From 09e41be0eb83e24f284b84015bb1abbd25f23dff Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Tue, 26 May 2015 11:58:50 -0400 Subject: removed references to atomic proxy. --- .../files/proxy_containers_deploy_descriptor.json | 29 ------ roles/atomic_proxy/files/puppet/auth.conf | 116 --------------------- roles/atomic_proxy/files/setup-proxy-containers.sh | 43 -------- 3 files changed, 188 deletions(-) delete mode 100644 roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json delete mode 100644 roles/atomic_proxy/files/puppet/auth.conf delete mode 100755 roles/atomic_proxy/files/setup-proxy-containers.sh (limited to 'roles/atomic_proxy/files') diff --git a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json b/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json deleted file mode 100644 index c15835d48..000000000 --- a/roles/atomic_proxy/files/proxy_containers_deploy_descriptor.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "Containers":[ - { - "Name":"proxy-puppet", - "Count":1, - "Image":"puppet:latest", - "PublicPorts":[ - ] - }, - { - "Name":"proxy", - "Count":1, - "Image":"proxy:latest", - "PublicPorts":[ - {"Internal":80,"External":80}, - {"Internal":443,"External":443}, - {"Internal":4999,"External":4999} - ] - }, - { - "Name":"proxy-monitoring", - "Count":1, - "Image":"monitoring:latest", - "PublicPorts":[ - ] - } - ], - "RandomizeIds": false -} diff --git a/roles/atomic_proxy/files/puppet/auth.conf b/roles/atomic_proxy/files/puppet/auth.conf deleted file mode 100644 index b31906bae..000000000 --- a/roles/atomic_proxy/files/puppet/auth.conf +++ /dev/null @@ -1,116 +0,0 @@ -# This is the default auth.conf file, which implements the default rules -# used by the puppet master. (That is, the rules below will still apply -# even if this file is deleted.) -# -# The ACLs are evaluated in top-down order. More specific stanzas should -# be towards the top of the file and more general ones at the bottom; -# otherwise, the general rules may "steal" requests that should be -# governed by the specific rules. -# -# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete -# description of auth.conf's behavior. -# -# Supported syntax: -# Each stanza in auth.conf starts with a path to match, followed -# by optional modifiers, and finally, a series of allow or deny -# directives. -# -# Example Stanza -# --------------------------------- -# path /path/to/resource # simple prefix match -# # path ~ regex # alternately, regex match -# [environment envlist] -# [method methodlist] -# [auth[enthicated] {yes|no|on|off|any}] -# allow [host|backreference|*|regex] -# deny [host|backreference|*|regex] -# allow_ip [ip|cidr|ip_wildcard|*] -# deny_ip [ip|cidr|ip_wildcard|*] -# -# The path match can either be a simple prefix match or a regular -# expression. `path /file` would match both `/file_metadata` and -# `/file_content`. Regex matches allow the use of backreferences -# in the allow/deny directives. -# -# The regex syntax is the same as for Ruby regex, and captures backreferences -# for use in the `allow` and `deny` lines of that stanza -# -# Examples: -# -# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`. -# allow * # Allow all authenticated nodes (since auth -# # defaults to `yes`). -# -# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by -# allow $1 # certname), but not any other node's catalog. -# -# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to -# auth yes # access the "extra_files" -# allow /^(.+)\.example\.com$/ # mount point; note this must -# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule, -# # since it is more specific. -# -# environment:: restrict an ACL to a comma-separated list of environments -# method:: restrict an ACL to a comma-separated list of HTTP methods -# auth:: restrict an ACL to an authenticated or unauthenticated request -# the default when unspecified is to restrict the ACL to authenticated requests -# (ie exactly as if auth yes was present). -# - -### Authenticated ACLs - these rules apply only when the client -### has a valid certificate and is thus authenticated - -# allow nodes to retrieve their own catalog -path ~ ^/catalog/([^/]+)$ -method find -allow $1 - -# allow nodes to retrieve their own node definition -path ~ ^/node/([^/]+)$ -method find -allow $1 - -# allow all nodes to access the certificates services -path /certificate_revocation_list/ca -method find -allow * - -# allow all nodes to store their own reports -path ~ ^/report/([^/]+)$ -method save -allow $1 - -# Allow all nodes to access all file services; this is necessary for -# pluginsync, file serving from modules, and file serving from custom -# mount points (see fileserver.conf). Note that the `/file` prefix matches -# requests to both the file_metadata and file_content paths. See "Examples" -# above if you need more granular access control for custom mount points. -path /file -allow * - -### Unauthenticated ACLs, for clients without valid certificates; authenticated -### clients can also access these paths, though they rarely need to. - -# allow access to the CA certificate; unauthenticated nodes need this -# in order to validate the puppet master's certificate -path /certificate/ca -auth any -method find -allow * - -# allow nodes to retrieve the certificate they requested earlier -path /certificate/ -auth any -method find -allow * - -# allow nodes to request a new certificate -path /certificate_request -auth any -method find, save -allow * - -# deny everything else; this ACL is not strictly necessary, but -# illustrates the default policy. -path / -auth any diff --git a/roles/atomic_proxy/files/setup-proxy-containers.sh b/roles/atomic_proxy/files/setup-proxy-containers.sh deleted file mode 100755 index d047c96c1..000000000 --- a/roles/atomic_proxy/files/setup-proxy-containers.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -function fail { - msg=$1 - echo - echo $msg - echo - exit 5 -} - - -NUM_DATA_CTR=$(docker ps -a | grep -c proxy-shared-data-1) -[ "$NUM_DATA_CTR" -ne 0 ] && fail "ERROR: proxy-shared-data-1 exists" - - -# pre-cache the container images -echo -timeout --signal TERM --kill-after 30 600 docker pull busybox:latest || fail "ERROR: docker pull of busybox failed" - -echo -# WORKAROUND: Setup the shared data container -/usr/bin/docker run --name "proxy-shared-data-1" \ - -v /shared/etc/haproxy \ - -v /shared/etc/httpd \ - -v /shared/etc/openshift \ - -v /shared/etc/pki \ - -v /shared/var/run/ctr-ipc \ - -v /shared/var/lib/haproxy \ - -v /shared/usr/local \ - "busybox:latest" true - -# WORKAROUND: These are because we're not using a pod yet -cp /usr/local/etc/ctr-proxy-1.service /usr/local/etc/ctr-proxy-puppet-1.service /usr/local/etc/ctr-proxy-monitoring-1.service /etc/systemd/system/ - -systemctl daemon-reload - -echo -echo -n "sleeping 10 seconds for systemd reload to take affect..." -sleep 10 -echo " Done." - -# Start the services -systemctl start ctr-proxy-puppet-1 ctr-proxy-1 ctr-proxy-monitoring-1 -- cgit v1.2.3