypt-certs/openstackid.org/ca.cer',
id_recaptcha_public_key => hiera('openstackid_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_recaptcha_private_key'),
vhost_name => 'openstackid.org',
session_cookie_domain => 'openstackid.org',
serveradmin => 'webmaster@openstackid.org',
canonicalweburl => 'https://openstackid.org/',
app_url => 'https://openstackid.org',
app_key => hiera('openstackid_app_key'),
id_log_error_to_email => 'openstack@tipit.net',
id_log_error_from_email => 'noreply@openstack.org',
email_driver => 'sendgrid',
email_send_grid_api_key => hiera('openstackid_send_grid_api_key'),
php_version => 7,
mysql_ssl_enabled => true,
mysql_ssl_ca_file_contents => hiera('openstackid_mysql_ssl_ca_file_contents'),
mysql_ssl_client_key_file_contents => hiera('openstackid_mysql_ssl_client_key_file_contents'),
mysql_ssl_client_cert_file_contents => hiera('openstackid_mysql_ssl_client_cert_file_contents'),
user_spam_processor_to => hiera('openstackid_user_spam_processor_to'),
message_broker_exchange_name => 'message-broker',
message_broker_host => hiera('openstackid_message_broker_host'),
message_broker_port => 5671,
message_broker_vhost => 'databus',
message_broker_login => hiera('openstackid_message_broker_login'),
message_broker_password => hiera('openstackid_message_broker_password'),
message_broker_ssl_enabled => true,
message_broker_ssl_ca_file_contents => hiera('openstackid_message_broker_ssl_ca_file_contents'),
message_broker_ssl_client_cert_file_contents => hiera('openstackid_message_broker_ssl_client_cert_file_contents'),
message_broker_ssl_client_key_file_contents => hiera('openstackid_message_broker_ssl_client_key_file_contents'),
message_broker_enabled => true,
cloud_storage_base_url => hiera('openstackid_cloud_storage_base_url'),
cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
cloud_storage_app_credential_id => hiera('openstackid_cloud_storage_app_credential_id'),
cloud_storage_app_credential_secret => hiera('openstackid_cloud_storage_app_credential_secret'),
cloud_storage_project_name => hiera('openstackid_cloud_storage_project_name'),
cloud_storage_region => 'ca-ymq-1',
cloud_storage_container => 'idp-osf',
}
}
# Node-OS: xenial
node /^openstackid-dev\d*\.openstack\.org$/ {
$group = "openstackid-dev"
class { 'openstack_project::openstackid_dev':
site_admin_password => hiera('openstackid_dev_site_admin_password'),
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
id_mysql_user => hiera('openstackid_dev_id_mysql_user', 'username'),
redis_password => hiera('openstackid_dev_redis_password'),
ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'),
id_recaptcha_public_key => hiera('openstackid_dev_recaptcha_public_key'),
id_recaptcha_private_key => hiera('openstackid_dev_recaptcha_private_key'),
vhost_name => 'openstackid-dev.openstack.org',
session_cookie_domain => 'openstackid-dev.openstack.org',
serveradmin => 'webmaster@openstackid-dev.openstack.org',
canonicalweburl => 'https://openstackid-dev.openstack.org/',
app_url => 'https://openstackid-dev.openstack.org',
app_key => hiera('openstackid_dev_app_key'),
id_log_error_to_email => 'openstack@tipit.net',
id_log_error_from_email => 'noreply@openstack.org',
email_driver => 'sendgrid',
email_send_grid_api_key => hiera('openstackid_dev_send_grid_api_key'),
php_version => 7,
mysql_ssl_enabled => true,
mysql_ssl_ca_file_contents => hiera('openstackid_dev_mysql_ssl_ca_file_contents'),
mysql_ssl_client_key_file_contents => hiera('openstackid_dev_mysql_ssl_client_key_file_contents'),
mysql_ssl_client_cert_file_contents => hiera('openstackid_dev_mysql_ssl_client_cert_file_contents'),
user_spam_processor_to => hiera('openstackid_dev_user_spam_processor_to'),
message_broker_exchange_name => 'message-broker',
message_broker_host => hiera('openstackid_dev_message_broker_host'),
message_broker_port => 5671,
message_broker_vhost => 'databus',
message_broker_login => hiera('openstackid_dev_message_broker_login'),
message_broker_password => hiera('openstackid_dev_message_broker_password'),
message_broker_ssl_enabled => true,
message_broker_ssl_ca_file_contents => hiera('openstackid_dev_message_broker_ssl_ca_file_contents'),
message_broker_ssl_client_cert_file_contents => hiera('openstackid_dev_message_broker_ssl_client_cert_file_contents'),
message_broker_ssl_client_key_file_contents => hiera('openstackid_dev_message_broker_ssl_client_key_file_contents'),
message_broker_enabled => true,
cloud_storage_base_url => hiera('openstackid_dev_cloud_storage_base_url'),
cloud_storage_auth_url => 'https://auth.vexxhost.net/v3',
cloud_storage_app_credential_id => hiera('openstackid_dev_cloud_storage_app_credential_id'),
cloud_storage_app_credential_secret => hiera('openstackid_dev_cloud_storage_app_credential_secret'),
cloud_storage_project_name => hiera('openstackid_dev_cloud_storage_project_name'),
cloud_storage_region => 'ca-ymq-1',
cloud_storage_container => 'idp-osf',
}
}
# Node-OS: xenial
node /^translate\d+\.open.*\.org$/ {
$group = "translate"

