diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-04 12:48:23 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-04 12:48:23 +0100 |
commit | c5a49b6abd35abfcba80a96143bf4a0740d5ac01 (patch) | |
tree | dc90c5aa992f57ded0f64cf04a80eb56de541df6 | |
parent | 23174522be12a56beaff342b97b39bba5b1d6d4f (diff) | |
download | infrastructure-c5a49b6abd35abfcba80a96143bf4a0740d5ac01.tar.gz |
Remove definitions for obsolete systems
Some of these systems are still up for now, but their demise has ben
announced:
https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-September/013812.html
86 files changed, 0 insertions, 3216 deletions
diff --git a/baserock_database/backup-snapshot.conf b/baserock_database/backup-snapshot.conf deleted file mode 100644 index cb3a2ff0..00000000 --- a/baserock_database/backup-snapshot.conf +++ /dev/null @@ -1,4 +0,0 @@ -services: - - mariadb.service - -volume: /dev/vg0/database diff --git a/baserock_database/baserock_gerrit.database_password.yml b/baserock_database/baserock_gerrit.database_password.yml deleted file mode 100644 index 38caa0cd..00000000 --- a/baserock_database/baserock_gerrit.database_password.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -66306339306134653238353966383236333636663732663137353838383862303161633133373961 -3537353033386136393732616335366437333464346332300a663532386263383766363063633531 -62303532376563323435343163303963343533353835333665343638393239323436653761323663 -6666636434636539320a616131383433613366363331373132323638383966303133376531646134 -35363338363562353935333934333739653237393031373439363238616138366461623136636334 -31616633613465333965323431376232313333343938663163333536653232326435376563383331 -313934363231363363306537333663316538 diff --git a/baserock_database/baserock_openid_provider.database_password.yml b/baserock_database/baserock_openid_provider.database_password.yml deleted file mode 100644 index 87168a6e..00000000 --- a/baserock_database/baserock_openid_provider.database_password.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32383734393262333363656131643833393837633732616236643132666666306338313630623063 -3139343230336532313731636530373666386434363835610a333166323433616232313562363339 -33316234313337393031616466626138633434653264643531323034616661386531646466666264 -3833646432373665340a613231366633616563333434376130393563316333303963643337363835 -38333130373239363439653766326332626634313964643631646266633263643564316264366135 -62326164376461363833646630663830333566636132333939643138333730323162643934366464 -353437623635626164383262343263656430 diff --git a/baserock_database/baserock_storyboard.database_password.yml b/baserock_database/baserock_storyboard.database_password.yml deleted file mode 100644 index 9eec86d8..00000000 --- a/baserock_database/baserock_storyboard.database_password.yml +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36386162356637613335666438383662663961383264396564303533336530363136636433613634 -3637383335653134343666323534326661303664326634320a373563663338626462646465326330 -31313930623731633737613161386464663061383433386237383234383064363735306166623039 -3261303036353166640a363666316534353566303665316365353966646466643136366336333363 -64653933356634623833313937393662626235343830613961643231613232336634313435346266 -3565336130396437663738346239666665396234383165666233 diff --git a/baserock_database/image-config.yml b/baserock_database/image-config.yml deleted file mode 100644 index 7b89e700..00000000 --- a/baserock_database/image-config.yml +++ /dev/null @@ -1,46 +0,0 @@ -# System configuration for Baserock database server. -# -# This Ansible playbook expects to be run on a Fedora 23 Cloud image. ---- -- hosts: database-mariadb - gather_facts: False - sudo: True - tasks: - # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/ - - name: install Python2 and required deps for Ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python - - - name: ensure system up to date - dnf: name=* state=latest - - - name: enable persistant journal - shell: mkdir /var/log/journal - args: - creates: /var/log/journal - - - name: install lvm2 tools - dnf: name=lvm2 state=latest - - - name: install MariaDB - dnf: name={{ item }} state=latest - with_items: - - mariadb - - mariadb-server - - MySQL-python - - # By default this is set to /var/lib/mysql, but this causes a hidden - # directory to be created in /var/lib/mysql (.local/share/systemd) which - # breaks MariaDB because it expects each directory in there to represent a - # database, and you see this when upgrading: - # - # Phase 2/6: Fixing views - # mysqlcheck: Got error: 1102: Incorrect database name '#mysql50#.local' when selecting the database - # - - name: fix home directory of MySQL user - user: name=mysql home=/ - - - name: disable SELinux on subsequent boots - selinux: state=disabled - - - name: disable SELinux on current boot - command: setenforce 0 diff --git a/baserock_database/instance-backup-config.yml b/baserock_database/instance-backup-config.yml deleted file mode 100644 index d04e809b..00000000 --- a/baserock_database/instance-backup-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Instance backup configuration for the baserock.org database. ---- -- hosts: database-mariadb - gather_facts: false - sudo: yes - vars: - FRONTEND_IP: 192.168.222.143 - tasks: - - name: pyyaml for Python 2 - dnf: PyYAML state=latest - - - name: backup-snapshot script - copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 - - - name: backup-snapshot config - copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf - - # We need to give the backup automation 'root' access, because it needs to - # manage system services, LVM volumes, and mounts, and because it needs to - # be able to read private data. The risk of having the backup key - # compromised is mitigated by only allowing it to execute the - # 'backup-snapshot' script, and limiting the hosts it can be used from. - - name: access for backup SSH key - authorized_key: - user: root - key: "{{ lookup('file', '../keys/backup.key.pub') }}" - # Quotes are important in this options, the OpenSSH server will reject - # the entry if the 'from' or 'command' values are not quoted. - key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' diff --git a/baserock_database/instance-config.yml b/baserock_database/instance-config.yml deleted file mode 100644 index b3f6a8c6..00000000 --- a/baserock_database/instance-config.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Instance configuration for Baserock database server. -# -# This script expects a volume to be available at /dev/vdb. ---- -- hosts: database-mariadb - gather_facts: False - sudo: yes - tasks: - - include: ../tasks/create-data-volume.yml lv_name=database lv_size=25g mountpoint=/var/lib/mysql - - - name: ensure mysql user owns /var/lib/mysql - file: path=/var/lib/mysql owner=mysql group=mysql mode=600 state=directory - - - name: start MariaDB service - service: name=mariadb state=started diff --git a/baserock_database/instance-mariadb-config.yml b/baserock_database/instance-mariadb-config.yml deleted file mode 100644 index 0febaaf4..00000000 --- a/baserock_database/instance-mariadb-config.yml +++ /dev/null @@ -1,71 +0,0 @@ -# MariaDB configuration for Baserock database server. -# -# The relevant .database_password.yml files will need to be available already. -# Create these manually and keep them somewhere safe and secret. ---- -- hosts: database-mariadb - gather_facts: False - vars_files: - - root.database_password.yml - - baserock_gerrit.database_password.yml - - baserock_openid_provider.database_password.yml - - baserock_storyboard.database_password.yml - tasks: - - name: creating root database user - mysql_user: | - name=root - password={{ root_password }} - login_host=127.0.0.1 - login_user=root - login_password={{ root_password }} - check_implicit_admin=yes - - - name: remove the MySQL test database - mysql_db: - name=test state=absent - login_host=127.0.0.1 - login_user=root - login_password={{ root_password }} - - # Note that UTF-8 encoding and collation is *not* the default. Don't remove - # those lines or you will end up with a horrible disaster of a database. - - name: adding databases - mysql_db: | - name={{ item }} - state=present - login_host=127.0.0.1 - login_user=root - login_password={{ root_password }} - collation=utf8_unicode_ci - encoding=utf8 - with_items: - - gerrit - - openid_provider - - storyboard - - # We could probably restrict the privileges of these users further... - # - # I feel like setting 'host="%"' (i.e. not enforcing that the account can - # only be used by IPs within the cloud's local network, or even a single - # known IP adress) is kind of bad practice, but since the database server - # is not exposed to the internet anyway I don't think it's important right - # now. - - name: adding other database users - mysql_user: | - name="{{ item.name }}" - host="%" - password={{ item.password }} - priv={{ item.priv }} - login_host=127.0.0.1 - login_user=root - login_password={{ root_password }} - with_items: - - name: gerrit - password: "{{ baserock_gerrit_password }}" - priv: gerrit.*:ALL - - name: openid - password: "{{ baserock_openid_provider_password }}" - priv: openid_provider.*:ALL - - name: storyboard - password: "{{ baserock_storyboard_password }}" - priv: storyboard.*:ALL diff --git a/baserock_database/root.database_password.yml b/baserock_database/root.database_password.yml deleted file mode 100644 index 68431d18..00000000 --- a/baserock_database/root.database_password.yml +++ /dev/null @@ -1,7 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -62383563663266373036633362393762316336386439303064313766336166353930623430356430 -3462373632333264303838633164653537336536316638620a356433386563643963363935356666 -34316337626364353430636466386135356531363331643165343332346631633732323062346138 -3665336632386361390a373030386438613332616632353733616262653561666438396437373738 -39313339313566613936353634376666346562373032646236386665633634323761303265323633 -6263643438623661633939366239363430366162393466663133 diff --git a/baserock_gerrit/All-Projects/groups b/baserock_gerrit/All-Projects/groups deleted file mode 100644 index da2baa74..00000000 --- a/baserock_gerrit/All-Projects/groups +++ /dev/null @@ -1,16 +0,0 @@ -# UUID Group Name -# -global:Anonymous-Users Anonymous Users -global:Project-Owners Project Owners -global:Registered-Users Registered Users - -# This file is filled in with the other group IDs by the -# gerrit-access-config.yml Ansible playbook. -b660c33b68509db9dbd9578ae00035da90c0d5eb Administrators -8e467a11f116bb716a65ac85e28bf09ebfeb0d63 Non-Interactive Users -898d9c4232b8fcac6a3b128f7264c5d4c8b1eead Developers -b8fc45c681b94669fe3fa965c48d5221a515a3a6 Mergers -8c788c828285c3dd0a8c1cc152de6735085def9f Mirroring Tools -a7a9cc6639bd943e47da0d20b39267a08b43cd91 Release Team -d643abb0ad6e9d5ac33093af5cd3a3d4e484d95d Reviewers -cea6c19a08e11b74e63a567e050bec2c6eeb14dc Testers diff --git a/baserock_gerrit/All-Projects/project.config b/baserock_gerrit/All-Projects/project.config deleted file mode 100644 index f3069904..00000000 --- a/baserock_gerrit/All-Projects/project.config +++ /dev/null @@ -1,125 +0,0 @@ -# Top-level access controls for projects on Baserock Gerrit. - -# These can be overridden by a project's own project.config file. They are also -# overridden by the config of a project's parent repo, if it is set to something -# other than the default parent project 'All-Projects'. - -# Useful references: -# -# https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/access-control.html -# https://git.openstack.org/cgit/openstack-infra/system-config/tree/doc/source/gerrit.rst - -# To deploy changes to this file, you need to manually commit it and push it to -# the 'refs/meta/config' ref of the All-Projects repo in Gerrit. - -[project] - description = Access inherited by all other projects. - -[receive] - requireContributorAgreement = false - requireSignedOffBy = false - requireChangeId = true - -[submit] - mergeContent = true - action = rebase if necessary - -[capability] - administrateServer = group Administrators - priority = batch group Non-Interactive Users - streamEvents = group Non-Interactive Users - - createProject = group Mirroring Tools - -# Everyone can read everything. -[access "refs/*"] - read = group Administrators - read = group Anonymous Users - - -# Developers can propose changes. All 'Registered Users' are 'Developers'. -[access "refs/for/refs/*"] - push = group Developers - pushMerge = group Developers - - -[access "refs/heads/*"] - forgeAuthor = group Developers - rebase = group Developers - label-Code-Review = -2..+2 group Mergers - submit = group Mergers - label-Code-Review = -1..+1 group Reviewers -# label-Verified = -1..+1 group Testers - - create = group Administrators - forgeAuthor = group Administrators - forgeCommitter = group Administrators - push = group Administrators - create = group Project Owners - forgeAuthor = group Project Owners - forgeCommitter = group Project Owners - push = group Project Owners - create = group Mergers - forgeAuthor = group Mergers - push = +force group Mergers - - create = group Mirroring Tools - forgeAuthor = group Mirroring Tools - forgeCommitter = group Mirroring Tools - push = +force group Mirroring Tools - - -# Nobody should be able to force push to 'master'. In particular, if Lorry -# can force-push master then it will do, in the course of mirroring from -# git.baserock.org, and this may undo merges that Gerrit just did and really -# confuse things. -[access "refs/heads/master"] - exclusiveGroupPermissions = push - push = block +force group Mergers - push = block +force group Mirroring Tools - - -[access "refs/tags/*"] - pushTag = group Release Team - pushSignedTag = group Release Team - - pushTag = group Administrators - pushSignedTag = group Administrators - pushTag = group Project Owners - pushSignedTag = group Project Owners - - create = group Mirroring Tools - forgeAuthor = group Mirroring Tools - forgeCommitter = group Mirroring Tools - push = +force group Mirroring Tools - pushTag = +force group Mirroring Tools - pushSignedTag = +force group Mirroring Tools - - -# Changing project configuration is allowed for Administrators only. (In theory -# anyone who owns a project can change its permissions, but right now all -# projects should be owned by the Administrators group). -[access "refs/meta/config"] - exclusiveGroupPermissions = read - - read = group Administrators - push = group Administrators - read = group Project Owners - push = group Project Owners - -[label "Code-Review"] - function = MaxWithBlock - copyMinScore = true - value = -2 Do not merge - value = -1 This patch needs further work before it can be merged - value = 0 No score - value = +1 Looks good to me, but someone else must approve - value = +2 Looks good to me, approved - -# Disabled for now, because there is no automated test tool hooked up to our -# Gerrit yet. -#[label "Verified"] -# function = MaxWithBlock -# value = -1 Failed -# value = 0 No score -# value = +1 Verified diff --git a/baserock_gerrit/backup-snapshot.conf b/baserock_gerrit/backup-snapshot.conf deleted file mode 100644 index e8e2f3fc..00000000 --- a/baserock_gerrit/backup-snapshot.conf +++ /dev/null @@ -1,5 +0,0 @@ -services: - - lorry-controller-minion@1.service - - gerrit.service - -volume: /dev/vg0/gerrit diff --git a/baserock_gerrit/baserock_gerrit.morph b/baserock_gerrit/baserock_gerrit.morph deleted file mode 100644 index f7907963..00000000 --- a/baserock_gerrit/baserock_gerrit.morph +++ /dev/null @@ -1,27 +0,0 @@ -name: baserock_gerrit -kind: cluster - -description: | - Deployment .morph for baserock.org Gerrit system. - - Configuration of the system is handled separately, with a series of - Ansible playbooks that should be run after an instance of the system - is up and running. See the README for instructions. - -systems: -- morph: systems/gerrit-system-x86_64.morph - deploy: - gerrit.baserock.org: - type: extensions/openstack - location: https://compute.datacentred.io:5000/v2.0 - - # You can use this method to deploy upgrades over SSH, after the - # machine is deployed. - upgrade-type: extensions/ssh-rsync - upgrade-location: root@192.168.222.69 - - OPENSTACK_IMAGENAME: baserock_gerrit - CLOUD_INIT: true - DISK_SIZE: 3G - HOSTNAME: gerrit - KERNEL_ARGS: console=tty0 console=ttyS0 diff --git a/baserock_gerrit/branding/GerritSite.css b/baserock_gerrit/branding/GerritSite.css deleted file mode 100644 index 6a17f43d..00000000 --- a/baserock_gerrit/branding/GerritSite.css +++ /dev/null @@ -1,15 +0,0 @@ -body {color: #000 !important; background: url("static/openstack-page-bkg.jpg") no-repeat scroll 0 0 white !important; position: static} -#gerrit_header {display: block !important; position: relative; top: -60px; margin-bottom: -60px; width: 200px; padding-left: 17px} -#gerrit_header h1 {font-family: 'PT Sans', sans-serif; font-weight: normal; letter-spacing: -1px} - -#gerrit_topmenu {background: none; position:relative; top: 0px; left: 220px; margin-right: 220px} - -#gerrit_topmenu tbody tr td table {border: 0} - -#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;} -#gerrit_topmenu .gwt-Button {padding: 3px 6px} -.