Closed
Bug 1190515
Opened 7 years ago
Closed 7 years ago
Ansibilize hgssh
Categories
(Developer Services :: Mercurial: hg.mozilla.org, defect)
Developer Services
Mercurial: hg.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gps, Assigned: gps)
References
Details
Attachments
(23 files)
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
MozReview Request: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
fubar
:
review+
|
Details |
hgssh is still managed by Puppet. And its Ansible configs are a bit of a mess. To unblock some future work I'm doing around Mercurial work, I need an accurate and reproducible test environment for hg.mozilla.org. This means leveraging Ansible to provision some Docker containers. This means having proper Ansible foo in place for hgssh, which we don't have currently. Let's change that.
Assignee | ||
Comment 1•7 years ago
|
||
ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar We'll want to share this code so other roles can use it without copying. Prepare for that by factoring it into its own role.
Attachment #8642713 -
Flags: review?(klibby)
Assignee | ||
Comment 2•7 years ago
|
||
ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar We don't yet have Python 2.7 installed on the hgssh machines. We'll need this inevitably. So get it out of the way and install it now, before some hardcore refactoring starts.
Attachment #8642714 -
Flags: review?(klibby)
Assignee | ||
Comment 3•7 years ago
|
||
ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar Not sure why this wasn't added to hg-ssh role in the first place.
Attachment #8642715 -
Flags: review?(klibby)
Assignee | ||
Comment 4•7 years ago
|
||
ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh.
Attachment #8642716 -
Flags: review?(klibby)
Assignee | ||
Comment 5•7 years ago
|
||
ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar We want to pair down hgmo-extensions.yml into the common set of things shared between hg-web and hg-ssh. Templates are hg-web only, so move them to that role. We change how the .vctnode file is referenced because when run from Docker, it is no longer possible to reference a relative path. However, pinning it from the {{ vct }} path seems to work.
Attachment #8642717 -
Flags: review?(klibby)
Assignee | ||
Comment 6•7 years ago
|
||
ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar These files are only relevant to hgweb and don't need to be on the SSH master servers. Move the tasks out of the common file and into the hg-web role. As part of this, we remove references to these extensions from the hgrc file in the hg-ssh role.
Attachment #8642718 -
Flags: review?(klibby)
Assignee | ||
Comment 7•7 years ago
|
||
ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar These are not relevant to the SSH master server. Remove them.
Attachment #8642719 -
Flags: review?(klibby)
Assignee | ||
Comment 8•7 years ago
|
||
ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar This directory is created by the hg-web role. It doesn't need to be in the shared tasks file.
Attachment #8642720 -
Flags: review?(klibby)
Assignee | ||
Comment 9•7 years ago
|
||
ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar No content changes. Just making the file slightly easier to read by avoiding long lines.
Attachment #8642721 -
Flags: review?(klibby)
Assignee | ||
Comment 10•7 years ago
|
||
ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar Now that hgmo-extensions.yml only contains truly shared tasks, it is safe to include it from docker-hgmaster.yml. We should probably include this file from the hg-ssh role. But this is how the file is currently used elsewhere. We'll get there...
Attachment #8642722 -
Flags: review?(klibby)
Assignee | ||
Comment 11•7 years ago
|
||
ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar All the removed content is already in hgmo-extensions.yml, the hg-ssh role, or just isn't needed on the SSH server. Nuke it from orbit. Quite suddenly the size of docker-hg-ssh looks quite small.
Attachment #8642723 -
Flags: review?(klibby)
Assignee | ||
Comment 12•7 years ago
|
||
ansible/hg-web: create scripts directory (bug 1190515); r?fubar Provisioning an empty environment uncovered a failure installing a file to a directory that doesn't exist. This is probably a result of refactoring hgmo-extensions.yml to contain fewer things.
Attachment #8642724 -
Flags: review?(klibby)
Assignee | ||
Comment 13•7 years ago
|
||
ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar
Attachment #8642725 -
Flags: review?(klibby)
Assignee | ||
Comment 14•7 years ago
|
||
ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh.
Attachment #8642726 -
Flags: review?(klibby)
Assignee | ||
Comment 15•7 years ago
|
||
ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar More tasks that aren't specific to Docker. With this change, docker-hg-ssh has very few remaining tasks: quite possibly only things that truly are Docker specific.
Attachment #8642728 -
Flags: review?(klibby)
Assignee | ||
Comment 16•7 years ago
|
||
ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles.
Attachment #8642729 -
Flags: review?(klibby)
Assignee | ||
Comment 17•7 years ago
|
||
ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Attachment #8642730 -
Flags: review?(klibby)
Assignee | ||
Comment 18•7 years ago
|
||
pash: use new tinyurl (bug 1190515); r?fubar This mimics a change made in Subversion r101784.
Attachment #8642761 -
Flags: review?(klibby)
Assignee | ||
Comment 19•7 years ago
|
||
ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478.
Attachment #8642762 -
Flags: review?(klibby)
Assignee | ||
Comment 20•7 years ago
|
||
ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate.
Attachment #8642763 -
Flags: review?(klibby)
Assignee | ||
Comment 21•7 years ago
|
||
ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar Copying functionality from Puppet. This is from hg_new::logging.
Attachment #8642764 -
Flags: review?(klibby)
Assignee | ||
Comment 22•7 years ago
|
||
Comment on attachment 8642729 [details] MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles.
Assignee | ||
Comment 23•7 years ago
|
||
Comment on attachment 8642730 [details] MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Assignee | ||
Comment 24•7 years ago
|
||
Comment on attachment 8642761 [details] MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar pash: use new tinyurl (bug 1190515); r?fubar This mimics a change made in Subversion r101784.
Assignee | ||
Comment 25•7 years ago
|
||
Comment on attachment 8642762 [details] MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478.
Assignee | ||
Comment 26•7 years ago
|
||
Comment on attachment 8642763 [details] MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate.
Assignee | ||
Comment 27•7 years ago
|
||
Comment on attachment 8642764 [details] MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar Copying functionality from Puppet. This is from hg_new::logging.
Assignee | ||
Comment 28•7 years ago
|
||
ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar Up until now, all the hg-ssh work was only relevant to Docker because we weren't using the hg-ssh role anywhere. With this commit, we finally introduce the hg-ssh role into the hgmo deployment playbook. The openssh-lpk role requires some LDAP variables. We grab these from the remote JSON file. I'm not entirely confident this will actually work, as the internet is a bit conflicted on the best way to do this. The syntax for accessing JSON variables is quite hacky. Surely there is a better way.
Attachment #8642773 -
Flags: review?(klibby)
Assignee | ||
Comment 29•7 years ago
|
||
ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar This is already in the hg-ssh role and is redundant.
Attachment #8642774 -
Flags: review?(klibby)
Comment 30•7 years ago
|
||
Comment on attachment 8642713 [details] MozReview Request: ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14783/#review13411 Ship It!
Attachment #8642713 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642714 -
Flags: review?(klibby) → review+
Comment 31•7 years ago
|
||
Comment on attachment 8642714 [details] MozReview Request: ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14785/#review13413 Ship It!
Comment 32•7 years ago
|
||
Comment on attachment 8642715 [details] MozReview Request: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14787/#review13415 Ship It!
Attachment #8642715 -
Flags: review?(klibby) → review+
Comment 33•7 years ago
|
||
Comment on attachment 8642716 [details] MozReview Request: ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14789/#review13417 Ship It!
Attachment #8642716 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642717 -
Flags: review?(klibby) → review+
Comment 34•7 years ago
|
||
Comment on attachment 8642717 [details] MozReview Request: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14797/#review13419 Ship It!
Comment 35•7 years ago
|
||
Comment on attachment 8642718 [details] MozReview Request: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14793/#review13421 Ship It!
Attachment #8642718 -
Flags: review?(klibby) → review+
Comment 36•7 years ago
|
||
Comment on attachment 8642719 [details] MozReview Request: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14795/#review13423 Ship It!
Attachment #8642719 -
Flags: review?(klibby) → review+
Comment 37•7 years ago
|
||
Comment on attachment 8642720 [details] MozReview Request: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14799/#review13425 Ship It!
Attachment #8642720 -
Flags: review?(klibby) → review+
Comment 38•7 years ago
|
||
Comment on attachment 8642721 [details] MozReview Request: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14801/#review13427 Ship It!
Attachment #8642721 -
Flags: review?(klibby) → review+
Comment 39•7 years ago
|
||
Comment on attachment 8642722 [details] MozReview Request: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14803/#review13429 Ship It!
Attachment #8642722 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642723 -
Flags: review?(klibby) → review+
Comment 40•7 years ago
|
||
Comment on attachment 8642723 [details] MozReview Request: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14805/#review13431 Ship It!
Comment 41•7 years ago
|
||
Comment on attachment 8642724 [details] MozReview Request: ansible/hg-web: create scripts directory (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14807/#review13433 Ship It!
Attachment #8642724 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642725 -
Flags: review?(klibby) → review+
Comment 42•7 years ago
|
||
Comment on attachment 8642725 [details] MozReview Request: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14809/#review13435 Ship It!
Comment 43•7 years ago
|
||
Comment on attachment 8642726 [details] MozReview Request: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14811/#review13437 Ship It!
Attachment #8642726 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642728 -
Flags: review?(klibby) → review+
Comment 44•7 years ago
|
||
Comment on attachment 8642728 [details] MozReview Request: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14813/#review13439 Ship It!
Comment 45•7 years ago
|
||
Comment on attachment 8642729 [details] MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14815/#review13441 Ship It!
Attachment #8642729 -
Flags: review?(klibby) → review+
Comment 46•7 years ago
|
||
Comment on attachment 8642730 [details] MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14817/#review13443 Ship It!
Attachment #8642730 -
Flags: review?(klibby) → review+
Updated•7 years ago
|
Attachment #8642761 -
Flags: review?(klibby) → review+
Comment 47•7 years ago
|
||
Comment on attachment 8642761 [details] MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14819/#review13445 Ship It!
Updated•7 years ago
|
Attachment #8642762 -
Flags: review?(klibby) → review+
Comment 48•7 years ago
|
||
Comment on attachment 8642762 [details] MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14821/#review13447 Ship It!
Comment 49•7 years ago
|
||
Comment on attachment 8642763 [details] MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14823/#review13449 Ship It!
Attachment #8642763 -
Flags: review?(klibby) → review+
Comment 50•7 years ago
|
||
Comment on attachment 8642764 [details] MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14825/#review13451 Ship It!
Attachment #8642764 -
Flags: review?(klibby) → review+
Comment 51•7 years ago
|
||
Comment on attachment 8642774 [details] MozReview Request: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14833/#review13453 Ship It!
Attachment #8642774 -
Flags: review?(klibby) → review+
Comment 52•7 years ago
|
||
Comment on attachment 8642773 [details] MozReview Request: ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14831/#review13455 Ship It!
Attachment #8642773 -
Flags: review?(klibby) → review+
Assignee | ||
Comment 53•7 years ago
|
||
url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/fc46f44709f95439c89263b66408291167717091 changeset: fc46f44709f95439c89263b66408291167717091 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:04 2015 -0700 description: ansible: extract IUS repository configuration to own role (bug 1190515); r=fubar We'll want to share this code so other roles can use it without copying. Prepare for that by factoring it into its own role. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/d56ca3f52cbca486d88e75b35ffdfccfebe3073c changeset: d56ca3f52cbca486d88e75b35ffdfccfebe3073c user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:16 2015 -0700 description: ansible/hg-ssh: install Python 2.7 (bug 1190515); r=fubar We don't yet have Python 2.7 installed on the hgssh machines. We'll need this inevitably. So get it out of the way and install it now, before some hardcore refactoring starts. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/aa68bdc469a603593aa718e0ab64dfb79707ed9d changeset: aa68bdc469a603593aa718e0ab64dfb79707ed9d user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:30 2015 -0700 description: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r=fubar Not sure why this wasn't added to hg-ssh role in the first place. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/d684a65f06b62f003bf54f7b8e752bcba32e143e changeset: d684a65f06b62f003bf54f7b8e752bcba32e143e user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:42 2015 -0700 description: ansible/hg-ssh: use rsyslog (bug 1190515); r=fubar fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/193b62b94293240eeced1df5045543c8d3afa35a changeset: 193b62b94293240eeced1df5045543c8d3afa35a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:59 2015 -0700 description: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r=fubar We want to pair down hgmo-extensions.yml into the common set of things shared between hg-web and hg-ssh. Templates are hg-web only, so move them to that role. We change how the .vctnode file is referenced because when run from Docker, it is no longer possible to reference a relative path. However, pinning it from the {{ vct }} path seems to work. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/8a759239d01de456e333c03581a5f3359499c69a changeset: 8a759239d01de456e333c03581a5f3359499c69a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:11 2015 -0700 description: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r=fubar These files are only relevant to hgweb and don't need to be on the SSH master servers. Move the tasks out of the common file and into the hg-web role. As part of this, we remove references to these extensions from the hgrc file in the hg-ssh role. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4 changeset: 3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:25 2015 -0700 description: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r=fubar These are not relevant to the SSH master server. Remove them. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/7d13080b2f56cd36a7a8498771823e2efdcc2415 changeset: 7d13080b2f56cd36a7a8498771823e2efdcc2415 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:38 2015 -0700 description: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r=fubar This directory is created by the hg-web role. It doesn't need to be in the shared tasks file. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1c3f586017cb5d84f9c32c22439e4007d3ba2e45 changeset: 1c3f586017cb5d84f9c32c22439e4007d3ba2e45 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:54 2015 -0700 description: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r=fubar No content changes. Just making the file slightly easier to read by avoiding long lines. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/7e083c3e1f9365e7c74bdab696efff7e714fe5e6 changeset: 7e083c3e1f9365e7c74bdab696efff7e714fe5e6 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:12 2015 -0700 description: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r=fubar Now that hgmo-extensions.yml only contains truly shared tasks, it is safe to include it from docker-hgmaster.yml. We should probably include this file from the hg-ssh role. But this is how the file is currently used elsewhere. We'll get there... url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/0979836ecdad24a87a1dc7e3f0d8c575aab431b3 changeset: 0979836ecdad24a87a1dc7e3f0d8c575aab431b3 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:25 2015 -0700 description: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r=fubar All the removed content is already in hgmo-extensions.yml, the hg-ssh role, or just isn't needed on the SSH server. Nuke it from orbit. Quite suddenly the size of docker-hg-ssh looks quite small. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/2e169c6b9834075c8ae7b9b1e079b1c11549ae42 changeset: 2e169c6b9834075c8ae7b9b1e079b1c11549ae42 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:37 2015 -0700 description: ansible/hg-web: create scripts directory (bug 1190515); r=fubar Provisioning an empty environment uncovered a failure installing a file to a directory that doesn't exist. This is probably a result of refactoring hgmo-extensions.yml to contain fewer things. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/036be26c82a77dbe7cb419c2ad2f80b549ad5b3a changeset: 036be26c82a77dbe7cb419c2ad2f80b549ad5b3a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:49 2015 -0700 description: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r=fubar url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0 changeset: 1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:00 2015 -0700 description: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r=fubar pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/064320676ea391bcd0d501b3524d0f22b0639b3d changeset: 064320676ea391bcd0d501b3524d0f22b0639b3d user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:12 2015 -0700 description: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r=fubar More tasks that aren't specific to Docker. With this change, docker-hg-ssh has very few remaining tasks: quite possibly only things that truly are Docker specific. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/c58cf936e83641591c5523f124479abf738996e6 changeset: c58cf936e83641591c5523f124479abf738996e6 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:34 2015 -0700 description: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r=fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50 changeset: a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:47 2015 -0700 description: ansible/hg-ssh: install pash_wrapper (bug 1190515); r=fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1570877cd23de988a4295d97b342a0f0b1d18991 changeset: 1570877cd23de988a4295d97b342a0f0b1d18991 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:59 2015 -0700 description: pash: use new tinyurl (bug 1190515); r=fubar This mimics a change made in Subversion r101784. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/3ed1833d98e038a5a6d672f32f8ad52d29b6db4b changeset: 3ed1833d98e038a5a6d672f32f8ad52d29b6db4b user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:10 2015 -0700 description: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r=fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/334e8ccfef56be6648b9e841113796e1b64875f1 changeset: 334e8ccfef56be6648b9e841113796e1b64875f1 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:21 2015 -0700 description: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r=fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a changeset: f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:38 2015 -0700 description: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r=fubar Copying functionality from Puppet. This is from hg_new::logging. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/33708c39f96d6b31799e8adbcc531355396a2dc3 changeset: 33708c39f96d6b31799e8adbcc531355396a2dc3 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:51 2015 -0700 description: ansible/hgmo: use hg-ssh role (bug 1190515); r=fubar Up until now, all the hg-ssh work was only relevant to Docker because we weren't using the hg-ssh role anywhere. With this commit, we finally introduce the hg-ssh role into the hgmo deployment playbook. The openssh-lpk role requires some LDAP variables. We grab these from the remote JSON file. I'm not entirely confident this will actually work, as the internet is a bit conflicted on the best way to do this. The syntax for accessing JSON variables is quite hacky. Surely there is a better way. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/0fcf1779935f905fd9b871c4adce87ea461afba9 changeset: 0fcf1779935f905fd9b871c4adce87ea461afba9 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:19:02 2015 -0700 description: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r=fubar This is already in the hg-ssh role and is redundant.
Assignee | ||
Comment 54•7 years ago
|
||
I had to make some minor fixups to fix some very minor variances from Puppet. But otherwise this was mostly good and is now deployed. I'm going to call this bug done. There is still some follow-up work. That will be for another bug.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•