From 8b709d955bda46ca5c1fa9e453f77f49e2bb384c Mon Sep 17 00:00:00 2001 From: eric Date: Fri, 8 Jun 2018 18:47:09 -0400 Subject: [PATCH 1/4] remove settings/keys --- .gitignore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index df1ad729..4a693c5d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,7 @@ *.pyc *.log settings/me.* -settings/keys/c* -settings/keys/h* +settings/keys/* *.dot reports ENV From 039e2e1a05acfc96af25b8c7b2f41128d5d408c5 Mon Sep 17 00:00:00 2001 From: eric Date: Fri, 8 Jun 2018 19:01:42 -0400 Subject: [PATCH 2/4] add keys directory --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 715396c0..9527e3a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,6 +15,9 @@ env: before_install: - sudo mkdir /var/log/django - sudo chmod 777 /var/log/django + - sudo mkdir ~/build/Gluejar/regluit/settings/keys/ + - sudo chmod 755 ~/build/Gluejar/regluit/settings/keys/ + - sudo cp ~/build/Gluejar/regluit/settings/dummy/__init__.py ~/build/Gluejar/regluit/settings/keys/__init__.py - openssl aes-256-cbc -K $encrypted_56eb2b7cc527_key -iv $encrypted_56eb2b7cc527_iv -in ~/build/Gluejar/regluit/test/travis-host.py.enc -out ~/build/Gluejar/regluit/settings/keys/host.py -d install: From 15fc49d828238dd834c058c14aa8213f1ade00a3 Mon Sep 17 00:00:00 2001 From: eric Date: Fri, 8 Jun 2018 19:12:27 -0400 Subject: [PATCH 3/4] maybe no sudo --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9527e3a9..8f981b21 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,9 +15,8 @@ env: before_install: - sudo mkdir /var/log/django - sudo chmod 777 /var/log/django - - sudo mkdir ~/build/Gluejar/regluit/settings/keys/ - - sudo chmod 755 ~/build/Gluejar/regluit/settings/keys/ - - sudo cp ~/build/Gluejar/regluit/settings/dummy/__init__.py ~/build/Gluejar/regluit/settings/keys/__init__.py + - mkdir ~/build/Gluejar/regluit/settings/keys/ + - cp ~/build/Gluejar/regluit/settings/dummy/__init__.py ~/build/Gluejar/regluit/settings/keys/__init__.py - openssl aes-256-cbc -K $encrypted_56eb2b7cc527_key -iv $encrypted_56eb2b7cc527_iv -in ~/build/Gluejar/regluit/test/travis-host.py.enc -out ~/build/Gluejar/regluit/settings/keys/host.py -d install: From ee954b7f47cc904ef4f66486b4d967fcfe851dd4 Mon Sep 17 00:00:00 2001 From: eric Date: Fri, 8 Jun 2018 19:38:43 -0400 Subject: [PATCH 4/4] retire jenkins --- deploy/update-just | 24 ----------------- deploy/update-regluit | 22 ---------------- settings/jenkins.py | 56 ---------------------------------------- sysadmin/playbooks/hosts | 1 - vagrant/Vagrantfile | 4 +-- vagrant/dev.yml | 32 ----------------------- vagrant/just.yml | 31 +--------------------- vagrant/please.yml | 6 ----- 8 files changed, 3 insertions(+), 173 deletions(-) delete mode 100755 deploy/update-just delete mode 100755 deploy/update-regluit delete mode 100644 settings/jenkins.py diff --git a/deploy/update-just b/deploy/update-just deleted file mode 100755 index bc97a438..00000000 --- a/deploy/update-just +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# this script is used by jenkins to remotely update a regluit instance -# for it to work the jenkins user's public ssh key needs to be in the -# authorized key for the machine running the regluit instance -# you can then put something like this in a post build configuration -# ssh ubuntu@please.unglueit.com "/opt/regluit/deploy/update-regluit" - -cd /opt/regluit -find . -name "*.pyc" -delete -find . -type d -empty -delete - -sudo -u ubuntu /usr/bin/git pull -source ENV/bin/activate -pip install --upgrade -r requirements_versioned.pip -#django-admin.py syncdb --migrate --settings regluit.settings.just -django-admin.py