decomission node-01.do-ams3.keycloak.office host

Was used only by NextCloud and Camunda, and those have been removed: https://github.com/status-im/infra-office/commit/def294e9 https://github.com/status-im/infra-bi/commit/324fc97b Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-08-10 11:49:07 +02:00 · 2023-08-10 11:49:07 +02:00 · 81004c2c63
parent def294e9bf
commit 81004c2c63
7 changed files with 0 additions and 129 deletions
--- a/README.md
+++ b/README.md
@ -10,8 +10,6 @@ This repo configures infrastructure for cloud office services.
 | HackMD Notes             | https://notes.status.im/          |
 | Octobox GitHub Inbox     | https://gh.status.im/             |
 | Wekan Kanban Board       | https://boards.status.im/         |
-| Status.im Authentication | https://auth.status.im/           |
-| Keycloak Authentication  | https://keycloak.infra.status.im/ |
 | URL Shortener            | https://link.status.im/           |
 | URL Shortener Admin      | https://admin-link.status.im/     |

@ -20,7 +18,6 @@ This repo configures infrastructure for cloud office services.
 * [daybyday-crm](ansible/roles/daybyday-crm) - [DayByDayCRM](https://github.com/Bottelet/DaybydayCRM) platform
 * [gitea](ansible/roles/gitea) - [Gitea](https://gitea.io/) Git Web Frontent
 * [hackmd](ansible/roles/hackmd) - HackMD instance for our use
-* [keycloak](ansible/roles/keycloak) - Identity and Access Management
 * [octobox](ansible/roles/octobox) - Octobox GitHub notifications helper
 * [shlink](ansible/roles/shlink) - Shlink URL shortener service
 * [wekan](ansible/roles/wekan) - Wekan board instance for task management
--- a/ansible/group_vars/keycloak.yml
+++ b/ansible/group_vars/keycloak.yml
@ -1,64 +0,0 @@
---
-# SourceCred uses a lot of RAM
-swap_file_size_mb: 2048
-
-# Keycloak Auth
-keycloak_domain: 'auth.status.im'
-keycloak_admin_domain: 'keycloak.infra.status.im'
-keycloak_admin_username: 'admin'
-keycloak_admin_password: '{{ lookup("passwordstore", "services/keycloak/status/admin-pass") }}'
-keycloak_app_cont_public_port: 8080
-
-# Restic Backups
-restic_user_groups: ['docker', 'dockremap']
-restic_backups:
-  - name: 'keycloak-db'
-    tags: ['pgdumpdir']
-    path: '/docker/keycloak/db/backup'
-    after: 'dump-keycloak-db.service'
-    frequency: 'daily'
-    timeout: 300
-
-# Open Nginx Ports
-open_ports_default_comment: 'Keycloak'
-open_ports_default_chain: 'SERVICES'
-open_ports_list:
-  - { port: 80  }
-  - { port: 443 }
-
-# Nginx SSL Proxy configuration
-nginx_sites:
-  keycloak_http:
-    - listen 80
-    - server_name {{ keycloak_domain }} {{ keycloak_admin_domain }}
-    - return 301 https://$host$request_uri
-
-  keycloak_ssl:
-    - listen 443 ssl
-    - server_name {{ keycloak_domain }}
-
-    - ssl_certificate     /certs/origin.crt
-    - ssl_certificate_key /certs/origin.key
-
-    - location / {
-        proxy_pass http://127.0.0.1:{{ keycloak_app_cont_public_port }}/;
-        proxy_set_header X-Forwarded-Host $http_host;
-        include /etc/nginx/proxy_params;
-      }
-
-  keycloak_admin:
-    - listen 443 ssl
-    - server_name {{ keycloak_admin_domain }}
-
-    - ssl_certificate     /certs/origin.crt
-    - ssl_certificate_key /certs/origin.key
-
-    - location = / {
-        return 302 /admin;
-      }
-
-    - location / {
-        proxy_pass http://127.0.0.1:{{ keycloak_app_cont_public_port }}/;
-        proxy_set_header X-Forwarded-Host $http_host;
-        include /etc/nginx/proxy_params;
-      }
--- a/ansible/inventory/office
+++ b/ansible/inventory/office
@ -2,13 +2,11 @@
 # For emergency use when Consul fails
 [all]
 node-01.do-ams3.gitea.office hostname=node-01.do-ams3.gitea.office ansible_host=167.99.19.46 env=gitea stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.gitea.office.statusim.net
-node-01.do-ams3.keycloak.office hostname=node-01.do-ams3.keycloak.office ansible_host=206.189.241.168 env=keycloak stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.keycloak.office.statusim.net
 node-01.do-ams3.todo.office hostname=node-01.do-ams3.todo.office ansible_host=178.128.140.226 env=todo stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.todo.office.statusim.net
 node-01.do-ams3.wekan.office hostname=node-01.do-ams3.wekan.office ansible_host=174.138.107.118 env=wekan stage=office data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.wekan.office.statusim.net

 [do-ams3]
 node-01.do-ams3.gitea.office
-node-01.do-ams3.keycloak.office
 node-01.do-ams3.todo.office
 node-01.do-ams3.wekan.office

@ -18,12 +16,6 @@ node-01.do-ams3.gitea.office
 [gitea.office]
 node-01.do-ams3.gitea.office

-[keycloak]
-node-01.do-ams3.keycloak.office
-
-[keycloak.office]
-node-01.do-ams3.keycloak.office
-
 [todo]
 node-01.do-ams3.todo.office

--- a/ansible/keycloak.yml
+++ b/ansible/keycloak.yml
@ -1,21 +0,0 @@
---
- name: Verify Ansible versions
-  hosts: all
-  tags: always
-  become: false
-  run_once: true
-  gather_facts: false
-  tasks:
-    - local_action: command ./versioncheck.py
-      changed_when: false
-
- name: Configure Keycloak
-  hosts: keycloak
-  roles:
-    - { role: origin-certs,        tags: origin-certs }
-    - { role: open-ports,          tags: open-ports }
-    - { role: swap-file,           tags: swap-file }
-    - { role: infra-role-keycloak, tags: keycloak }
-    - { role: restic-backups,      tags: restic-backups }
-    - { role: nginx,               tags: nginx }
-    - { role: threatstack,         tags: threatstack }
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -50,11 +50,6 @@
  version: 581bf6f1bd8b0d4873a77166b9ceb48a417565eb
  scm: git

- name: infra-role-keycloak
-  src: git@github.com:status-im/infra-role-keycloak.git
-  version: 1e0ac0dd0cae95ae5c736eb19e0bff2aea089491
-  scm: git
-
 - name: infra-role-gitea
  src: git@github.com:status-im/infra-role-gitea.git
  version: bc5520c80c4fccdd0f77921c8775349740c4728a
--- a/keycloak.tf
+++ b/keycloak.tf
@ -1,27 +0,0 @@
-module "keycloak" {
-  source = "github.com/status-im/infra-tf-digital-ocean"
-
-  env    = "keycloak"
-  group  = "keycloak"
-  type   = "s-1vcpu-2gb"
-  domain = var.domain
-
-  open_tcp_ports = ["80", "443"]
-}
-
-resource "cloudflare_record" "keycloak" {
-  zone_id = local.zones["status.im"]
-  value   = module.keycloak.public_ips[0]
-  name    = "keycloak.infra"
-  type    = "A"
-  proxied = true
-}
-
-/* Domain for status-im Keycloak realm. */
-resource "cloudflare_record" "auth" {
-  zone_id = local.zones["status.im"]
-  value   = module.keycloak.public_ips[0]
-  name    = "auth"
-  type    = "A"
-  proxied = true
-}
--- a/outputs.tf
+++ b/outputs.tf
@ -1,7 +1,6 @@
 output "hosts" {
  value = merge(
    module.gitea.hosts,
-    module.keycloak.hosts,
    module.todo.hosts,
    module.wekan.hosts,
  )