Closed Bug 1190515 Opened 6 years ago Closed 6 years ago

Ansibilize hgssh

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: gps, Assigned: gps)

References

Details

Attachments

(23 files)

40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
40 bytes, text/x-review-board-request
fubar
: review+
Details
hgssh is still managed by Puppet. And its Ansible configs are a bit of a mess. To unblock some future work I'm doing around Mercurial work, I need an accurate and reproducible test environment for hg.mozilla.org. This means leveraging Ansible to provision some Docker containers. This means having proper Ansible foo in place for hgssh, which we don't have currently. Let's change that.
Depends on: 1190516
ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar

We'll want to share this code so other roles can use it without copying.
Prepare for that by factoring it into its own role.
Attachment #8642713 - Flags: review?(klibby)
ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar

We don't yet have Python 2.7 installed on the hgssh machines. We'll need
this inevitably. So get it out of the way and install it now, before
some hardcore refactoring starts.
Attachment #8642714 - Flags: review?(klibby)
ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar

Not sure why this wasn't added to hg-ssh role in the first place.
Attachment #8642715 - Flags: review?(klibby)
ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar

fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh.
Attachment #8642716 - Flags: review?(klibby)
ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar

We want to pair down hgmo-extensions.yml into the common set of things
shared between hg-web and hg-ssh. Templates are hg-web only, so move
them to that role.

We change how the .vctnode file is referenced because when run from
Docker, it is no longer possible to reference a relative path. However,
pinning it from the {{ vct }} path seems to work.
Attachment #8642717 - Flags: review?(klibby)
ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar

These files are only relevant to hgweb and don't need to be on the SSH
master servers. Move the tasks out of the common file and into the
hg-web role.

As part of this, we remove references to these extensions from the hgrc
file in the hg-ssh role.
Attachment #8642718 - Flags: review?(klibby)
ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar

These are not relevant to the SSH master server. Remove them.
Attachment #8642719 - Flags: review?(klibby)
ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar

This directory is created by the hg-web role. It doesn't need to be in
the shared tasks file.
Attachment #8642720 - Flags: review?(klibby)
ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar

No content changes. Just making the file slightly easier to read by
avoiding long lines.
Attachment #8642721 - Flags: review?(klibby)
ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar

Now that hgmo-extensions.yml only contains truly shared tasks, it is
safe to include it from docker-hgmaster.yml. We should probably include
this file from the hg-ssh role. But this is how the file is currently
used elsewhere. We'll get there...
Attachment #8642722 - Flags: review?(klibby)
ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar

All the removed content is already in hgmo-extensions.yml, the hg-ssh
role, or just isn't needed on the SSH server. Nuke it from orbit.

Quite suddenly the size of docker-hg-ssh looks quite small.
Attachment #8642723 - Flags: review?(klibby)
ansible/hg-web: create scripts directory (bug 1190515); r?fubar

Provisioning an empty environment uncovered a failure installing a file
to a directory that doesn't exist. This is probably a result of
refactoring hgmo-extensions.yml to contain fewer things.
Attachment #8642724 - Flags: review?(klibby)
ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar
Attachment #8642725 - Flags: review?(klibby)
ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar

pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh.
Attachment #8642726 - Flags: review?(klibby)
ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar

More tasks that aren't specific to Docker.

With this change, docker-hg-ssh has very few remaining tasks: quite
possibly only things that truly are Docker specific.
Attachment #8642728 - Flags: review?(klibby)
ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar

These tasks are more associated with the role than the playbook. Move
its inclusion from playbooks to roles.
Attachment #8642729 - Flags: review?(klibby)
ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar

This is part of pash and is used as the ForceCommand for sshd. It wasn't
part of version-control-tools for reasons unknown to me. Likely omitted
by accident. Add and install it.

Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Attachment #8642730 - Flags: review?(klibby)
pash: use new tinyurl (bug 1190515); r?fubar

This mimics a change made in Subversion r101784.
Attachment #8642761 - Flags: review?(klibby)
ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar

This is carrying forward a configuration on hgssh1 today. See also bug
1038478.
Attachment #8642762 - Flags: review?(klibby)
ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar

This matches a task from hg-web. But since it references a file, it is
easier to not put it in the shared hgmo-extensions.yml file. And, it may
evolve over time, so easiest to leave it separate.
Attachment #8642763 - Flags: review?(klibby)
ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar

Copying functionality from Puppet. This is from hg_new::logging.
Attachment #8642764 - Flags: review?(klibby)
Comment on attachment 8642729 [details]
MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar

ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar

These tasks are more associated with the role than the playbook. Move
its inclusion from playbooks to roles.
Comment on attachment 8642730 [details]
MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar

ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar

This is part of pash and is used as the ForceCommand for sshd. It wasn't
part of version-control-tools for reasons unknown to me. Likely omitted
by accident. Add and install it.

Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Comment on attachment 8642761 [details]
MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar

pash: use new tinyurl (bug 1190515); r?fubar

This mimics a change made in Subversion r101784.
Comment on attachment 8642762 [details]
MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar

ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar

This is carrying forward a configuration on hgssh1 today. See also bug
1038478.
Comment on attachment 8642763 [details]
MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar

ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar

This matches a task from hg-web. But since it references a file, it is
easier to not put it in the shared hgmo-extensions.yml file. And, it may
evolve over time, so easiest to leave it separate.
Comment on attachment 8642764 [details]
MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar

ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar

Copying functionality from Puppet. This is from hg_new::logging.
ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar

Up until now, all the hg-ssh work was only relevant to Docker because
we weren't using the hg-ssh role anywhere. With this commit, we finally
introduce the hg-ssh role into the hgmo deployment playbook.

The openssh-lpk role requires some LDAP variables. We grab these from
the remote JSON file. I'm not entirely confident this will actually
work, as the internet is a bit conflicted on the best way to do this.
The syntax for accessing JSON variables is quite hacky. Surely there is
a better way.
Attachment #8642773 - Flags: review?(klibby)
ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar

This is already in the hg-ssh role and is redundant.
Attachment #8642774 - Flags: review?(klibby)
Comment on attachment 8642713 [details]
MozReview Request: ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14783/#review13411

Ship It!
Attachment #8642713 - Flags: review?(klibby) → review+
Attachment #8642714 - Flags: review?(klibby) → review+
Comment on attachment 8642714 [details]
MozReview Request: ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14785/#review13413

Ship It!
Comment on attachment 8642715 [details]
MozReview Request: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14787/#review13415

Ship It!
Attachment #8642715 - Flags: review?(klibby) → review+
Comment on attachment 8642716 [details]
MozReview Request: ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14789/#review13417

Ship It!
Attachment #8642716 - Flags: review?(klibby) → review+
Attachment #8642717 - Flags: review?(klibby) → review+
Comment on attachment 8642717 [details]
MozReview Request: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14797/#review13419

Ship It!
Comment on attachment 8642718 [details]
MozReview Request: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14793/#review13421

Ship It!
Attachment #8642718 - Flags: review?(klibby) → review+
Comment on attachment 8642719 [details]
MozReview Request: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14795/#review13423

Ship It!
Attachment #8642719 - Flags: review?(klibby) → review+
Comment on attachment 8642720 [details]
MozReview Request: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14799/#review13425

Ship It!
Attachment #8642720 - Flags: review?(klibby) → review+
Comment on attachment 8642721 [details]
MozReview Request: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14801/#review13427

Ship It!
Attachment #8642721 - Flags: review?(klibby) → review+
Comment on attachment 8642722 [details]
MozReview Request: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14803/#review13429

Ship It!
Attachment #8642722 - Flags: review?(klibby) → review+
Attachment #8642723 - Flags: review?(klibby) → review+
Comment on attachment 8642723 [details]
MozReview Request: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14805/#review13431

Ship It!
Comment on attachment 8642724 [details]
MozReview Request: ansible/hg-web: create scripts directory (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14807/#review13433

Ship It!
Attachment #8642724 - Flags: review?(klibby) → review+
Attachment #8642725 - Flags: review?(klibby) → review+
Comment on attachment 8642725 [details]
MozReview Request: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14809/#review13435

Ship It!
Comment on attachment 8642726 [details]
MozReview Request: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14811/#review13437

Ship It!
Attachment #8642726 - Flags: review?(klibby) → review+
Attachment #8642728 - Flags: review?(klibby) → review+
Comment on attachment 8642728 [details]
MozReview Request: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14813/#review13439

Ship It!
Comment on attachment 8642729 [details]
MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14815/#review13441

Ship It!
Attachment #8642729 - Flags: review?(klibby) → review+
Comment on attachment 8642730 [details]
MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14817/#review13443

Ship It!
Attachment #8642730 - Flags: review?(klibby) → review+
Attachment #8642761 - Flags: review?(klibby) → review+
Comment on attachment 8642761 [details]
MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14819/#review13445

Ship It!
Attachment #8642762 - Flags: review?(klibby) → review+
Comment on attachment 8642762 [details]
MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14821/#review13447

Ship It!
Comment on attachment 8642763 [details]
MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14823/#review13449

Ship It!
Attachment #8642763 - Flags: review?(klibby) → review+
Comment on attachment 8642764 [details]
MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14825/#review13451

Ship It!
Attachment #8642764 - Flags: review?(klibby) → review+
Comment on attachment 8642774 [details]
MozReview Request: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14833/#review13453

Ship It!
Attachment #8642774 - Flags: review?(klibby) → review+
Comment on attachment 8642773 [details]
MozReview Request: ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar

https://reviewboard.mozilla.org/r/14831/#review13455

Ship It!
Attachment #8642773 - Flags: review?(klibby) → review+
url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/fc46f44709f95439c89263b66408291167717091
changeset:  fc46f44709f95439c89263b66408291167717091
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:14:04 2015 -0700
description:
ansible: extract IUS repository configuration to own role (bug 1190515); r=fubar

We'll want to share this code so other roles can use it without copying.
Prepare for that by factoring it into its own role.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/d56ca3f52cbca486d88e75b35ffdfccfebe3073c
changeset:  d56ca3f52cbca486d88e75b35ffdfccfebe3073c
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:14:16 2015 -0700
description:
ansible/hg-ssh: install Python 2.7 (bug 1190515); r=fubar

We don't yet have Python 2.7 installed on the hgssh machines. We'll need
this inevitably. So get it out of the way and install it now, before
some hardcore refactoring starts.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/aa68bdc469a603593aa718e0ab64dfb79707ed9d
changeset:  aa68bdc469a603593aa718e0ab64dfb79707ed9d
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:14:30 2015 -0700
description:
ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r=fubar

Not sure why this wasn't added to hg-ssh role in the first place.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/d684a65f06b62f003bf54f7b8e752bcba32e143e
changeset:  d684a65f06b62f003bf54f7b8e752bcba32e143e
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:14:42 2015 -0700
description:
ansible/hg-ssh: use rsyslog (bug 1190515); r=fubar

fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/193b62b94293240eeced1df5045543c8d3afa35a
changeset:  193b62b94293240eeced1df5045543c8d3afa35a
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:14:59 2015 -0700
description:
ansible/hg-web: move templates modification to hg-web role (bug 1190515); r=fubar

We want to pair down hgmo-extensions.yml into the common set of things
shared between hg-web and hg-ssh. Templates are hg-web only, so move
them to that role.

We change how the .vctnode file is referenced because when run from
Docker, it is no longer possible to reference a relative path. However,
pinning it from the {{ vct }} path seems to work.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/8a759239d01de456e333c03581a5f3359499c69a
changeset:  8a759239d01de456e333c03581a5f3359499c69a
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:15:11 2015 -0700
description:
ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r=fubar

These files are only relevant to hgweb and don't need to be on the SSH
master servers. Move the tasks out of the common file and into the
hg-web role.

As part of this, we remove references to these extensions from the hgrc
file in the hg-ssh role.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4
changeset:  3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:15:25 2015 -0700
description:
ansible/hg-ssh: remove web references from hgrc (bug 1190515); r=fubar

These are not relevant to the SSH master server. Remove them.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/7d13080b2f56cd36a7a8498771823e2efdcc2415
changeset:  7d13080b2f56cd36a7a8498771823e2efdcc2415
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:15:38 2015 -0700
description:
ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r=fubar

This directory is created by the hg-web role. It doesn't need to be in
the shared tasks file.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/1c3f586017cb5d84f9c32c22439e4007d3ba2e45
changeset:  1c3f586017cb5d84f9c32c22439e4007d3ba2e45
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:15:54 2015 -0700
description:
ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r=fubar

No content changes. Just making the file slightly easier to read by
avoiding long lines.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/7e083c3e1f9365e7c74bdab696efff7e714fe5e6
changeset:  7e083c3e1f9365e7c74bdab696efff7e714fe5e6
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:16:12 2015 -0700
description:
ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r=fubar

Now that hgmo-extensions.yml only contains truly shared tasks, it is
safe to include it from docker-hgmaster.yml. We should probably include
this file from the hg-ssh role. But this is how the file is currently
used elsewhere. We'll get there...