1
modules.env
View File

@ -72,7 +72,6 @@ INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-mediawiki"]="origin/mast
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-meetbot"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-mysql_backup"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-openstack_health"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-openstackid"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-pgsql_backup"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-pip"]="origin/master"
INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/opendev/puppet-project_config"]="origin/master"

185
modules/openstack_project/manifests/openstackid_dev.pp
View File

@ -1,185 +0,0 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# openstackid idp(sso-openid) dev server
#
class openstack_project::openstackid_dev (
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
$id_mysql_password = '',
$id_db_name = 'openstackid_dev',
$redis_port = '6378',
$redis_max_memory = '1gb',
$redis_bind = '127.0.0.1',
$redis_password = '',
$redis_version = '2.8.4',
$id_recaptcha_public_key = '',
$id_recaptcha_private_key = '',
$id_recaptcha_template = '',
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'dev',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$vhost_name = '',
$serveradmin = '',
$canonicalweburl = '',
$session_cookie_domain = '',
$app_url = '',
$app_key = '',
$email_driver = 'mail',
$email_send_grid_api_key = '',
$email_smtp_server = 'smtp.mailgun.org',
$email_smtp_server_port = 587,
$email_smtp_server_user = '',
$email_smtp_server_password = '',
$laravel_version = 5,
$app_log_level = 'debug',
$app_log_email_level = 'error',
$db_log_enabled = false,
$banning_enabled = false,
$app_debug = false,
$app_locale = 'en',
$curl_verify_ssl_cert = false,
$curl_allow_redirect = false,
$curl_timeout = 60,
$assets_base_url = 'https://devbranch.openstack.org/',
$cache_driver = 'redis',
$session_driver = 'redis',
$session_cookie_secure = false,
$php_version = 7,
$mysql_ssl_enabled = false,
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
$mysql_ssl_ca_file_contents = '',
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
$mysql_ssl_client_key_file_contents = '',
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
$mysql_ssl_client_cert_file_contents = '',
$user_spam_processor_to = '',
$message_broker_exchange_name = 'message-broker',
$message_broker_host = '',
$message_broker_port = 5672,
$message_broker_vhost = 'databus',
$message_broker_login = '',
$message_broker_password = '',
$message_broker_ssl_enabled = false,
$message_broker_ssl_ca_file = '/etc/rabbitmq-client-ssl/ca-cert.pem',
$message_broker_ssl_ca_file_contents = '',
$message_broker_ssl_client_cert_file = '/etc/rabbitmq-client-ssl/client-cert.pem',
$message_broker_ssl_client_cert_file_contents = '',
$message_broker_ssl_client_key_file = '/etc/rabbitmq-client-ssl/client-key.pem',
$message_broker_ssl_client_key_file_contents = '',
$message_broker_enabled = false,
$cloud_storage_base_url = '',
$cloud_storage_auth_url = '',
$cloud_storage_app_credential_id = '',
$cloud_storage_app_credential_secret = '',
$cloud_storage_project_name = '',
$cloud_storage_region = '',
$cloud_storage_container = '',
) {
class { 'openstack_project::server': }
class { 'openstackid':
site_admin_password => $site_admin_password,
id_mysql_host => $id_mysql_host,
id_mysql_user => $id_mysql_user,
id_mysql_password => $id_mysql_password,
id_db_name => $id_db_name,
redis_port => $redis_port,
redis_host => $redis_bind,
redis_password => $redis_password,
id_recaptcha_public_key => $id_recaptcha_public_key,
id_recaptcha_private_key => $id_recaptcha_private_key,
id_recaptcha_template => $id_recaptcha_template,
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
vhost_name => $vhost_name,
serveradmin => $serveradmin,
canonicalweburl => $canonicalweburl,
session_cookie_domain => $session_cookie_domain,
app_url => $app_url,
app_key => $app_key,
email_driver => $email_driver,
email_send_grid_api_key => $email_send_grid_api_key,
email_smtp_server => $email_smtp_server,
email_smtp_server_port => $email_smtp_server_port,
email_smtp_server_user => $email_smtp_server_user,
email_smtp_server_password => $email_smtp_server_password,
laravel_version => $laravel_version,
app_log_level => $app_log_level,
app_log_email_level => $app_log_email_level,
db_log_enabled => $db_log_enabled,
banning_enabled => $banning_enabled,
app_debug => $app_debug,
app_locale => $app_locale,
curl_verify_ssl_cert => $curl_verify_ssl_cert,
curl_allow_redirect => $curl_allow_redirect,
curl_timeout => $curl_timeout,
assets_base_url => $assets_base_url,
cache_driver => $cache_driver,
session_driver => $session_driver,
session_cookie_secure => $session_cookie_secure,
php_version => $php_version,
mysql_ssl_enabled => $mysql_ssl_enabled,
mysql_ssl_ca_file => $mysql_ssl_ca_file,
mysql_ssl_ca_file_contents => $mysql_ssl_ca_file_contents,
mysql_ssl_client_key_file => $mysql_ssl_client_key_file,
mysql_ssl_client_key_file_contents => $mysql_ssl_client_key_file_contents,
mysql_ssl_client_cert_file => $mysql_ssl_client_cert_file,
mysql_ssl_client_cert_file_contents => $mysql_ssl_client_cert_file_contents,
user_spam_processor_to => $user_spam_processor_to,
message_broker_exchange_name => $message_broker_exchange_name,
message_broker_host => $message_broker_host,
message_broker_port => $message_broker_port,
message_broker_vhost => $message_broker_vhost,
message_broker_login => $message_broker_login,
message_broker_password => $message_broker_password,
message_broker_ssl_enabled => $message_broker_ssl_enabled,
message_broker_ssl_ca_file => $message_broker_ssl_ca_file,
message_broker_ssl_ca_file_contents => $message_broker_ssl_ca_file_contents,
message_broker_ssl_client_cert_file => $message_broker_ssl_client_cert_file,
message_broker_ssl_client_cert_file_contents => $message_broker_ssl_client_cert_file_contents,
message_broker_ssl_client_key_file => $message_broker_ssl_client_key_file,
message_broker_ssl_client_key_file_contents => $message_broker_ssl_client_key_file_contents,
message_broker_enabled => $message_broker_enabled,
cloud_storage_base_url => $cloud_storage_base_url,
cloud_storage_auth_url => $cloud_storage_auth_url,
cloud_storage_app_credential_id => $cloud_storage_app_credential_id,
cloud_storage_app_credential_secret => $cloud_storage_app_credential_secret,
cloud_storage_project_name => $cloud_storage_project_name,
cloud_storage_region => $cloud_storage_region,
cloud_storage_container => $cloud_storage_container,
}
# redis (custom module written by tipit)
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
version => $redis_version ,
}
}

197
modules/openstack_project/manifests/openstackid_prod.pp
View File

@ -1,197 +0,0 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# openstackid idp(sso-openid) server
#
class openstack_project::openstackid_prod (
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
$id_mysql_password = '',
$id_db_name = '',
$redis_port = '6378',
$redis_max_memory = '1gb',
$redis_bind = '127.0.0.1',
$redis_password = '',
$redis_version = '2.8.4',
$id_recaptcha_public_key = '',
$id_recaptcha_private_key = '',
$id_recaptcha_template = '',
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'production',
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$vhost_name = '',
$serveradmin = '',
$canonicalweburl = '',
$session_cookie_domain = '',
$release = '3.0.18',
$app_url = '',
$app_key = '',
$email_driver = 'mail',
$email_send_grid_api_key = '',
$email_smtp_server = 'smtp.mailgun.org',
$email_smtp_server_port = 587,
$email_smtp_server_user = '',
$email_smtp_server_password = '',
$laravel_version = 5,
$app_log_level = 'error',
$app_log_email_level = 'error',
$db_log_enabled = false,
$banning_enabled = true,
$app_debug = false,
$app_locale = 'en',
$curl_verify_ssl_cert = true,
$curl_allow_redirect = false,
$curl_timeout = 60,
$assets_base_url = 'https://www.openstack.org/',
$cache_driver = 'redis',
$session_driver = 'redis',
$session_cookie_secure = false,
$php_version = 7,
$mysql_ssl_enabled = false,
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
$mysql_ssl_ca_file_contents = '',
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
$mysql_ssl_client_key_file_contents = '',
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
$mysql_ssl_client_cert_file_contents = '',
$user_spam_processor_to = '',
$message_broker_exchange_name = 'message-broker',
$message_broker_host = '',
$message_broker_port = 5672,
$message_broker_vhost = 'databus',
$message_broker_login = '',
$message_broker_password = '',
$message_broker_ssl_enabled = false,
$message_broker_ssl_ca_file = '/etc/rabbitmq-client-ssl/ca-cert.pem',
$message_broker_ssl_ca_file_contents = '',
$message_broker_ssl_client_cert_file = '/etc/rabbitmq-client-ssl/client-cert.pem',
$message_broker_ssl_client_cert_file_contents = '',
$message_broker_ssl_client_key_file = '/etc/rabbitmq-client-ssl/client-key.pem',
$message_broker_ssl_client_key_file_contents = '',
$message_broker_enabled = false,
$cloud_storage_base_url = '',
$cloud_storage_auth_url = '',
$cloud_storage_app_credential_id = '',
$cloud_storage_app_credential_secret = '',
$cloud_storage_project_name = '',
$cloud_storage_region = '',
$cloud_storage_container = '',
) {
class { 'openstack_project::server': }
class { 'openstackid':
site_admin_password => $site_admin_password,
id_mysql_host => $id_mysql_host,
id_mysql_user => $id_mysql_user,
id_mysql_password => $id_mysql_password,
id_db_name => $id_db_name,
redis_port => $redis_port,
redis_host => $redis_bind,
redis_password => $redis_password,
id_recaptcha_public_key => $id_recaptcha_public_key,
id_recaptcha_private_key => $id_recaptcha_private_key,
id_recaptcha_template => $id_recaptcha_template,
id_log_error_to_email => $id_log_error_to_email,
id_log_error_from_email => $id_log_error_from_email,
id_environment => $id_environment,
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
vhost_name => $vhost_name,
serveradmin => $serveradmin,
canonicalweburl => $canonicalweburl,
session_cookie_domain => $session_cookie_domain,
openstackid_release => $release,
app_url => $app_url,
app_key => $app_key,
app_version => $release,
email_driver => $email_driver,
email_send_grid_api_key => $email_send_grid_api_key,
email_smtp_server => $email_smtp_server,
email_smtp_server_port => $email_smtp_server_port,
email_smtp_server_user => $email_smtp_server_user,
email_smtp_server_password => $email_smtp_server_password,
laravel_version => $laravel_version,
app_log_level => $app_log_level,
app_log_email_level => $app_log_email_level,
db_log_enabled => $db_log_enabled,
banning_enabled => $banning_enabled,
app_debug => $app_debug,
app_locale => $app_locale,
curl_verify_ssl_cert => $curl_verify_ssl_cert,
curl_allow_redirect => $curl_allow_redirect,
curl_timeout => $curl_timeout,
assets_base_url => $assets_base_url,
cache_driver => $cache_driver,
session_driver => $session_driver,
session_cookie_secure => $session_cookie_secure,
php_version => $php_version,
mysql_ssl_enabled => $mysql_ssl_enabled,
mysql_ssl_ca_file => $mysql_ssl_ca_file,
mysql_ssl_ca_file_contents => $mysql_ssl_ca_file_contents,
mysql_ssl_client_key_file => $mysql_ssl_client_key_file,
mysql_ssl_client_key_file_contents => $mysql_ssl_client_key_file_contents,
mysql_ssl_client_cert_file => $mysql_ssl_client_cert_file,
mysql_ssl_client_cert_file_contents => $mysql_ssl_client_cert_file_contents,
user_spam_processor_to => $user_spam_processor_to,
message_broker_exchange_name => $message_broker_exchange_name,
message_broker_host => $message_broker_host,
message_broker_port => $message_broker_port,
message_broker_vhost => $message_broker_vhost,
message_broker_login => $message_broker_login,
message_broker_password => $message_broker_password,
message_broker_ssl_enabled => $message_broker_ssl_enabled,
message_broker_ssl_ca_file => $message_broker_ssl_ca_file,
message_broker_ssl_ca_file_contents => $message_broker_ssl_ca_file_contents,
message_broker_ssl_client_cert_file => $message_broker_ssl_client_cert_file,
message_broker_ssl_client_cert_file_contents => $message_broker_ssl_client_cert_file_contents,
message_broker_ssl_client_key_file => $message_broker_ssl_client_key_file,
message_broker_ssl_client_key_file_contents => $message_broker_ssl_client_key_file_contents,
message_broker_enabled => $message_broker_enabled,
cloud_storage_base_url => $cloud_storage_base_url,
cloud_storage_auth_url => $cloud_storage_auth_url,
cloud_storage_app_credential_id => $cloud_storage_app_credential_id,
cloud_storage_app_credential_secret => $cloud_storage_app_credential_secret,
cloud_storage_project_name => $cloud_storage_project_name,
cloud_storage_region => $cloud_storage_region,
cloud_storage_container => $cloud_storage_container,
}
# redis (custom module written by tipit)
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
version => $redis_version ,
}
mysql_backup::backup_remote { $id_db_name:
database_host => $id_mysql_host,
database_user => $id_mysql_user,
database_password => $id_mysql_password,
}
}

3
playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
View File

@ -246,9 +246,6 @@
- name: letsencrypt updated ethercalc02-openstack-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated openstackid01-openstack-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- name: letsencrypt updated storyboard01-opendev-org-main
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml

2
zuul.d/puppet.yaml
View File

@ -27,7 +27,6 @@
- opendev/puppet-meetbot
- opendev/puppet-mysql_backup
- opendev/puppet-openstack_health
- opendev/puppet-openstackid
- opendev/puppet-openstack_infra_spec_helper
- opendev/puppet-pgsql_backup
- opendev/puppet-pip
@ -97,7 +96,6 @@
- opendev/puppet-mysql_backup
- opendev/puppet-meetbot
- opendev/puppet-pip
- opendev/puppet-openstackid
- opendev/puppet-project_config
- opendev/puppet-ethercalc
- opendev/puppet-httpd