summaryrefslogtreecommitdiffstats
path: root/roles/atomic_proxy
diff options
context:
space:
mode:
authorThomas Wiest <twiest@redhat.com>2015-05-26 11:58:50 -0400
committerThomas Wiest <twiest@redhat.com>2015-05-26 11:58:50 -0400
commit09e41be0eb83e24f284b84015bb1abbd25f23dff (patch)
treede2fa359c07bc971ce27c5ac4c0cd2a649937ef7 /roles/atomic_proxy
parentce6a15b62755e10cfa31628e5c9e430ef876c1ff (diff)
downloadopenshift-09e41be0eb83e24f284b84015bb1abbd25f23dff.tar.gz
openshift-09e41be0eb83e24f284b84015bb1abbd25f23dff.tar.bz2
openshift-09e41be0eb83e24f284b84015bb1abbd25f23dff.tar.xz
openshift-09e41be0eb83e24f284b84015bb1abbd25f23dff.zip
removed references to atomic proxy.
Diffstat (limited to 'roles/atomic_proxy')
-rw-r--r--roles/atomic_proxy/README.md56
-rw-r--r--roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json29
-rw-r--r--roles/atomic_proxy/files/puppet/auth.conf116
-rwxr-xr-xroles/atomic_proxy/files/setup-proxy-containers.sh43
-rw-r--r--roles/atomic_proxy/handlers/main.yml3
-rw-r--r--roles/atomic_proxy/meta/main.yml21
-rw-r--r--roles/atomic_proxy/tasks/main.yml3
-rw-r--r--roles/atomic_proxy/tasks/setup_containers.yml57
-rw-r--r--roles/atomic_proxy/tasks/setup_puppet.yml24
-rw-r--r--roles/atomic_proxy/templates/puppet/puppet.conf.j240
-rwxr-xr-xroles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j216
-rw-r--r--roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j232
-rw-r--r--roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j236
-rw-r--r--roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j233
-rw-r--r--roles/atomic_proxy/vars/main.yml2
15 files changed, 0 insertions, 511 deletions
diff --git a/roles/atomic_proxy/README.md b/roles/atomic_proxy/README.md
deleted file mode 100644
index 348eaee1f..000000000
--- a/roles/atomic_proxy/README.md
+++ /dev/null
@@ -1,56 +0,0 @@
-Role Name
-========
-
-The purpose of this role is to do common configurations for all RHEL atomic hosts.
-
-
-Requirements
-------------
-
-None
-
-
-Role Variables
---------------
-
-None
-
-
-Dependencies
-------------
-
-None
-
-
-Example Playbook
--------------------------
-
-From a group playbook:
-
- hosts: servers
- roles:
- - ../../roles/atomic_proxy
-
-
-License
--------
-
-Copyright 2012-2014 Red Hat, Inc., All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-
-Author Information
-------------------
-
-Thomas Wiest <twiest@redhat.com>
diff --git a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json b/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json
deleted file mode 100644
index c15835d48..000000000
--- a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "Containers":[
- {
- "Name":"proxy-puppet",
- "Count":1,
- "Image":"puppet:latest",
- "PublicPorts":[
- ]
- },
- {
- "Name":"proxy",
- "Count":1,
- "Image":"proxy:latest",
- "PublicPorts":[
- {"Internal":80,"External":80},
- {"Internal":443,"External":443},
- {"Internal":4999,"External":4999}
- ]
- },
- {
- "Name":"proxy-monitoring",
- "Count":1,
- "Image":"monitoring:latest",
- "PublicPorts":[
- ]
- }
- ],
- "RandomizeIds": false
-}
diff --git a/roles/atomic_proxy/files/puppet/auth.conf b/roles/atomic_proxy/files/puppet/auth.conf
deleted file mode 100644
index b31906bae..000000000
--- a/roles/atomic_proxy/files/puppet/auth.conf
+++ /dev/null
@@ -1,116 +0,0 @@
-# This is the default auth.conf file, which implements the default rules
-# used by the puppet master. (That is, the rules below will still apply
-# even if this file is deleted.)
-#
-# The ACLs are evaluated in top-down order. More specific stanzas should
-# be towards the top of the file and more general ones at the bottom;
-# otherwise, the general rules may "steal" requests that should be
-# governed by the specific rules.
-#
-# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete
-# description of auth.conf's behavior.
