Closed Bug 1187090 Opened 10 years ago Closed 10 years ago

Unify hg-web and docker-hg-web Ansible roles

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect, P1)

Product:
Developer Services
Component:
Mercurial: hg.mozilla.org
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gps, Assigned: gps)

References

Details

Attachments

(13 files)

MozReview Request: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-web: install an older version of virtualenv (bug 1187090); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: install mercurial package (bug 1187090); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-web: install cronie (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
MozReview Request: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar
40 bytes, text/x-review-board-request
Details
We currently have hg-web and docker-hg-web ansible roles. They don't share any code. The ideal is for docker-hg-web to use the hg-web role and do Docker-specific things on top of hg-web. Let's do this work so our Docker and production environments converge in behavior. fubar: warning: this will be a long commit series. But every commit should be rather small and easy to understand.
Blocks: 1139218
Priority: -- → P1
ansible/hg-web: don't install python-pygments package (bug 1187090); r?fubar Now that we run hgweb out of a virtualenv, we no longer need some Python packages installed against the system Python. Don't install pygments against the system Python because it won't be used. We could probably remove simplejson and argparse as well, but I'm not 100% confident about their lack of usage.
Attachment #8638203 - Flags: review?(klibby)
ansible/hg-web: only install python27 package if Mozilla yum repo configured (bug 1187090); r?fubar The hg-web and docker-hg-web Ansible roles are fully divergent and have lots of duplicate functionality. This commit starts the process of making the hg-web role suitable for use in Docker. Mozilla's yum repositories aren't available outside of Mozilla's firewall. Therefore the "python27" package is not available to Docker (unless running inside Mozilla's firewall, which we don't want to make a development requirement). Only install python27 from yum if the Mozilla yum repo is configured. There is probably a better way to test for a yum repo's existence. But looking for existence of the file is sufficient for Mozilla's servers.
Attachment #8638204 - Flags: review?(klibby)
ansible/hg-web: install Python 2.7 direct from RPMs when yum not available (bug 1187090); r?fubar In Docker, the Mozilla yum repository isn't available and the "python27" package can't be installed from there. Add the ability to install RPMs directly by downloading them from gps's people directory. Yes, this is hacky. But, there is precedent for this approach elsewhere. We should eventually stand up our own yum repo on the public internet so Docker and production can share the same packages. But that is a non-trivial amount of work.
Attachment #8638205 - Flags: review?(klibby)
ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r?fubar We want the docker-hg-web role to be built on top of hg-web, not for there to be divergent roles. Make hg-web a role dependency of docker-hg-web so we can start working towards this goal. This does break the Docker hgweb environment. But some breakage is needed to manage a change this large. The following commits will unbust things.
Attachment #8638206 - Flags: review?(klibby)
ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r?fubar We never added this to hg-web because the servers already had it. Now that we're moving Docker to use the hg-web role, we need this logic in hg-web. Note that the docker-hg-web symlink was incorrect. Production has /repo/hg -> /repo_local/mozilla. Also, Ansible's terminology around links is also kinda weird. This is more confusing than it needs to be.
Attachment #8638207 - Flags: review?(klibby)
ansible/hg-web: configure hg user's ssh settings (bug 1187090); r?fubar This is a simple move of logic from docker-hg-web to hg-web. docker-hg-web was based on the state of an actual hgweb server and the Puppet configuration. So this should be trusted. I confirmed as part of this refactoring that the ssh_config file contents in Ansible match what is in production. Of course, we'll eventually need to rewrite the ssh_config file to be a template since the hostname of the hgssh server in the Docker cluster will almost certainly not be "hg.mozilla.org" (unless we install a hosts entry). But that's for another day.
Attachment #8638208 - Flags: review?(klibby)
ansible/hg-web: create hg user and group consistently with production (bug 1187090); r?fubar We want Docker and production to align as closely as possible. The hg user/group is managed by Puppet. So, the hg-web changes should no-op on production. However, the Docker environment will be consistent with production now.
Attachment #8638209 - Flags: review?(klibby)
ansible/docker-hg-web: remove hgrc from role (bug 1187090); r?fubar The hg-web roles already provides a hgrc file. The file contents are 95% identical. Differences appear to be from the docker variant drifting out of sync with production.
Attachment #8638210 - Flags: review?(klibby)
ansible/hg-web: install mercurial package (bug 1187090); r?fubar Believe it or not, the hg-web role wasn't installing the mercurial package! Change that. Again, we have to install from RPM if we don't have access to the yum repo.
Attachment #8638211 - Flags: review?(klibby)
ansible/hg-web: install cronie (bug 1187090); r?fubar Docker doesn't have a cron agent installed. cronie seems to be the CentOS 6 cron package (at least it is what is installed in production). Without this package, Ansible is unable to configure cron jobs from Docker.
Attachment #8638212 - Flags: review?(klibby)
ansible/hg-web: create webroot_wsgi directory (bug 1187090); r?fubar Without this, the chown of this directory later on fails on Docker because the directory doesn't exist. With this commit, we are once again able to build the hgweb Docker images! Only this time we're using the hg-web role.
Attachment #8638213 - Flags: review?(klibby)
ansible/docker-hg-web: remove httpd configs (bug 1187090); r?fubar hg-web already provides httpd config files and docker-hg-web's copies are mostly that: redundant copies. The httpd.conf file is identical with the exception of the ServerLimit and MaxClients lines, which use templatized values in the case of hg-web. This should "just work" on docker-hg-web. If not, we can fix it later. The mod_wsgi.conf file content is identical between both versions. vhost.conf does vary a bit. Manual inspection reveals this is mostly due to hg-web's copy being updated and docker-hg-web's drifting out of sync. Whatever the reason, we want to be based on hg-web, so remove the docker-hg-web version.
Attachment #8638214 - Flags: review?(klibby)
ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r?fubar The removes packages are all installed by the hg-web role.
Attachment #8638215 - Flags: review?(klibby)
Attachment #8638203 - Flags: review?(klibby) → review+
Comment on attachment 8638203 [details] MozReview Request: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14049/#review12621 Ship It!
Attachment #8638204 - Flags: review?(klibby)
Comment on attachment 8638204 [details] MozReview Request: ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar https://reviewboard.mozilla.org/r/14051/#review12623 The python27 rpms in mrepo are actually from the IUS Community projects (https://iuscommunity.org/pages/Repos.html), just hosted locally (and not automatically updated). How about using that instead?
Comment on attachment 8638207 [details] MozReview Request: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14057/#review12625 Ship It!
Attachment #8638207 - Flags: review?(klibby) → review+
Comment on attachment 8638208 [details] MozReview Request: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14059/#review12627 Ship It!
Attachment #8638208 - Flags: review?(klibby) → review+
Comment on attachment 8638209 [details] MozReview Request: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14061/#review12629 Actually, the hg user on hgweb* is NOT managed by puppet. It is managed by puppet on hgssh*, though, and with a different UID (500 vs 5507 (which appears to just be the next available UID on the system)).
Attachment #8638209 - Flags: review?(klibby) → review+
Comment on attachment 8638210 [details] MozReview Request: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14063/#review12631 Ship It!
Attachment #8638210 - Flags: review?(klibby) → review+
Comment on attachment 8638211 [details] MozReview Request: ansible/hg-web: install mercurial package (bug 1187090); r?fubar https://reviewboard.mozilla.org/r/14065/#review12633 Sadly, IUS doesn't have mercurial packages, so my earlier suggestion for python27 fails here. /sadtrombone How about using an S3 bucket instead of people.m.o? While people is convenient, it's availability is not guaranteed.
Attachment #8638211 - Flags: review?(klibby) → review+
Comment on attachment 8638212 [details] MozReview Request: ansible/hg-web: install cronie (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14067/#review12635 Ship It!
Attachment #8638212 - Flags: review?(klibby) → review+
Attachment #8638213 - Flags: review?(klibby) → review+
Comment on attachment 8638213 [details] MozReview Request: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14069/#review12637 Ship It!
Comment on attachment 8638214 [details] MozReview Request: ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14071/#review12639 Ship It!
Attachment #8638214 - Flags: review?(klibby) → review+
Comment on attachment 8638215 [details] MozReview Request: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14073/#review12641 Ship It!
Attachment #8638215 - Flags: review?(klibby) → review+
Comment on attachment 8638206 [details] MozReview Request: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar https://reviewboard.mozilla.org/r/14055/#review12643 Ship It!
Attachment #8638206 - Flags: review?(klibby) → review+
https://reviewboard.mozilla.org/r/14051/#review12623 Oh, I had no idea! Thanks for the pointer!
https://reviewboard.mozilla.org/r/14061/#review12629 Interesting. Over in the chroot bug, I noticed that Puppet (or something) is removing the "mozbuild" user from hgweb1. (It must be not-Puppet because Puppet is disabled on that host currently.) Also, if you look at the Puppet logs for any of the other hgweb machines, they are reporting an error trying to apply User[hg]. Could Puppet be trying to remove the "hg" user since it isn't managed by Puppet?
https://reviewboard.mozilla.org/r/14065/#review12633 You know, I was thinking the same thing as I was implementing this. I was hoping not to scope bloat. But while I'm here, I might as well.
Comment on attachment 8638203 [details] MozReview Request: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar Now that we run hgweb out of a virtualenv, we no longer need some Python packages installed against the system Python. Don't install pygments against the system Python because it won't be used. We could probably remove simplejson and argparse as well, but I'm not 100% confident about their lack of usage.
Attachment #8638203 - Attachment description: MozReview Request: ansible/hg-web: don't install python-pygments package (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar
Attachment #8638203 - Flags: review+
Attachment #8638204 - Attachment description: MozReview Request: ansible/hg-web: only install python27 package if Mozilla yum repo configured (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar
Attachment #8638204 - Flags: review?(klibby)
Comment on attachment 8638204 [details] MozReview Request: ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar Currently, Python 2.7 packages come from Mozilla's internal yum repo. This repo is behind a firewall and not public. This poses a problem for our Docker environment because we need to install Python 2.7 packages. The packages inside Mozilla's repo that we care about are all copies from the IUS Community repositories (https://iuscommunity.org/pages/Repos.html). So, just configure the canonical upstream repo.
Comment on attachment 8638206 [details] MozReview Request: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar We want the docker-hg-web role to be built on top of hg-web, not for there to be divergent roles. Make hg-web a role dependency of docker-hg-web so we can start working towards this goal. This does break the Docker hgweb environment. But some breakage is needed to manage a change this large. The following commits will unbust things.
Attachment #8638206 - Attachment description: MozReview Request: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r?fubar → MozReview Request: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar
Attachment #8638206 - Flags: review+
Comment on attachment 8638207 [details] MozReview Request: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar We never added this to hg-web because the servers already had it. Now that we're moving Docker to use the hg-web role, we need this logic in hg-web. Note that the docker-hg-web symlink was incorrect. Production has /repo/hg -> /repo_local/mozilla. Also, Ansible's terminology around links is also kinda weird. This is more confusing than it needs to be.
Attachment #8638207 - Attachment description: MozReview Request: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar
Attachment #8638207 - Flags: review+
Comment on attachment 8638208 [details] MozReview Request: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar This is a simple move of logic from docker-hg-web to hg-web. docker-hg-web was based on the state of an actual hgweb server and the Puppet configuration. So this should be trusted. I confirmed as part of this refactoring that the ssh_config file contents in Ansible match what is in production. Of course, we'll eventually need to rewrite the ssh_config file to be a template since the hostname of the hgssh server in the Docker cluster will almost certainly not be "hg.mozilla.org" (unless we install a hosts entry). But that's for another day.
Attachment #8638208 - Attachment description: MozReview Request: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar
Attachment #8638208 - Flags: review+
Comment on attachment 8638209 [details] MozReview Request: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar We want Docker and production to align as closely as possible. The hg user/group was formerly managed by Puppet and has these values. Inherit them.
Attachment #8638209 - Attachment description: MozReview Request: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar
Attachment #8638209 - Flags: review+
Attachment #8638210 - Attachment description: MozReview Request: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r?fubar → MozReview Request: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar
Attachment #8638210 - Flags: review+
Comment on attachment 8638210 [details] MozReview Request: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar The hg-web roles already provides a hgrc file. The file contents are 95% identical. Differences appear to be from the docker variant drifting out of sync with production.
Comment on attachment 8638211 [details] MozReview Request: ansible/hg-web: install mercurial package (bug 1187090); r?fubar ansible/hg-web: install mercurial package (bug 1187090); r?fubar Believe it or not, the hg-web role wasn't installing the mercurial package! Change that. Again, we have to install from RPM if we don't have access to the yum repo.
Attachment #8638211 - Flags: review+ → review?(klibby)
Comment on attachment 8638205 [details] MozReview Request: ansible/hg-web: install an older version of virtualenv (bug 1187090); r?fubar ansible/hg-web: install an older version of virtualenv (bug 1187090); r?fubar The virtualenv package in the IUS repository isn't compatible with peep due to peep not yet being compatible with pip 7. Work around this issue by installing an old version of virtualenv.
Attachment #8638205 - Attachment description: MozReview Request: ansible/hg-web: install Python 2.7 direct from RPMs when yum not available (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: install an older version of virtualenv (bug 1187090); r?fubar
Comment on attachment 8638212 [details] MozReview Request: ansible/hg-web: install cronie (bug 1187090); r=fubar ansible/hg-web: install cronie (bug 1187090); r=fubar Docker doesn't have a cron agent installed. cronie seems to be the CentOS 6 cron package (at least it is what is installed in production). Without this package, Ansible is unable to configure cron jobs from Docker.
Attachment #8638212 - Attachment description: MozReview Request: ansible/hg-web: install cronie (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: install cronie (bug 1187090); r=fubar
Attachment #8638212 - Flags: review+
Comment on attachment 8638213 [details] MozReview Request: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar Without this, the chown of this directory later on fails on Docker because the directory doesn't exist. With this commit, we are once again able to build the hgweb Docker images! Only this time we're using the hg-web role.
Attachment #8638213 - Attachment description: MozReview Request: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r?fubar → MozReview Request: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar
Attachment #8638213 - Flags: review+
Comment on attachment 8638214 [details] MozReview Request: ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar hg-web already provides httpd config files and docker-hg-web's copies are mostly that: redundant copies. The httpd.conf file is identical with the exception of the ServerLimit and MaxClients lines, which use templatized values in the case of hg-web. This should "just work" on docker-hg-web. If not, we can fix it later. The mod_wsgi.conf file content is identical between both versions. vhost.conf does vary a bit. Manual inspection reveals this is mostly due to hg-web's copy being updated and docker-hg-web's drifting out of sync. Whatever the reason, we want to be based on hg-web, so remove the docker-hg-web version.
Attachment #8638214 - Attachment description: MozReview Request: ansible/docker-hg-web: remove httpd configs (bug 1187090); r?fubar → MozReview Request: ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar
Attachment #8638214 - Flags: review+
Comment on attachment 8638215 [details] MozReview Request: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar The removes packages are all installed by the hg-web role.
Attachment #8638215 - Attachment description: MozReview Request: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r?fubar → MozReview Request: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar
Attachment #8638215 - Flags: review+
Attachment #8638204 - Flags: review?(klibby) → review+
Comment on attachment 8638204 [details] MozReview Request: ansible/hg-web: configure IUS Community repository (bug 1187090); r?fubar https://reviewboard.mozilla.org/r/14051/#review12689 Ship It!
Attachment #8638211 - Flags: review?(klibby) → review+
Comment on attachment 8638211 [details] MozReview Request: ansible/hg-web: install mercurial package (bug 1187090); r?fubar https://reviewboard.mozilla.org/r/14065/#review12691 Ship It!
Comment on attachment 8638205 [details] MozReview Request: ansible/hg-web: install an older version of virtualenv (bug 1187090); r?fubar https://reviewboard.mozilla.org/r/14053/#review12693 Ship It!
Attachment #8638205 - Flags: review?(klibby) → review+
url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/ef7d31bcabd3a619cac02f5d32c35d2c5a917554 changeset: ef7d31bcabd3a619cac02f5d32c35d2c5a917554 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 14:10:17 2015 -0700 description: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar Now that we run hgweb out of a virtualenv, we no longer need some Python packages installed against the system Python. Don't install pygments against the system Python because it won't be used. We could probably remove simplejson and argparse as well, but I'm not 100% confident about their lack of usage. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/245a29a22322dda2b01d3474175e7f935f8dc854 changeset: 245a29a22322dda2b01d3474175e7f935f8dc854 user: Gregory Szorc <gps@mozilla.com> date: Fri Jul 24 11:02:41 2015 -0700 description: ansible/hg-web: configure IUS Community repository (bug 1187090); r=fubar Currently, Python 2.7 packages come from Mozilla's internal yum repo. This repo is behind a firewall and not public. This poses a problem for our Docker environment because we need to install Python 2.7 packages. The packages inside Mozilla's repo that we care about are all copies from the IUS Community repositories (https://iuscommunity.org/pages/Repos.html). So, just configure the canonical upstream repo. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/7db3c72ae432ff595db5415ea37f55dca8438351 changeset: 7db3c72ae432ff595db5415ea37f55dca8438351 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 14:34:43 2015 -0700 description: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar We want the docker-hg-web role to be built on top of hg-web, not for there to be divergent roles. Make hg-web a role dependency of docker-hg-web so we can start working towards this goal. This does break the Docker hgweb environment. But some breakage is needed to manage a change this large. The following commits will unbust things. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/f7cc48945bc496d35234674e99d9bfa6fba68167 changeset: f7cc48945bc496d35234674e99d9bfa6fba68167 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 14:41:36 2015 -0700 description: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar We never added this to hg-web because the servers already had it. Now that we're moving Docker to use the hg-web role, we need this logic in hg-web. Note that the docker-hg-web symlink was incorrect. Production has /repo/hg -> /repo_local/mozilla. Also, Ansible's terminology around links is also kinda weird. This is more confusing than it needs to be. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/ae9be2160fea312655b7e84755549f46a307776a changeset: ae9be2160fea312655b7e84755549f46a307776a user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 14:52:51 2015 -0700 description: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar This is a simple move of logic from docker-hg-web to hg-web. docker-hg-web was based on the state of an actual hgweb server and the Puppet configuration. So this should be trusted. I confirmed as part of this refactoring that the ssh_config file contents in Ansible match what is in production. Of course, we'll eventually need to rewrite the ssh_config file to be a template since the hostname of the hgssh server in the Docker cluster will almost certainly not be "hg.mozilla.org" (unless we install a hosts entry). But that's for another day. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/668edc7c1662e5ce9de406f24518d8833d3f8d75 changeset: 668edc7c1662e5ce9de406f24518d8833d3f8d75 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 15:00:27 2015 -0700 description: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar We want Docker and production to align as closely as possible. The hg user/group was formerly managed by Puppet and has these values. Inherit them. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/ccd5ee0e9412bc8c1c4b0b416258bb31e3232281 changeset: ccd5ee0e9412bc8c1c4b0b416258bb31e3232281 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 15:03:10 2015 -0700 description: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar The hg-web roles already provides a hgrc file. The file contents are 95% identical. Differences appear to be from the docker variant drifting out of sync with production. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/8c7a8ba2e73e817c88fe3f0dd9dedbfc4ac7b0be changeset: 8c7a8ba2e73e817c88fe3f0dd9dedbfc4ac7b0be user: Gregory Szorc <gps@mozilla.com> date: Fri Jul 24 12:24:39 2015 -0700 description: ansible/hg-web: install mercurial package (bug 1187090); r=fubar Believe it or not, the hg-web role wasn't installing the mercurial package! Change that. Again, we have to install from RPM if we don't have access to the yum repo. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/b18f712a10680fd1547b3d602dcbcaa456951744 changeset: b18f712a10680fd1547b3d602dcbcaa456951744 user: Gregory Szorc <gps@mozilla.com> date: Fri Jul 24 11:12:24 2015 -0700 description: ansible/hg-web: install an older version of virtualenv (bug 1187090); r=fubar The virtualenv package in the IUS repository isn't compatible with peep due to peep not yet being compatible with pip 7. Work around this issue by installing an old version of virtualenv. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/72dd1270b971fda59d79fbc4d228e9bc697b485d changeset: 72dd1270b971fda59d79fbc4d228e9bc697b485d user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 16:06:40 2015 -0700 description: ansible/hg-web: install cronie (bug 1187090); r=fubar Docker doesn't have a cron agent installed. cronie seems to be the CentOS 6 cron package (at least it is what is installed in production). Without this package, Ansible is unable to configure cron jobs from Docker. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/60f16695ca2edff174cefc0cf637c3293d669695 changeset: 60f16695ca2edff174cefc0cf637c3293d669695 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 16:16:43 2015 -0700 description: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar Without this, the chown of this directory later on fails on Docker because the directory doesn't exist. With this commit, we are once again able to build the hgweb Docker images! Only this time we're using the hg-web role. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/9ab6db56c1ec6bfbdf8e9276868f1e34ee0ad5f7 changeset: 9ab6db56c1ec6bfbdf8e9276868f1e34ee0ad5f7 user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 16:28:07 2015 -0700 description: ansible/docker-hg-web: remove httpd configs (bug 1187090); r=fubar hg-web already provides httpd config files and docker-hg-web's copies are mostly that: redundant copies. The httpd.conf file is identical with the exception of the ServerLimit and MaxClients lines, which use templatized values in the case of hg-web. This should "just work" on docker-hg-web. If not, we can fix it later. The mod_wsgi.conf file content is identical between both versions. vhost.conf does vary a bit. Manual inspection reveals this is mostly due to hg-web's copy being updated and docker-hg-web's drifting out of sync. Whatever the reason, we want to be based on hg-web, so remove the docker-hg-web version. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/a79bed57d61cfef714a064ddbe5f58dbb41502fd changeset: a79bed57d61cfef714a064ddbe5f58dbb41502fd user: Gregory Szorc <gps@mozilla.com> date: Thu Jul 23 16:31:47 2015 -0700 description: ansible/docker-hg-web: don't redundantly install packages (bug 1187090); r=fubar The removes packages are all installed by the hg-web role.
While there is still some work to do to merge docker-hg-web into hg-web, I'm calling this bug closed: we've done enough to unblock testing for bug 1139218.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Depends on: 1187981
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: