proxies: drop old zanata hack

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

files/httpd/website_id_fp_o_zanata.conf

@@ -1,29 +0,0 @@
-# This is an HTTP config purely for Zanata, which mirrors id.fp.o
-# They run on old Java, which means that they do not support TLSv1.2, so let's
-# give them TLSv1.0 as well.
-# On how this works, look at the proxies' iptables: they will have a rule that
-# forwards a limited set of IP addresses' 443/tcp to 44342/tcp.
-Listen 44342 https
-<VirtualHost *:44342>
-  ServerName id.fedoraproject.org
-  ServerAdmin webmaster@fedoraproject.org
-
-  RequestHeader unset X-Forwarded-For
-
-  Protocols h2 http/1.1
-
-  SSLEngine on
-  SSLUseStapling on
-  SSLCertificateFile /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.cert
-  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2020.fedoraproject.org.key
-  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.intermediate.cert
-
-  SSLHonorCipherOrder On
-
-  SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
-  SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
-
-  Header always add Strict-Transport-Security "max-age=31536000; preload"
-  Include "conf.d/id.fedoraproject.org/*.conf"
-</VirtualHost>
-

inventory/group_vars/proxies

@@ -23,9 +23,6 @@ custom_rules: [
   '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.58 -j ACCEPT',
   # Allow openqa01 to talk to the inbound fedmsg relay.
   '-A INPUT -p tcp -m tcp --dport 9941 -s 10.3.174.0/24 -j ACCEPT',
-  # For Zanata
-  # See files/httpd/website_id_fp_o_zanata.conf for info
-  '-A INPUT -p tcp -m tcp --dport 44342 -s 209.132.183.252 -j ACCEPT',
   '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.123 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.124 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.125 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.126 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.65 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.127 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.128 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.163.129 -j ACCEPT']
 ipa_client_shell_groups:
   - fi-apprentice
@@ -44,10 +41,6 @@ maxrequestworkers: 1500
 mem_size: 8192
 nagios_Check_Services:
   swap: false
-nat_rules: [
-  # For Zanata, redirect 443/tcp -> 43342/tcp for TLS reasons
-  # See files/httpd/website_id_fp_o_zanata.conf for info
-  '-A PREROUTING -s 209.132.183.252 -p tcp --dport 443 -j REDIRECT --to 44342']
 num_cpus: 6
 ocp_masters:
   - bootstrap.ocp.iad2.fedoraproject.org

playbooks/groups/proxies.yml

@@ -130,18 +130,6 @@
     notify:
     - reload proxyhttpd
 
-  # This really doesn't belong here, but it really shouldn't be needed to begin
-  # with. See the comments in the file as to why this exists.
-  - copy:
-      src="{{ files }}/httpd/website_id_fp_o_zanata.conf"
-      dest=/etc/httpd/conf.d/id.fedoraproject.org.zanata.conf
-    when: env != "staging"
-    notify:
-    - reload apache
-    tags:
-    - config
-    - apache
-
   #
   # If this is an initial deployment, make sure docs are synced over.
   # Do not count these as changed ever