-#
-# Supported syntax:
-# Each stanza in auth.conf starts with a path to match, followed
-# by optional modifiers, and finally, a series of allow or deny
-# directives.
-#
-# Example Stanza
-# ---------------------------------
-# path /path/to/resource # simple prefix match
-# # path ~ regex # alternately, regex match
-# [environment envlist]
-# [method methodlist]
-# [auth[enthicated] {yes|no|on|off|any}]
-# allow [host|backreference|*|regex]
-# deny [host|backreference|*|regex]
-# allow_ip [ip|cidr|ip_wildcard|*]
-# deny_ip [ip|cidr|ip_wildcard|*]
-#
-# The path match can either be a simple prefix match or a regular
-# expression. `path /file` would match both `/file_metadata` and
-# `/file_content`. Regex matches allow the use of backreferences
-# in the allow/deny directives.
-#
-# The regex syntax is the same as for Ruby regex, and captures backreferences
-# for use in the `allow` and `deny` lines of that stanza
-#
-# Examples:
-#
-# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`.
-# allow * # Allow all authenticated nodes (since auth
-# # defaults to `yes`).
-#
-# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by
-# allow $1 # certname), but not any other node's catalog.
-#
-# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to
-# auth yes # access the "extra_files"
-# allow /^(.+)\.example\.com$/ # mount point; note this must
-# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule,
-# # since it is more specific.
-#
-# environment:: restrict an ACL to a comma-separated list of environments
-# method:: restrict an ACL to a comma-separated list of HTTP methods
-# auth:: restrict an ACL to an authenticated or unauthenticated request
-# the default when unspecified is to restrict the ACL to authenticated requests
-# (ie exactly as if auth yes was present).
-#
-
-### Authenticated ACLs - these rules apply only when the client
-### has a valid certificate and is thus authenticated
-
-# allow nodes to retrieve their own catalog
-path ~ ^/catalog/([^/]+)$
-method find
-allow $1
-
-# allow nodes to retrieve their own node definition
-path ~ ^/node/([^/]+)$
-method find
-allow $1
-
-# allow all nodes to access the certificates services
-path /certificate_revocation_list/ca
-method find
-allow *
-
-# allow all nodes to store their own reports
-path ~ ^/report/([^/]+)$
-method save
-allow $1
-
-# Allow all nodes to access all file services; this is necessary for
-# pluginsync, file serving from modules, and file serving from custom
-# mount points (see fileserver.conf). Note that the `/file` prefix matches
-# requests to both the file_metadata and file_content paths. See "Examples"
-# above if you need more granular access control for custom mount points.
-path /file
-allow *
-
-### Unauthenticated ACLs, for clients without valid certificates; authenticated
-### clients can also access these paths, though they rarely need to.
-
-# allow access to the CA certificate; unauthenticated nodes need this
-# in order to validate the puppet master's certificate
-path /certificate/ca
-auth any
-method find
-allow *
-
-# allow nodes to retrieve the certificate they requested earlier
-path /certificate/
-auth any
-method find
-allow *
-
-# allow nodes to request a new certificate
-path /certificate_request
-auth any
-method find, save
-allow *
-
-# deny everything else; this ACL is not strictly necessary, but
-# illustrates the default policy.
-path /
-auth any
diff --git a/roles/atomic_proxy/files/setup-proxy-containers.sh b/roles/atomic_proxy/files/setup-proxy-containers.sh
deleted file mode 100755
index d047c96c1..000000000
--- a/roles/atomic_proxy/files/setup-proxy-containers.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-function fail {
- msg=$1
- echo
- echo $msg
- echo
- exit 5
-}
-
-
-NUM_DATA_CTR=$(docker ps -a | grep -c proxy-shared-data-1)
-[ "$NUM_DATA_CTR" -ne 0 ] && fail "ERROR: proxy-shared-data-1 exists"
-
-
-# pre-cache the container images
-echo
-timeout --signal TERM --kill-after 30 600 docker pull busybox:latest || fail "ERROR: docker pull of busybox failed"
-
-echo
-# WORKAROUND: Setup the shared data container
-/usr/bin/docker run --name "proxy-shared-data-1" \
- -v /shared/etc/haproxy \
- -v /shared/etc/httpd \
- -v /shared/etc/openshift \
- -v /shared/etc/pki \
- -v /shared/var/run/ctr-ipc \
- -v /shared/var/lib/haproxy \
- -v /shared/usr/local \
- "busybox:latest" true
-
-# WORKAROUND: These are because we're not using a pod yet
-cp /usr/local/etc/ctr-proxy-1.service /usr/local/etc/ctr-proxy-puppet-1.service /usr/local/etc/ctr-proxy-monitoring-1.service /etc/systemd/system/
-
-systemctl daemon-reload
-
-echo
-echo -n "sleeping 10 seconds for systemd reload to take affect..."
-sleep 10
-echo " Done."
-
-# Start the services
-systemctl start ctr-proxy-puppet-1 ctr-proxy-1 ctr-proxy-monitoring-1
diff --git a/roles/atomic_proxy/handlers/main.yml b/roles/atomic_proxy/handlers/main.yml
deleted file mode 100644
index 8eedec17a..000000000
--- a/roles/atomic_proxy/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: reload systemd
- command: systemctl daemon-reload
diff --git a/roles/atomic_proxy/meta/main.yml b/roles/atomic_proxy/meta/main.yml
deleted file mode 100644
index a92d685b1..000000000
--- a/roles/atomic_proxy/meta/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-galaxy_info:
- author: Thomas Wiest
- description: Common base RHEL atomic configurations
- company: Red Hat
- # Some suggested licenses:
- # - BSD (default)
- # - MIT
- # - GPLv2
- # - GPLv3
- # - Apache
- # - CC-BY
- license: Apache
- min_ansible_version: 1.2
- platforms:
- - name: EL
- versions:
- - 7
-dependencies:
- # This is the role's PRIVATE counterpart, which is used.
- - ../../../../../atomic_private/ansible/roles/atomic_proxy
diff --git a/roles/atomic_proxy/tasks/main.yml b/roles/atomic_proxy/tasks/main.yml
deleted file mode 100644
index 073a1c61e..000000000
--- a/roles/atomic_proxy/tasks/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- include: setup_puppet.yml
-- include: setup_containers.yml
diff --git a/roles/atomic_proxy/tasks/setup_containers.yml b/roles/atomic_proxy/tasks/setup_containers.yml
deleted file mode 100644
index ee971623a..000000000
--- a/roles/atomic_proxy/tasks/setup_containers.yml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-- name: "get output of: docker images"
- command: docker images
- changed_when: False # don't report as changed
- register: docker_images
-
-- name: docker pull busybox ONLY if it's not present
- command: "docker pull busybox:latest"
- when: "not docker_images.stdout | search('busybox.*latest')"
-
-- name: docker pull containers ONLY if they're not present (needed otherwise systemd will timeout pulling the containers)
- command: "docker pull docker-registry.ops.rhcloud.com/{{ item }}:{{ oo_env }}"
- with_items:
- - oso-v2-proxy
- - oso-v2-puppet
- - oso-v2-monitoring
- when: "not docker_images.stdout | search('docker-registry.ops.rhcloud.com/{{ item }}.*{{ oo_env }}')"
-
-- name: "get output of: docker ps -a"
- command: docker ps -a
- changed_when: False # don't report as changed
- register: docker_ps
-
-- name: run proxy-shared-data-1
- command: /usr/bin/docker run --name "proxy-shared-data-1" \
- -v /shared/etc/haproxy \
- -v /shared/etc/httpd \
- -v /shared/etc/openshift \
- -v /shared/etc/pki \
- -v /shared/var/run/ctr-ipc \
- -v /shared/var/lib/haproxy \
- -v /shared/usr/local \
- "busybox:latest" true
- when: "not docker_ps.stdout | search('proxy-shared-data-1')"
-
-- name: Deploy systemd files for containers
- template:
- src: "systemd/{{ item }}.j2"
- dest: "/etc/systemd/system/{{ item }}"
- mode: 0640
- owner: root
- group: root
- with_items:
- - ctr-proxy-1.service
- - ctr-proxy-monitoring-1.service
- - ctr-proxy-puppet-1.service
- notify: reload systemd
-
-- name: start containers
- service:
- name: "{{ item }}"
- state: started
- enabled: yes
- with_items:
- - ctr-proxy-puppet-1
- - ctr-proxy-1
- - ctr-proxy-monitoring-1
diff --git a/roles/atomic_proxy/tasks/setup_puppet.yml b/roles/atomic_proxy/tasks/setup_puppet.yml
deleted file mode 100644
index 7a599f06d..000000000
--- a/roles/atomic_proxy/tasks/setup_puppet.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-- name: make puppet conf dir
- file:
- dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet"
- mode: 755
- owner: root
- group: root
- state: directory
-
-- name: upload puppet auth config
- copy:
- src: puppet/auth.conf
- dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet/auth.conf"
- mode: 0644
- owner: root
- group: root
-
-- name: upload puppet config
- template:
- src: puppet/puppet.conf.j2
- dest: "{{ oo_proxy_puppet_volume_dir }}/etc/puppet/puppet.conf"
- mode: 0644
- owner: root
- group: root
diff --git a/roles/atomic_proxy/templates/puppet/puppet.conf.j2 b/roles/atomic_proxy/templates/puppet/puppet.conf.j2
deleted file mode 100644
index 9731ff168..000000000
--- a/roles/atomic_proxy/templates/puppet/puppet.conf.j2
+++ /dev/null
@@ -1,40 +0,0 @@
-[main]
- # we need to override the host name of the container
- certname = ctr-proxy.{{ oo_env }}.rhcloud.com
-
- # The Puppet log directory.
- # The default value is '$vardir/log'.
- logdir = /var/log/puppet
-
- # Where Puppet PID files are kept.
- # The default value is '$vardir/run'.
- rundir = /var/run/puppet
-
- # Where SSL certificates are kept.
- # The default value is '$confdir/ssl'.
- ssldir = $vardir/ssl
- manifest = $manifestdir/site.pp
- manifestdir = /var/lib/puppet/environments/pub/$environment/manifests
- environment = {{ oo_env_long }}
- modulepath = /var/lib/puppet/environments/pub/$environment/modules:/var/lib/puppet/environments/pri/$environment/modules:/var/lib/puppet/environments/pri/production/modules:$confdir/modules:/usr/share/puppet/modules
-
-[agent]
- # The file in which puppetd stores a list of the classes
- # associated with the retrieved configuratiion. Can be loaded in
- # the separate ``puppet`` executable using the ``--loadclasses``
- # option.
- # The default value is '$confdir/classes.txt'.
- classfile = $vardir/classes.txt
-
- # Where puppetd caches the local configuration. An
- # extension indicating the cache format is added automatically.
- # The default value is '$confdir/localconfig'.
- localconfig = $vardir/localconfig
- server = puppet.ops.rhcloud.com
- environment = {{ oo_env_long }}
- pluginsync = true
- graph = true
- configtimeout = 600
- report = true
- runinterval = 3600
- splay = true
diff --git a/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2 b/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2
deleted file mode 100755
index d9aa2d811..000000000
--- a/roles/atomic_proxy/templates/sync/sync-proxy-configs.sh.j2
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-VOL_DIR=/var/lib/docker/volumes/proxy
-SSH_CMD="ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null"
-
-mkdir -p ${VOL_DIR}/etc/haproxy/
-rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/haproxy/ ${VOL_DIR}/etc/haproxy/
-
-mkdir -p ${VOL_DIR}/etc/httpd/
-rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/httpd/ ${VOL_DIR}/etc/httpd/
-
-mkdir -p ${VOL_DIR}/etc/pki/tls/
-rsync -e "${SSH_CMD}" -va --progress root@proxy1.{{ oo_env }}.rhcloud.com:/etc/pki/tls/ ${VOL_DIR}/etc/pki/tls/
-
-# We need to disable the haproxy chroot
-sed -i -re 's/^(\s+)chroot/\1#chroot/' /var/lib/docker/volumes/proxy/etc/haproxy/haproxy.cfg
diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2
deleted file mode 100644
index 988a9f544..000000000
--- a/roles/atomic_proxy/templates/systemd/ctr-proxy-1.service.j2
+++ /dev/null
@@ -1,32 +0,0 @@
-[Unit]
-Description=Container proxy-1
-
-
-[Service]
-Type=simple
-TimeoutStartSec=5m
-Slice=container-small.slice
-
-ExecStartPre=-/usr/bin/docker rm "proxy-1"
-
-ExecStart=/usr/bin/docker run --rm --name "proxy-1" \
- --volumes-from proxy-shared-data-1 \
- -a stdout -a stderr -p 80:80 -p 443:443 -p 4999:4999 \
- "docker-registry.ops.rhcloud.com/oso-v2-proxy:{{ oo_env }}"
-
-ExecReload=-/usr/bin/docker stop "proxy-1"
-ExecReload=-/usr/bin/docker rm "proxy-1"
-ExecStop=-/usr/bin/docker stop "proxy-1"
-
-[Install]
-WantedBy=container.target
-
-# Container information
-X-ContainerId=proxy-1
