ocp-rdu3: retire this host/proxy/cert now that we are moved

There's no need to keep ocp-rdu3 around anymore, we only used
it when we were moving datacenters last year.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

inventory/group_vars/all

@@ -238,11 +238,6 @@ ocp_wildcard_cert_file: wildcard-2025.apps.ocp.fedoraproject.org.cert
 ocp_wildcard_cert_name: wildcard-2025.apps.ocp.fedoraproject.org
 ocp_wildcard_int_file: wildcard-2025.apps.ocp.fedoraproject.org.intermediate.cert
 ocp_wildcard_key_file: wildcard-2025.apps.ocp.fedoraproject.org.key
-# rdu3 ocp cert while we are not yet moved
-ocp_rdu3_wildcard_cert_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.cert
-ocp_rdu3_wildcard_cert_name: wildcard-2025.apps.ocp-rdu3.fedoraproject.org
-ocp_rdu3_wildcard_int_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.intermediate.cert
-ocp_rdu3_wildcard_key_file: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.key
 # Path to the openshift-ansible checkout as external git repo brought into
 # Fedora Infra
 openshift_ansible: /srv/web/infra/openshift-ansible/

inventory/group_vars/staging

@@ -51,11 +51,6 @@ ocp_wildcard_cert_file: wildcard-2025.apps.ocp.stg.fedoraproject.org.cert
 ocp_wildcard_cert_name: wildcard-2025.apps.ocp.stg.fedoraproject.org
 ocp_wildcard_int_file: wildcard-2025.apps.ocp.stg.fedoraproject.org.intermediate.cert
 ocp_wildcard_key_file: wildcard-2025.apps.ocp.stg.fedoraproject.org.key
-# rdu3 ocp cert while we are not yet moved
-ocp_rdu3_wildcard_cert_file: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org.cert
-ocp_rdu3_wildcard_cert_name: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org
-ocp_rdu3_wildcard_int_file: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org.intermediate.cert
-ocp_rdu3_wildcard_key_file: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org.key
 # RIP, FAS
 primary_auth_source: ipa
 SSLCertificateChainFile: wildcard-2026.stg.fedoraproject.org.intermediate.cert

playbooks/include/proxies-certificates.yml

@@ -56,24 +56,12 @@
     tags:
     - apps.ocp.stg.fedoraproject.org
 
-  - role: httpd/certificate
-    certname: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2025.apps.ocp-rdu3.stg.fedoraproject.org.intermediate.cert
-    tags:
-    - apps.ocp-rdu3.stg.fedoraproject.org
-
   - role: httpd/certificate
     certname: wildcard-2025.apps.ocp.fedoraproject.org
     SSLCertificateChainFile: wildcard-2025.apps.ocp.fedoraproject.org.intermediate.cert
     tags:
     - apps.ocp.fedoraproject.org
 
-  - role: httpd/certificate
-    certname: wildcard-2025.apps.ocp-rdu3.fedoraproject.org
-    SSLCertificateChainFile: wildcard-2025.apps.ocp-rdu3.fedoraproject.org.intermediate.cert
-    tags:
-    - apps.ocp-rdu3.fedoraproject.org
-
   # - role: httpd/certificate
   #   certname: secondary.koji.fedoraproject.org.letsencrypt
   #   SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt

playbooks/include/proxies-reverseproxy.yml

@@ -762,30 +762,6 @@
     tags:
     - apps.ocp.fedoraproject.org
 
-  - role: httpd/reverseproxy
-    website: "ocp-rdu3{{ env_suffix }}.fedoraproject.org"
-    destname: ocp-rdu3
-    balancer_name: ocp-rdu3
-    balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_rdu3_stg, ocp_nodes_rdu3) }}"
-    targettype: openshift
-    ocp4_rdu3: true
-    ocp4: false
-    keephost: true
-    tags:
-    - ocp-rdu3.fedoraproject.org
-
-  - role: httpd/reverseproxy
-    website: "apps.ocp-rdu3{{ env_suffix }}.fedoraproject.org"
-    destname: apps-ocp-rdu3
-    balancer_name: apps-ocp-rdu3
-    balancer_members: "{{ (env == 'staging')|ternary(ocp_nodes_rdu3_stg, ocp_nodes_rdu3) }}"
-    targettype: openshift
-    ocp4_rdu3: true
-    ocp4: false
-    keephost: true
-    tags:
-    - apps.ocp-rdu3.fedoraproject.org
-
   - role: httpd/reverseproxy
     website: greenwave.fedoraproject.org
     destname: greenwave

playbooks/include/proxies-websites.yml

@@ -748,30 +748,6 @@
     - apps.ocp.stg.fedoraproject.org
     when: env == "staging"
 
-  - role: httpd/website
-    site_name: ocp-rdu3.stg.fedoraproject.org
-    sslonly: true
-    cert_name: "{{wildcard_cert_name}}"
-    # The Connection and Upgrade headers don't work for h2
-    # So non-h2 is needed to fix websockets.
-    use_h2: false
-    tags:
-    - ocp-rdu3.stg.fedoraproject.org
-    when: env == "staging"
-
-  - role: httpd/website
-    site_name: apps.ocp-rdu3.stg.fedoraproject.org
-    server_aliases: ["*.apps.ocp-rdu3.stg.fedoraproject.org", api.apps.ocp-rdu3.stg.fedoraproject.org]
-    sslonly: true
-    cert_name: "{{ocp_rdu3_wildcard_cert_name}}"
-    SSLCertificateChainFile: "{{ocp_rdu3_wildcard_int_file}}"
-    # The Connection and Upgrade headers don't work for h2
-    # So non-h2 is needed to fix websockets.
-    use_h2: false
-    tags:
-    - apps.ocp-rdu3.stg.fedoraproject.org
-    when: env == "staging"
-
   - role: httpd/website
     site_name: ocp.fedoraproject.org
     sslonly: true
@@ -796,30 +772,6 @@
     - apps.ocp.fedoraproject.org
     when: env == "production"
 
-  - role: httpd/website
-    site_name: ocp-rdu3.fedoraproject.org
-    sslonly: true
-    cert_name: "{{wildcard_cert_name}}"
-    # The Connection and Upgrade headers don't work for h2
-    # So non-h2 is needed to fix websockets.
-    use_h2: false
-    tags:
-    - ocp-rdu3.fedoraproject.org
-    when: env == "production"
-
-  - role: httpd/website
-    site_name: apps.ocp-rdu3.fedoraproject.org
-    server_aliases: ["*.apps.ocp-rdu3.fedoraproject.org", api.apps.ocp-rdu3.fedoraproject.org]
-    sslonly: true
-    cert_name: "{{ocp_rdu3_wildcard_cert_name}}"
-    SSLCertificateChainFile: "{{ocp_rdu3_wildcard_int_file}}"
-    # The Connection and Upgrade headers don't work for h2
-    # So non-h2 is needed to fix websockets.
-    use_h2: false
-    tags:
-    - apps.ocp-rdu3.fedoraproject.org
-    when: env == "production"
-
   - role: httpd/website
     site_name: registry.fedoraproject.org
     server_aliases: [registry.stg.fedoraproject.org registry-no-cdn.fedoraproject.org]

roles/ipsilon/templates/openidc.staging.static.j2

@@ -593,33 +593,6 @@ ocp default_acr_values=null
 ocp client_secret_expires_at=0
 ocp ipsilon_internal={"type":"static","client_id":"ocp","trusted":true}
 
-ocp-rdu3 client_id=null
-ocp-rdu3 client_secret="{{ ocp_rdu3_stg_oidc_secret }}"
-ocp-rdu3 client_name="Fedora Staging OCP RDU3"
-ocp-rdu3 redirect_uris=["https://oauth-openshift.apps.ocp-rdu3.stg.fedoraproject.org/oauth2callback/fedoraidp"]
-ocp-rdu3 application_type="web"
-ocp-rdu3 client_uri="https://console-openshift-console.apps.ocp-rdu3.stg.fedoraproject.org/"
-ocp-rdu3 contacts=["admin@fedoraproject.org"]
-ocp-rdu3 logo_uri=null
-ocp-rdu3 policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
-ocp-rdu3 tos_uri=null
-ocp-rdu3 jwks_uri=null
-ocp-rdu3 jwks=null
-ocp-rdu3 sector_identifier_uri=null
-ocp-rdu3 subject_type="public"
-ocp-rdu3 response_types="code"
-ocp-rdu3 grant_types="authorization_code"
-ocp-rdu3 request_uris=[]
-ocp-rdu3 require_auth_time=null
-ocp-rdu3 token_endpoint_auth_method="client_secret_post"
-ocp-rdu3 id_token_signed_response_alg="RS256"
-ocp-rdu3 request_object_signing_alg="none"
-ocp-rdu3 initiate_login_uri=null
-ocp-rdu3 default_max_age=null
-ocp-rdu3 default_acr_values=null
-ocp-rdu3 client_secret_expires_at=0
-ocp-rdu3 ipsilon_internal={"type":"static","client_id":"ocp-rdu3","trusted":true}
-
 anitya client_name="anitya staging"
 anitya client_secret="{{ anitya_oidc_client_secret_stg }}"
 anitya redirect_uris=["https://stg.release-monitoring.org/auth/fedora"]