Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buildbot ansible cleanup #212

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ansible/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@
become_user: root
become_method: sudo
roles:
- acmetool
- buildmaster
- unacmetool
- unnginx

- hosts: buildslave
become: yes
Expand Down
166 changes: 25 additions & 141 deletions ansible/roles/buildmaster/tasks/buildbot.yml
Original file line number Diff line number Diff line change
@@ -1,150 +1,34 @@
---
- name: Install virtualenv & deps
xbps:
pkg:
- acl-progs
- base-devel
- python-devel
state: present

- name: Create the BuildBot Master user
user:
name: "{{ buildmaster_user }}"
state: present
createhome: yes

- name: Create the BuildMaster Root Directory
- name: Disable BuildBot Service
file:
path: "/{{ buildmaster_rootdir }}/buildmaster"
state: directory
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0750

- name: Install Buildbot
pip:
name: buildbot
version: "{{ buildmaster_version }}"
virtualenv: "/{{ buildmaster_rootdir }}/virtual_builder"
virtualenv_python: python2
become_user: "{{ buildmaster_user }}"
become_method: sudo
path: /var/service/void-buildmaster
state: absent

- name: Make Buildbot More Terse
patch:
src: terse-irc.patch
dest: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/words.py"
backup: yes

- name: Create BuildMaster Subdirectories
- name: Remove BuildBot Service
file:
path: "/{{ buildmaster_rootdir }}/buildmaster/{{ item }}"
state: directory
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0750
with_items:
- scripts
- public_html
- templates

- name: Copy un-inheritable Buildbot Assets
copy:
src: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/web/files/{{ item }}"
remote_src: true
dest: "/{{ buildmaster_rootdir }}/buildmaster/public_html/{{ item }}"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0644
with_items:
- bg_gradient.jpg
- default.css
- favicon.ico
- robots.txt

- name: Copy Buildbot Bootstrap Database
copy:
src: state.sqlite
dest: "/{{ buildmaster_rootdir }}/buildmaster/state.sqlite"
force: no
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0644

- name: Install GitHub Webhook Password
copy:
src: secret/buildmaster_github_webhook_passwd
dest: "/{{ buildmaster_rootdir }}/github-webhook.passwd"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0400
no_log: True

- name: Configure BuildMaster
template:
src: master.cfg.j2
dest: "/{{ buildmaster_rootdir }}/buildmaster/master.cfg"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0400
no_log: True

- name: Install Static Scripts
copy:
src: "{{ item }}"
dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/{{ item }}"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0640
with_items:
- __init__.py
- ShellCommandChangeList.py

- name: Install Buildbot Master Configuration
template:
src: buildbot.tac.j2
dest: "/{{ buildmaster_rootdir }}/buildmaster/buildbot.tac"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0644

- include_vars: secret/buildslave_credentials.yml
- include_vars: secret/buildmaster_users.yml

- name: Configure BuildSlave References
template:
src: user_settings.py.j2
dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/user_settings.py"
owner: "{{ buildmaster_user }}"
group: "{{ buildmaster_user }}"
mode: 0400
path: /etc/sv/void-buildmaster
state: absent

- name: Install BuildBot Service (1/2)
- name: Remove the BuildMaster Root Directory
file:
path: /etc/sv/void-buildmaster
state: directory
owner: root
group: root
mode: 0755
path: "/{{ buildmaster_rootdir }}"
state: absent

- name: Install BuildBot Service (2/2)
template:
src: run.j2
dest: /etc/sv/void-buildmaster/run
owner: root
group: root
mode: 0755
- name: Remove the BuildBot Master user
user:
name: "{{ buildmaster_user }}"
state: absent
remove: true

- name: Enable BuildBot Service
file:
src: /etc/sv/void-buildmaster
dest: /var/service/void-buildmaster
state: link
- name: Remove deps
xbps:
pkg:
- acl-progs
- base-devel
- python-devel
state: absent

- name: Install sudo policy
template:
src: buildmaster.sudoers
dest: /etc/sudoers.d/buildmaster
owner: root
group: root
mode: 0640
- name: Remove sudo policy
file:
path: /etc/sudoers.d/buildmaster
state: absent
24 changes: 9 additions & 15 deletions ansible/roles/buildmaster/tasks/pre.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,19 @@
---
- name: Create the void-repo group
- name: Remove the void-repo group
group:
name: void-repo
state: present
state: absent

- name: Install the buildmaster firewall rules
copy:
src: buildmaster.rules
dest: /etc/iptables.d
owner: root
group: root
mode: 0640
- name: Remove the buildmaster firewall rules
file:
path: /etc/iptables.d/buildmaster.rules
state: absent
notify:
- iptables

- name: Install the buildmaster firewall rules (v6)
copy:
src: buildmaster.6rules
dest: /etc/ip6tables.d
owner: root
group: root
mode: 0640
file:
path: /etc/ip6tables.d/buildmaster.6rules
state: absent
notify:
- iptables
34 changes: 12 additions & 22 deletions ansible/roles/buildmaster/tasks/www.yml
Original file line number Diff line number Diff line change
@@ -1,25 +1,15 @@
---
- name: Configure webserver
include_role:
name: nginx
tasks_from: base-site
vars:
- site:
name: buildmaster
static_root: false
urls:
- build.voidlinux.org
tls:
certificate: "{{ buildmaster_ssl_cert_path | default('/dev/null') }}"
key: "{{ buildmaster_ssl_certkey_path | default('/dev/null') }}"
stapling: yes

- name: Install root location block
copy:
src: buildmaster_root.conf
dest: /etc/nginx/locations.d/build.voidlinux.org/
owner: root
group: root
mode: 0644
- name: Unconfigure nginx
file:
path: "{{ item }}"
state: absent
with_items:
- /var/lib/acme/live/build.voidlinux.org
- /etc/nginx/locations.d/build.voidlinux.org
- /etc/nginx/sites-available/buildmaster.conf
- /etc/nginx/sites-enabled/buildmaster.conf
- /etc/iptables.d/nginx-resolvers-buildmaster.rules
- /etc/ip6tables.d/nginx-resolvers-buildmaster.6rules
notify:
- nginx
- iptables
Loading