From 3d5c2a810e5c40cfe6d81a3e0b36b500afa2ed50 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Tue, 14 Nov 2023 16:02:21 -0800 Subject: [PATCH] Revert registry.zuul-ci.org This project didn't proceed past the test phase, let's clean it up. Revert "Add a functional test for registry.zuul-ci.org" This reverts commit e701fdd3ca1d798bd912b19e91e154e8a88f43b8. Revert "Add testinfra for registry.zuul-ci.org" This reverts commit e00f4e59b39cabc3e33823a957d3623dce06f9c4. Revert "Add static site for registry.zuul-ci.org" This reverts commit 31b505d3ba29f751b8f02ff365ee6de6b5d350f9. Revert "Add SSL cert for registry.zuul-ci.org" This reverts commit d0a8473d42bb0ee3ab1cc8bffbf5bb2fea90f755. Change-Id: I1d39306187c7b2d7a908389f88d1a60e1b29ffe3 --- inventory/service/group_vars/static.yaml | 2 - .../handlers/main.yaml | 3 -- .../static/files/50-registry.zuul-ci.org.conf | 44 ------------------- playbooks/roles/static/tasks/main.yaml | 1 - playbooks/test-static.yaml | 32 -------------- testinfra/test_static.py | 24 ---------- zuul.d/system-config-run.yaml | 2 - 7 files changed, 108 deletions(-) delete mode 100644 playbooks/roles/static/files/50-registry.zuul-ci.org.conf delete mode 100644 playbooks/test-static.yaml diff --git a/inventory/service/group_vars/static.yaml b/inventory/service/group_vars/static.yaml index 65e6975051..ce452a3541 100644 --- a/inventory/service/group_vars/static.yaml +++ b/inventory/service/group_vars/static.yaml @@ -47,8 +47,6 @@ letsencrypt_certs: - meetings.opendev.org static-planet-openstack-org: - planet.openstack.org - static-registry-zuul-ci-org: - - registry.zuul-ci.org static-service-types-openstack-org: - service-types.openstack.org static-security-openstack-org: diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 8e44b437e0..8a83f22e1a 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -115,9 +115,6 @@ - name: letsencrypt updated static-planet-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml -- name: letsencrypt updated static-registry-zuul-ci-org - include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml - - name: letsencrypt updated static-service-types-openstack-org include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml diff --git a/playbooks/roles/static/files/50-registry.zuul-ci.org.conf b/playbooks/roles/static/files/50-registry.zuul-ci.org.conf deleted file mode 100644 index 80e4cba884..0000000000 --- a/playbooks/roles/static/files/50-registry.zuul-ci.org.conf +++ /dev/null @@ -1,44 +0,0 @@ - - ServerName registry.zuul-ci.org - - RewriteEngine on - RewriteRule ^/(.*) https://registry.zuul-ci.org/$1 [last,redirect=permanent] - - ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log - LogLevel warn - CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined - ServerSignature Off - - - - - ServerName registry.zuul-ci.org - - RewriteEngine on - - SSLEngine on - SSLProtocol All -SSLv2 -SSLv3 - # Once the machine is using something to terminate TLS that supports ECDHE - # then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS - # only is guarenteed. - SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP - SSLHonorCipherOrder on - SSLCertificateFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.cer - SSLCertificateKeyFile /etc/letsencrypt-certs/registry.zuul-ci.org/registry.zuul-ci.org.key - SSLCertificateChainFile /etc/letsencrypt-certs/registry.zuul-ci.org/ca.cer - - DocumentRoot /var/www/registry - - Options Indexes FollowSymLinks MultiViews - Require all granted - AllowOverride None - - - RewriteRule ^/v2/(.+)$ https://quay.io/v2/corvus/$1 [R=302,L] - - ErrorLog /var/log/apache2/registry.zuul-ci.org_error.log - LogLevel warn - CustomLog /var/log/apache2/registry.zuul-ci.org_access.log combined - ServerSignature Off - - diff --git a/playbooks/roles/static/tasks/main.yaml b/playbooks/roles/static/tasks/main.yaml index ae9d3a5d82..00b9c6439c 100644 --- a/playbooks/roles/static/tasks/main.yaml +++ b/playbooks/roles/static/tasks/main.yaml @@ -123,7 +123,6 @@ - 50-meetings.opendev.org - 50-nova.openstack.org - 50-planet.openstack.org - - 50-registry.zuul-ci.org - 50-security.openstack.org - 50-service-types.openstack.org - 50-specs.openstack.org diff --git a/playbooks/test-static.yaml b/playbooks/test-static.yaml deleted file mode 100644 index de2a827251..0000000000 --- a/playbooks/test-static.yaml +++ /dev/null @@ -1,32 +0,0 @@ -- hosts: "prod_bastion[0]" - tasks: - - # Do a test pull through the HTTP redirect registry site running - # on the static host. - - - name: Add registry redirect hosts - lineinfile: - dest: /etc/hosts - regexp: '.*{{ item.registry }}$' - line: '{{ hostvars[item.host].ansible_host }} {{ item.registry }}' - state: present - loop: - - { 'host' : 'static99.opendev.org', - 'registry': 'registry.zuul-ci.org' } - - - name: Do a test docker pull through redirect - command: docker pull registry.zuul-ci.org/zuul:8.2.0 - register: _docker_pull - - - name: Check output - assert: - that: '"Digest: sha256:4a54086c286a7f12434d3d0fb620081c5d967c5fe335229a239155913662f4a1" in _docker_pull.stdout' - - - name: Install podman - package: - name: podman - state: present - - - name: Do a test podman pull through redirect - command: podman --log-level=debug pull registry.zuul-ci.org/zuul:8.2.0 - register: _podman_pull diff --git a/testinfra/test_static.py b/testinfra/test_static.py index eb9fc24c13..bf9c93161b 100644 --- a/testinfra/test_static.py +++ b/testinfra/test_static.py @@ -236,27 +236,3 @@ def test_ci_openstack_org(host, path, target): ' https://ci.openstack.org%s' % path) assert '301 Moved Permanently' in cmd.stdout assert target in cmd.stdout - -def test_registry_zuul_ci_org(host): - # The functional test does an actual pull; here we just check some - # specific URLs work. In particular, we want to make sure that we - # don't proxy /v2/. - - cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1' - ' https://registry.zuul-ci.org/v2/') - assert '301 Moved Permanently' not in cmd.stdout - assert '302 Found' not in cmd.stdout - assert cmd.stdout.strip() == "" - - cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1' - ' -I https://registry.zuul-ci.org/v2/zuul/manifests/8.2.0') - assert '302 Found' in cmd.stdout - assert 'Location: https://quay.io/v2/corvus/zuul/manifests/8.2.0' in cmd.stdout - - cmd = host.run('curl --resolve registry.zuul-ci.org:443:127.0.0.1' - ' https://registry.zuul-ci.org/v2/zuul/blobs/' - 'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150') - assert '302 Found' in cmd.stdout - assert ('https://quay.io/v2/corvus/zuul/blobs/' - 'sha256:5dda314a937ad03f8beac81c714da74e459b6174301368e0903ef586a68ae150' - in cmd.stdout) diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index e7cb87ba71..dd6995b38e 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -1124,7 +1124,6 @@ run_playbooks: - playbooks/letsencrypt.yaml - playbooks/service-static.yaml - run_test_playbook: playbooks/test-static.yaml files: - playbooks/bootstrap-bridge.yaml - playbooks/roles/apache-ua-filter/ @@ -1132,7 +1131,6 @@ - playbooks/roles/letsencrypt - playbooks/letsencrypt.yaml - playbooks/service-static.yaml - - playbooks/test-static.yaml - testinfra/test_static.py host-vars: static99.opendev.org: