diff --git a/README.md b/README.md
index a6623af49..88a3628c1 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,6 @@ Every application has a seperate role to install it. The following roles can be
| myconext | eduID |
| profile | Profile page |
| manage | Entity registration |
-| teams | Group membership app |
| mujina | Mujina IdP |
| voot | Voot membership API |
| pdp | Policy Decicions API |
diff --git a/environments/template/group_vars/all.yml b/environments/template/group_vars/all.yml
index 1d8bd6f84..705f2aa22 100644
--- a/environments/template/group_vars/all.yml
+++ b/environments/template/group_vars/all.yml
@@ -52,7 +52,6 @@ engine_attribute_aggregation_password: "{{ aa.eb_password }}"
# Some deprovision variables are shared between applications
authz_server_api_lifecycle_username: authz_server_api_lifecycle_user
-teams_api_lifecycle_username: teams_api_lifecycle_user
attribute_aggregator_api_lifecycle_username: attribute_aggregator_api_lifecycle_user
engine_api_deprovision_user: lifecycle
lifecycle_api_username: lifecycle
diff --git a/environments/template/group_vars/template.yml b/environments/template/group_vars/template.yml
index dc2642d3b..b5a544036 100644
--- a/environments/template/group_vars/template.yml
+++ b/environments/template/group_vars/template.yml
@@ -38,8 +38,6 @@ mujina_version: "8.0.2"
oidcng_version: "6.1.6"
pdp_version: "7.3.0"
profile_version: "3.1.4"
-teams_gui_version: "9.1.3"
-teams_server_version: "9.1.3"
voot_version: "6.2.0"
myconext_version: "8.1.12-1"
dashboard_version: "13.0.11"
@@ -53,14 +51,12 @@ statistics_version: "1.1.7"
databases:
names:
- - teams
- "{{ engine_database_name }}"
- pdp-server
- aaserver
- shibboleth
- eb_logins
users:
- - { name: teamsrw, db_name: teams, password: "{{ mysql_passwords.teams }}" }
- { name: "{{ engine_database_user }}", db_name: "{{ engine_database_name }}", password: "{{ mysql_passwords.eb }}" }
- { name: pdp-serverrw, db_name: pdp-server, password: "{{ mysql_passwords.pdp_server }}" }
- { name: aa-serverrw, db_name: aaserver, password: "{{ mysql_passwords.aa_server }}" }
@@ -110,22 +106,6 @@ profile_apache_symfony_environment: prod
# Engine's assertion signing certificate:
engine_profile_idp_certificate: /etc/openconext/engineblock.crt
-teams:
- db_name: "teams"
- db_user: "teamsrw"
- db_password: "{{ mysql_passwords.teams }}"
- db_host: "{{ mariadb_host }}"
- group_name_context: "urn:collab:group:{{ base_domain }}:"
- voot_api_user: "voot"
- spdashboard_api_user: "spdashboard"
- spdashboard_person_urn: "urn:collab:person:surfnet.nl:sp-dashboard-C133A36F-CFCA-4F3D-87CE-7ECE29773FE0"
- product_name: "OpenConext Teams"
- default_stem_name: "demo:openconext:org"
- feature_invite_migration_on: False
- super_admins_team_urns:
- - "nl:surfnet:diensten:teams_super_users"
- - "nl:surfnet:diensten:teams_super_admin_users"
-
engineblock:
idp_url: https://engine.{{ base_domain }}/authentication/idp/single-sign-on
idp_entity_id: https://engine.{{ base_domain }}/authentication/idp/metadata
@@ -402,9 +382,6 @@ loadbalancing:
metadata:
port: 409
- teams:
- port: 601
-
oidc_playground:
port: 619
@@ -483,13 +460,6 @@ haproxy_applications:
servers: "{{docker_servers}}"
restricted: yes
- - name: teams
- vhost_name: teams.{{ base_domain }}
- ha_method: "GET"
- ha_url: "/api/teams/health"
- port: "{{ loadbalancing.teams.port }}"
- servers: "{{docker_servers}}"
-
- name: oidc_playground
vhost_name: "oidc-playground.{{ base_domain }}"
ha_method: "GET"
diff --git a/environments/template/inventory b/environments/template/inventory
index f1b3dabed..b6e736941 100644
--- a/environments/template/inventory
+++ b/environments/template/inventory
@@ -84,9 +84,6 @@ docker2.example.com
[docker_invite:children]
docker_apps1
-[docker_teams:children]
-docker_apps1
-
[docker_pdp:children]
docker_apps1