migrate --fake-initial --noinput --settings regluit.settings.just -django-admin.py collectstatic --noinput --settings regluit.settings.just - -sudo /etc/init.d/apache2 restart -django-admin.py celeryd_multi restart w1 --settings=regluit.settings.just; -/etc/init.d/celerybeat restart -crontab deploy/crontab_just.txt -touch /opt/regluit/deploy/last-update diff --git a/deploy/update-regluit b/deploy/update-regluit deleted file mode 100755 index 6f12c8a7..00000000 --- a/deploy/update-regluit +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -# this script is used by jenkins to remotely update a regluit instance -# for it to work the jenkins user's public ssh key needs to be in the -# authorized key for the machine running the regluit instance -# you can then put something like this in a post build configuration -# ssh ubuntu@please.unglueit.com "/opt/regluit/deploy/update-regluit" - -cd /opt/regluit -find . -name "*.pyc" -delete -find . -type d -empty -delete - -sudo -u ubuntu /usr/bin/git pull -source ENV/bin/activate -#pip install -r requirements.pip -django-admin.py syncdb --migrate --settings regluit.settings.please -django-admin.py collectstatic --noinput --settings regluit.settings.please -sudo /etc/init.d/apache2 restart -django-admin.py celeryd_multi restart w1 --settings=regluit.settings.please; -/etc/init.d/celerybeat restart -crontab deploy/crontab_please.txt -touch /opt/regluit/deploy/last-update \ No newline at end of file diff --git a/settings/jenkins.py b/settings/jenkins.py deleted file mode 100644 index b0282f70..00000000 --- a/settings/jenkins.py +++ /dev/null @@ -1,56 +0,0 @@ -# coding=utf-8 -from .common import * - -DEBUG = True -TEMPLATES[0]['OPTIONS']['debug'] = DEBUG -IS_PREVIEW = False - -ADMINS = ( - ('Raymond Yee', 'rdhyee+ungluebugs@gluejar.com'), - ('Eric Hellman', 'eric@gluejar.com'), -) - -MANAGERS = ADMINS - -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': 'regluit', - 'USER': 'regluit', - 'PASSWORD': 'regluit', - 'HOST': '', - 'PORT': '', - 'TEST': { - 'CHARSET': 'utf8', - } - } -} - -TIME_ZONE = 'America/New_York' - -# settings for outbout email -# if you have a gmail account you can use your email address and password - -EMAIL_USE_TLS = True -EMAIL_HOST = 'smtp.gmail.com' -EMAIL_HOST_USER = 'me@gmail.com' -EMAIL_HOST_PASSWORD = 'my-password' -EMAIL_PORT = 587 -DEFAULT_FROM_EMAIL = 'info@ebookfoundation.org' - - -# formerly of settings/common.py to surface old vars -# TO DO: invalidate before we open source - -# for use with test google account only -GOOGLE_DISPLAY_NAME = 'Unglue.It' -REDIRECT_IS_HTTPS = False - -#BASE_URL = 'http://0.0.0.0/' -BASE_URL_SECURE = 'http://0.0.0.0/' - - - -# use database as queuing service in development -BROKER_TRANSPORT = "djkombu.transport.DatabaseTransport" -#INSTALLED_APPS += ("djkombu",) diff --git a/sysadmin/playbooks/hosts b/sysadmin/playbooks/hosts index 5140f856..10a3fc6b 100644 --- a/sysadmin/playbooks/hosts +++ b/sysadmin/playbooks/hosts @@ -2,5 +2,4 @@ just ansible_ssh_port=22 ansible_ssh_host=just.unglue.it ansible_ssh_user=ubuntu web1 ansible_ssh_port=22 ansible_ssh_host=unglue.it ansible_ssh_user=ubuntu gluejar ansible_ssh_port=22 ansible_ssh_host=gluejar.com ansible_ssh_user=ubuntu -jenkins ansible_ssh_port=22 ansible_ssh_host=jenkins.unglueit.com ansible_ssh_user=ubuntu diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile index eebb9792..0c14e23b 100644 --- a/vagrant/Vagrantfile +++ b/vagrant/Vagrantfile @@ -114,7 +114,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # ansible.inventory_path = '.vagrant/provisioners/ansible/inventory/' ansible.raw_arguments = [ "--inventory-file=.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory", - "--limit=just,127.0.0.1,jenkins", + "--limit=just,127.0.0.1", "-e vname=just", "-e class=just", "-e hostname=just.unglue.it", @@ -186,7 +186,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # ansible.inventory_path = '.vagrant/provisioners/ansible/inventory/' ansible.raw_arguments = [ "--inventory-file=.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory", - "--limit=just2,127.0.0.1,jenkins", + "--limit=just2,127.0.0.1", "-e vname=just2", "-e class=just", "-e hostname=just2.unglue.it", diff --git a/vagrant/dev.yml b/vagrant/dev.yml index 65b6ee7f..7cc3d207 100644 --- a/vagrant/dev.yml +++ b/vagrant/dev.yml @@ -499,13 +499,6 @@ - https://github.com/eshellman.keys sudo: no - - name: add public key from jenkins - authorized_key: > - user={{user}} - key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r" - state=present - when: class in ['just'] - - name: set up script file to load environment for interactive use command: cp "/opt/regluit/deploy/setup-{{class}}.sh" /home/{{user}}/setup.sh sudo: no @@ -549,29 +542,4 @@ service: name=apache2 state=restarted -- name: fix known_hosts on jenkins to match new just - hosts: jenkins - sudo: yes - sudo_user: jenkins -# to run the part of the playbook for jenkins -# PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --private-key=/Users/raymondyee/.ssh/id_rsa --user=ubuntu --connection=ssh --inventory-file=/Users/raymondyee/C/src/Gluejar/regluit/vagrant/.vagrant/provisioners/ansible/inventory --limit='jenkins' just.yml - - tasks: - - #equivalent to - # - #ssh -tt jenkins << EOF - # sudo -i -u jenkins - # ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts - # exit - #exit - #EOF - - - name: make new known_hosts with key from just.unglue.it - raw: ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts - when: class in ['just'] - - - name: add key from github - raw: ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts - when: class in ['just'] diff --git a/vagrant/just.yml b/vagrant/just.yml index f657789b..a158e5a6 100644 --- a/vagrant/just.yml +++ b/vagrant/just.yml @@ -384,41 +384,12 @@ - https://github.com/eshellman.keys sudo: yes - - name: add public key from jenkins - authorized_key: > - user={{user}} - key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r" - state=present - sudo: no + handlers: - name: restart apache2 service: name=apache2 state=restarted -- name: fix known_hosts on jenkins to match new just - hosts: jenkins - sudo: yes - sudo_user: jenkins - -# to run the part of the playbook for jenkins -# PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --private-key=/Users/raymondyee/.ssh/id_rsa --user=ubuntu --connection=ssh --inventory-file=/Users/raymondyee/C/src/Gluejar/regluit/vagrant/.vagrant/provisioners/ansible/inventory --limit='jenkins' just.yml - - tasks: - - #equivalent to - # - #ssh -tt jenkins << EOF - # sudo -i -u jenkins - # ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts - # exit - #exit - #EOF - - - name: make new known_hosts with key from just.unglue.it - raw: ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts - - - name: add key from github - raw: ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts diff --git a/vagrant/please.yml b/vagrant/please.yml index 6f0c0e36..35443e3e 100644 --- a/vagrant/please.yml +++ b/vagrant/please.yml @@ -412,12 +412,6 @@ - https://github.com/eshellman.keys sudo: yes - - name: add public key from jenkins - authorized_key: > - user={{user}} - key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r" - state=present - handlers: - name: restart apache2