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;} -.gwt-TabBarItem {color: #353535; border-right: 0 !important} -.gwt-TabBar .gwt-TabBarItem, .gwt-TabBar .gwt-TabBarRest, .gwt-TabPanelBottom {background: 0 !important;} - -#gerrit_topmenu .gwt-TextBox {width: 250px} diff --git a/baserock_gerrit/branding/GerritSiteHeader.html b/baserock_gerrit/branding/GerritSiteHeader.html deleted file mode 100644 index 5ad8d902..00000000 --- a/baserock_gerrit/branding/GerritSiteHeader.html +++ /dev/null @@ -1 +0,0 @@ -<h2 class="typo3-logo"> <a href="/"><img src="/static/baserock-logo.png" width="200" /></a> </h2> diff --git a/baserock_gerrit/branding/baserock-logo.png b/baserock_gerrit/branding/baserock-logo.png Binary files differdeleted file mode 100644 index 65811263..00000000 --- a/baserock_gerrit/branding/baserock-logo.png +++ /dev/null diff --git a/baserock_gerrit/branding/openstack-page-bkg.jpg b/baserock_gerrit/branding/openstack-page-bkg.jpg Binary files differdeleted file mode 100644 index f788c41c..00000000 --- a/baserock_gerrit/branding/openstack-page-bkg.jpg +++ /dev/null diff --git a/baserock_gerrit/gerrit-access-config.yml b/baserock_gerrit/gerrit-access-config.yml deleted file mode 100644 index cb8c4fea..00000000 --- a/baserock_gerrit/gerrit-access-config.yml +++ /dev/null @@ -1,159 +0,0 @@ -# Baserock Gerrit access controls, and predefined users, groups and projects. -# -# This Ansible playbook requires the ansible-gerrit modules: -# -# https://www.github.com/ssssam/ansible-gerrit -# -# These modules depend on pygerrit: -# -# https://www.github.com/sonyxperiadev/pygerrit/ -# -# If you want to change the configuration, just edit this script and rerun it, -# as described in the README. -# -# This script currently doesn't handle committing changes to the access control -# rules for the 'All-Projects' project. To set up or modify the access control -# rules, you'll need to manually commit project.config (in the All-Projects -# subdirectory) to the 'refs/meta/config' ref of the All-Projects repo in -# Gerrit. The 'groups' file will need to list all the groups referenced in -# project.config. This script will add the UUIDs of all groups listed below -# to the All-Projects/groups file, so you don't have to create it manually. ---- -- hosts: localhost - tasks: - # System groups: - # - Anonymous Users - # - Change Owner - # - Project Owners - # - Registered Users - - # Prefined groups: - # - Administrators - # - Non-Interactive Users - - - gerrit_group: - name: Administrators - register: administrators_group - - - gerrit_group: - name: Non-Interactive Users - register: non_interactive_users_group - - # The 'owner' of a group defines who can modify that group. Users - # who are in the 'owner' group for a group 'Groupies' can add and remove - # people (and other groups) from 'Groupies' and can change the name, - # description and owner of 'Groupies.' Since we don't want the - # names, descriptions or owners of these predefined groups being - # changed, they are all left owned by the Administrators group. - - - gerrit_group: - name: Developers - description: Registered users who choose to submit changes for consideration. - owner: Administrators - included_groups: - - Registered Users - register: developers_group - - # Right now all Mergers are in the Release Team by default. - - gerrit_group: - name: Release Team - description: Developers who can tag releases - owner: Administrators - included_groups: - - Mergers - register: release_team_group - - - gerrit_group: - name: Mergers - description: Developers who can trigger the actual merging of a change. - owner: Administrators - register: mergers_group - - - gerrit_group: - name: Mirroring Tools - description: Programs that pull changes from external repositories into Gerrit's Git server - owner: Administrators - register: mirroring_tools_group - - - gerrit_group: - name: Reviewers - description: Registered users who choose to give +1 / -1 reviews to proposed changes. - owner: Administrators - included_groups: - - Registered Users - register: reviewers_group - - - gerrit_group: - name: Testers - description: Testers that can give +1 / -1 Verified to proposed changes. - owner: Administrators - register: testers_group - - # Non-interactive accounts. - - - gerrit_account: - username: firehose - fullname: Firehose integration bot - email: firehose@baserock.org - groups: - - Non-Interactive Users - - Developers - #ssh_key: xx - - - gerrit_account: - username: lorry - fullname: Lorry mirroring service - email: lorry@baserock.org - groups: - - Mirroring Tools - - Non-Interactive Users - # FIXME: ansible-gerrit module should be able to handle a filename - # here, instead of needing this hack to read the contents. - ssh_key: "{{ lookup('file', '../keys/lorry-gerrit.key.pub') }}" - - - gerrit_account: - username: mason - fullname: Mason automated tester - email: mason@baserock.org - groups: - - Non-Interactive Users - - Testers - #ssh_key: xx - - # It'd make more sense to do this in the mirroring-config.yml file, but - # then the admin would need to supply their Gerrit credentials to that - # playbook too (which is more tricky, because it doesn't run on - # 'localhost'). - - name: repo to hold Lorry Controller mirroring configuration - gerrit_project: - name: local-config/lorries - description: Configuration for Lorry for mirroring from Trove - - - name: create 'groups' mapping required by Gerrit - lineinfile: - create: yes - dest: All-Projects/groups - line: "{{ item.group_info.id }}\t{{ item.group_info.name }}" - with_items: - - "{{ administrators_group }}" - - "{{ non_interactive_users_group }}" - - "{{ developers_group }}" - - "{{ mergers_group }}" - - "{{ mirroring_tools_group }}" - - "{{ release_team_group }}" - - "{{ reviewers_group }}" - - "{{ testers_group }}" - - - name: push access configuration for all repos - git_commit_and_push: - repo: "{{ ansible_env.GERRIT_ADMIN_REPO }}" - ref: refs/meta/config - files: - - ./All-Projects/groups - - ./All-Projects/project.config - strip_path_components: 1 - commit_message: | - Update global project access control rules. - - This commit was made by an Ansible playbook living in - git://git.baserock.org/baserock/baserock/infrastructure. diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config deleted file mode 100644 index e162f052..00000000 --- a/baserock_gerrit/gerrit.config +++ /dev/null @@ -1,54 +0,0 @@ -# This is the main Gerrit configuration. If you make changes to this -# file, rerun `ansible-playbook -i hosts baserock_gerrit/instance-config.yml` -# to deploy them to production. - -[gerrit] - basePath = git - canonicalWebUrl = https://gerrit.baserock.org/ -[database] - type = mysql - hostname = 192.168.222.30 - database = gerrit - username = gerrit -[index] - type = LUCENE -[auth] - type = OPENID_SSO - allowedOpenID = https://openid.baserock.org/ - trustedOpenID = https://openid.baserock.org/ - # XRDS is a mechanism for saying 'here are the services I provide'. Gerrit - # expects the URL provided here to describe the OpenID provider service - # using XRDS. - openIdSsoUrl = https://openid.baserock.org/openid/xrds/ -[sendemail] - smtpServer = 192.168.222.145 - # Send mails as '${user} (Code Review) <gerrit.baserock.org>' - # The gerrit@baserock.org email comes from the user.email setting - # below - from = MIXED -[user] - name = Baserock Gerrit - email = gerrit@baserock.org -[sshd] - listenAddress = *:29418 -[httpd] - listenUrl = proxy-https://*:8080/ -[cache] - directory = cache -[cache "web_sessions"] - # Remember user logins for a year (default is 12 hours, which gets a - # bit annoying). - maxAge = 1 y -[user] - email = "gerrit@baserock.org" - -# It seems like a bad idea to enable remote administration of plugins, but -# there is absolutely no information available on how to do 'local' -# administration of Gerrit plugins, so we can't really avoid it. -[plugins] - allowRemoteAdmin = true -[container] - user = gerrit - javaHome = {{ JRE_DIR }}/jre -[receive] - enableSignedPush = false diff --git a/baserock_gerrit/gerrit.service b/baserock_gerrit/gerrit.service deleted file mode 100644 index 478693c3..00000000 --- a/baserock_gerrit/gerrit.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Gerrit Code Review Server -After=network.target - -[Service] -User=gerrit -Group=gerrit -Type=simple -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=gerrit -ExecStart={{ run_gerrit }} daemon --site-path /srv/gerrit --console-log -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/baserock_gerrit/instance-backup-config.yml b/baserock_gerrit/instance-backup-config.yml deleted file mode 100644 index cc647285..00000000 --- a/baserock_gerrit/instance-backup-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Instance backup configuration for the baserock.org Gerrit system. ---- -- hosts: gerrit - gather_facts: false - vars: - FRONTEND_IP: 192.168.222.143 - tasks: - - name: backup-snapshot script - copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 - - - name: backup-snapshot config - copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf - - # Would be good to limit this to 'backup' user. - - name: passwordless sudo - lineinfile: dest=/etc/sudoers state=present line='%wheel ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' - - # We need to give the backup automation 'root' access, because it needs to - # manage system services, LVM volumes, and mounts, and because it needs to - # be able to read private data. The risk of having the backup key - # compromised is mitigated by only allowing it to execute the - # 'backup-snapshot' script, and limiting the hosts it can be used from. - - name: access for backup SSH key - authorized_key: - user: root - key: "{{ lookup('file', '../keys/backup.key.pub') }}" - # Quotes are important in this options, the OpenSSH server will reject - # the entry if the 'from' or 'command' values are not quoted. - key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml deleted file mode 100644 index 60ab9e8f..00000000 --- a/baserock_gerrit/instance-ca-certificate-config.yml +++ /dev/null @@ -1,30 +0,0 @@ -# The CA chain needed for the baserock.org certificate we use is present in -# the system, but it's not present in the set of trusted root certificates -# bundled with Java. -# -# We need Gerrit to trust the baserock.org certificate so that it will trust -# https://openid.baserock.org/. -# -# This playbook is a hack at present: the second time you run it, the command -# will fail because the certificate is already present. There is a proposed -# Ansible module that can do this in a nicer way: -# <https://github.com/ansible/ansible-modules-extras/pull/286/commits>. ---- -- hosts: gerrit - gather_facts: False - vars: - JRE_DIR: /opt/jdk1.8.0_40 - tasks: - - name: baserock.org SSL certificate with chain of trust - copy: - src: ../certs/frontend.pem - dest: /home/gerrit - - - name: install SSL certificate into Java certificate keystore - java_cert: - cert_alias: baserock-frontent-cert - cert_path: /home/gerrit/frontend.pem - keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts" - executable: "{{ JRE_DIR }}/jre/bin/keytool" - keystore_pass: changeit - state: present diff --git a/baserock_gerrit/instance-config.yml b/baserock_gerrit/instance-config.yml deleted file mode 100644 index 30bdf7ae..00000000 --- a/baserock_gerrit/instance-config.yml +++ /dev/null @@ -1,133 +0,0 @@ -# Instance-specific configuration for the baserock.org Gerrit system. -# -# You must have the Java SE Runtime Environment binary available in the -# baserock_gerrit directory when you run this script. -# -# Download it from here: -# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html> -# -- hosts: gerrit - gather_facts: False - vars: - GERRIT_VERSION: 2.13.1 - - # Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html - JRE_FILE: server-jre-8u40-linux-x64.tar.gz - # This path should correspond to where the JRE ends up if you extract the - # downloaded tarball in /opt. - JRE_DIR: /opt/jdk1.8.0_40 - - # Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html - JCE_FILE: jce_policy-8.zip - - run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war" - vars_files: - - ../baserock_database/baserock_gerrit.database_password.yml - tasks: - - name: add gerrit user - user: - name: gerrit - shell: /bin/false - generate_ssh_key: yes - ssh_key_comment: gerrit@baserock.org - - - name: unpack the Java Runtime Environment - unarchive: src={{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }} - - # The Java Cryptography Extensions are needed in order to enable all SSH - # ciphers, due to US export restrictions. - - name: unpack the Java Cryptography Extensions - unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/ - - - name: install the Java Cryptography Extensions - file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes - with_items: - - local_policy.jar - - US_export_policy.jar - - - name: create /opt/gerrit - file: path=/opt/gerrit state=directory - - - name: download Gerrit - get_url: - url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war - dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war - - - include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit - - - name: ensure 'gerrit' user owns /srv/gerrit - file: path=/srv/gerrit owner=gerrit group=gerrit state=directory - - - name: initialise Gerrit application directory - command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config" - sudo: yes - sudo_user: gerrit - - - name: extract and install some plugins for gerrit - shell: unzip /opt/gerrit/gerrit-{{ GERRIT_VERSION}}.war WEB-INF/plugins/{{ item }}.jar -p > /srv/gerrit/plugins/{{ item }}.jar - args: - creates: /srv/gerrit/plugins/{{ item }}.jar - with_items: - - replication - - download-commands - sudo: yes - sudo_user: gerrit - - # WARNING Non core plugins are not compiled inside gerrit.war file, we need to - # download them from somwhere else (https://gerrit-ci.gerritforge.com/ or - # http://builds.quelltextlich.at/gerrit/nightly/index.html). - # - # We install them from there, but some of the plugins don't have an stable branch for - # a given gerrit version. Check before runnig this script that this task - # is pointing to the right version (API compatible) of the plugin - - name: install non-core plugins for gerrit - shell: wget https://gerrit-ci.gerritforge.com/job/plugin-{{ item }}-master/lastBuild/artifact/buck-out/gen/plugins/{{ item }}/{{ item }}.jar -O /srv/gerrit/plugins/{{ item }}.jar - args: - creates: /srv/gerrit/plugins/{{ item }}.jar - with_items: - - avatars-gravatar - sudo: yes - sudo_user: gerrit - - - name: download extra Java libraries - get_url: - url: "{{ item }}" - dest: /srv/gerrit/lib - with_items: - # MySQL Java Connector - - http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar - - # Bouncy Castle Crypto APIs for Java. The interactive `gerrit init` - # command recommends installing these libraries, and who am I to argue? - - http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar - - http://repo2.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar - - - name: install gerrit.config - template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config - - - name: install images for branding - copy: src=branding/{{ item }} dest=/srv/gerrit/static/{{ item }} - with_items: - - baserock-logo.png - - openstack-page-bkg.jpg - sudo: yes - sudo_user: gerrit - - - name: install HTML and CSS for branding - copy: src=branding/{{ item }} dest=/srv/gerrit/etc/{{ item }} - with_items: - - GerritSiteHeader.html - - GerritSite.css - sudo: yes - sudo_user: gerrit - - - name: set database password - command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}" - sudo: yes - sudo_user: gerrit - - - name: install gerrit.service - template: src=gerrit.service dest=/etc/systemd/system/gerrit.service - - - name: start Gerrit service - service: name=gerrit enabled=yes state=restarted diff --git a/baserock_gerrit/instance-mirroring-config.yml b/baserock_gerrit/instance-mirroring-config.yml deleted file mode 100644 index 19ac76cc..00000000 --- a/baserock_gerrit/instance-mirroring-config.yml +++ /dev/null @@ -1,68 +0,0 @@ -# This Ansible playbook configures mirroring in and out of Gerrit. -# -# To run it, use: -# ansible-playbook -i hosts baserock_gerrit/instance-mirroring-config.yml -# -# It expects the SSH key for the 'lorry' user to exist at -# ../keys/lorry-gerrit.key. -# -# This script currently doesn't handle the lorry-controller.conf file that -# controls what lorry-controller mirrors into Gerrit. To set up or modify -# lorry-controller configuration you need to commit your changes to the -# 'local-config/lorries' project on the Gerrit. ---- -- hosts: gerrit - gather_facts: no - sudo: yes - tasks: - - name: Lorry user - user: name=lorry comment="Lorry mirroring service" - - # Ansible can generate a new SSH key for Lorry when we add the user, - # but it seems tricky to then extract this and add it to the 'lorry' Gerrit - # user. - - name: SSH private key for Lorry user - copy: src=../keys/lorry-gerrit.key dest=~/.ssh/id_rsa mode=600 - sudo_user: lorry - - - name: SSH public key for Lorry user - copy: src=../keys/lorry-gerrit.key.pub dest=~/.ssh/id_rsa.pub mode=644 - sudo_user: lorry - - - name: directory in /etc for Lorry Controller system configuration - file: dest=/etc/lorry-controller state=directory - - - name: Lorry tool configuration - copy: src=lorry.conf dest=/etc/lorry.conf - - - name: Lorry Controller system configuration - copy: - src=lorry-controller/{{ item }} - dest=/etc/lorry-controller/{{ item }} - with_items: - - minion.conf - - webapp.conf - - - name: enable and restart core lorry controller services. - service: name={{ item }} enabled=yes state=restarted - with_items: - - lighttpd-lorry-controller-webapp.service - - lorry-controller-minion@1.service - - - name: enable lorry-controller scheduled activity timers - service: name={{ item }} enabled=yes - with_items: - - lorry-controller-ls-troves.timer - - lorry-controller-readconf.timer - - lorry-controller-remove-ghost-jobs.timer - - lorry-controller-remove-old-jobs.timer - - lorry-controller-status.timer - - - name: gerrit-replication configuration - copy: src=replication.config dest=/srv/gerrit/etc - notify: - - restart gerrit - -handlers: - - name: restart gerrit - service: name=gerrit state=restarted diff --git a/baserock_gerrit/lorry-controller.conf b/baserock_gerrit/lorry-controller.conf deleted file mode 100644 index 3f4818fe..00000000 --- a/baserock_gerrit/lorry-controller.conf +++ /dev/null @@ -1,38 +0,0 @@ -[ - { - "type": "trove", - - "trovehost": "git.baserock.org", - "protocol": "http", - - "prefixmap": { - "baserock": "baserock", - "delta": "delta" - }, - - "ignore": [ - "baserock/baserock/documentation", - "baserock/baserock/jenkins-config", - "baserock/baserock/lorries", - "baserock/baserock/morph-cache-server", - "baserock/baserock/morphs", - "baserock/baserock/remo", - "baserock/local-config/mason", - "baserock/site/*", - "baserock/tests/*", - "delta/*" - ], - - "ls-interval": "4H", - "interval": "2M" - }, - - { - "type": "lorries", - "interval": "2M", - "prefix": "delta", - "globs": [ - "delta-lorries/*.lorry" - ] - } -] diff --git a/baserock_gerrit/lorry-controller/minion.conf b/baserock_gerrit/lorry-controller/minion.conf deleted file mode 100644 index 99abdba8..00000000 --- a/baserock_gerrit/lorry-controller/minion.conf +++ /dev/null @@ -1,6 +0,0 @@ -[config] -log = syslog -log-level = debug -webapp-host = localhost -webapp-port = 12765 -webapp-timeout = 3600 diff --git a/baserock_gerrit/lorry-controller/webapp.conf b/baserock_gerrit/lorry-controller/webapp.conf deleted file mode 100644 index 755dd61e..00000000 --- a/baserock_gerrit/lorry-controller/webapp.conf +++ /dev/null @@ -1,13 +0,0 @@ -[config] -log = /home/lorry/webapp.log -log-max = 100M -log-keep = 1 -log-level = debug -statedb = /home/lorry/webapp.db -configuration-directory = /home/lorry/confgit -status-html = /home/lorry/lc-status.html -wsgi = yes -debug-port = 12765 -templates = /usr/share/lorry-controller/templates -confgit-url = http://localhost:8080/local-config/lorries -git-server-type = gerrit diff --git a/baserock_gerrit/lorry.conf b/baserock_gerrit/lorry.conf deleted file mode 100644 index 03c1177b..00000000 --- a/baserock_gerrit/lorry.conf +++ /dev/null @@ -1,8 +0,0 @@ -[config] -mirror-base-url-push = ssh://lorry@localhost:29418/ -bundle = never -tarball = never -working-area = /home/lorry/working-area -verbose = yes -log = /dev/stdout -log-level = debug diff --git a/baserock_gerrit/replication.config b/baserock_gerrit/replication.config deleted file mode 100644 index 067acc9b..00000000 --- a/baserock_gerrit/replication.config +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration for gerrit-replication plugin. -# -# This handles pushing changes from gerrit.baserock.org to git.baserock.org. -# -# To deploy changes in this file to production, run: -# ansible-playbook -i hosts baserock_gerrit/instance-mirroring-config.yml - -[remote "trove"] - url = ssh://git@git.baserock.org/${name}.git - - # Disable force-pushing and only sync 'master' and tags. - # - # This will probably prove annoying and we'll need to mirror more branches in - # future. But right now there are hundreds of personal branches and I want to - # avoid potential push errors for branches we don't care about. - push = refs/heads/master:refs/heads/master - push = refs/tags/*:refs/tags/* - - createMissingRepositories = false - replicatePermissions = false - - # What to sync: this is a regexp that must match the whole project name. - projects = ^baserock/.*$ - - # If true, gerrit-replication will remove remote branches that are absent in - # the trove. This is a bit dangerous, but necessary if we are to make gerrit - # the 'master'. Note that if you set 'authGroup', branches that are not - # visible to the configured authorisation group will also be removed. So do - # not set 'authGroup' to anything. - mirror = false diff --git a/baserock_mail/image-config.yml b/baserock_mail/image-config.yml deleted file mode 100644 index 8d65b4f7..00000000 --- a/baserock_mail/image-config.yml +++ /dev/null @@ -1,22 +0,0 @@ -# System configuration for Baserock mail relay. -# -# This Ansible playbook expects to be run on a Fedora 23 Cloud image. ---- -- hosts: mail - gather_facts: false - sudo: yes - tasks: - # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/ - - name: install Python2 and required deps for Ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python - - - name: enable persistant journal - shell: mkdir /var/log/journal - args: - creates: /var/log/journal - - - name: ensure system up to date - dnf: name=* state=latest - - - name: exim4 installation - dnf: name=exim state=installed diff --git a/baserock_mail/instance-config.yml b/baserock_mail/instance-config.yml deleted file mode 100644 index b3cd3999..00000000 --- a/baserock_mail/instance-config.yml +++ /dev/null @@ -1,72 +0,0 @@ -# Configuration for Baserock mail relay -# -# This Ansible playbook expects to be run after the image-config.yml playbook. ---- -- hosts: mail - gather_facts: false - sudo: yes - vars: - LOCAL_IP: 192.168.222.145 - PUBLIC_DOMAIN_NAME: mail.baserock.org - tasks: - # Fedora provides a default /etc/exim/exim.conf. Rather than copy it and - # overwrite it, since we only need to make a few changes, I've used the - # lineinfile module to do search-and-replace. It's a bit ugly though. It - # may be better to just embed exim.conf. - - # Several restrictions here are also enforced by the internal-mail-relay - # security group in firewall.yml, which only opens port 25, and only for - # traffic from the local network. - - # This machine is only for sending mail. - - name: do not accept any incoming mail - lineinfile: - regexp: '^domainlist\s+local_domains.*$' - line: 'domainlist local_domains = ' - dest: /etc/exim/exim.conf - - - name: only accept mail from local network - lineinfile: - regexp: '^hostlist\s+relay_from_hosts.*$' - line: 'hostlist relay_from_hosts = 192.168.222.0/24' - dest: /etc/exim/exim.conf - - - name: only listen on internal interface - lineinfile: - regexp: '^#?local_interfaces.*$' - line: 'local_interfaces = <; ::1 ; 127.0.0.1 ; {{ LOCAL_IP }}' - insertbefore: BOF - dest: /etc/exim/exim.conf - - # The automation email addresses like gerrit@baserock.org do have aliases, - # but these are currently configured at Pepperfish, where our MX (mail) - # records for baserock.org point. So Exim thinks they are not routable - # and refuses to send mail from them, unless we disable this. Note that - # the address does have to be routable by something, or the receiving mail - # server may reject the mail anyway. - - name: do not verify that sender is routable within this Exim instance - lineinfile: - regexp: '^#?\s*require\s+verify\s+=\s+sender.*$' - line: '# require verify = sender' - dest: /etc/exim/exim.conf - - # We don't have DNS in the internal baserock.org cloud right now, so this - # would be pointless. - - name: do not try to resolve hosts making SMTP requests - lineinfile: - regexp: '^#?\s+host_lookup = .*$' - line: '# host_lookup = *' - dest: /etc/exim/exim.conf - - # The hostname of the machine will be 'mail', which isn't a fully-qualified - # domain name so will be rejected by SMTP servers. Ideally we would have - # mail.baserock.org set up and pointing to the floating IP of this machine. - # For now, we just have the IP. - - name: set primary hostname to public IP - lineinfile: - regexp: '^#?\s+primary_hostname =.*$' - line: 'primary_hostname = {{ PUBLIC_DOMAIN_NAME }}' - dest: /etc/exim/exim.conf - - - name: exim4 service - service: name=exim state=started enabled=yes diff --git a/baserock_openid_provider/baserock_openid_provider.secret_key.yml b/baserock_openid_provider/baserock_openid_provider.secret_key.yml deleted file mode 100644 index 166beebd..00000000 --- a/baserock_openid_provider/baserock_openid_provider.secret_key.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36663263633734313761323739363430616565623931343036636366313233643363356334633038 -3962643134303938326233336266396261623862316536390a363135646333356334663763333735 -64303365626430666531366232333564366663633031623834663063363632356362386361626137 -3833363630353434330a666437373232666263616562386337643138333530323137643530386539 -62316564393261393866633030633033376663626566643861363533333665313431343366323063 -30643039363538306461343130316137383939313561346335653561653964373137373032646363 -62356436663138633839333662353865306665333639343364333164663064643561613430303836 -33376365653236383662663837373739663463323434393734333631376564666135393066366266 -3731 diff --git a/baserock_openid_provider/baserock_openid_provider/__init__.py b/baserock_openid_provider/baserock_openid_provider/__init__.py deleted file mode 100644 index 8dd54d2a..00000000 --- a/baserock_openid_provider/baserock_openid_provider/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -import signals diff --git a/baserock_openid_provider/baserock_openid_provider/forms.py b/baserock_openid_provider/baserock_openid_provider/forms.py deleted file mode 100644 index dd6a414d..00000000 --- a/baserock_openid_provider/baserock_openid_provider/forms.py +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright (C) 2015 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -from registration.forms import RegistrationForm - -from django import forms -from django.utils.translation import ugettext_lazy as _ - - -class RegistrationFormWithNames(RegistrationForm): - # I'd rather just have a 'Full name' box, but django.contrib.auth is - # already set up to separate first_name and last_name. - - first_name = forms.CharField(label=_("First name(s)"), - required=False) - last_name = forms.CharField(label=_("Surname")) diff --git a/baserock_openid_provider/baserock_openid_provider/settings.py b/baserock_openid_provider/baserock_openid_provider/settings.py deleted file mode 100644 index b4d38c2c..00000000 --- a/baserock_openid_provider/baserock_openid_provider/settings.py +++ /dev/null @@ -1,174 +0,0 @@ -""" -Django settings for baserock_openid_provider project. - -For more information on this file, see -https://docs.djangoproject.com/en/1.7/topics/settings/ - -For the full list of settings and their values, see -https://docs.djangoproject.com/en/1.7/ref/settings/ -""" - -import yaml - -import os - -# You must ensure this is the correct IP address! -DATABASE_HOST = '192.168.222.146' - -BASE_DIR = os.path.dirname(os.path.dirname(__file__)) - -# Quick-start development settings - unsuitable for production -# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ - -# SECURITY WARNING: keep the secret key used in production secret! -secret_key_file = '/etc/baserock_openid_provider.secret_key.yml' -with open(secret_key_file) as f: - data = yaml.load(f) - SECRET_KEY = data['baserock_openid_provider_secret_key'] - -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = False - -TEMPLATE_DEBUG = True - -ALLOWED_HOSTS = [ - 'openid.baserock.org', -] - -# All connections for openid.baserock.org are forced through HTTPS by HAProxy. -# This line is necessary so that the Django code generates https:// rather than -# http:// URLs for internal redirects. -# -# You MUST remove this line if this application is not running behind a proxy -# that forces all traffic through HTTPS. -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') - - -# Application definition - -INSTALLED_APPS = ( - 'baserock_openid_provider', - 'django.contrib.admin', - 'django.contrib.auth', - 'django.contrib.contenttypes', - 'django.contrib.sessions', - 'django.contrib.messages', - 'django.contrib.staticfiles', - 'openid_provider', - 'registration' -) - -MIDDLEWARE_CLASSES = ( - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', -) - -ROOT_URLCONF = 'baserock_openid_provider.urls' - -WSGI_APPLICATION = 'baserock_openid_provider.wsgi.application' - - -# Logging - -LOGGING = { - 'version': 1, - 'disable_existing_loggers': False, - 'formatters': { - 'simple': { - 'format': '%(asctime)s %(message)s' - } - }, - 'handlers': { - 'file': { - 'level': 'DEBUG', - 'formatter': 'simple', - 'class': 'logging.handlers.RotatingFileHandler', - 'filename': '/var/log/baserock_openid_provider/debug.log', - 'maxBytes': 10 * 1024 * 1024, - 'backupCount': 0, - } - }, - 'loggers': { - 'django.request': { - 'handlers': ['file'], - 'level': 'DEBUG', - 'propagate': True, - }, - 'openid_provider.views': { - 'handlers': ['file'], - 'level': 'DEBUG', - 'propagate': True, - } - } -} - - -# Database -# https://docs.djangoproject.com/en/1.7/ref/settings/#databases - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': 'openid_provider', - 'USER': 'openid', - 'PORT': '3306', - - 'HOST': DATABASE_HOST - } -} - - -pw_file = '/etc/baserock_openid_provider.database_password.yml' -with open(pw_file) as f: - data = yaml.load(f) - password = data['baserock_openid_provider_password'] - DATABASES['default']['PASSWORD'] = password - -# Internationalization -# https://docs.djangoproject.com/en/1.7/topics/i18n/ - -LANGUAGE_CODE = 'en-us' - -TIME_ZONE = 'UTC' - -USE_I18N = True - -USE_L10N = True - -USE_TZ = True - - -# Static files (CSS, JavaScript, Images) -# https://docs.djangoproject.com/en/1.7/howto/static-files/ - -STATIC_URL = '/static/' - -STATIC_ROOT = '/var/www/static' - -TEMPLATE_DIRS = [os.path.join(BASE_DIR, 'templates')] - - -# Other stuff - -LOGIN_REDIRECT_URL = '/' - - -# We get mailed when stuff breaks. -ADMINS = ( - ('Sam Thursfield', 'sam.thursfield@codethink.co.uk'), -) - -# FIXME: this email address doesn't actually exist. -DEFAULT_FROM_EMAIL = 'openid@baserock.org' - -EMAIL_HOST = 'localhost' -EMAIL_PORT = 25 - - -# django-registration-redux settings - -ACCOUNT_ACTIVATION_DAYS = 3 diff --git a/baserock_openid_provider/baserock_openid_provider/signals.py b/baserock_openid_provider/baserock_openid_provider/signals.py deleted file mode 100644 index dc2a7f78..00000000 --- a/baserock_openid_provider/baserock_openid_provider/signals.py +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -from django.dispatch import receiver -import registration.signals - -import logging - - -@receiver(registration.signals.user_activated) -def user_activation_handler(sender, user, request, **kwargs): - logging.info('Creating OpenID for user %s' % (user.username)) - user.openid_set.create(openid=user.username) diff --git a/baserock_openid_provider/baserock_openid_provider/static/style.css b/baserock_openid_provider/baserock_openid_provider/static/style.css deleted file mode 100644 index e8237b40..00000000 --- a/baserock_openid_provider/baserock_openid_provider/static/style.css +++ /dev/null @@ -1,268 +0,0 @@ -// Baserock-ish stylesheet -// Fetched from http://wiki.baserock.org/local.css/ on 2015-01-23. - -/* HTML5 display-role reset for older browsers */ -article, aside, details, figcaption, figure, -footer, header, hgroup, menu, nav, section { - display: block; -} -body { - line-height: 1; -} -ol, ul { - padding: 0 0 0 1.5em; - margin: 0 0 1.2em; -} -li > ul, li > ol { - margin: 0; -} -ul { - list-style: disc; -} -ol { - list-style: decimal; -} -blockquote, q { - quotes: none; -} -blockquote:before, blockquote:after, -q:before, q:after { - content: ''; - content: none; -} -table { - border-collapse: collapse; - border-spacing: 0; -} -i, em { - font-style: italic; -} -b, strong { - font-weight: bold; -} - -/* -Main elements -*/ - -html, body { - font-size: 15px; - font-family: 'Open Sans', sans-serif; - line-height: 1.6em; -} -h1 { - color: #58595B; - font-size: 1.6em; - font-weight: bold; - margin: 0 0 0.4em; - padding: 1em 0 0.3em; -} -h2 { - border-bottom: 2px solid #E0E0E0; - border-top: 2px solid #E0E0E0; - background: #fafafa; - color: #58595B; - font-size: 1.4em; - font-weight: bold; - margin: 1.2em 0 0.4em; - padding: 0.4em 0; -} -h3 { - border-bottom: 2px solid #E0E0E0; - color: #58595B; - font-size: 1.2em; - font-weight: bold; - margin: 2em 0 0.3em; -} -h4 { - color: #58595B; - font-size: 1.1em; - font-weight: bold; - margin: 1.7em 0 0.3em; -} -h5 { - color: #58595B; - font-size: 1em; - font-weight: bold; - margin: 1.7em 0 0.3em; -} -a { - color: #bf2400; -} -p { - padding: 0; - margin: 0 0 1.2em; -} -table { - margin-bottom: 1.2em; -} -th, td { - padding: 0.2em 1em; -} -th { - font-weight: bold; - text-align: left; - border-bottom: 1px solid #ddd; -} -pre { - border: 1px solid #aaa; - border-radius: 0.5em; - padding: 1em 2em; - margin: 0 0 1.2em 2em; - background: #faf8f7; - font-size: 80%; -} -pre, code { - font-family: monospace; -} -code { - background: #faf8f7; - padding: 0.2em 0.4em; - border: 1px solid #ddd; - border-radius: 0.3em; - font-size: 0.9em; -} -pre > code { - background: none; - padding: 0; - border: none; - font-size: 1em; -} -blockquote { - border: .4em solid #ffaa55; - border-left-width: 3em; - padding: 0.3em 1em; - margin: 1.2em 3em; - border-radius: 2.2em 0 0 2.2em; -} -blockquote p { - margin: 0; -} -/* -*/ -.max960 { - max-width: 960px; - margin: 0 auto; - position: relative; - height: 80px; -} -input#searchbox { - background: url("wikiicons/search-bg.gif") no-repeat scroll 100% 50% #FFFFFF; - color: #000000; - padding: 0 16px 0 10px; - border: solid 1px #CCC; - width: 180px; - height: 20px; - border-radius: 10px; -} -#searchform { - right: 0 !important; -} -.page { - max-width: 960px; - padding: 0 10px; - margin: 0 auto; -} -.pageheader { - background-color: #FFF; - border-bottom:2px solid #E65837; - color: #009099; - padding: 10px 10px 0 !important; - height: 80px; - background: #333; -} -.pageheader span a { - color: #FFF; -} -.pageheader span.title { - color: #E65837; -} -.pageheader .actions ul li { - background: none !important; - border-color: #28170B; - border-style: solid solid none; - border-width: 0; - margin: 0; - width: auto !important; - color: #FFF; - padding: 0 !important; -} -.pageheader li a:hover { - background: #E65837; - color: #FFF; -} -.header span { - display: inline-block; - padding: 6px 0; -} -.header span span { - padding: 0; -} -.parentlinks { - font: 13px 'Open Sans', sans-serif; -} - -.title { - font: 13px 'Open Sans', sans-serif; - margin-top: 0.2em; - display:inline; -} - -#logo a { - height: 40px; - width: 282px; - display: block; - padding-bottom: 10px; - background: url(logo.png) no-repeat; -} -#logo a span { - display: none; -} -#logo a:hover { - text-decoration: none; -} -.pageheader .actions { - position: static !important; - width: auto !important; - padding: 0 !important; -} -.pageheader .actions ul { - position: absolute; - right: 0; - bottom: 0; - height: auto !important; - padding: 0 !important; -} -.pageheader .actions a { - color: #FFF; - padding: 5px 0.5em; - display: inline-block; - background: #666; -} - -div.header { - background-repeat: no-repeat; - min-width: 282px; - padding-top: 0px; -} -#pageinfo { - border-top: 0; -} - -#content { - max-width: 51em; -} -#content, #comments, #footer { - margin: 1em 2em 1em 0 !important; -} -.pagedate { - font-size:10px; -} -.sidebar { - padding: 10px !important; - border: solid 1px #CCC !important; - background: #F2F2F2 !important; - margin: 1em 0 2em 1em !important; -} - - diff --git a/baserock_openid_provider/baserock_openid_provider/urls.py b/baserock_openid_provider/baserock_openid_provider/urls.py deleted file mode 100644 index 8af8ade5..00000000 --- a/baserock_openid_provider/baserock_openid_provider/urls.py +++ /dev/null @@ -1,12 +0,0 @@ -from django.conf.urls import patterns, include, url -from django.contrib import admin - -from . import views - -urlpatterns = patterns('', - url(r'^$', views.index, name='index'), - - url(r'^accounts/', include('registration.backends.default.urls')), - url(r'^admin/', include(admin.site.urls)), - url(r'^openid/', include('openid_provider.urls')), -) diff --git a/baserock_openid_provider/baserock_openid_provider/views.py b/baserock_openid_provider/baserock_openid_provider/views.py deleted file mode 100644 index d067f66a..00000000 --- a/baserock_openid_provider/baserock_openid_provider/views.py +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (C) 2015 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -import registration.backends.default.views - -from registration import signals -from registration.users import UserModel - -from django.contrib.auth import authenticate -from django.contrib.auth import login -from django.shortcuts import render - -from . import forms - - -def index(request): - return render(request, '../templates/index.html') - - -class RegistrationViewWithNames(registration.backends.default.views.RegistrationView): - # Overrides the django-registration default view so that the extended form - # including the full name gets used. - form_class = forms.RegistrationFormWithNames - - def register(self, form): - # Calling the base class first means that we don't have to copy and - # paste the contents of the register() function, but it has the - # downside that we don't know the user's name when we send the - # activation email. - superclass = super(RegistrationViewWithNames, self) - user = superclass.register(form) - - user.first_name = form.cleaned_data['first_name'] - user.last_name = form.cleaned_data['last_name'] - user.save() - - return user - - -registration.backends.default.views.RegistrationView = RegistrationViewWithNames diff --git a/baserock_openid_provider/baserock_openid_provider/wsgi.py b/baserock_openid_provider/baserock_openid_provider/wsgi.py deleted file mode 100644 index 5993d3e5..00000000 --- a/baserock_openid_provider/baserock_openid_provider/wsgi.py +++ /dev/null @@ -1,14 +0,0 @@ -""" -WSGI config for baserock_openid_provider project. - -It exposes the WSGI callable as a module-level variable named ``application``. - -For more information on this file, see -https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/ -""" - -import os -os.environ.setdefault("DJANGO_SETTINGS_MODULE", "baserock_openid_provider.settings") - -from django.core.wsgi import get_wsgi_application -application = get_wsgi_application() diff --git a/baserock_openid_provider/cherokee.conf b/baserock_openid_provider/cherokee.conf deleted file mode 100644 index 38c4f1fa..00000000 --- a/baserock_openid_provider/cherokee.conf +++ /dev/null @@ -1,300 +0,0 @@ -# Cherokee configuration to run the Baserock OpenID provider, using -# uWSGI to run the Django app from /srv/baserock_openid_provider. - -config!version = 001002103 - -# Overall server config -server!bind!1!port = 80 -server!group = cherokee -server!keepalive = 1 -server!keepalive_max_requests = 500 -server!panic_action = /usr/bin/cherokee-panic -server!pid_file = /var/run/cherokee.pid -server!server_tokens = full -server!timeout = 15 -server!user = cherokee - -# One virtual server which communicates with the uwsgi-django code and -# also serves static files. -vserver!1!directory_index = index.html -vserver!1!document_root = /var/www/cherokee -vserver!1!error_writer!filename = /var/log/cherokee/error_log -vserver!1!error_writer!type = file -vserver!1!logger = combined -vserver!1!logger!access!buffsize = 16384 -vserver!1!logger!access!filename = /var/log/cherokee/access_log -vserver!1!logger!access!type = file -vserver!1!nick = default -vserver!1!rule!110!document_root = /var/www/static -vserver!1!rule!110!handler = file -vserver!1!rule!110!match = directory -vserver!1!rule!110!match!directory = /static -vserver!1!rule!10!document_root = /var/www -vserver!1!rule!10!handler = uwsgi -vserver!1!rule!10!handler!balancer = round_robin -vserver!1!rule!10!handler!balancer!source!10 = 1 -vserver!1!rule!10!handler!iocache = 1 -vserver!1!rule!10!match = default -source!1!env_inherited = 1 -source!1!host = 127.0.0.1:45023 -source!1!interpreter = /usr/sbin/uwsgi --socket 127.0.0.1:45023 --ini=/srv/baserock_openid_provider/uwsgi.ini -source!1!nick = uwsgi-django -source!1!type = interpreter - -# Icons and mime types. -icons!default = page_white.png -icons!directory = folder.png -icons!file!bomb.png = core -icons!file!page_white_go.png = *README* -icons!parent_directory = arrow_turn_left.png -icons!suffix!camera.png = jpg,jpeg,jpe -icons!suffix!cd.png = iso,ngr,cue -icons!suffix!color_wheel.png = png,gif,xcf,bmp,pcx,tiff,tif,cdr,psd,xpm,xbm -icons!suffix!control_play.png = bin,exe,com,msi,out -icons!suffix!css.png = css -icons!suffix!cup.png = java,class,jar -icons!suffix!email.png = eml,mbox,box,email,mbx -icons!suffix!film.png = avi,mpeg,mpe,mpg,mpeg3,dl,fli,qt,mov,movie,flv,webm -icons!suffix!font.png = ttf -icons!suffix!html.png = html,htm -icons!suffix!music.png = au,snd,mid,midi,kar,mpga,mpega,mp2,mp3,sid,wav,aif,aiff,aifc,gsm,m3u,wma,wax,ra,rm,ram,pls,sd2,ogg -icons!suffix!package.png = tar,gz,bz2,zip,rar,ace,lha,7z,dmg,cpk -icons!suffix!page_white_acrobat.png = pdf -icons!suffix!page_white_c.png = c,h,cpp -icons!suffix!page_white_office.png = doc,ppt,xls -icons!suffix!page_white_php.png = php -icons!suffix!page_white_text.png = txt,text,rtf,sdw -icons!suffix!printer.png = ps,eps -icons!suffix!ruby.png = rb -icons!suffix!script.png = sh,csh,ksh,tcl,tk,py,pl -mime!application/bzip2!extensions = bz2 -mime!application/gzip!extensions = gz -mime!application/hta!extensions = hta -mime!application/java-archive!extensions = jar -mime!application/java-serialized-object!extensions = ser -mime!application/java-vm!extensions = class -mime!application/json!extensions = json -mime!application/mac-binhex40!extensions = hqx -mime!application/msaccess!extensions = mdb -mime!application/msword!extensions = doc,dot -mime!application/octet-stream!extensions = bin -mime!application/octetstream!extensions = ace -mime!application/oda!extensions = oda -mime!application/ogg!extensions = ogx -mime!application/pdf!extensions = pdf -mime!application/pgp-keys!extensions = key -mime!application/pgp-signature!extensions = pgp -mime!application/pics-rules!extensions = prf -mime!application/postscript!extensions = ps,ai,eps -mime!application/rar!extensions = rar -mime!application/rdf+xml!extensions = rdf -mime!application/rss+xml!extensions = rss -mime!application/smil!extensions = smi,smil -mime!application/vnd.mozilla.xul+xml!extensions = xul -mime!application/vnd.ms-excel!extensions = xls,xlb,xlt -mime!application/vnd.ms-pki.seccat!extensions = cat -mime!application/vnd.ms-pki.stl!extensions = stl -mime!application/vnd.ms-powerpoint!extensions = ppt,pps -mime!application/vnd.oasis.opendocument.chart!extensions = odc -mime!application/vnd.oasis.opendocument.database!extensions = odb -mime!application/vnd.oasis.opendocument.formula!extensions = odf -mime!application/vnd.oasis.opendocument.graphics!extensions = odg -mime!application/vnd.oasis.opendocument.image!extensions = odi -mime!application/vnd.oasis.opendocument.presentation!extensions = odp -mime!application/vnd.oasis.opendocument.spreadsheet!extensions = ods -mime!application/vnd.oasis.opendocument.text!extensions = odt -mime!application/vnd.oasis.opendocument.text-master!extensions = odm -mime!application/vnd.oasis.opendocument.text-web!extensions = oth -mime!application/vnd.pkg5.info!extensions = p5i -mime!application/vnd.visio!extensions = vsd -mime!application/vnd.wap.wbxml!extensions = wbxml -mime!application/vnd.wap.wmlc!extensions = wmlc -mime!application/vnd.wap.wmlscriptc!extensions = wmlsc -mime!application/x-7z-compressed!extensions = 7z -mime!application/x-abiword!extensions = abw -mime!application/x-apple-diskimage!extensions = dmg -mime!application/x-bcpio!extensions = bcpio -mime!application/x-bittorrent!extensions = torrent -mime!application/x-cdf!extensions = cdf -mime!application/x-cpio!extensions = cpio -mime!application/x-csh!extensions = csh -mime!application/x-debian-package!extensions = deb,udeb -mime!application/x-director!extensions = dcr,dir,dxr -mime!application/x-dvi!extensions = dvi -mime!application/x-flac!extensions = flac -mime!application/x-font!extensions = pfa,pfb,gsf,pcf,pcf.Z -mime!application/x-freemind!extensions = mm -mime!application/x-gnumeric!extensions = gnumeric -mime!application/x-gtar!extensions = gtar,tgz,taz -mime!application/x-gzip!extensions = gz,tgz -mime!application/x-httpd-php!extensions = phtml,pht,php -mime!application/x-httpd-php-source!extensions = phps -mime!application/x-httpd-php3!extensions = php3 -mime!application/x-httpd-php3-preprocessed!extensions = php3p -mime!application/x-httpd-php4!extensions = php4 -mime!application/x-internet-signup!extensions = ins,isp -mime!application/x-iphone!extensions = iii -mime!application/x-iso9660-image!extensions = iso -mime!application/x-java-jnlp-file!extensions = jnlp -mime!application/x-javascript!extensions = js -mime!application/x-kchart!extensions = chrt -mime!application/x-killustrator!extensions = kil -mime!application/x-koan!extensions = skp,skd,skt,skm -mime!application/x-kpresenter!extensions = kpr,kpt -mime!application/x-kspread!extensions = ksp -mime!application/x-kword!extensions = kwd,kwt -mime!application/x-latex!extensions = latex -mime!application/x-lha!extensions = lha -mime!application/x-lzh!extensions = lzh -mime!application/x-lzx!extensions = lzx -mime!application/x-ms-wmd!extensions = wmd -mime!application/x-ms-wmz!extensions = wmz -mime!application/x-msdos-program!extensions = com,exe,bat,dll -mime!application/x-msi!extensions = msi -mime!application/x-netcdf!extensions = nc -mime!application/x-ns-proxy-autoconfig!extensions = pac -mime!application/x-nwc!extensions = nwc -mime!application/x-object!extensions = o -mime!application/x-oz-application!extensions = oza -mime!application/x-pkcs7-certreqresp!extensions = p7r -mime!application/x-pkcs7-crl!extensions = crl -mime!application/x-python-code!extensions = pyc,pyo -mime!application/x-quicktimeplayer!extensions = qtl -mime!application/x-redhat-package-manager!extensions = rpm -mime!application/x-sh!extensions = sh -mime!application/x-shar!extensions = shar -mime!application/x-shockwave-flash!extensions = swf,swfl -mime!application/x-stuffit!extensions = sit,sea -mime!application/x-sv4cpio!extensions = sv4cpio -mime!application/x-sv4crc!extensions = sv4crc -mime!application/x-tar!extensions = tar -mime!application/x-tcl!extensions = tcl -mime!application/x-tex-pk!extensions = pk -mime!application/x-texinfo!extensions = texinfo,texi -mime!application/x-trash!extensions = ~,bak,old,sik -mime!application/x-troff!extensions = t,tr,roff -mime!application/x-troff-man!extensions = man -mime!application/x-troff-me!extensions = me -mime!application/x-troff-ms!extensions = ms -mime!application/x-ustar!extensions = ustar -mime!application/x-x509-ca-cert!extensions = crt -mime!application/x-xcf!extensions = xcf -mime!application/x-xfig!extensions = fig -mime!application/x-xpinstall!extensions = xpi -mime!application/xhtml+xml!extensions = xhtml,xht -mime!application/xml!extensions = xml,xsl -mime!application/zip!extensions = zip -mime!audio/basic!extensions = au,snd -mime!audio/midi!extensions = mid,midi,kar -mime!audio/mpeg!extensions = mpga,mpega,mp2,mp3,m4a -mime!audio/ogg!extensions = ogg,oga -mime!audio/prs.sid!extensions = sid -mime!audio/x-aiff!extensions = aif,aiff,aifc -mime!audio/x-gsm!extensions = gsm -mime!audio/x-mpegurl!extensions = m3u -mime!audio/x-ms-wax!extensions = wax -mime!audio/x-ms-wma!extensions = wma -mime!audio/x-pn-realaudio!extensions = ra,rm,ram -mime!audio/x-realaudio!extensions = ra -mime!audio/x-scpls!extensions = pls -mime!audio/x-sd2!extensions = sd2 -mime!audio/x-wav!extensions = wav -mime!chemical/x-cache!extensions = cac,cache -mime!chemical/x-cache-csf!extensions = csf -mime!chemical/x-cdx!extensions = cdx -mime!chemical/x-cif!extensions = cif -mime!chemical/x-cmdf!extensions = cmdf -mime!chemical/x-cml!extensions = cml -mime!chemical/x-compass!extensions = cpa -mime!chemical/x-crossfire!extensions = bsd -mime!chemical/x-csml!extensions = csml,csm -mime!chemical/x-ctx!extensions = ctx -mime!chemical/x-cxf!extensions = cxf,cef -mime!chemical/x-isostar!extensions = istr,ist -mime!chemical/x-jcamp-dx!extensions = jdx,dx -mime!chemical/x-kinemage!extensions = kin -mime!chemical/x-pdb!extensions = pdb,ent -mime!chemical/x-swissprot!extensions = sw -mime!chemical/x-vamas-iso14976!extensions = vms -mime!chemical/x-vmd!extensions = vmd -mime!chemical/x-xtel!extensions = xtel -mime!chemical/x-xyz!extensions = xyz -mime!image/gif!extensions = gif -mime!image/jpeg!extensions = jpeg,jpg,jpe -mime!image/pcx!extensions = pcx -mime!image/png!extensions = png -mime!image/svg+xml!extensions = svg,svgz -mime!image/tiff!extensions = tiff,tif -mime!image/vnd.djvu!extensions = djvu,djv -mime!image/vnd.wap.wbmp!extensions = wbmp -mime!image/x-icon!extensions = ico -mime!image/x-ms-bmp!extensions = bmp -mime!image/x-photoshop!extensions = psd -mime!image/x-portable-anymap!extensions = pnm -mime!image/x-portable-bitmap!extensions = pbm -mime!image/x-portable-graymap!extensions = pgm -mime!image/x-portable-pixmap!extensions = ppm -mime!image/x-xbitmap!extensions = xbm -mime!image/x-xpixmap!extensions = xpm -mime!image/x-xwindowdump!extensions = xwd -mime!model/iges!extensions = igs,iges -mime!model/mesh!extensions = msh,mesh,silo -mime!model/vrml!extensions = wrl,vrml -mime!text/calendar!extensions = ics,icz -mime!text/comma-separated-values!extensions = csv -mime!text/css!extensions = css -mime!text/h323!extensions = 323 -mime!text/html!extensions = html,htm,shtml -mime!text/iuls!extensions = uls -mime!text/mathml!extensions = mml -mime!text/plain!extensions = asc,txt,text,diff,pot -mime!text/richtext!extensions = rtx -mime!text/rtf!extensions = rtf -mime!text/scriptlet!extensions = sct,wsc -mime!text/tab-separated-values!extensions = tsv -mime!text/vnd.sun.j2me.app-descriptor!extensions = jad -mime!text/vnd.wap.wml!extensions = wml -mime!text/vnd.wap.wmlscript!extensions = wmls -mime!text/x-boo!extensions = boo -mime!text/x-c++hdr!extensions = h++,hpp,hxx,hh -mime!text/x-c++src!extensions = c++,cpp,cxx,cc -mime!text/x-chdr!extensions = h -mime!text/x-csh!extensions = csh -mime!text/x-csrc!extensions = c -mime!text/x-dsrc!extensions = d -mime!text/x-haskell!extensions = hs -mime!text/x-java!extensions = java -mime!text/x-literate-haskell!extensions = lhs -mime!text/x-moc!extensions = moc -mime!text/x-pascal!extensions = p,pas -mime!text/x-pcs-gcd!extensions = gcd -mime!text/x-perl!extensions = pl,pm -mime!text/x-python!extensions = py -mime!text/x-setext!extensions = etx -mime!text/x-sh!extensions = sh -mime!text/x-tcl!extensions = tcl,tk -mime!text/x-tex!extensions = tex,ltx,sty,cls -mime!text/x-vcalendar!extensions = vcs -mime!text/x-vcard!extensions = vcf -mime!video/dl!extensions = dl -mime!video/dv!extensions = dif,dv -mime!video/fli!extensions = fli -mime!video/gl!extensions = gl -mime!video/mp4!extensions = mp4 -mime!video/mpeg!extensions = mpeg,mpg,mpe -mime!video/ogg!extensions = ogv -mime!video/quicktime!extensions = qt,mov -mime!video/vnd.mpegurl!extensions = mxu -mime!video/webm!extensions = webm -mime!video/x-flv!extensions = flv -mime!video/x-la-asf!extensions = lsf,lsx -mime!video/x-mng!extensions = mng -mime!video/x-ms-asf!extensions = asf,asx -mime!video/x-ms-wm!extensions = wm -mime!video/x-ms-wmv!extensions = wmv -mime!video/x-ms-wmx!extensions = wmx -mime!video/x-ms-wvx!extensions = wvx -mime!video/x-msvideo!extensions = avi -mime!video/x-sgi-movie!extensions = movie -mime!x-conference/x-cooltalk!extensions = ice -mime!x-world/x-vrml!extensions = vrm,vrml,wrl diff --git a/baserock_openid_provider/image-config.yml b/baserock_openid_provider/image-config.yml deleted file mode 100644 index 4aa939f8..00000000 --- a/baserock_openid_provider/image-config.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Image configuration for Baserock OpenID provider. ---- -- hosts: openid - gather_facts: False - sudo: yes - tasks: - # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/ - - name: install Python2 and required deps for Ansible modules - raw: dnf install -y python2 python2-dnf libselinux-python - - - name: enable persistant journal - shell: mkdir /var/log/journal - args: - creates: /var/log/journal - - - name: ensure system up to date - dnf: name=* state=latest - - - name: install Cherokee web server - dnf: name=cherokee state=latest - - - name: install Sendmail mail transfer agent - dnf: name=sendmail state=latest - - - name: install uWSGI application container server and Python plugin - dnf: name=uwsgi-plugin-python state=latest - - - name: install PyYAML - dnf: name=PyYAML state=latest - - # Authentication in Gerrit fails if OpenID clock is not set correctly - - name: Install ntp - dnf: name=ntp - - # All this stuff is installed with Pip, which isn't really necessary except - # for django-registration-redux. Fedora packages django-registration but not - # the better django-registration-redux (I think). - # - - name: install Django - pip: name=django executable=pip2.7 - - - name: install South (Django migrations tool) - pip: name=South executable=pip2.7 - - # This is a fork of django-registration which supports Django 1.7. - # Source: https://github.com/macropin/django-registration - # The original django-registration (which seems to be abandoned) lives at: - # https://bitbucket.org/ubernostrum/django-registration/ - - name: install django-registration-redux - pip: name=django-registration-redux executable=pip2.7 - - - name: install python-openid - pip: name=python-openid executable=pip2.7 - - # Install the MySQL-python package from DNF, because if it's installed from - # PyPI you need to have the mariadb-devel package installed to build the C - # code and that's an extra 21MB of dependencies or so. Note that this driver - # doesn't support Python 3, but there is a fork available which does, see: - # https://docs.djangoproject.com/en/dev/ref/databases/#mysql-db-api-drivers - - name: install MySQL-python - dnf: name=MySQL-python state=latest - - - name: install Cherokee configuration - file: src=/srv/baserock_openid_provider/cherokee.conf dest=/etc/cherokee/cherokee.conf state=link force=yes - - - name: create log directory for baserock_openid_provider - file: path=/var/log/baserock_openid_provider owner=cherokee group=cherokee state=directory - - - name: upload application - copy: src=. dest=/srv owner=fedora group=fedora - - # Yes, SELinux prevents Cherokee from working. - - name: disable SELinux on subsequent boots - selinux: state=disabled - - - name: disable SELinux on current boot - command: setenforce 0 diff --git a/baserock_openid_provider/instance-config.yml b/baserock_openid_provider/instance-config.yml deleted file mode 100644 index a0dd059e..00000000 --- a/baserock_openid_provider/instance-config.yml +++ /dev/null @@ -1,46 +0,0 @@ -# Instance configuration for Baserock OpenID provider. -# -# This playbook should be run after starting an instance of the Baserock -# OpenID Provider image. ---- -- hosts: openid - gather_facts: False - sudo: yes - tasks: - - name: install database password - copy: - content: "{{ lookup('file', '../baserock_database/baserock_openid_provider.database_password.yml') }}" - dest: /etc/baserock_openid_provider.database_password.yml - owner: cherokee - group: cherokee - mode: 400 - - - name: install Django secret key - copy: - content: "{{ lookup('file', 'baserock_openid_provider.secret_key.yml') }}" - dest: /etc/baserock_openid_provider.secret_key.yml - owner: cherokee - group: cherokee - mode: 400 - - # This step could be part of image creation, except that because the secret - # key file wouldn't be available at that time, the 'manage.py' script would - # fail to run. - - name: install static content - django_manage: app_path=/srv/baserock_openid_provider command=collectstatic - sudo_user: cherokee - - - name: run database migrations - django_manage: app_path=/srv/baserock_openid_provider command=migrate - sudo_user: cherokee - - # Default configuration of Sendmail in Fedora is to only accept connections from - # localhost. This is what we want, so no extra config required. - - name: enable and start sendmail service - service: name=sendmail enabled=yes state=started - - - name: enable and start Cherokee service - service: name=cherokee enabled=yes state=restarted - - - name: enable and start ntpd service - service: name=ntpd enabled=yes state=restarted diff --git a/baserock_openid_provider/manage.py b/baserock_openid_provider/manage.py deleted file mode 100644 index 924662bf..00000000 --- a/baserock_openid_provider/manage.py +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env python -import os -import sys - -if __name__ == "__main__": - os.environ.setdefault("DJANGO_SETTINGS_MODULE", "baserock_openid_provider.settings") - - from django.core.management import execute_from_command_line - - execute_from_command_line(sys.argv) diff --git a/baserock_openid_provider/openid_provider/__init__.py b/baserock_openid_provider/openid_provider/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/baserock_openid_provider/openid_provider/__init__.py +++ /dev/null diff --git a/baserock_openid_provider/openid_provider/admin.py b/baserock_openid_provider/openid_provider/admin.py deleted file mode 100644 index 0d1b62aa..00000000 --- a/baserock_openid_provider/openid_provider/admin.py +++ /dev/null @@ -1,17 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: set ts=4 sw=4 : */ - -from django.contrib import admin - -from openid_provider.models import TrustedRoot, OpenID - -class TrustedRootInline(admin.TabularInline): - model = TrustedRoot - -class OpenIDAdmin(admin.ModelAdmin): - list_display = ['openid', 'user', 'default'] - inlines = [TrustedRootInline, ] - raw_id_fields = ("user",) - search_fields = ('user__email',) - -admin.site.register(OpenID, OpenIDAdmin) diff --git a/baserock_openid_provider/openid_provider/conf.py b/baserock_openid_provider/openid_provider/conf.py deleted file mode 100644 index 7355c840..00000000 --- a/baserock_openid_provider/openid_provider/conf.py +++ /dev/null @@ -1,27 +0,0 @@ -import os -from django.conf import settings - -STORE = getattr(settings, 'OPENID_PROVIDER_STORE', - 'openid.store.filestore.FileOpenIDStore') - -if STORE == 'openid.store.filestore.FileOpenIDStore': - import tempfile - tempdir = tempfile.gettempdir() - - FILESTORE_PATH = getattr(settings, 'OPENID_PROVIDER_FILESTORE_PATH', - os.path.join(tempdir, 'openid-filestore')) - -SREG_DATA_CALLBACK = getattr(settings, 'OPENID_PROVIDER_SREG_DATA_CALLBACK', - 'openid_provider.utils.get_default_sreg_data') - -AX_DATA_CALLBACK = getattr(settings, 'OPENID_PROVIDER_AX_DATA_CALLBACK', - 'openid_provider.utils.get_default_ax_data') - -AX_EXTENSION = getattr(settings, 'OPENID_PROVIDER_AX_EXTENSION', False) - -AUTH_USER_MODEL = getattr(settings, 'AUTH_USER_MODEL', 'auth.User') - -# RPs without relying party verification mechanisms will be each time -# redirected to decide page, set to True to disable this: -FAILED_DISCOVERY_AS_VALID = getattr( - settings, 'OPENID_FAILED_DISCOVERY_AS_VALID', False) diff --git a/baserock_openid_provider/openid_provider/models.py b/baserock_openid_provider/openid_provider/models.py deleted file mode 100644 index bad24d9a..00000000 --- a/baserock_openid_provider/openid_provider/models.py +++ /dev/null @@ -1,42 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: set ts=4 sw=4 : */ - -from django.utils.translation import ugettext_lazy as _ -from django.db import models - -from openid_provider.conf import AUTH_USER_MODEL -from openid_provider.utils import get_username - -class OpenID(models.Model): - user = models.ForeignKey(AUTH_USER_MODEL) - openid = models.CharField(max_length=200, blank=True, unique=True) - default = models.BooleanField(default=False) - - class Meta: - verbose_name = _('OpenID') - verbose_name_plural = _('OpenIDs') - ordering = ['openid'] - - def __unicode__(self): - return u"%s|%s" % (get_username(self.user), self.openid) - - def save(self, *args, **kwargs): - if self.openid in ['', u'', None]: - from hashlib import sha1 - import random, base64 - sha = sha1() - sha.update(unicode(get_username(self.user)).encode('utf-8')) - sha.update(str(random.random())) - value = str(base64.b64encode(sha.digest())) - value = value.replace('/', '').replace('+', '').replace('=', '') - self.openid = value - super(OpenID, self).save(*args, **kwargs) - if self.default: - self.user.openid_set.exclude(pk=self.pk).update(default=False) - -class TrustedRoot(models.Model): - openid = models.ForeignKey(OpenID) - trust_root = models.CharField(max_length=200) - - def __unicode__(self): - return unicode(self.trust_root) diff --git a/baserock_openid_provider/openid_provider/south_migrations/0001_initial.py b/baserock_openid_provider/openid_provider/south_migrations/0001_initial.py deleted file mode 100644 index 1857f59a..00000000 --- a/baserock_openid_provider/openid_provider/south_migrations/0001_initial.py +++ /dev/null @@ -1,89 +0,0 @@ -# -*- coding: utf-8 -*- -import datetime -from south.db import db -from south.v2 import SchemaMigration -from django.db import models - - -class Migration(SchemaMigration): - - def forwards(self, orm): - # Adding model 'OpenID' - db.create_table('openid_provider_openid', ( - ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), - ('user', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.User'])), - ('openid', self.gf('django.db.models.fields.CharField')(unique=True, max_length=200, blank=True)), - ('default', self.gf('django.db.models.fields.BooleanField')(default=False)), - )) - db.send_create_signal('openid_provider', ['OpenID']) - - # Adding model 'TrustedRoot' - db.create_table('openid_provider_trustedroot', ( - ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), - ('openid', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['openid_provider.OpenID'])), - ('trust_root', self.gf('django.db.models.fields.CharField')(max_length=200)), - )) - db.send_create_signal('openid_provider', ['TrustedRoot']) - - - def backwards(self, orm): - # Deleting model 'OpenID' - db.delete_table('openid_provider_openid') - - # Deleting model 'TrustedRoot' - db.delete_table('openid_provider_trustedroot') - - - models = { - 'auth.group': { - 'Meta': {'object_name': 'Group'}, - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), - 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) - }, - 'auth.permission': { - 'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'}, - 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}), - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) - }, - 'auth.user': { - 'Meta': {'object_name': 'User'}, - 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), - 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), - 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), - 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), - 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), - 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), - 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), - 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), - 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) - }, - 'contenttypes.contenttype': { - 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, - 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), - 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) - }, - 'openid_provider.openid': { - 'Meta': {'ordering': "['openid']", 'object_name': 'OpenID'}, - 'default': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'openid': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '200', 'blank': 'True'}), - 'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']"}) - }, - 'openid_provider.trustedroot': { - 'Meta': {'object_name': 'TrustedRoot'}, - 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), - 'openid': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['openid_provider.OpenID']"}), - 'trust_root': ('django.db.models.fields.CharField', [], {'max_length': '200'}) - } - } - - complete_apps = ['openid_provider']
\ No newline at end of file diff --git a/baserock_openid_provider/openid_provider/south_migrations/__init__.py b/baserock_openid_provider/openid_provider/south_migrations/__init__.py deleted file mode 100644 index e69de29b..00000000 --- a/baserock_openid_provider/openid_provider/south_migrations/__init__.py +++ /dev/null diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/base.html b/baserock_openid_provider/openid_provider/templates/openid_provider/base.html deleted file mode 100644 index 94d9808c..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/base.html +++ /dev/null @@ -1 +0,0 @@ -{% extends "base.html" %} diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/decide.html b/baserock_openid_provider/openid_provider/templates/openid_provider/decide.html deleted file mode 100644 index 5b87f824..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/decide.html +++ /dev/null @@ -1,41 +0,0 @@ -{% extends "openid_provider/base.html" %} - -{% block content %} -{% ifequal trust_root_valid "Valid" %} - <!-- Trust root has been validated by OpenID 2 mechanism. --> - <p>The site <tt>{{ trust_root|escape }}</tt> has requested verification - of your OpenID.</p> -{% endifequal %} -{% ifequal trust_root_valid "Invalid" %} -<div class="error"> - <p>This request claims to be from {{ trust_root|escape }} but I have - determined that <em>it is a pack of lies</em>. Beware, if you release - information to them, they are likely to do unconscionable things with it, - being the lying liars that they are.</p> - <p>Please tell the <em>real</em> {{ trust_root|escape }} that someone is - trying to abuse your trust in their good name.</p> -</div> -{% endifequal %} -{% ifequal trust_root_valid "Unreachable" %} - <p>The site <tt>{{ trust_root|escape }}</tt> has requested verification - of your OpenID. I have failed to reach it and thus cannot vouch for its - authenticity. Perhaps it is on your local network.</p> -{% endifequal %} -{% ifequal trust_root_valid "DISCOVERY_FAILED" %} - <p>The site <tt>{{ trust_root|escape }}</tt> has requested verification - of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not - implement OpenID 2.0's relying party verification mechanism. Please use - extra caution in deciding whether to release information to this party, - and ask <tt>{{ trust_root|escape }}</tt> to implement relying party - verification for your future transactions.</p> - <p>You will return to <tt>{{ return_to|escape }}</tt></p> -{% endifequal %} - -<form method="post">{% csrf_token %} -Verify your identity to the relying party? -<br/> -<input type="hidden" name="decide_page" value="True" /> -<input type="submit" value="Yes (Allow)" name="allow" /> -<input type="submit" value="No (Cancel)" name="cancel" /> -</form> -{% endblock %} diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/error.html b/baserock_openid_provider/openid_provider/templates/openid_provider/error.html deleted file mode 100644 index 11b77b21..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/error.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "openid_provider/base.html" %} - -{% block content %} -<h1>{{ title }}</h1> -{{ msg }} -{% endblock %} diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/response.html b/baserock_openid_provider/openid_provider/templates/openid_provider/response.html deleted file mode 100644 index 5f7e46fa..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/response.html +++ /dev/null @@ -1,12 +0,0 @@ -{% extends "openid_provider/base.html" %} - -{% block content %} -<div id="openid-body"> - {{ body|safe }} -</div> -<script type="text/javascript"> - // the url is too long (> 2047) to be submitted via GET. It needs to be POSTed. - // the should not require to click the "Continue"-Button, therefore we submit it via js - document.getElementById('openid-body').getElementsByTagName('form')[0].submit(); -</script> -{% endblock %} diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/server.html b/baserock_openid_provider/openid_provider/templates/openid_provider/server.html deleted file mode 100644 index 80615157..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/server.html +++ /dev/null @@ -1,9 +0,0 @@ -{% extends "openid_provider/base.html" %} - -{% block extrahead %}{{ block.super }} -<meta http-equiv="x-xrds-location" content="{{ xrds_location }}"> -{% endblock %} - -{% block content %} -This is an OpenID server. -{% endblock %} diff --git a/baserock_openid_provider/openid_provider/templates/openid_provider/xrds.xml b/baserock_openid_provider/openid_provider/templates/openid_provider/xrds.xml deleted file mode 100644 index 960685b0..00000000 --- a/baserock_openid_provider/openid_provider/templates/openid_provider/xrds.xml +++ /dev/null @@ -1,10 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> - <XRD> - <Service priority="0">{% for uri in types %} - <Type>{{ uri|escape }}</Type> - {% endfor %}{% for endpoint in endpoints %} - <URI>{{ endpoint }}</URI> - {% endfor %}</Service> - </XRD> -</xrds:XRDS> diff --git a/baserock_openid_provider/openid_provider/urls.py b/baserock_openid_provider/openid_provider/urls.py deleted file mode 100644 index 33f79ce7..00000000 --- a/baserock_openid_provider/openid_provider/urls.py +++ /dev/null @@ -1,14 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: set ts=4 sw=4 : */ - -try: - from django.conf.urls import patterns, url -except ImportError: # Django < 1.4 - from django.conf.urls.defaults import patterns, url - -urlpatterns = patterns('openid_provider.views', - url(r'^$', 'openid_server', name='openid-provider-root'), - url(r'^decide/$', 'openid_decide', name='openid-provider-decide'), - url(r'^xrds/$', 'openid_xrds', name='openid-provider-xrds'), - url(r'^(?P<id>.*)/$', 'openid_xrds', {'identity': True}, name='openid-provider-identity'), -) diff --git a/baserock_openid_provider/openid_provider/utils.py b/baserock_openid_provider/openid_provider/utils.py deleted file mode 100644 index dc0c714f..00000000 --- a/baserock_openid_provider/openid_provider/utils.py +++ /dev/null @@ -1,130 +0,0 @@ -# -*- coding: utf-8 -*- vim: set et ts=4 sw=4 : -# some code from http://www.djangosnippets.org/snippets/310/ by simon -# and from examples/djopenid from python-openid-2.2.4 -from hashlib import sha1 -from openid_provider import conf -from openid.extensions import ax, sreg -from openid.server.server import Server, BROWSER_REQUEST_MODES -from openid.server.trustroot import verifyReturnTo -from openid.yadis.discover import DiscoveryFailure -from openid.fetchers import HTTPFetchingError - -from django.core.exceptions import ImproperlyConfigured -from django.core.urlresolvers import reverse -from django.http import HttpResponse -from django.shortcuts import render_to_response - -from importlib import import_module - -import logging - -logger = logging.getLogger(__name__) - -def import_module_attr(path): - package, module = path.rsplit('.', 1) - return getattr(import_module(package), module) - -def get_username(u): - if hasattr(u, 'get_username'): - return u.get_username() - return u.username - -def get_default_sreg_data(request, orequest): - return { - 'email': request.user.email, - 'nickname': get_username(request.user), - 'fullname': request.user.get_full_name(), - } - -def get_default_ax_data(request, orequest): - return { - 'http://axschema.org/contact/email': request.user.email, - 'http://axschema.org/namePerson': request.user.get_full_name(), - 'http://axschema.org/namePerson/friendly': get_username(request.user), - 'http://axschema.org/namePerson/first': request.user.first_name, - 'http://axschema.org/namePerson/last': request.user.last_name, - } - -def add_sreg_data(request, orequest, oresponse): - callback = get_sreg_callback() - if callback is None or not callable(callback): - return - sreg_data = callback(request, orequest) - sreg_req = sreg.SRegRequest.fromOpenIDRequest(orequest) - sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) - oresponse.addExtension(sreg_resp) - -def add_ax_data(request, orequest, oresponse): - callback = get_ax_callback() - if callback is None or not callable(callback): - return - ax_data = callback(request, orequest) - ax_req = ax.FetchRequest.fromOpenIDRequest(orequest) - ax_resp = ax.FetchResponse(ax_req) - if ax_req is not None: - for attr in ax_req.getRequiredAttrs(): - value = ax_data.get(attr, None) - if value is not None: - ax_resp.addValue(attr, value) - oresponse.addExtension(ax_resp) - -def get_sreg_callback(): - try: - return import_module_attr(conf.SREG_DATA_CALLBACK) - except (ImportError, AttributeError): - return None - -def get_ax_callback(): - try: - return import_module_attr(conf.AX_DATA_CALLBACK) - except (ImportError, AttributeError): - return None - -def get_store(request): - try: - store_class = import_module_attr(conf.STORE) - except ImportError: - raise ImproperlyConfigured( - "OpenID store %r could not be imported" % conf.STORE) - # The FileOpenIDStore requires a path to save the user files. - if conf.STORE == 'openid.store.filestore.FileOpenIDStore': - return store_class(conf.FILESTORE_PATH) - return store_class() - -def trust_root_validation(orequest): - """ - OpenID specs 9.2.1: using realm