From 8fe6b21dc65a577995108375f1ea0a3e4e86abcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= Date: Wed, 9 Mar 2022 22:15:59 +0100 Subject: [PATCH] trim down build role --- ansible/build.yml | 8 +- ansible/host_vars/ansi.yml | 22 +++++ ansible/inventory | 82 +------------------ ansible/roles/buildmaster/tasks/buildbot.yml | 11 +-- ansible/roles/buildmaster/tasks/pre.yml | 20 ----- ansible/roles/buildmaster/tasks/www.yml | 2 - .../roles/buildmaster/templates/master.cfg.j2 | 21 ++--- ansible/roles/buildslave/defaults/main.yml | 2 +- 8 files changed, 35 insertions(+), 133 deletions(-) create mode 100644 ansible/host_vars/ansi.yml diff --git a/ansible/build.yml b/ansible/build.yml index d8ba863d..3cc67f6c 100644 --- a/ansible/build.yml +++ b/ansible/build.yml @@ -2,20 +2,16 @@ - hosts: buildmaster become: yes become_user: root - become_method: sudo + become_method: su roles: - - acmetool - buildmaster - root-mirror-shim - void-updates - - live-mirror - - sources_site - - xq-api - hosts: buildslave become: yes become_user: root - become_method: sudo + become_method: su roles: - buildslave - btimefiles diff --git a/ansible/host_vars/ansi.yml b/ansible/host_vars/ansi.yml new file mode 100644 index 00000000..343f45ce --- /dev/null +++ b/ansible/host_vars/ansi.yml @@ -0,0 +1,22 @@ +--- +xbps_repository_main: /data/pkgs +xbps_repository_nonfree: /data/pkgs/nonfree +xbps_repository_multilib: /data/pkgs/multilib +xbps_repository_multilib_nonfree: /data/pkgs/multilib/nonfree + +sshd_AllowGroups: + - build-ops + - void-buildsync + +buildslave_zone: DE-1 + +nomad_host_volumes: + - name: void-packages + path: /data/void-packages + read_only: false + - name: root-pkgs + path: /hostdir/binpkgs + read_only: false + - name: glibc_hostdir + path: /hostdir + read_only: false diff --git a/ansible/inventory b/ansible/inventory index 22bc85fa..23cb6534 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,87 +1,9 @@ [buildmaster] -a-hel-fi.m.voidlinux.org +ansi [buildslave] -a-hel-fi.m.voidlinux.org -c-lej-de.m.voidlinux.org -a-fsn-de.m.voidlinux.org +ansi [build:children] buildmaster buildslave - -[docs] -a-hel-fi.m.voidlinux.org - -[man] -a-hel-fi.m.voidlinux.org - -[popcorn] -a-hel-fi.m.voidlinux.org - -[mirrormanager] -a-hel-fi.m.voidlinux.org - -[netauth] -a-sfo3-us.m.voidlinux.org - -[netlogon] -vm1.a-mci-us.m.voidlinux.org -a-hel-fi.m.voidlinux.org -b-hel-fi.m.voidlinux.org -a-fsn-de.m.voidlinux.org -b-lej-de.m.voidlinux.org -c-lej-de.m.voidlinux.org -a-sfo3-us.m.voidlinux.org -b-sfo3-us.m.voidlinux.org -c-sfo3-us.m.voidlinux.org -d-sfo3-us.m.voidlinux.org -e-sfo3-us.m.voidlinux.org -f-sfo3-us.m.voidlinux.org -a-mci-us.m.voidlinux.org - -[hashi:children] -hashimaster -hashiworker -hashiproxy -hashimirror -hashimx - -[hashimaster] -b-sfo3-us.m.voidlinux.org -c-sfo3-us.m.voidlinux.org -d-sfo3-us.m.voidlinux.org - -[hashiworker] -a-hel-fi.m.voidlinux.org -a-fsn-de.m.voidlinux.org -b-lej-de.m.voidlinux.org -c-lej-de.m.voidlinux.org - -[hashiproxy] -e-sfo3-us.m.voidlinux.org - -[hashimirror] -b-hel-fi.m.voidlinux.org -a-mci-us.m.voidlinux.org - -[hashimx] -f-sfo3-us.m.voidlinux.org - -[unmanaged] -a-lej-de.m.voidlinux.org - -[prod] -a-hel-fi.m.voidlinux.org -b-hel-fi.m.voidlinux.org -a-mci-us.m.voidlinux.org -a-fsn-de.m.voidlinux.org -a-lej-de.m.voidlinux.org -b-lej-de.m.voidlinux.org -c-lej-de.m.voidlinux.org -a-sfo3-us.m.voidlinux.org -b-sfo3-us.m.voidlinux.org -c-sfo3-us.m.voidlinux.org -d-sfo3-us.m.voidlinux.org -e-sfo3-us.m.voidlinux.org -f-sfo3-us.m.voidlinux.org diff --git a/ansible/roles/buildmaster/tasks/buildbot.yml b/ansible/roles/buildmaster/tasks/buildbot.yml index a1e7fb95..285cf69d 100644 --- a/ansible/roles/buildmaster/tasks/buildbot.yml +++ b/ansible/roles/buildmaster/tasks/buildbot.yml @@ -28,7 +28,7 @@ virtualenv: "/{{ buildmaster_rootdir }}/virtual_builder" virtualenv_python: python2 become_user: "{{ buildmaster_user }}" - become_method: sudo + become_method: doas - name: Make Buildbot More Terse patch: @@ -71,15 +71,6 @@ group: "{{ buildmaster_user }}" mode: 0644 -- name: Install GitHub Webhook Password - copy: - src: secret/buildmaster_github_webhook_passwd - dest: "/{{ buildmaster_rootdir }}/github-webhook.passwd" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 - no_log: True - - name: Configure BuildMaster template: src: master.cfg.j2 diff --git a/ansible/roles/buildmaster/tasks/pre.yml b/ansible/roles/buildmaster/tasks/pre.yml index 41882dac..af6c51ea 100644 --- a/ansible/roles/buildmaster/tasks/pre.yml +++ b/ansible/roles/buildmaster/tasks/pre.yml @@ -3,23 +3,3 @@ group: name: void-repo state: present - -- name: Install the buildmaster firewall rules - copy: - src: buildmaster.rules - dest: /etc/iptables.d - owner: root - group: root - mode: 0640 - notify: - - iptables - -- name: Install the buildmaster firewall rules (v6) - copy: - src: buildmaster.6rules - dest: /etc/ip6tables.d - owner: root - group: root - mode: 0640 - notify: - - iptables diff --git a/ansible/roles/buildmaster/tasks/www.yml b/ansible/roles/buildmaster/tasks/www.yml index d8b7e507..73da3f9e 100644 --- a/ansible/roles/buildmaster/tasks/www.yml +++ b/ansible/roles/buildmaster/tasks/www.yml @@ -21,5 +21,3 @@ owner: root group: root mode: 0644 - notify: - - nginx diff --git a/ansible/roles/buildmaster/templates/master.cfg.j2 b/ansible/roles/buildmaster/templates/master.cfg.j2 index f5f91f4a..779ea34c 100644 --- a/ansible/roles/buildmaster/templates/master.cfg.j2 +++ b/ansible/roles/buildmaster/templates/master.cfg.j2 @@ -22,6 +22,7 @@ from buildbot.status.web import authz, auth from buildbot.status import words from buildbot.status import results from buildbot.status.results import SUCCESS, FAILURE, WARNINGS +from buildbot.plugins import changes import user_settings from ShellCommandChangeList import ShellCommandChangeList @@ -192,23 +193,15 @@ authz_cfg=authz.Authz( c['status'] = [ html.WebStatus( http_port=8010, authz=authz_cfg, order_console_by_time=True, - change_hook_dialects={ 'github' : { - 'secret': '{{ buildmaster_github_secret }}', - 'strict': True - } - }, - change_hook_auth=["file:/{{ buildmaster_rootdir}}/github-webhook.passwd"] ), - words.IRC( - host='irc.libera.chat', - nick='void-builder', - password='{{ buildmaster_irc_password }}', - channels=[{'channel': '#xbps'}], - notify_events={ 'failure' : 1 }, - noticeOnChannel=True, useRevisions=True - ) ] +c['change_source'] = changes.GitPoller( + repourl='https://github.com/void-linux/void-packages.git', + branches=['master'], + pollInterval=120, +) + c['title'] = proj c['titleURL'] = 'http://www.voidlinux.org/' c['buildbotURL'] = 'https://build.voidlinux.org/' diff --git a/ansible/roles/buildslave/defaults/main.yml b/ansible/roles/buildslave/defaults/main.yml index 0957425d..ccf6ad33 100644 --- a/ansible/roles/buildslave/defaults/main.yml +++ b/ansible/roles/buildslave/defaults/main.yml @@ -31,7 +31,7 @@ buildslave_rootdir: /home/void-buildslave/ # all locations for consistency. If persistent resolution issues are # preventing a host from connecting to the buildmaster this name # should very likely be specified in the hosts file. -buildslave_master: build.voidlinux.org +buildslave_master: localhost # The following list contains hashes for the builders. For standards # and sake of debugging, the 'mach' should be the architecture as