-X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-proxy:{{ oo_env }}
-X-ContainerUserId=
-X-ContainerRequestId=LwiWtYWaAvSavH6Ze53QJg
-X-ContainerType=simple
-X-PortMapping=80:80
-X-PortMapping=443:443
-X-PortMapping=4999:4999
diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2
deleted file mode 100644
index 975b0061b..000000000
--- a/roles/atomic_proxy/templates/systemd/ctr-proxy-monitoring-1.service.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-[Unit]
-Description=Container proxy-monitoring-1
-
-
-[Service]
-Type=simple
-TimeoutStartSec=5m
-Slice=container-small.slice
-
-ExecStartPre=-/usr/bin/docker rm "proxy-monitoring-1"
-
-ExecStart=/usr/bin/docker run --rm --name "proxy-monitoring-1" \
- --volumes-from proxy-shared-data-1 \
- -a stdout -a stderr \
- -e "OO_ENV={{ oo_env }}" \
- -e "OO_CTR_TYPE=proxy" \
- -e "OO_ZABBIX_HOSTGROUPS={{ oo_zabbix_hostgroups | join(',') }}" \
- -e "OO_ZABBIX_TEMPLATES=Template OpenShift Proxy Ctr" \
- "docker-registry.ops.rhcloud.com/oso-v2-monitoring:{{ oo_env }}"
-
-ExecReload=-/usr/bin/docker stop "proxy-monitoring-1"
-ExecReload=-/usr/bin/docker rm "proxy-monitoring-1"
-ExecStop=-/usr/bin/docker stop "proxy-monitoring-1"
-
-[Install]
-WantedBy=container.target
-
-# Container information
-X-ContainerId=proxy-monitoring-1
-X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-monitoring:{{ oo_env }}
-X-ContainerUserId=
-X-ContainerRequestId=LwiWtYWaAvSavH6Ze53QJg
-X-ContainerType=simple
-X-PortMapping=80:80
-X-PortMapping=443:443
-X-PortMapping=4999:4999
diff --git a/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2 b/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2
deleted file mode 100644
index c3f28f471..000000000
--- a/roles/atomic_proxy/templates/systemd/ctr-proxy-puppet-1.service.j2
+++ /dev/null
@@ -1,33 +0,0 @@
-[Unit]
-Description=Container proxy-puppet-1
-
-
-[Service]
-Type=simple
-TimeoutStartSec=5m
-Slice=container-small.slice
-
-
-ExecStartPre=-/usr/bin/docker rm "proxy-puppet-1"
-
-ExecStart=/usr/bin/docker run --rm --name "proxy-puppet-1" \
- --volumes-from proxy-shared-data-1 \
- -v /var/lib/docker/volumes/proxy_puppet/var/lib/puppet/ssl:/var/lib/puppet/ssl \
- -v /var/lib/docker/volumes/proxy_puppet/etc/puppet:/etc/puppet \
- -a stdout -a stderr \
- "docker-registry.ops.rhcloud.com/oso-v2-puppet:{{ oo_env }}"
-
-# Set links (requires container have a name)
-ExecReload=-/usr/bin/docker stop "proxy-puppet-1"
-ExecReload=-/usr/bin/docker rm "proxy-puppet-1"
-ExecStop=-/usr/bin/docker stop "proxy-puppet-1"
-
-[Install]
-WantedBy=container.target
-
-# Container information
-X-ContainerId=proxy-puppet-1
-X-ContainerImage=docker-registry.ops.rhcloud.com/oso-v2-puppet:{{ oo_env }}
-X-ContainerUserId=
-X-ContainerRequestId=Ky0lhw0onwoSDJR4GK6t3g
-X-ContainerType=simple
diff --git a/roles/atomic_proxy/vars/main.yml b/roles/atomic_proxy/vars/main.yml
deleted file mode 100644
index 1f90492fd..000000000
--- a/roles/atomic_proxy/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-oo_proxy_puppet_volume_dir: /var/lib/docker/volumes/proxy_puppet