for return url verification - """ - try: - return verifyReturnTo( - orequest.trust_root, orequest.return_to) and "Valid" or "Invalid" - except HTTPFetchingError: - return "Unreachable" - except DiscoveryFailure: - return "DISCOVERY_FAILED" - -def get_trust_session_key(orequest): - return 'OPENID_' + sha1( - orequest.trust_root + orequest.return_to).hexdigest() - -def prep_response(request, orequest, oresponse, server=None): - # Convert a webresponse from the OpenID library in to a Django HttpResponse - - if not server: - server = Server(get_store(request), - op_endpoint=request.build_absolute_uri( - reverse('openid-provider-root'))) - webresponse = server.encodeResponse(oresponse) - if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES: - response = render_to_response('openid_provider/response.html', { - 'body': webresponse.body, - }, context_instance=RequestContext(request)) - logger.debug('rendering browser response') - else: - response = HttpResponse(webresponse.body) - response.status_code = webresponse.code - for key, value in webresponse.headers.items(): - response[key] = value - logger.debug('rendering raw response') - return response - diff --git a/baserock_openid_provider/openid_provider/views.py b/baserock_openid_provider/openid_provider/views.py deleted file mode 100644 index 1b8ef6d5..00000000 --- a/baserock_openid_provider/openid_provider/views.py +++ /dev/null @@ -1,323 +0,0 @@ -# -*- coding: utf-8 -*- -# some code from http://www.djangosnippets.org/snippets/310/ by simon -# and from examples/djopenid from python-openid-2.2.4 -import urlparse -import logging -from urllib import urlencode, quote - -from django.conf import settings -from django.core.urlresolvers import reverse -from django.http import HttpResponse, HttpResponseRedirect, QueryDict -from django.shortcuts import render_to_response -from django.template import RequestContext -from django.utils.translation import ugettext as _ - -from django.utils.encoding import smart_str -try: - from django.views.decorators.csrf import csrf_exempt -except ImportError: - from django.contrib.csrf.middleware import csrf_exempt - -from django.contrib.auth import REDIRECT_FIELD_NAME - -from openid.association import default_negotiator, encrypted_negotiator -from openid.consumer.discover import OPENID_IDP_2_0_TYPE, OPENID_2_0_TYPE -from openid.extensions import sreg, ax -from openid.server.server import Server, BROWSER_REQUEST_MODES -from openid.yadis.constants import YADIS_CONTENT_TYPE - -from openid_provider import conf -from openid_provider.utils import add_sreg_data, add_ax_data, get_store, \ - trust_root_validation, get_trust_session_key, prep_response -from openid_provider.models import TrustedRoot - -logger = logging.getLogger(__name__) - - -# Special URL which means 'let the user choose whichever identity'. -IDENTIFIER_SELECT_URL = 'http://specs.openid.net/auth/2.0/identifier_select' - - -@csrf_exempt -def openid_server(request): - """ - This view is the actual OpenID server - running at the URL pointed to by - the <link rel="openid.server"> tag. - """ - logger.debug('server request %s: %s', - request.method, request.POST or request.GET) - server = openid_get_server(request) - - if not request.is_secure(): - # if request is not secure allow only encrypted association sessions - server.negotiator = encrypted_negotiator - - # Clear AuthorizationInfo session var, if it is set - if request.session.get('AuthorizationInfo', None): - del request.session['AuthorizationInfo'] - - if request.method == 'GET': - querydict = dict(request.GET.items()) - elif request.method == 'POST': - querydict = dict(request.POST.items()) - else: - return HTTPResponseNotAllowed(['GET', 'POST']) - - orequest = server.decodeRequest(querydict) - if not orequest: - orequest = server.decodeRequest(request.session.get('OPENID_REQUEST', None)) - if orequest: - # remove session stored data: - del request.session['OPENID_REQUEST'] - else: - # not request, render info page: - data = { - 'host': request.build_absolute_uri('/'), - 'xrds_location': request.build_absolute_uri( - reverse('openid-provider-xrds')), - } - logger.debug('invalid request, sending info: %s', data) - return render_to_response('openid_provider/server.html', - data, - context_instance=RequestContext(request)) - - if orequest.mode in BROWSER_REQUEST_MODES: - if not request.user.is_authenticated(): - logger.debug('no local authentication, sending landing page') - return landing_page(request, orequest) - - openid = openid_is_authorized(request, orequest.identity, - orequest.trust_root) - - # verify return_to: - trust_root_valid = trust_root_validation(orequest) - validated = False - - if conf.FAILED_DISCOVERY_AS_VALID: - if trust_root_valid == 'DISCOVERY_FAILED': - validated = True - else: - # if in decide already took place, set as valid: - if request.session.get(get_trust_session_key(orequest), False): - validated = True - - if openid is not None and (validated or trust_root_valid == 'Valid'): - if orequest.identity == IDENTIFIER_SELECT_URL: - id_url = request.build_absolute_uri( - reverse('openid-provider-identity', args=[openid.openid])) - else: - # We must return exactly the identity URL that was requested, - # otherwise the openid.server module raises an error. - id_url = orequest.identity - - oresponse = orequest.answer(True, identity=id_url) - logger.debug('orequest.answer(True, identity="%s")', id_url) - elif orequest.immediate: - logger.debug('checkid_immediate mode not supported') - raise Exception('checkid_immediate mode not supported') - else: - request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() - request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid - logger.debug( - 'Set OPENID_REQUEST to %s in session %s', - request.session['OPENID_REQUEST'], request.session) - logger.debug( - 'Set OPENID_TRUSTROOT_VALID to %s in session %s', - request.session['OPENID_TRUSTROOT_VALID'], request.session) - logger.debug('redirecting to decide page') - return HttpResponseRedirect(reverse('openid-provider-decide')) - else: - oresponse = server.handleRequest(orequest) - if request.user.is_authenticated(): - add_sreg_data(request, orequest, oresponse) - if conf.AX_EXTENSION: - add_ax_data(request, orequest, oresponse) - - return prep_response(request, orequest, oresponse, server) - -def openid_xrds(request, identity=False, id=None): - if identity: - types = [OPENID_2_0_TYPE] - else: - types = [OPENID_IDP_2_0_TYPE, sreg.ns_uri] - if conf.AX_EXTENSION: - types.append(ax.AXMessage.ns_uri) - endpoints = [request.build_absolute_uri(reverse('openid-provider-root'))] - return render_to_response('openid_provider/xrds.xml', { - 'host': request.build_absolute_uri('/'), - 'types': types, - 'endpoints': endpoints, - }, context_instance=RequestContext(request), content_type=YADIS_CONTENT_TYPE) - - -def url_for_openid(request, openid): - return request.build_absolute_uri( - reverse('openid-provider-identity', args=[openid.openid])) - - -def openid_not_found_error_message(request, identity_url): - ids = request.user.openid_set - if ids.count() == 0: - message = "You have no OpenIDs configured. Contact the administrator." - else: - id_urls = [url_for_openid(request, id) for id in ids.iterator()] - id_urls = ', '.join(id_urls) - if ids.count() != 1: - message = "You somehow have multiple OpenIDs: " + id_urls - else: - message = "Your OpenID URL is: " + id_urls - return "You do not have the OpenID '%s'. %s" % (identity_url, message) - - -def openid_decide(request): - """ - The page that asks the user if they really want to sign in to the site, and - lets them add the consumer to their trusted whitelist. - # If user is logged in, ask if they want to trust this trust_root - # If they are NOT logged in, show the landing page - """ - server = openid_get_server(request) - orequest = server.decodeRequest(request.session.get('OPENID_REQUEST')) - trust_root_valid = request.session.get('OPENID_TRUSTROOT_VALID') - - logger.debug('Got OPENID_REQUEST %s, OPENID_TRUSTROOT_VALID %s from ' - 'session %s', orequest, trust_root_valid, request.session) - - if not request.user.is_authenticated(): - return landing_page(request, orequest) - - if orequest is None: - # This isn't normal, but can occur if the user uses the 'back' button - # or if the session data is otherwise lost for some reason. - return error_page( - request, "I've lost track of your session now. Sorry! Please go " - "back to the site you are logging in to with a Baserock " - "OpenID and, if you're not yet logged in, try again.") - - openid = openid_get_identity(request, orequest.identity) - if openid is None: - # User should only ever have one OpenID, created for them when they - # registered. - message = openid_not_found_error_message(request, orequest.identity) - return error_page(request, message) - - if request.method == 'POST' and request.POST.get('decide_page', False): - if request.POST.get('allow', False): - TrustedRoot.objects.get_or_create( - openid=openid, trust_root=orequest.trust_root) - if not conf.FAILED_DISCOVERY_AS_VALID: - request.session[get_trust_session_key(orequest)] = True - return HttpResponseRedirect(reverse('openid-provider-root')) - - oresponse = orequest.answer(False) - logger.debug('orequest.answer(False)') - return prep_response(request, orequest, oresponse) - - return render_to_response('openid_provider/decide.html', { - 'title': _('Trust this site?'), - 'trust_root': orequest.trust_root, - 'trust_root_valid': trust_root_valid, - 'return_to': orequest.return_to, - 'identity': orequest.identity, - }, context_instance=RequestContext(request)) - -def error_page(request, msg): - return render_to_response('openid_provider/error.html', { - 'title': _('Error'), - 'msg': msg, - }, context_instance=RequestContext(request)) - -class SafeQueryDict(QueryDict): - """ - A custom QueryDict class that implements a urlencode method - knowing how to excempt some characters as safe. - - Backported from Django 1.3 - """ - def urlencode(self, safe=None): - output = [] - if safe: - encode = lambda k, v: '%s=%s' % ((quote(k, safe), quote(v, safe))) - else: - encode = lambda k, v: urlencode({k: v}) - for k, list_ in self.lists(): - k = smart_str(k, self.encoding) - output.extend([encode(k, smart_str(v, self.encoding)) - for v in list_]) - return '&'.join(output) - -def landing_page(request, orequest, login_url=None, - redirect_field_name=REDIRECT_FIELD_NAME): - """ - The page shown when the user attempts to sign in somewhere using OpenID - but is not authenticated with the site. For idproxy.net, a message telling - them to log in manually is displayed. - """ - request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() - logger.debug( - 'Set OPENID_REQUEST to %s in session %s', - request.session['OPENID_REQUEST'], request.session) - if not login_url: - login_url = settings.LOGIN_URL - path = request.get_full_path() - login_url_parts = list(urlparse.urlparse(login_url)) - if redirect_field_name: - querystring = SafeQueryDict(login_url_parts[4], mutable=True) - querystring[redirect_field_name] = path - login_url_parts[4] = querystring.urlencode(safe='/') - return HttpResponseRedirect(urlparse.urlunparse(login_url_parts)) - -def openid_is_authorized(request, identity_url, trust_root): - """ - Check that they own the given identity URL, and that the trust_root is - in their whitelist of trusted sites. - """ - if not request.user.is_authenticated(): - return None - - openid = openid_get_identity(request, identity_url) - if openid is None: - return None - - if openid.trustedroot_set.filter(trust_root=trust_root).count() < 1: - return None - - return openid - - -def url_is_equivalent(a, b): - """ - Test if two URLs are equivalent OpenIDs. - """ - return a.rstrip('/') == b.rstrip('/') - - -def openid_get_identity(request, identity_url): - """ - Select openid based on claim (identity_url). - If none was claimed identity_url will be - 'http://specs.openid.net/auth/2.0/identifier_select' - - in that case return default one - - if user has no default one, return any - - in other case return None! - """ - logger.debug('Looking for %s in user %s set of OpenIDs %s', - identity_url, request.user, request.user.openid_set) - for openid in request.user.openid_set.iterator(): - if url_is_equivalent(identity_url, url_for_openid(request, openid)): - return openid - if identity_url == IDENTIFIER_SELECT_URL: - # no claim was made, choose user default openid: - openids = request.user.openid_set.filter(default=True) - if openids.count() == 1: - return openids[0] - if request.user.openid_set.count() > 0: - return request.user.openid_set.all()[0] - return None - - -def openid_get_server(request): - return Server( - get_store(request), - op_endpoint=request.build_absolute_uri( - reverse('openid-provider-root'))) diff --git a/baserock_openid_provider/templates/base.html b/baserock_openid_provider/templates/base.html deleted file mode 100644 index 25a6135d..00000000 --- a/baserock_openid_provider/templates/base.html +++ /dev/null @@ -1,38 +0,0 @@ -{% load i18n %} -<!DOCTYPE html> -<html lang="en"> - -<head> - <link rel="stylesheet" href="{{ STATIC_URL }}style.css" /> - <title>{% block title %}Baserock OpenID Provider{% endblock %}</title> -</head> - -<body> - <div id="header"> - {% block header %} - <a href="{% url 'index' %}">{% trans "Home" %}</a> | - - {% if user.is_authenticated %} - {% trans "Logged in" %}: {{ user.username }} - (<a href="{% url 'auth_logout' %}">{% trans "Log out" %}</a> | - <a href="{% url 'auth_password_change' %}">{% trans "Change password" %}</a>) - {% else %} - <a href="{% url 'auth_login' %}">{% trans "Log in" %}</a> | - <a href="{% url 'registration_register' %}">{% trans "Register" %}</a> - {% endif %} - <hr /> - {% endblock %} - </div> - - <div id="content"> - {% block content %}{% endblock %} - </div> - - <div id="footer"> - {% block footer %} - <hr /> - {% endblock %} - </div> -</body> - -</html> diff --git a/baserock_openid_provider/templates/index.html b/baserock_openid_provider/templates/index.html deleted file mode 100644 index 1cb4bf73..00000000 --- a/baserock_openid_provider/templates/index.html +++ /dev/null @@ -1,15 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>This is the Baserock OpenID provider.</p> - -{% if user.is_authenticated %} - <p>You are registered as {{ user.get_full_name }}.</p> - - <p>Your OpenID is: - <a href="https://openid.baserock.org/openid/{{ user.username }}/">https://openid.baserock.org/openid/{{ user.username }}/</a> - </p> -{% endif %} - -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/activate.html b/baserock_openid_provider/templates/registration/activate.html deleted file mode 100644 index 8deb01c8..00000000 --- a/baserock_openid_provider/templates/registration/activate.html +++ /dev/null @@ -1,8 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} - -<p>{% trans "Account activation failed" %}</p> - -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/activation_complete.html b/baserock_openid_provider/templates/registration/activation_complete.html deleted file mode 100644 index df2efd55..00000000 --- a/baserock_openid_provider/templates/registration/activation_complete.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>{% trans "Your account is now activated. Please log in." %}</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/activation_email.txt b/baserock_openid_provider/templates/registration/activation_email.txt deleted file mode 100644 index bfa784d9..00000000 --- a/baserock_openid_provider/templates/registration/activation_email.txt +++ /dev/null @@ -1,6 +0,0 @@ -{% load i18n %} -{% trans "Activate account at" %} {{ site.name }}: - -https://{{ site.domain }}{% url 'registration_activate' activation_key %} - -{% blocktrans %}Link is valid for {{ expiration_days }} days.{% endblocktrans %} diff --git a/baserock_openid_provider/templates/registration/activation_email_subject.txt b/baserock_openid_provider/templates/registration/activation_email_subject.txt deleted file mode 100644 index 24f477cb..00000000 --- a/baserock_openid_provider/templates/registration/activation_email_subject.txt +++ /dev/null @@ -1 +0,0 @@ -{% load i18n %}{% trans "Account activation on" %} {{ site.name }} diff --git a/baserock_openid_provider/templates/registration/login.html b/baserock_openid_provider/templates/registration/login.html deleted file mode 100644 index 9b245989..00000000 --- a/baserock_openid_provider/templates/registration/login.html +++ /dev/null @@ -1,15 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<form method="post" action="."> - {% csrf_token %} - {{ form.as_p }} - - <input type="submit" value="{% trans 'Log in' %}" /> - <input type="hidden" name="next" value="{{ next }}" /> -</form> - -<p>{% trans "Forgot password" %}? <a href="{% url 'auth_password_reset' %}">{% trans "Reset it" %}</a>!</p> -<p>{% trans "Not member" %}? <a href="{% url 'registration_register' %}">{% trans "Register" %}</a>!</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/logout.html b/baserock_openid_provider/templates/registration/logout.html deleted file mode 100644 index f8da51fa..00000000 --- a/baserock_openid_provider/templates/registration/logout.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>{% trans "Logged out" %}</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_change_done.html b/baserock_openid_provider/templates/registration/password_change_done.html deleted file mode 100644 index 659be0a4..00000000 --- a/baserock_openid_provider/templates/registration/password_change_done.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>{% trans "Password changed" %}</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_change_form.html b/baserock_openid_provider/templates/registration/password_change_form.html deleted file mode 100644 index 10b1fc13..00000000 --- a/baserock_openid_provider/templates/registration/password_change_form.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<form method="post" action="."> - {% csrf_token %} - {{ form.as_p }} - - <input type="submit" value="{% trans 'Submit' %}" /> -</form> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_reset_complete.html b/baserock_openid_provider/templates/registration/password_reset_complete.html deleted file mode 100644 index 55993e85..00000000 --- a/baserock_openid_provider/templates/registration/password_reset_complete.html +++ /dev/null @@ -1,10 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} - -<p>{% trans "Password reset successfully" %}</p> - -<p><a href="{% url 'auth_login' %}">{% trans "Log in" %}</a></p> - -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_reset_confirm.html b/baserock_openid_provider/templates/registration/password_reset_confirm.html deleted file mode 100644 index 33bd276a..00000000 --- a/baserock_openid_provider/templates/registration/password_reset_confirm.html +++ /dev/null @@ -1,21 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} - -{% if validlink %} - -<form method="post" action="."> - {% csrf_token %} - {{ form.as_p }} - - <input type="submit" value="{% trans 'Submit' %}" /> -</form> - -{% else %} - -<p>{% trans "Password reset failed" %}</p> - -{% endif %} - -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_reset_done.html b/baserock_openid_provider/templates/registration/password_reset_done.html deleted file mode 100644 index 6057ccbe..00000000 --- a/baserock_openid_provider/templates/registration/password_reset_done.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>{% trans "Email with password reset instructions has been sent." %}</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_reset_email.html b/baserock_openid_provider/templates/registration/password_reset_email.html deleted file mode 100644 index c78893ed..00000000 --- a/baserock_openid_provider/templates/registration/password_reset_email.html +++ /dev/null @@ -1,5 +0,0 @@ -{% load i18n %} -{% blocktrans %}Reset password at {{ site_name }}{% endblocktrans %}: -{% block reset_link %} -{{ protocol }}://{{ domain }}{% url 'auth_password_reset_confirm' uid token %} -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/password_reset_form.html b/baserock_openid_provider/templates/registration/password_reset_form.html deleted file mode 100644 index 10b1fc13..00000000 --- a/baserock_openid_provider/templates/registration/password_reset_form.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<form method="post" action="."> - {% csrf_token %} - {{ form.as_p }} - - <input type="submit" value="{% trans 'Submit' %}" /> -</form> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/registration_closed.html b/baserock_openid_provider/templates/registration/registration_closed.html deleted file mode 100644 index c73cfacc..00000000 --- a/baserock_openid_provider/templates/registration/registration_closed.html +++ /dev/null @@ -1,6 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} - <p>{% trans "Registration is currently closed." %}</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/registration_complete.html b/baserock_openid_provider/templates/registration/registration_complete.html deleted file mode 100644 index 757bd50c..00000000 --- a/baserock_openid_provider/templates/registration/registration_complete.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<p>You are now registered. An activation email has been sent to you with -a link that you will need to click to activate your account.</p> - -<p>The mail should arrive within 15 minutes, depending on your mail provider's -use of <a href="https://en.wikipedia.org/wiki/Greylisting">greylisting.</a></p> -</p> -{% endblock %} diff --git a/baserock_openid_provider/templates/registration/registration_form.html b/baserock_openid_provider/templates/registration/registration_form.html deleted file mode 100644 index 6d0854d6..00000000 --- a/baserock_openid_provider/templates/registration/registration_form.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block content %} -<form method="post" action="."> - {% csrf_token %} - {{ form.as_p }} - - <input type="submit" value="{% trans 'Submit' %}" /> -</form> -{% endblock %} diff --git a/baserock_openid_provider/uwsgi.ini b/baserock_openid_provider/uwsgi.ini deleted file mode 100644 index 0849096d..00000000 --- a/baserock_openid_provider/uwsgi.ini +++ /dev/null @@ -1,22 +0,0 @@ -# Configuration for uWSGI web application gateway for Baserock OpenID provider. -# -# System-wide configuration should live in /etc/uwsgi.ini. -# -# Some good reading for uWSGI: -# - http://uwsgi-docs.readthedocs.org/en/latest/ThingsToKnow.html -# - http://uwsgi-docs.readthedocs.org/en/latest/Configuration.html - -[uwsgi] -need-plugin = python - -# This slightly weird setup seems the only way to avoid -# django.ImproperlyConfigured exceptions. -pythonpath = /srv/baserock_openid_provider -chdir = /srv/baserock_openid_provider/baserock_openid_provider -wsgi = wsgi - -# These numbers are pulled completely out of my arse. Testing should -# be done to find good values. -processes = 1 - -buffer-size = 32768 diff --git a/baserock_storyboard/ansible-galaxy-roles.yaml b/baserock_storyboard/ansible-galaxy-roles.yaml deleted file mode 100644 index 8eedb134..00000000 --- a/baserock_storyboard/ansible-galaxy-roles.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Ansible Galaxy roles needed -- name: palvarez89.storyboard - version: 2.1.1 - src: https://github.com/palvarez89/ansible-role-storyboard diff --git a/baserock_storyboard/backup-snapshot.conf b/baserock_storyboard/backup-snapshot.conf deleted file mode 100644 index 8a5dd8d3..00000000 --- a/baserock_storyboard/backup-snapshot.conf +++ /dev/null @@ -1,4 +0,0 @@ -services: - - mysql.service - -volume: /dev/vg0/database-storyboard diff --git a/baserock_storyboard/instance-backup-config.yml b/baserock_storyboard/instance-backup-config.yml deleted file mode 100644 index 88737d7f..00000000 --- a/baserock_storyboard/instance-backup-config.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Instance backup configuration for the baserock.org database. ---- -- hosts: storyboard - gather_facts: false - become: yes - vars: - FRONTEND_IP: 192.168.222.143 - tasks: - - name: backup-snapshot script - copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 - - - name: backup-snapshot config - copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf - - # We need to give the backup automation 'root' access, because it needs to - # manage system services, LVM volumes, and mounts, and because it needs to - # be able to read private data. The risk of having the backup key - # compromised is mitigated by only allowing it to execute the - # 'backup-snapshot' script, and limiting the hosts it can be used from. - - name: access for backup SSH key - authorized_key: - user: root - key: "{{ lookup('file', '../keys/backup.key.pub') }}" - # Quotes are important in this options, the OpenSSH server will reject - # the entry if the 'from' or 'command' values are not quoted. - key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' diff --git a/baserock_storyboard/instance-config.yml b/baserock_storyboard/instance-config.yml deleted file mode 100644 index 6eecbae3..00000000 --- a/baserock_storyboard/instance-config.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Instance configuration for Baserock MySQL on for StoryBoard host -# -# This script expects a volume to be available at /dev/vdb. ---- -- hosts: storyboard - gather_facts: False - become: yes - vars: - - lv_size: 25g - - mountpoint: /var/lib/mysql - - lv_name: database-storyboard - tasks: - - name: install lvm2 tools - apt: name=lvm2 state=latest - - - name: LVM logical volume group on /dev/vdb - lvg: vg=vg0 pvs=/dev/vdb - -# Duplicated from: -#- include: ../tasks/create-data-volume.yml lv_name=database-storyboard lv_size=25g mountpoint=/var/lib/mysql -# given that is not ubuntu compatible - - - name: logical volume for {{ lv_name }} - lvol: vg=vg0 lv={{ lv_name }} size={{ lv_size }} - -# This will NEVER overwrite an existing filesystem. Unless you add -# 'force=yes' to the arguments. So don't do that. See: -# http://docs.ansible.com/filesystem_module.html. -# - - name: ext4 filesystem on /dev/vg0/{{ lv_name }} - filesystem: fstype=ext4 dev=/dev/vg0/{{ lv_name }} - - - name: mount {{ lv_name }} logical volume - mount: src=/dev/vg0/{{ lv_name }} name={{ mountpoint }} fstype=ext4 state=mounted -# End of duplication diff --git a/baserock_storyboard/instance-storyboard-config.yml b/baserock_storyboard/instance-storyboard-config.yml deleted file mode 100644 index 8eaf09d8..00000000 --- a/baserock_storyboard/instance-storyboard-config.yml +++ /dev/null @@ -1,12 +0,0 @@ -# Instance-specific configuration for the baserock.org StoryBoard instance. ---- -- hosts: storyboard - vars_files: - - ../baserock_database/baserock_storyboard.database_password.yml - - ../baserock_database/root.database_password.yml - - storyboard-vars.yml - become: yes - roles: - # We are using a new database here because StoryBoard is not yet compatible - # with MariaDB - - { role: palvarez89.storyboard } diff --git a/baserock_storyboard/projects.yaml b/baserock_storyboard/projects.yaml deleted file mode 100644 index b70a333e..00000000 --- a/baserock_storyboard/projects.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Projects defined for Baserock Storyboard - -# This file lives in <http://git.baserock.org/baserock/baserock/infrastructure>. -# This is a temporary version for the work-in-progress storyboard. - -# If you update this list, you'll need to log into storyboard.baserock.org and -# run the following: -# -# sudo -u apache storyboard-db-manage \ -# --config-file /etc/storyboard/storyboard.conf \ -# load_projects ./projects.yaml - -- project: baserock/definitions - description: Baserock reference system definitions - use-storyboard: true - -- project: baserock/firehose - description: Firehose automated integration tool - use-storyboard: true - -- project: baserock/import - description: Baserock Import Tool - use-storyboard: true - -- project: baserock/lorry - description: Lorry mirroring tool - use-storyboard: true - -- project: baserock/lorry-controller - description: Lorry Controller scheduling and management tool - use-storyboard: true - -- project: baserock/morph - description: Morph build tool - use-storyboard: true - -- project: baserock/infrastructure - description: baserock.org infrastructure - use-storyboard: true - -- project: baserock/spec - description: Specification for Baserock definitions format - use-storyboard: true - -- project: baserock/wiki - description: Baserock Wiki at http://wiki.baserock.org/ - use-storyboard: true diff --git a/baserock_storyboard/storyboard-vars.yml b/baserock_storyboard/storyboard-vars.yml deleted file mode 100644 index ad1fcd8a..00000000 --- a/baserock_storyboard/storyboard-vars.yml +++ /dev/null @@ -1,50 +0,0 @@ -# For rabbitmq role -rabbitmq_host: localhost -rabbitmq_port: 5672 -rabbitmq_vhost: '/' -rabbitmq_user: storyboard -rabbitmq_user_password: storyboard -rabbitmq_ssl: false -rabbitmq_vhost_definitions: - - name: "{{ rabbitmq_vhost }}" -rabbitmq_users_definitions: - - vhost: "{{ rabbitmq_vhost }}" - user: "{{ rabbitmq_user }}" - password: "{{ rabbitmq_user_password }}" -rabbitmq_conf_tcp_listeners_address: '127.0.0.1' - -# For mysql role -mysql_host: localhost -mysql_port: 3306 -mysql_database: storyboard -mysql_user: storyboard -mysql_user_password: "{{ baserock_storyboard_password }}" -mysql_root_password: "{{ root_password }}" -mysql_databases: - - name: "{{ mysql_database }}" -mysql_users: - - name: "{{ mysql_user }}" - host: "{{ mysql_host }}" - password: "{{ mysql_user_password }}" - priv: "{{ mysql_database }}.*:ALL" -mysql_packages: - - mysql-server-5.6 - - python-mysqldb - -storyboard_enable_email: 'True' -storyboard_email_sender: StoryBoard (Do Not Reply) <do_not_reply@baserock.org> -storyboard_email_smtp_host: 192.168.222.145 -storyboard_email_smtp_timeout: 10 - -storyboard_fqdn: storyboard.baserock.org -storyboard_openid_url: https://openid.baserock.org/openid/ - -storyboard_projects: projects.yaml -storyboard_superusers: users.yaml -storyboard_mysql_user_password: "{{ baserock_storyboard_password }}" - -storyboard_ssl_cert: ../certs/storyboard-full.pem -storyboard_ssl_key: ../private/storyboard.pem -storyboard_resolved_ssl_ca: ../certs/letsencrypt-ca.pem - -storyboard_access_token_ttl: 31622400 diff --git a/baserock_storyboard/users.yaml b/baserock_storyboard/users.yaml deleted file mode 100644 index b42efca9..00000000 --- a/baserock_storyboard/users.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- openid: https://openid.baserock.org/openid/pedroalvarez/ - email: pedro.alvarez@codethink.co.uk -- openid: https://openid.baserock.org/openid/samthursfield/ - email: sam.thursfield@codethink.co.uk |