diff --git a/environments/template/secrets/secret_example.yml b/environments/template/secrets/secret_example.yml
index da8690cfa..8b8e69309 100644
--- a/environments/template/secrets/secret_example.yml
+++ b/environments/template/secrets/secret_example.yml
@@ -1,7 +1,6 @@
mysql_root_password: secret
mysql_passwords:
- teams: secret
eb: secret
pdp_server: secret
aa_server: secret
@@ -36,7 +35,6 @@ engine_parameters_secret: secretsecretsecretsecretsecretsecret # need 32 chars
profile_secret: secret
-teams_authz_client_secret: secret
teams_migration_secret_key: secret
voot_resource_checking_secret: secret
@@ -45,7 +43,6 @@ voot_oidcng_checkToken_secret: secret
external_group_provider_secrets:
teams: secret
-teams_api_lifecycle_password: secret
teams_api_spdashboard_password: secret
attribute_aggregator_api_lifecycle_password: secret
diff --git a/provision.yml b/provision.yml
index 3b26963a5..815d62ee2 100644
--- a/provision.yml
+++ b/provision.yml
@@ -283,13 +283,6 @@
- role: stepupwebauthn
tags: ['stepupwebauthn', 'stepup']
-- name: Deploy teams app
- hosts: docker_teams
- become: true
- roles:
- - teams
- tags: ['teams']
-
- name: Deploy voot app
hosts: docker_voot
become: true
diff --git a/roles/hosts/tasks/main.yml b/roles/hosts/tasks/main.yml
index 14e36b308..3c8ce29c7 100644
--- a/roles/hosts/tasks/main.yml
+++ b/roles/hosts/tasks/main.yml
@@ -20,7 +20,6 @@
- "aa.vm.openconext.org"
- "link.vm.openconext.org"
- "connect.vm.openconext.org"
- - "teams.vm.openconext.org"
- "manage.vm.openconext.org"
- name: Set logstash in hostsfile
diff --git a/roles/rsyslog/templates/sc_ruleset.conf.j2 b/roles/rsyslog/templates/sc_ruleset.conf.j2
index 86a0e5457..34d5392dd 100644
--- a/roles/rsyslog/templates/sc_ruleset.conf.j2
+++ b/roles/rsyslog/templates/sc_ruleset.conf.j2
@@ -19,8 +19,6 @@ if $programname == "engineblock" and $msg contains '{"channel":"authentication"'
:programname, isequal, "pdp" { action(type="omfile" DynaFile="pdp-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
if $programname == "profile" and $msg startswith "{" then { action(type="omfile" DynaFile="profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
:programname, isequal, "profile" { action(type="omfile" DynaFile="apache-profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
-:programname, isequal, "teamsserver" { action(type="omfile" DynaFile="teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
-:programname, isequal, "teamsgui" { action(type="omfile" DynaFile="apache-teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
:programname, isequal, "vootserver" { action(type="omfile" DynaFile="voot-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
:programname, isequal, "mariadbd" { action(type="omfile" DynaFile="galera-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
:programname, isequal, "garb-systemd" { action(type="omfile" DynaFile="haproxy-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
diff --git a/roles/rsyslog/templates/sc_template.conf.j2 b/roles/rsyslog/templates/sc_template.conf.j2
index d6b765f0a..3a47df0a6 100644
--- a/roles/rsyslog/templates/sc_template.conf.j2
+++ b/roles/rsyslog/templates/sc_template.conf.j2
@@ -14,8 +14,6 @@ $template pdpanalytics-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/
$template apache-pdp-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/pdp/apache.log"
$template profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/profile.log"
$template apache-profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/apache.log"
-$template teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/teams.log"
-$template apache-teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/apache.log"
$template voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/voot.log"
$template apache-voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/apache.log"
$template galera-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera.log"
diff --git a/roles/teams/defaults/main.yml b/roles/teams/defaults/main.yml
deleted file mode 100644
index c0e6deeb3..000000000
--- a/roles/teams/defaults/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-teams_dir: /opt/teams
-teams_cronjobmaster: true
-teams_help_link_en: https://example.org
-teams_help_link_nl: https://example.org
-teams_help_link_pt: https://example.org
-teams_tos_en: https://example.org
-teams_tos_nl: https://example.org
-teams_tos_pt: https://example.org
-teams_main_link: https://www.openconext.org
-teams_organization: "{{ instance_name }}"
-teams_api_lifecycle_username: teams_api_lifecycle_user
-teams_oauth2_token_url: "https://connect.{{ base_domain }}/oidc/token"
-teams_authz_client_id: "teams.{{ base_domain }}"
-teams_manage_provision_oidcrp_name_en: "Teams client credentials client for VOOT access"
-teams_manage_provision_oidcrp_description_en: "OAuth client to access VOOT for group information"
-teams_manage_provision_oidcrp_grants: "client_credentials"
-teams_manage_provision_oidcrp_state: "prodaccepted"
-teams_manage_provision_oidcrp_scopes: "groups"
-teams_manage_provision_oidcrp_allowed_resource_servers: '{"name": "{{ voot.oidcng_checkToken_clientId }}"}'
-teams_manage_provision_samlsp_client_id: "https://teams.{{ base_domain }}/shibboleth"
-teams_manage_provision_samlsp_name_en: "{{ instance_name }} Teams"
-teams_manage_provision_samlsp_description_en: "{{ instance_name }} Teams application for group memberships"
-teams_manage_provision_samlsp_acs_location: "https://teams.{{ base_domain }}/Shibboleth.sso/SAML2/POST"
-teams_manage_provision_samlsp_metadata_url: "https://teams.{{ base_domain }}/Shibboleth.sso/Metadata"
-teams_manage_provision_samlsp_sp_cert: ""
-teams_manage_provision_samlsp_trusted_proxy: false
-teams_manage_provision_samlsp_sign: false
-teams_spring_flyway_enabled: true
-teams_docker_networks:
- - name: "loadbalancer"
-teams_server_restart_policy: always
-teams_server_restart_retries: 0
diff --git a/roles/teams/handlers/main.yml b/roles/teams/handlers/main.yml
deleted file mode 100644
index d866b5d27..000000000
--- a/roles/teams/handlers/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: restart teamsserver
- community.docker.docker_container:
- name: teamsserver
- state: started
- restart: true
- # avoid restarting it creates unexpected data loss according to docker_container_module notes
- comparisons:
- '*': ignore
- when: teamsserverontainer is success and teamsserverontainer is not change
diff --git a/roles/teams/tasks/main.yml b/roles/teams/tasks/main.yml
deleted file mode 100644
index 498c99d4c..000000000
--- a/roles/teams/tasks/main.yml
+++ /dev/null
@@ -1,101 +0,0 @@
----
-- name: Create directory to keep configfile
- ansible.builtin.file:
- dest: "/opt/openconext/teams"
- state: directory
- owner: root
- group: root
- mode: "0770"
-
-- name: Place the serverapplication configfiles
- ansible.builtin.template:
- src: "{{ item }}.j2"
- dest: /opt/openconext/teams/{{ item }}
- owner: root
- group: root
- mode: "0644"
- with_items:
- - serverapplication.yml
- - logback.xml
- notify: restart teamsserver
-
-- name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker
- ansible.builtin.set_fact:
- teams_docker_networks:
- - name: loadbalancer
- - name: openconext_mariadb
- when: mariadb_in_docker | default(false) | bool
-
-- name: Create and start the server container
- community.docker.docker_container:
- name: teamsserver
- env:
- TZ: "{{ timezone }}"
- image: ghcr.io/openconext/openconext-teams-ng/teams-server:{{ teams_server_version }}
- pull: true
- restart_policy: "{{ teams_server_restart_policy }}"
- restart_retries: "{{ teams_server_restart_retries }}" # Only for restart policy on-failure
- state: started
- networks: "{{ teams_docker_networks }}"
- mounts:
- - source: /opt/openconext/teams/serverapplication.yml
- target: /application.yml
- type: bind
- - source: /opt/openconext/teams/logback.xml
- target: /logback.xml
- type: bind
- command: "-Xmx512m --spring.config.location=./"
- etc_hosts:
- host.docker.internal: host-gateway
- healthcheck:
- test:
- [
- "CMD",
- "wget",
- "-no-verbose",
- "--tries=1",
- "--spider",
- "http://localhost:8080/internal/health",
- ]
- interval: 10s
- timeout: 10s
- retries: 3
- start_period: 10s
- register: teamsserverontainer
-
-- name: Create the gui container
- community.docker.docker_container:
- name: teamsgui
- image: ghcr.io/openconext/openconext-teams-ng/teams-gui:{{ teams_gui_version }}
- pull: true
- restart_policy: "always"
- state: started
- networks:
- - name: "loadbalancer"
- labels:
- traefik.http.routers.teamsgui.rule: "Host(`teams.{{ base_domain }}`)"
- traefik.http.routers.teamsgui.tls: "true"
- traefik.enable: "true"
- healthcheck:
- test: ["CMD", "curl", "--fail", "http://localhost/internal/health"]
- interval: 10s
- timeout: 10s
- retries: 3
- start_period: 10s
- hostname: teams
- mounts:
- - source: /etc/localtime
- target: /etc/localtime
- type: bind
- - source: /opt/openconext/common/favicon.ico
- target: /var/www/favicon.ico
- type: bind
- env:
- HTTPD_CSP: "{{ httpd_csp.strict_with_static_img }}"
- HTTPD_SERVERNAME: "teams.{{ base_domain }}"
- OPENCONEXT_INSTANCENAME: "{{ instance_name }}"
- OPENCONEXT_ENGINE_LOGOUT_URL: "https://engine.{{ base_domain }}/logout"
- OPENCONEXT_HELP_EMAIL: "{{ support_email }}"
- SHIB_ENTITYID: "https://teams.{{ base_domain }}/shibboleth"
- SHIB_REMOTE_ENTITYID: "https://engine.{{ base_domain }}/authentication/idp/metadata"
- SHIB_REMOTE_METADATA: "{{ shibboleth_metadata_sources.engine }}"
diff --git a/roles/teams/templates/logback.xml.j2 b/roles/teams/templates/logback.xml.j2
deleted file mode 100644
index b9c559d4f..000000000
--- a/roles/teams/templates/logback.xml.j2
+++ /dev/null
@@ -1,29 +0,0 @@
-#jinja2:lstrip_blocks: True
-
-
-
-
-
- %d{ISO8601} %5p [%t] %logger{40}:%L - %m%n
-
-
-
-
- {{ smtp_server }}
- {{ noreply_email }}
- {{ error_mail_to }}
- {{ error_subject_prefix }}Unexpected error teams
-
-
-
- ERROR
-
-
-
-
-
-
-
-
-
-
diff --git a/roles/teams/templates/serverapplication.yml.j2 b/roles/teams/templates/serverapplication.yml.j2
deleted file mode 100644
index f1a4088be..000000000
--- a/roles/teams/templates/serverapplication.yml.j2
+++ /dev/null
@@ -1,131 +0,0 @@
-# The logging configuration.
-logging:
- config: file:///logback.xml
- level:
- org.hibernate.SQL: INFO
-
-api:
- lifecycle:
- username: {{ teams_api_lifecycle_username }}
- password: "{{ teams_api_lifecycle_password }}"
-
-secure_cookie: true
-
-server:
- port: 8080
- error:
- path: "/error"
- servlet:
- session:
- timeout: 28800
- cookie:
- secure: true
- server-header: no
-
-config:
- support-email: {{ support_email }}
- help-link-en: {{ teams_help_link_en }}
- help-link-nl: {{ teams_help_link_nl }}
- help-link-pt: {{ teams_help_link_pt }}
- help-tos-en: {{ teams_tos_en }}
- help-tos-nl: {{ teams_tos_nl }}
- help-tos-pt: {{ teams_tos_pt }}
- main-link: {{ teams_main_link }}
- organization: {{ teams_organization }}
- sponsor: {{ sponsor_name }}
- supported_language_codes: {{ supported_language_codes }}
-
-features:
- invite-migration-on: {{ teams.feature_invite_migration_on }}
-
-security:
- user:
- name: "{{ teams.voot_api_user }}"
- password: "{{ external_group_provider_secrets.teams }}"
-
-sp_dashboard:
- user-name: "{{ teams.spdashboard_api_user }}"
- password: "{{ teams_api_spdashboard_password }}"
- person-urn: "{{ teams.spdashboard_person_urn }}"
- name: "SP Dashboard"
- email: "{{ support_email }}"
-
-# Is this node in a load-balanced topology responsible for cleaning up resources (See ExpiredInvitationsRemover)
-cron:
- node-cron-job-responsible: {{ teams_cronjobmaster }}
- expression: "0 0/15 * * * ?"
-
-teams:
- default-stem-name: "{{ teams.default_stem_name }}"
- group-name-context: "{{ teams.group_name_context }}"
- product-name: "{{ teams.product_name }}"
- non-guest-member-of: "{{ guest_qualifier }}"
-
-super_admins_team:
- urns:
- {% for value in teams.super_admins_team_urns %}
-- "{{ value }}"
- {% endfor %}
-
-voot:
- serviceUrl: https://voot.{{ base_domain }}
- accessTokenUri: "{{ teams_oauth2_token_url }}"
- clientId: "{{ teams_authz_client_id }}"
- clientSecret: "{{ teams_authz_client_secret }}"
- scopes: "{{ teams_manage_provision_oidcrp_scopes }}"
-
-invite:
- url: "https://invite.{{ base_domain }}/api/external/v1/teams"
- user: "{{ invite.teamsuser }}"
- password: "{{ invite.teamssecret }}"
-
-spring:
- session:
- store-type: jdbc
- jdbc:
- schema: classpath:org/springframework/session/jdbc/schema-mysql.sql
- initialize-schema: always
- cleanup-cron: "{% if teams_cronjobmaster %}0 13 * * * *{% else %}-{% endif %}"
- jpa:
- open-in-view: true
- properties:
- hibernate:
- naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
- datasource:
- driver-class-name: org.mariadb.jdbc.Driver
- url: jdbc:mariadb://{{ teams.db_host }}/{{ teams.db_name }}?socketTimeout=30000
- username: {{ teams.db_user }}
- password: "{{ teams.db_password }}"
- mail:
- host: {{ smtp_server }}
- port: 25
- main:
- banner-mode: "off"
- flyway:
- enabled: {{ teams_spring_flyway_enabled }}
- validate-on-migrate: false
- table: schema_version
- security:
- user:
- name: na
- password: na
-
-management:
- health:
- mail:
- enabled: true
- endpoints:
- web:
- exposure:
- include: "health,info"
- base-path: "/internal"
- endpoint:
- info:
- enabled: true
- info:
- git:
- mode: full
-
-email:
- from: {{ instance_name }} Teams <{{ noreply_email }}>
- base-url: https://teams.{{ base_domain }}
diff --git a/roles/teams/vars/main.yml b/roles/teams/vars/main.yml
deleted file mode 100644
index 207ea9b7c..000000000
--- a/roles/teams/vars/main.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-manage_provision_oidcrp_client_id: "{{ teams_authz_client_id }}"
-manage_provision_oidcrp_secret: "{{ teams_authz_client_secret }}"
-manage_provision_oidcrp_name_en: "{{ teams_manage_provision_oidcrp_name_en }}"
-manage_provision_oidcrp_description_en: "{{ teams_manage_provision_oidcrp_description_en }}"
-manage_provision_oidcrp_grants: "{{ teams_manage_provision_oidcrp_grants }}"
-manage_provision_oidcrp_allowed_resource_servers: "{{ teams_manage_provision_oidcrp_allowed_resource_servers }}"
-manage_provision_samlsp_client_id: "{{ teams_manage_provision_samlsp_client_id }}"
-manage_provision_samlsp_name_en: "{{ teams_manage_provision_samlsp_name_en }}"
-manage_provision_samlsp_description_en: "{{ teams_manage_provision_samlsp_description_en }}"
-manage_provision_samlsp_acs_location: "{{ teams_manage_provision_samlsp_acs_location }}"
-manage_provision_samlsp_metadata_url: "{{ teams_manage_provision_samlsp_metadata_url }}"
-manage_provision_samlsp_sp_cert: "{{ teams_manage_provision_samlsp_sp_cert }}"
-manage_provision_samlsp_trusted_proxy: "{{ teams_manage_provision_samlsp_trusted_proxy }}"
-manage_provision_samlsp_sign: "{{ teams_manage_provision_samlsp_sign }}"
diff --git a/roles/welcome/files/site/images/teams-logo.png b/roles/welcome/files/site/images/teams-logo.png
deleted file mode 100644
index 30f069553..000000000
Binary files a/roles/welcome/files/site/images/teams-logo.png and /dev/null differ
diff --git a/roles/welcome/templates/site/index.html b/roles/welcome/templates/site/index.html
index 1be3199c1..0601527c7 100644
--- a/roles/welcome/templates/site/index.html
+++ b/roles/welcome/templates/site/index.html
@@ -30,24 +30,6 @@
- {% if ( not minimal_install ) %}
-
-
- 
-
- Manage team members
-
-
-
- {% endif %}
OpenConext Administration