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/0979836ecdad24a87a1dc7e3f0d8c575aab431b3
changeset:  0979836ecdad24a87a1dc7e3f0d8c575aab431b3
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:16:25 2015 -0700
description:
ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r=fubar

All the removed content is already in hgmo-extensions.yml, the hg-ssh
role, or just isn't needed on the SSH server. Nuke it from orbit.

Quite suddenly the size of docker-hg-ssh looks quite small.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/2e169c6b9834075c8ae7b9b1e079b1c11549ae42
changeset:  2e169c6b9834075c8ae7b9b1e079b1c11549ae42
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:16:37 2015 -0700
description:
ansible/hg-web: create scripts directory (bug 1190515); r=fubar

Provisioning an empty environment uncovered a failure installing a file
to a directory that doesn't exist. This is probably a result of
refactoring hgmo-extensions.yml to contain fewer things.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/036be26c82a77dbe7cb419c2ad2f80b549ad5b3a
changeset:  036be26c82a77dbe7cb419c2ad2f80b549ad5b3a
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:16:49 2015 -0700
description:
ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r=fubar

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0
changeset:  1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:17:00 2015 -0700
description:
ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r=fubar

pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/064320676ea391bcd0d501b3524d0f22b0639b3d
changeset:  064320676ea391bcd0d501b3524d0f22b0639b3d
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:17:12 2015 -0700
description:
ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r=fubar

More tasks that aren't specific to Docker.

With this change, docker-hg-ssh has very few remaining tasks: quite
possibly only things that truly are Docker specific.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/c58cf936e83641591c5523f124479abf738996e6
changeset:  c58cf936e83641591c5523f124479abf738996e6
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:17:34 2015 -0700
description:
ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r=fubar

These tasks are more associated with the role than the playbook. Move
its inclusion from playbooks to roles.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50
changeset:  a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:17:47 2015 -0700
description:
ansible/hg-ssh: install pash_wrapper (bug 1190515); r=fubar

This is part of pash and is used as the ForceCommand for sshd. It wasn't
part of version-control-tools for reasons unknown to me. Likely omitted
by accident. Add and install it.

Content was copied from /usr/local/bin/pash_wrapper on hgssh1.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/1570877cd23de988a4295d97b342a0f0b1d18991
changeset:  1570877cd23de988a4295d97b342a0f0b1d18991
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:17:59 2015 -0700
description:
pash: use new tinyurl (bug 1190515); r=fubar

This mimics a change made in Subversion r101784.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/3ed1833d98e038a5a6d672f32f8ad52d29b6db4b
changeset:  3ed1833d98e038a5a6d672f32f8ad52d29b6db4b
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:18:10 2015 -0700
description:
ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r=fubar

This is carrying forward a configuration on hgssh1 today. See also bug
1038478.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/334e8ccfef56be6648b9e841113796e1b64875f1
changeset:  334e8ccfef56be6648b9e841113796e1b64875f1
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:18:21 2015 -0700
description:
ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r=fubar

This matches a task from hg-web. But since it references a file, it is
easier to not put it in the shared hgmo-extensions.yml file. And, it may
evolve over time, so easiest to leave it separate.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a
changeset:  f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:18:38 2015 -0700
description:
ansible/hg-ssh: add logrotate config for hg (bug 1190515); r=fubar

Copying functionality from Puppet. This is from hg_new::logging.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/33708c39f96d6b31799e8adbcc531355396a2dc3
changeset:  33708c39f96d6b31799e8adbcc531355396a2dc3
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:18:51 2015 -0700
description:
ansible/hgmo: use hg-ssh role (bug 1190515); r=fubar

Up until now, all the hg-ssh work was only relevant to Docker because
we weren't using the hg-ssh role anywhere. With this commit, we finally
introduce the hg-ssh role into the hgmo deployment playbook.

The openssh-lpk role requires some LDAP variables. We grab these from
the remote JSON file. I'm not entirely confident this will actually
work, as the internet is a bit conflicted on the best way to do this.
The syntax for accessing JSON variables is quite hacky. Surely there is
a better way.

url:        https://hg.mozilla.org/hgcustom/version-control-tools/rev/0fcf1779935f905fd9b871c4adce87ea461afba9
changeset:  0fcf1779935f905fd9b871c4adce87ea461afba9
user:       Gregory Szorc <gps@mozilla.com>
date:       Tue Aug 04 11:19:02 2015 -0700
description:
ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r=fubar

This is already in the hg-ssh role and is redundant.
I had to make some minor fixups to fix some very minor variances from Puppet. But otherwise this was mostly good and is now deployed. I'm going to call this bug done. There is still some follow-up work. That will be for another bug.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.