diff --git a/doc/source/survey.rst b/doc/source/survey.rst deleted file mode 100644 index 3d7a7ffb77..0000000000 --- a/doc/source/survey.rst +++ /dev/null @@ -1,84 +0,0 @@ -:title: Survey - -.. _survey: - -Survey -###### - -Survey runs an instance of the LimeSurvey software, an open source survey -tool written in php. - -At a Glance -=========== - -:Hosts: - * https://survey.openstack.org -:Puppet: - * file:`modules/openstack_project/manifests/survey.pp` -:Projects: - * https://www.limesurvey.org/ -:Bugs: - * https://www.limesurvey.org/community/bug-tracker - -Overview -======== - -Apache is used with a Trove backend. - -Sysadmin -======== - -After initially provisioning the server, enable the Authwebserver plugin via mysqlclient: - -.. code-block:: bash - - insert into plugins (name, active) values ('Authwebserver', 1); - - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'strip_domain', '""'); - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'serverkey', '"REMOTE_USER"'); - insert into plugin_settings (plugin_id, plugin_settings.key, plugin_settings.value) values (1, 'is_default', '"1"'); - -Log in as admin to auto-create your account: -Admin sign-in: https://survey.openstack.org/admin - -Elevate your account to Superadmin via mysqlclient: - -.. code-block:: bash - - insert into permissions (entity, entity_id, uid, permission, read_p) values ("global", 0, 2, "superadmin", 1); - -(where the 2 in this example should be replaced with whatever the uid index -value is in the users table for your OpenID-autocreated account) - -Refresh your browser. When logged in via the web-ui you should now have -superadmin privileges allowing you to set the following values: - -Configuration > Global Settings > Email Settings - - Default site admin email: infra-root@openstack.org - - Administrator name: admin - -Configuration > Global Settings > Bounce Settings - - Default site admin email: infra-root@openstack.org - -Save and Close -check admin name and email information on front page: survey.openstack.org -to confirm change - -Admin Survey User -================= - -Log in via https://survey.openstack.org/admin using OpenStackID. - -Navigate to your 'My Account' settings at: -https://survey.openstack.org/index.php/admin/user/sa/personalsettings - -Change your Email from 'autouser@test.test' to the email you would like to -use for the use of surveys. - -Change your Full Name from 'autouser' to your Full Name that survey -participants can recognize. - -Save and Close using the button in the top right hand corner. diff --git a/doc/source/systems.rst b/doc/source/systems.rst index 681ffc955d..a08be32ffd 100644 --- a/doc/source/systems.rst +++ b/doc/source/systems.rst @@ -40,6 +40,5 @@ Major Systems github activity asterisk - survey letsencrypt ppa diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 0374437cdd..8a34f3abc5 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -696,13 +696,6 @@ all: region_name: DFW public_v4: 166.78.47.172 public_v6: 2001:4800:7817:101:be76:4eff:fe04:4a07 - survey01.openstack.org: - ansible_host: 23.253.92.56 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 23.253.92.56 - public_v6: 2001:4800:7815:105:be76:4eff:fe04:4af0 translate-dev01.openstack.org: ansible_host: 172.99.124.99 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 806faa478b..cd94220e22 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -152,7 +152,6 @@ groups: - storyboard-dev[0-9]*.opendev.org - storyboard[0-9]*.opendev.org - subunit-worker[0-9]*.open*.org - - survey[0-9]*.open*.org - translate-dev[0-9]*.open*.org - translate[0-9]*.open*.org - wiki-dev[0-9]*.openstack.org @@ -179,7 +178,6 @@ groups: - storyboard[0-9]*.opendev.org - storyboard-dev[0-9]*.opendev.org - subunit-worker[0-9]*.open*.org - - survey[0-9]*.open*.org - translate[0-9]*.open*.org - translate-dev[0-9]*.open*.org - wiki[0-9]*.openstack.org @@ -205,8 +203,6 @@ groups: - storyboard-dev[0-9]*.opendev.org subunit-worker: - subunit-worker[0-9]*.open*.org - survey: - - survey[0-9]*.open*.org translate-dev: - translate-dev[0-9]*.open*.org translate: @@ -232,7 +228,6 @@ groups: - status*.open*.org - storyboard-dev[0-9]*.opendev.org - storyboard[0-9]*.opendev.org - - survey[0-9]*.open*.org - translate-dev[0-9]*.open*.org - translate[0-9]*.open*.org - wiki-dev[0-9]*.openstack.org diff --git a/manifests/site.pp b/manifests/site.pp index e50d9011e3..a040784308 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -238,25 +238,6 @@ node /^status\d*\.open.*\.org$/ { } } -# Node-OS: xenial -node /^survey\d+\.open.*\.org$/ { - $group = "survey" - class { 'openstack_project::server': } - - class { 'openstack_project::survey': - vhost_name => 'survey.openstack.org', - auth_openid => true, - ssl_cert_file_contents => hiera('ssl_cert_file_contents'), - ssl_key_file_contents => hiera('ssl_key_file_contents'), - ssl_chain_file_contents => hiera('ssl_chain_file_contents'), - dbpassword => hiera('dbpassword'), - dbhost => hiera('dbhost'), - adminuser => hiera('adminuser'), - adminpass => hiera('adminpass'), - adminmail => hiera('adminmail'), - } -} - # Node-OS: xenial node /^nb\d+\.open.*\.org$/ { $group = 'nodepool' diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains index f3a6c208f8..0007f500fb 100644 --- a/modules/openstack_project/files/ssl_cert_check/ssldomains +++ b/modules/openstack_project/files/ssl_cert_check/ssldomains @@ -48,7 +48,6 @@ security.openstack.org 443 static.openstack.org 443 storyboard.openstack.org 443 summit.openstack.org 443 -survey.openstack.org 443 static.opendev.org 443 static.openstack.org 443 swift.openstack.org 443 diff --git a/modules/openstack_project/manifests/survey.pp b/modules/openstack_project/manifests/survey.pp deleted file mode 100644 index 83afbcb542..0000000000 --- a/modules/openstack_project/manifests/survey.pp +++ /dev/null @@ -1,218 +0,0 @@ -# Copyright 2016 Markus Opolka -# Copyright 2018 Anita Kuno -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Inspiration for this patch as well as portions of it -# come from the work of Markus Opolka and his -# LimeSurvey Puppet module: -# https://github.com/martialblog/puppet-limesurvey -# -class openstack_project::survey ( - $vhost_name = $::fqdn, - $ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem', - $ssl_key_file = '/etc/ssl/private/survey.openstack.org.key', - $ssl_chain_file = '/etc/ssl/certs/intermediate.pem', - $ssl_cert_file_contents = '', - $ssl_key_file_contents = '', - $ssl_chain_file_contents = '', - $dbpassword = '', - $dbhost = '', - # Table containing openid auth details. If undef not enabled - # Example dict: - # { - # banner => "Welcome", - # singleIdp => "https://openstackid.org", - # trusted => '^https://openstackid.org/.*$', - # any_valid_user => false, - # users => ['https://openstackid.org/foo', - # 'https://openstackid.org/bar'], - # } - # Note that if you care which users get access set any_valid_user to false - # and then provide an explicit list of openids in the users list. Otherwise - # set any_valid_user to true and any successfully authenticated user will - # get access. - $auth_openid = undef, - $docroot = '/var/www', - $runtime_dir_mode = '0755', - $download_url = 'https://download.limesurvey.org/latest-stable-release/', - $version = '3.15.6+190108', - $www_group = 'www-data', - $www_user = 'www-data', - # These are required for bootstrapping, so do not have defaults. - $adminuser, - $adminpass, - $adminmail, -) { - - $distro_packages = [ - 'libapache2-mod-php', - 'php', - 'php-gd', - 'php-imap', - 'php-ldap', - 'php-mbstring', - 'php-mcrypt', - 'php-mysql', - 'php-xml', - 'php-zip', - 'ssl-cert', - ] - - package { $distro_packages: - ensure => present, - } - - exec { 'limesurvey-download': - path => '/bin:/usr/bin', - creates => "${docroot}/tmp/runtime", - command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'", - require => File[$docroot], - user => $www_user, - } - - exec { 'limesurvey-unzip': - path => '/bin:/usr/bin', - cwd => '/tmp', - creates => "${docroot}/tmp/runtime", - command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'", - notify => Exec['limesurvey-install'], - require => Exec['limesurvey-download'], - user => $www_user, - } - - exec { 'limesurvey-install': - command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}", - cwd => "${docroot}/application/commands", - refreshonly => true, - require => [ - File["${docroot}/application/config/config.php"], - Package[$distro_packages], - ], - user => $www_user, - } - - file { "/tmp/limesurvey${version}.tar.gz": - ensure => absent, - require => Exec['limesurvey-unzip'], - } - - file { "${docroot}/tmp/runtime/": - ensure => directory, - mode => $runtime_dir_mode, - require => Exec['limesurvey-install'], - } - - file { "${docroot}/application/config/config.php": - ensure => present, - owner => $www_user, - group => $www_group, - mode => '0660', - content => template ('openstack_project/survey.config.php.erb'), - replace => true, - require => Exec['limesurvey-unzip'], - } - - include ::httpd - ::httpd::vhost { $vhost_name: - port => 443, - docroot => $docroot, - priority => '50', - template => 'openstack_project/survey.vhost.erb', - ssl => true, - } - - if !defined(Httpd::Mod['rewrite']) { - httpd::mod { 'rewrite': - ensure => present, - } - } - if ($auth_openid != undef) { - if !defined(Package['libapache2-mod-auth-openid']) { - package { 'libapache2-mod-auth-openid': - ensure => present, - } - } - if !defined(Httpd::Mod['auth_openid']) { - # Workaround for https://bugs.debian.org/759209 - file { '/etc/apache2/mods-available/auth_openid.load': - ensure => present, - content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so', - replace => true, - require => Package['libapache2-mod-auth-openid'], - } - httpd::mod { 'auth_openid': - ensure => present, - require => File['/etc/apache2/mods-available/auth_openid.load'], - } - } - } - - file { $docroot: - ensure => directory, - owner => $www_user, - group => $www_group, - } - - file { "${docroot}/robots.txt": - ensure => present, - source => 'puppet:///modules/openstack_project/disallow_robots.txt', - owner => 'root', - group => 'root', - mode => '0444', - require => File[$docroot], - } - - file { '/etc/ssl/certs': - ensure => directory, - owner => 'root', - mode => '0755', - } - - file { '/etc/ssl/private': - ensure => directory, - owner => 'root', - mode => '0700', - } - - if $ssl_cert_file_contents != '' { - file { $ssl_cert_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_cert_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } - - if $ssl_key_file_contents != '' { - file { $ssl_key_file: - owner => 'root', - group => 'ssl-cert', - mode => '0640', - content => $ssl_key_file_contents, - require => Package['ssl-cert'], - before => Httpd::Vhost[$vhost_name], - } - } - - if $ssl_chain_file_contents != '' { - file { $ssl_chain_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_chain_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } -} diff --git a/modules/openstack_project/templates/survey.config.php.erb b/modules/openstack_project/templates/survey.config.php.erb deleted file mode 100644 index 9e398b7236..0000000000 --- a/modules/openstack_project/templates/survey.config.php.erb +++ /dev/null @@ -1,65 +0,0 @@ - array( - 'db' => array( - 'connectionString' => 'mysql:host=<%= @dbhost %>;port=3306;dbname=limesurvey;', - 'emulatePrepare' => true, - 'username' => 'limesurvey', - 'password' => '<%= @dbpassword %>', - 'charset' => 'utf8mb4', - 'tablePrefix' => '', - ), - - // Uncomment the following line if you need table-based sessions - // 'session' => array ( - // 'class' => 'application.core.web.DbHttpSession', - // 'connectionID' => 'db', - // 'sessionTableName' => '{{sessions}}', - // ), - - 'urlManager' => array( - 'urlFormat' => 'path', - 'rules' => array( - // You can add your own rules here - ), - 'showScriptName' => true, - ), - - ), - // Use the following config variable to set modified optional settings copied from config-defaults.php - 'config'=>array( - // debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this - // then please check your error-logs - either in your hosting provider admin panel or in some /logs directory - // on your webspace. - // LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates - 'debug'=>0, - 'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2 - // Update default LimeSurvey config here - 'auth_webserver'=>true, - 'auth_webserver_autocreate_user'=>true, - ) -); -/* End of file config.php */ -/* Location: ./application/config/config.php */ diff --git a/modules/openstack_project/templates/survey.vhost.erb b/modules/openstack_project/templates/survey.vhost.erb deleted file mode 100644 index 7fbc44cc35..0000000000 --- a/modules/openstack_project/templates/survey.vhost.erb +++ /dev/null @@ -1,51 +0,0 @@ -# ************************************ -# Managed by Puppet -# ************************************ - -:80> - ServerName <%= @srvname %> - ReWriteEngine On - ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent] - LogLevel warn - ErrorLog /var/log/apache2/<%= @name %>_error.log - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off - - -:<%= @port %>> - ServerName <%= @srvname %> - - DocumentRoot <%= @docroot %> - > - Options <%= @options %> - AllowOverride None - Require all granted - - - <% if scope.lookupvar("openstack_project::survey::auth_openid") != nil %> - - AuthType OpenID - AuthName "Welcome" - AuthOpenIDSecureCookie On - AuthOpenIDCookieLifespan 3600 - AuthOpenIDTrustRoot https://<%= @srvname %> - AuthOpenIDServerName https://<%= @srvname %> - AuthOpenIDSingleIdP https://openstackid.org - AuthOpenIDTrusted ^https://openstackid.org/.*$ - Require valid-user - - <% end %> - - SSLEngine on - SSLProtocol ALL -SSLv2 -SSLv3 - SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %> - SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %> - <% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %> - SSLCertificateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %> - <% end %> - - ErrorLog /var/log/apache2/<%= @name %>_error.log - LogLevel warn - CustomLog /var/log/apache2/<%= @name %>_access.log combined - ServerSignature Off - diff --git a/playbooks/group_vars/certcheck.yaml b/playbooks/group_vars/certcheck.yaml index b2e647db77..81fe96a12c 100644 --- a/playbooks/group_vars/certcheck.yaml +++ b/playbooks/group_vars/certcheck.yaml @@ -7,7 +7,6 @@ letsencrypt_certcheck_additional_domains: - openstackid.org 443 - review.openstack.org 443 - storyboard.openstack.org 443 - - survey.openstack.org 443 - static.openstack.org 443 - translate.openstack.org 443 - wiki.openstack.org 443