Closed Bug 1190515 Opened 10 years ago Closed 10 years ago

Ansibilize hgssh

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect)

Product:
Developer Services
Component:
Mercurial: hg.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gps, Assigned: gps)

References

Details

Attachments

(23 files)

MozReview Request: ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-web: create scripts directory (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
MozReview Request: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar
40 bytes, text/x-review-board-request
fubar
: review+
Details
hgssh is still managed by Puppet. And its Ansible configs are a bit of a mess. To unblock some future work I'm doing around Mercurial work, I need an accurate and reproducible test environment for hg.mozilla.org. This means leveraging Ansible to provision some Docker containers. This means having proper Ansible foo in place for hgssh, which we don't have currently. Let's change that.
Depends on: 1190516
ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar We'll want to share this code so other roles can use it without copying. Prepare for that by factoring it into its own role.
Attachment #8642713 - Flags: review?(klibby)
ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar We don't yet have Python 2.7 installed on the hgssh machines. We'll need this inevitably. So get it out of the way and install it now, before some hardcore refactoring starts.
Attachment #8642714 - Flags: review?(klibby)
ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar Not sure why this wasn't added to hg-ssh role in the first place.
Attachment #8642715 - Flags: review?(klibby)
ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh.
Attachment #8642716 - Flags: review?(klibby)
ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar We want to pair down hgmo-extensions.yml into the common set of things shared between hg-web and hg-ssh. Templates are hg-web only, so move them to that role. We change how the .vctnode file is referenced because when run from Docker, it is no longer possible to reference a relative path. However, pinning it from the {{ vct }} path seems to work.
Attachment #8642717 - Flags: review?(klibby)
ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar These files are only relevant to hgweb and don't need to be on the SSH master servers. Move the tasks out of the common file and into the hg-web role. As part of this, we remove references to these extensions from the hgrc file in the hg-ssh role.
Attachment #8642718 - Flags: review?(klibby)
ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar These are not relevant to the SSH master server. Remove them.
Attachment #8642719 - Flags: review?(klibby)
ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar This directory is created by the hg-web role. It doesn't need to be in the shared tasks file.
Attachment #8642720 - Flags: review?(klibby)
ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar No content changes. Just making the file slightly easier to read by avoiding long lines.
Attachment #8642721 - Flags: review?(klibby)
ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar Now that hgmo-extensions.yml only contains truly shared tasks, it is safe to include it from docker-hgmaster.yml. We should probably include this file from the hg-ssh role. But this is how the file is currently used elsewhere. We'll get there...
Attachment #8642722 - Flags: review?(klibby)
ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar All the removed content is already in hgmo-extensions.yml, the hg-ssh role, or just isn't needed on the SSH server. Nuke it from orbit. Quite suddenly the size of docker-hg-ssh looks quite small.
Attachment #8642723 - Flags: review?(klibby)
ansible/hg-web: create scripts directory (bug 1190515); r?fubar Provisioning an empty environment uncovered a failure installing a file to a directory that doesn't exist. This is probably a result of refactoring hgmo-extensions.yml to contain fewer things.
Attachment #8642724 - Flags: review?(klibby)
ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar
Attachment #8642725 - Flags: review?(klibby)
ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh.
Attachment #8642726 - Flags: review?(klibby)
ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar More tasks that aren't specific to Docker. With this change, docker-hg-ssh has very few remaining tasks: quite possibly only things that truly are Docker specific.
Attachment #8642728 - Flags: review?(klibby)
ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles.
Attachment #8642729 - Flags: review?(klibby)
ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Attachment #8642730 - Flags: review?(klibby)
pash: use new tinyurl (bug 1190515); r?fubar This mimics a change made in Subversion r101784.
Attachment #8642761 - Flags: review?(klibby)
ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478.
Attachment #8642762 - Flags: review?(klibby)
ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate.
Attachment #8642763 - Flags: review?(klibby)
ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar Copying functionality from Puppet. This is from hg_new::logging.
Attachment #8642764 - Flags: review?(klibby)
Comment on attachment 8642729 [details] MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles.
Comment on attachment 8642730 [details] MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1.
Comment on attachment 8642761 [details] MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar pash: use new tinyurl (bug 1190515); r?fubar This mimics a change made in Subversion r101784.
Comment on attachment 8642762 [details] MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478.
Comment on attachment 8642763 [details] MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate.
Comment on attachment 8642764 [details] MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar Copying functionality from Puppet. This is from hg_new::logging.
ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar Up until now, all the hg-ssh work was only relevant to Docker because we weren't using the hg-ssh role anywhere. With this commit, we finally introduce the hg-ssh role into the hgmo deployment playbook. The openssh-lpk role requires some LDAP variables. We grab these from the remote JSON file. I'm not entirely confident this will actually work, as the internet is a bit conflicted on the best way to do this. The syntax for accessing JSON variables is quite hacky. Surely there is a better way.
Attachment #8642773 - Flags: review?(klibby)
ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar This is already in the hg-ssh role and is redundant.
Attachment #8642774 - Flags: review?(klibby)
Comment on attachment 8642713 [details] MozReview Request: ansible: extract IUS repository configuration to own role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14783/#review13411 Ship It!
Attachment #8642713 - Flags: review?(klibby) → review+
Attachment #8642714 - Flags: review?(klibby) → review+
Comment on attachment 8642714 [details] MozReview Request: ansible/hg-ssh: install Python 2.7 (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14785/#review13413 Ship It!
Comment on attachment 8642715 [details] MozReview Request: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14787/#review13415 Ship It!
Attachment #8642715 - Flags: review?(klibby) → review+
Comment on attachment 8642716 [details] MozReview Request: ansible/hg-ssh: use rsyslog (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14789/#review13417 Ship It!
Attachment #8642716 - Flags: review?(klibby) → review+
Attachment #8642717 - Flags: review?(klibby) → review+
Comment on attachment 8642717 [details] MozReview Request: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14797/#review13419 Ship It!
Comment on attachment 8642718 [details] MozReview Request: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14793/#review13421 Ship It!
Attachment #8642718 - Flags: review?(klibby) → review+
Comment on attachment 8642719 [details] MozReview Request: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14795/#review13423 Ship It!
Attachment #8642719 - Flags: review?(klibby) → review+
Comment on attachment 8642720 [details] MozReview Request: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14799/#review13425 Ship It!
Attachment #8642720 - Flags: review?(klibby) → review+
Comment on attachment 8642721 [details] MozReview Request: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14801/#review13427 Ship It!
Attachment #8642721 - Flags: review?(klibby) → review+
Comment on attachment 8642722 [details] MozReview Request: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14803/#review13429 Ship It!
Attachment #8642722 - Flags: review?(klibby) → review+
Attachment #8642723 - Flags: review?(klibby) → review+
Comment on attachment 8642723 [details] MozReview Request: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14805/#review13431 Ship It!
Comment on attachment 8642724 [details] MozReview Request: ansible/hg-web: create scripts directory (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14807/#review13433 Ship It!
Attachment #8642724 - Flags: review?(klibby) → review+
Attachment #8642725 - Flags: review?(klibby) → review+
Comment on attachment 8642725 [details] MozReview Request: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14809/#review13435 Ship It!
Comment on attachment 8642726 [details] MozReview Request: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14811/#review13437 Ship It!
Attachment #8642726 - Flags: review?(klibby) → review+
Attachment #8642728 - Flags: review?(klibby) → review+
Comment on attachment 8642728 [details] MozReview Request: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14813/#review13439 Ship It!
Comment on attachment 8642729 [details] MozReview Request: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14815/#review13441 Ship It!
Attachment #8642729 - Flags: review?(klibby) → review+
Comment on attachment 8642730 [details] MozReview Request: ansible/hg-ssh: install pash_wrapper (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14817/#review13443 Ship It!
Attachment #8642730 - Flags: review?(klibby) → review+
Attachment #8642761 - Flags: review?(klibby) → review+
Comment on attachment 8642761 [details] MozReview Request: pash: use new tinyurl (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14819/#review13445 Ship It!
Attachment #8642762 - Flags: review?(klibby) → review+
Comment on attachment 8642762 [details] MozReview Request: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14821/#review13447 Ship It!
Comment on attachment 8642763 [details] MozReview Request: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14823/#review13449 Ship It!
Attachment #8642763 - Flags: review?(klibby) → review+
Comment on attachment 8642764 [details] MozReview Request: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14825/#review13451 Ship It!
Attachment #8642764 - Flags: review?(klibby) → review+
Comment on attachment 8642774 [details] MozReview Request: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14833/#review13453 Ship It!
Attachment #8642774 - Flags: review?(klibby) → review+
Comment on attachment 8642773 [details] MozReview Request: ansible/hgmo: use hg-ssh role (bug 1190515); r?fubar https://reviewboard.mozilla.org/r/14831/#review13455 Ship It!
Attachment #8642773 - Flags: review?(klibby) → review+
url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/fc46f44709f95439c89263b66408291167717091 changeset: fc46f44709f95439c89263b66408291167717091 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:04 2015 -0700 description: ansible: extract IUS repository configuration to own role (bug 1190515); r=fubar We'll want to share this code so other roles can use it without copying. Prepare for that by factoring it into its own role. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/d56ca3f52cbca486d88e75b35ffdfccfebe3073c changeset: d56ca3f52cbca486d88e75b35ffdfccfebe3073c user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:16 2015 -0700 description: ansible/hg-ssh: install Python 2.7 (bug 1190515); r=fubar We don't yet have Python 2.7 installed on the hgssh machines. We'll need this inevitably. So get it out of the way and install it now, before some hardcore refactoring starts. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/aa68bdc469a603593aa718e0ab64dfb79707ed9d changeset: aa68bdc469a603593aa718e0ab64dfb79707ed9d user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:30 2015 -0700 description: ansible/hg-ssh: move replication SSH key from docker-hg-ssh to hg-ssh role (bug 1190515); r=fubar Not sure why this wasn't added to hg-ssh role in the first place. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/d684a65f06b62f003bf54f7b8e752bcba32e143e changeset: d684a65f06b62f003bf54f7b8e752bcba32e143e user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:42 2015 -0700 description: ansible/hg-ssh: use rsyslog (bug 1190515); r=fubar fubar advised using rsyslog for hg-web. Doing the same thing to hg-ssh. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/193b62b94293240eeced1df5045543c8d3afa35a changeset: 193b62b94293240eeced1df5045543c8d3afa35a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:14:59 2015 -0700 description: ansible/hg-web: move templates modification to hg-web role (bug 1190515); r=fubar We want to pair down hgmo-extensions.yml into the common set of things shared between hg-web and hg-ssh. Templates are hg-web only, so move them to that role. We change how the .vctnode file is referenced because when run from Docker, it is no longer possible to reference a relative path. However, pinning it from the {{ vct }} path seems to work. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/8a759239d01de456e333c03581a5f3359499c69a changeset: 8a759239d01de456e333c03581a5f3359499c69a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:11 2015 -0700 description: ansible/hg-web: move pushlog web files to hg-web role (bug 1190515); r=fubar These files are only relevant to hgweb and don't need to be on the SSH master servers. Move the tasks out of the common file and into the hg-web role. As part of this, we remove references to these extensions from the hgrc file in the hg-ssh role. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4 changeset: 3d74b0621551b7cffa2b0e3f0fe7f50f8a04cba4 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:25 2015 -0700 description: ansible/hg-ssh: remove web references from hgrc (bug 1190515); r=fubar These are not relevant to the SSH master server. Remove them. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/7d13080b2f56cd36a7a8498771823e2efdcc2415 changeset: 7d13080b2f56cd36a7a8498771823e2efdcc2415 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:38 2015 -0700 description: ansible/hgmo: don't create wsgi directory from shared tasks (bug 1190515); r=fubar This directory is created by the hg-web role. It doesn't need to be in the shared tasks file. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1c3f586017cb5d84f9c32c22439e4007d3ba2e45 changeset: 1c3f586017cb5d84f9c32c22439e4007d3ba2e45 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:15:54 2015 -0700 description: ansible/hgmo: format hgmo-extensions.yml (bug 1190515); r=fubar No content changes. Just making the file slightly easier to read by avoiding long lines. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/7e083c3e1f9365e7c74bdab696efff7e714fe5e6 changeset: 7e083c3e1f9365e7c74bdab696efff7e714fe5e6 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:12 2015 -0700 description: ansible/docker-hgmaster: include hgmo-extensions.yml tasks file (bug 1190515); r=fubar Now that hgmo-extensions.yml only contains truly shared tasks, it is safe to include it from docker-hgmaster.yml. We should probably include this file from the hg-ssh role. But this is how the file is currently used elsewhere. We'll get there... url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/0979836ecdad24a87a1dc7e3f0d8c575aab431b3 changeset: 0979836ecdad24a87a1dc7e3f0d8c575aab431b3 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:25 2015 -0700 description: ansible/docker-hg-ssh: remove duplicate content (bug 1190515); r=fubar All the removed content is already in hgmo-extensions.yml, the hg-ssh role, or just isn't needed on the SSH server. Nuke it from orbit. Quite suddenly the size of docker-hg-ssh looks quite small. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/2e169c6b9834075c8ae7b9b1e079b1c11549ae42 changeset: 2e169c6b9834075c8ae7b9b1e079b1c11549ae42 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:37 2015 -0700 description: ansible/hg-web: create scripts directory (bug 1190515); r=fubar Provisioning an empty environment uncovered a failure installing a file to a directory that doesn't exist. This is probably a result of refactoring hgmo-extensions.yml to contain fewer things. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/036be26c82a77dbe7cb419c2ad2f80b549ad5b3a changeset: 036be26c82a77dbe7cb419c2ad2f80b549ad5b3a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:16:49 2015 -0700 description: ansible/hg-ssh: move /usr/local/bin creation task (bug 1190515); r=fubar url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0 changeset: 1dc47f2cba81fd82881bf795ea7e8ecf3ed89ea0 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:00 2015 -0700 description: ansible/hg-ssh: install pash in hg-ssh role (bug 1190515); r=fubar pash is not Docker specific. Move the task from docker-hg-ssh to hg-ssh. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/064320676ea391bcd0d501b3524d0f22b0639b3d changeset: 064320676ea391bcd0d501b3524d0f22b0639b3d user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:12 2015 -0700 description: ansible/hg-ssh: move push scripts into hg-ssh role (bug 1190515); r=fubar More tasks that aren't specific to Docker. With this change, docker-hg-ssh has very few remaining tasks: quite possibly only things that truly are Docker specific. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/c58cf936e83641591c5523f124479abf738996e6 changeset: c58cf936e83641591c5523f124479abf738996e6 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:34 2015 -0700 description: ansible/hgmo: include hgmo-extensions.yml from roles (bug 1190515); r=fubar These tasks are more associated with the role than the playbook. Move its inclusion from playbooks to roles. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50 changeset: a84cc2ae06e06ef48e7c4eda833e08dfa5f09f50 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:47 2015 -0700 description: ansible/hg-ssh: install pash_wrapper (bug 1190515); r=fubar This is part of pash and is used as the ForceCommand for sshd. It wasn't part of version-control-tools for reasons unknown to me. Likely omitted by accident. Add and install it. Content was copied from /usr/local/bin/pash_wrapper on hgssh1. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/1570877cd23de988a4295d97b342a0f0b1d18991 changeset: 1570877cd23de988a4295d97b342a0f0b1d18991 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:17:59 2015 -0700 description: pash: use new tinyurl (bug 1190515); r=fubar This mimics a change made in Subversion r101784. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/3ed1833d98e038a5a6d672f32f8ad52d29b6db4b changeset: 3ed1833d98e038a5a6d672f32f8ad52d29b6db4b user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:10 2015 -0700 description: ansible/hg-ssh: increase SSH MaxStartups and MaxSessions (bug 1190515); r=fubar This is carrying forward a configuration on hgssh1 today. See also bug 1038478. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/334e8ccfef56be6648b9e841113796e1b64875f1 changeset: 334e8ccfef56be6648b9e841113796e1b64875f1 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:21 2015 -0700 description: ansible/hg-ssh: install rsyslog config for hg (bug 1190515); r=fubar This matches a task from hg-web. But since it references a file, it is easier to not put it in the shared hgmo-extensions.yml file. And, it may evolve over time, so easiest to leave it separate. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a changeset: f5b5120cce4e0b1ca55c29d339fee66ca9a77b7a user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:38 2015 -0700 description: ansible/hg-ssh: add logrotate config for hg (bug 1190515); r=fubar Copying functionality from Puppet. This is from hg_new::logging. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/33708c39f96d6b31799e8adbcc531355396a2dc3 changeset: 33708c39f96d6b31799e8adbcc531355396a2dc3 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:18:51 2015 -0700 description: ansible/hgmo: use hg-ssh role (bug 1190515); r=fubar Up until now, all the hg-ssh work was only relevant to Docker because we weren't using the hg-ssh role anywhere. With this commit, we finally introduce the hg-ssh role into the hgmo deployment playbook. The openssh-lpk role requires some LDAP variables. We grab these from the remote JSON file. I'm not entirely confident this will actually work, as the internet is a bit conflicted on the best way to do this. The syntax for accessing JSON variables is quite hacky. Surely there is a better way. url: https://hg.mozilla.org/hgcustom/version-control-tools/rev/0fcf1779935f905fd9b871c4adce87ea461afba9 changeset: 0fcf1779935f905fd9b871c4adce87ea461afba9 user: Gregory Szorc <gps@mozilla.com> date: Tue Aug 04 11:19:02 2015 -0700 description: ansible/hgmo: remove hgrc install from hgmo play (bug 1190515); r=fubar This is already in the hg-ssh role and is redundant.
I had to make some minor fixups to fix some very minor variances from Puppet. But otherwise this was mostly good and is now deployed. I'm going to call this bug done. There is still some follow-up work. That will be for another bug.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: