From 96c6613eb58fffb5949b79fcc65a02dee76f162c Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 00:47:05 -0400 Subject: [PATCH 1/8] ansible: decommission builders --- ansible/roles/buildslave/tasks/main.yml | 185 +++++------------------- 1 file changed, 35 insertions(+), 150 deletions(-) diff --git a/ansible/roles/buildslave/tasks/main.yml b/ansible/roles/buildslave/tasks/main.yml index 8f452291..3036b4b1 100644 --- a/ansible/roles/buildslave/tasks/main.yml +++ b/ansible/roles/buildslave/tasks/main.yml @@ -1,173 +1,58 @@ --- -- name: Install BuildBot Slave and Dependencies - xbps: - pkg: - - buildbot-slave - - git - state: present - -- name: Create Buildslave user ({{ buildslave_user}}) - user: - name: "{{ buildslave_user }}" - state: present - createhome: yes - system: yes - groups: "{{ buildslave_groups | join(',') }}" - -- name: Create Buildsync user ({{ buildslave_sync_user }}) - user: - name: "{{ buildslave_sync_user }}" - state: present - createhome: yes - system: yes - when: buildslave_isremote - -- name: Create {{ buildslave_sync_user }} .ssh - file: - path: /home/{{ buildslave_sync_user }}/.ssh - state: directory - owner: "{{ buildslave_sync_user }}" - group: "{{ buildslave_sync_user }}" - mode: 0700 - when: buildslave_isremote - -- name: Install sync key - copy: - src: secret/buildmaster_slave_reposync_public - dest: /home/{{ buildslave_sync_user }}/.ssh/authorized_keys - owner: "{{ buildslave_sync_user }}" - group: "{{ buildslave_sync_user }}" - mode: 0600 - when: buildslave_isremote - -- name: Create Builder Directories +- name: Disable BuildSlave file: - path: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}" - state: directory - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) | unique }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- include_vars: secret/buildslave_credentials.yml - -- name: Configure buildbot-slave - template: - src: buildbot.tac.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/buildbot.tac" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 + path: "/var/service/{{ item.service_name | default('void-builder-' + item.mach) }}" + state: absent with_items: "{{ buildslave_buildslaves | json_query(query) }}" vars: query: "[?zone=='{{ buildslave_zone }}']" loop_control: label: "{{ item.mach }}" -- name: Create buildbot-slave info directories +- name: Remove Service Directories file: - path: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info" - state: directory - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- name: Configure buildbot host description - template: - src: host.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info/host" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 + path: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" + state: absent with_items: "{{ buildslave_buildslaves | json_query(query) }}" vars: query: "[?zone=='{{ buildslave_zone }}']" loop_control: label: "{{ item.mach }}" -- name: Configure buildbot admin description - template: - src: admin.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info/admin" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" +- name: Uninstall BuildBot Slave and Dependencies + xbps: + pkg: + - buildbot-slave + - git + state: absent -- name: Configure xbps-src - template: - src: xbps-src.conf.j2 - dest: "/home/{{ buildslave_user }}/.xbps-src.conf" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 +- name: Remove Buildslave user ({{ buildslave_user}}) + user: + name: "{{ buildslave_user }}" + state: absent + remove: true -- name: Configure local build mirror - template: - src: local-repository.conf - dest: /etc/xbps.d/99-local-repository.conf - owner: root - group: root - mode: 0644 - when: buildslave_zone in buildmaster_remote_zones +- name: Remove Buildsync user ({{ buildslave_sync_user }}) + user: + name: "{{ buildslave_sync_user }}" + state: absent + remove: true + when: buildslave_isremote -- name: Create Service Directories +- name: Remove Builder Directories file: - path: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: directory - owner: root - group: root - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" + path: "/{{ buildslave_rootdir }}" + state: absent -- name: Configure Runit - template: - src: run.j2 - dest: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}/run" - owner: root - group: root - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" +- include_vars: secret/buildslave_credentials.yml -- name: Enable BuildSlave +- name: Unconfigure local build mirror file: - src: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" - dest: "/var/service/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: link - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" + path: /etc/xbps.d/99-local-repository.conf + state: absent + when: buildslave_zone in buildmaster_remote_zones -- name: Install sudo policy - template: - src: buildslave.sudoers.j2 - dest: /etc/sudoers.d/buildslave - owner: root - group: root - mode: 0640 - vars: - query: "[?zone=='{{ buildslave_zone }}']" - local_buildbots: "{{ buildslave_buildslaves | json_query(query) }}" +- name: Remove sudo policy + file: + path: /etc/sudoers.d/buildslave + state: absent From 08a301b4dc20d01e4d036e9bd02f0fbf1367a997 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 00:59:43 -0400 Subject: [PATCH 2/8] ansible: decommission buildmaster --- ansible/roles/buildmaster/tasks/buildbot.yml | 166 +++---------------- ansible/roles/buildmaster/tasks/pre.yml | 24 +-- ansible/roles/buildmaster/tasks/www.yml | 34 ++-- 3 files changed, 46 insertions(+), 178 deletions(-) diff --git a/ansible/roles/buildmaster/tasks/buildbot.yml b/ansible/roles/buildmaster/tasks/buildbot.yml index a1e7fb95..d092688b 100644 --- a/ansible/roles/buildmaster/tasks/buildbot.yml +++ b/ansible/roles/buildmaster/tasks/buildbot.yml @@ -1,150 +1,34 @@ --- -- name: Install virtualenv & deps - xbps: - pkg: - - acl-progs - - base-devel - - python-devel - state: present - -- name: Create the BuildBot Master user - user: - name: "{{ buildmaster_user }}" - state: present - createhome: yes - -- name: Create the BuildMaster Root Directory +- name: Disable BuildBot Service file: - path: "/{{ buildmaster_rootdir }}/buildmaster" - state: directory - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0750 - -- name: Install Buildbot - pip: - name: buildbot - version: "{{ buildmaster_version }}" - virtualenv: "/{{ buildmaster_rootdir }}/virtual_builder" - virtualenv_python: python2 - become_user: "{{ buildmaster_user }}" - become_method: sudo + path: /var/service/void-buildmaster + state: absent -- name: Make Buildbot More Terse - patch: - src: terse-irc.patch - dest: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/words.py" - backup: yes - -- name: Create BuildMaster Subdirectories +- name: Remove BuildBot Service file: - path: "/{{ buildmaster_rootdir }}/buildmaster/{{ item }}" - state: directory - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0750 - with_items: - - scripts - - public_html - - templates - -- name: Copy un-inheritable Buildbot Assets - copy: - src: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/web/files/{{ item }}" - remote_src: true - dest: "/{{ buildmaster_rootdir }}/buildmaster/public_html/{{ item }}" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - with_items: - - bg_gradient.jpg - - default.css - - favicon.ico - - robots.txt - -- name: Copy Buildbot Bootstrap Database - copy: - src: state.sqlite - dest: "/{{ buildmaster_rootdir }}/buildmaster/state.sqlite" - force: no - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - -- name: Install GitHub Webhook Password - copy: - src: secret/buildmaster_github_webhook_passwd - dest: "/{{ buildmaster_rootdir }}/github-webhook.passwd" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 - no_log: True - -- name: Configure BuildMaster - template: - src: master.cfg.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/master.cfg" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 - no_log: True - -- name: Install Static Scripts - copy: - src: "{{ item }}" - dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/{{ item }}" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0640 - with_items: - - __init__.py - - ShellCommandChangeList.py - -- name: Install Buildbot Master Configuration - template: - src: buildbot.tac.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/buildbot.tac" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - -- include_vars: secret/buildslave_credentials.yml -- include_vars: secret/buildmaster_users.yml - -- name: Configure BuildSlave References - template: - src: user_settings.py.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/user_settings.py" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 + path: /etc/sv/void-buildmaster + state: absent -- name: Install BuildBot Service (1/2) +- name: Remove the BuildMaster Root Directory file: - path: /etc/sv/void-buildmaster - state: directory - owner: root - group: root - mode: 0755 + path: "/{{ buildmaster_rootdir }}" + state: absent -- name: Install BuildBot Service (2/2) - template: - src: run.j2 - dest: /etc/sv/void-buildmaster/run - owner: root - group: root - mode: 0755 +- name: Remove the BuildBot Master user + user: + name: "{{ buildmaster_user }}" + state: absent + remove: true -- name: Enable BuildBot Service - file: - src: /etc/sv/void-buildmaster - dest: /var/service/void-buildmaster - state: link +- name: Remove deps + xbps: + pkg: + - acl-progs + - base-devel + - python-devel + state: absent -- name: Install sudo policy - template: - src: buildmaster.sudoers - dest: /etc/sudoers.d/buildmaster - owner: root - group: root - mode: 0640 +- name: Remove sudo policy + file: + path: /etc/sudoers.d/buildmaster + state: absent diff --git a/ansible/roles/buildmaster/tasks/pre.yml b/ansible/roles/buildmaster/tasks/pre.yml index 41882dac..2356d21c 100644 --- a/ansible/roles/buildmaster/tasks/pre.yml +++ b/ansible/roles/buildmaster/tasks/pre.yml @@ -1,25 +1,19 @@ --- -- name: Create the void-repo group +- name: Remove the void-repo group group: name: void-repo - state: present + state: absent -- name: Install the buildmaster firewall rules - copy: - src: buildmaster.rules - dest: /etc/iptables.d - owner: root - group: root - mode: 0640 +- name: Remove the buildmaster firewall rules + file: + path: /etc/iptables.d/buildmaster.rules + state: absent notify: - iptables - name: Install the buildmaster firewall rules (v6) - copy: - src: buildmaster.6rules - dest: /etc/ip6tables.d - owner: root - group: root - mode: 0640 + file: + path: /etc/ip6tables.d/buildmaster.6rules + state: absent notify: - iptables diff --git a/ansible/roles/buildmaster/tasks/www.yml b/ansible/roles/buildmaster/tasks/www.yml index d8b7e507..dc838d9c 100644 --- a/ansible/roles/buildmaster/tasks/www.yml +++ b/ansible/roles/buildmaster/tasks/www.yml @@ -1,25 +1,15 @@ --- -- name: Configure webserver - include_role: - name: nginx - tasks_from: base-site - vars: - - site: - name: buildmaster - static_root: false - urls: - - build.voidlinux.org - tls: - certificate: "{{ buildmaster_ssl_cert_path | default('/dev/null') }}" - key: "{{ buildmaster_ssl_certkey_path | default('/dev/null') }}" - stapling: yes - -- name: Install root location block - copy: - src: buildmaster_root.conf - dest: /etc/nginx/locations.d/build.voidlinux.org/ - owner: root - group: root - mode: 0644 +- name: Unconfigure nginx + file: + path: "{{ item }}" + state: absent + with_items: + - /var/lib/acme/live/build.voidlinux.org + - /etc/nginx/locations.d/build.voidlinux.org + - /etc/nginx/sites-available/buildmaster.conf + - /etc/nginx/sites-enabled/buildmaster.conf + - /etc/iptables.d/nginx-resolvers-buildmaster.rules + - /etc/ip6tables.d/nginx-resolvers-buildmaster.6rules notify: - nginx + - iptables From 2e516a2d168d2f36160c1a95770a53b14d9dfe04 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 01:48:35 -0400 Subject: [PATCH 3/8] ansible: decommission acmetool acmetool is a submodule role so decommission it with a new role --- ansible/build.yml | 2 +- ansible/roles/unacmetool/tasks/main.yml | 28 +++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/unacmetool/tasks/main.yml diff --git a/ansible/build.yml b/ansible/build.yml index 3534e147..4f194f80 100644 --- a/ansible/build.yml +++ b/ansible/build.yml @@ -4,8 +4,8 @@ become_user: root become_method: sudo roles: - - acmetool - buildmaster + - unacmetool - hosts: buildslave become: yes diff --git a/ansible/roles/unacmetool/tasks/main.yml b/ansible/roles/unacmetool/tasks/main.yml new file mode 100644 index 00000000..a6d9eac1 --- /dev/null +++ b/ansible/roles/unacmetool/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Remove acmetool data root + file: + path: /var/lib/acme + state: absent + +- name: Remove renewal crontab + file: + path: /etc/cron.d/acmetool + state: absent + +- name: Remove acmetool firewall rules + file: + path: /etc/iptables.d/acmetool.rules + state: absent + notify: + - iptables + +- name: Remove Service Hooks + file: + path: /usr/libexec/acme/hooks/sv_restart + state: absent + when: acmetool.services is defined + +- name: Remove acmetool + xbps: + pkg: acmetool + state: absent From f5f1a4cf1e2ed3c88b02f2dc8123cc768936a6c1 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 02:06:51 -0400 Subject: [PATCH 4/8] ansible: decommission nginx --- ansible/build.yml | 1 + ansible/roles/unnginx/tasks/main.yml | 37 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 ansible/roles/unnginx/tasks/main.yml diff --git a/ansible/build.yml b/ansible/build.yml index 4f194f80..25dd4493 100644 --- a/ansible/build.yml +++ b/ansible/build.yml @@ -6,6 +6,7 @@ roles: - buildmaster - unacmetool + - unnginx - hosts: buildslave become: yes diff --git a/ansible/roles/unnginx/tasks/main.yml b/ansible/roles/unnginx/tasks/main.yml new file mode 100644 index 00000000..c0ea5cb4 --- /dev/null +++ b/ansible/roles/unnginx/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Create the webroot + file: + path: /srv/www + state: directory + owner: root + group: root + mode: 0755 + +- name: Disable nginx + runit: + name: nginx + enabled: false + +- name: Unconfigure nginx firewall rules + file: + path: /etc/iptables.d/nginx.rules + state: absent + notify: + - iptables + +- name: Unconfigure nginx firewall rules + file: + path: /etc/ip6tables.d/nginx.6rules + state: absent + notify: + - iptables + +- name: Remove nginx files + file: + path: /etc/nginx + state: absent + +- name: Remove nginx + xbps: + pkg: nginx + state: present From 6ed13be8dcbf79f0bd4fc2bf78f17c6e6e5a92a7 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 01:57:41 -0400 Subject: [PATCH 5/8] ansible: cleanup build playbook --- ansible/build.yml | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 ansible/build.yml diff --git a/ansible/build.yml b/ansible/build.yml deleted file mode 100644 index 25dd4493..00000000 --- a/ansible/build.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: buildmaster - become: yes - become_user: root - become_method: sudo - roles: - - buildmaster - - unacmetool - - unnginx - -- hosts: buildslave - become: yes - become_user: root - become_method: sudo - roles: - - buildslave From 39a58e4d4c666912c01d52241ffb078d3b8a05de Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 01:16:56 -0400 Subject: [PATCH 6/8] ansible: remove buildbot roles --- ansible/group_vars/build.yml | 80 ------- ansible/group_vars/buildmaster.yml | 2 - .../host_vars/a-fsn-de.m.voidlinux.org.yml | 3 - .../host_vars/a-hel-fi.m.voidlinux.org.yml | 13 -- .../host_vars/b-fsn-de.m.voidlinux.org.yml | 3 - ansible/inventory | 12 - ansible/roles/buildmaster/defaults/main.yml | 53 ----- .../files/ShellCommandChangeList.py | 52 ----- ansible/roles/buildmaster/files/__init__.py | 0 .../buildmaster/files/buildmaster.6rules | 6 - .../roles/buildmaster/files/buildmaster.rules | 6 - .../buildmaster/files/buildmaster_root.conf | 4 - ansible/roles/buildmaster/files/state.sqlite | Bin 262144 -> 0 bytes .../roles/buildmaster/files/terse-irc.patch | 38 ---- ansible/roles/buildmaster/meta/main.yml | 4 - ansible/roles/buildmaster/tasks/buildbot.yml | 34 --- ansible/roles/buildmaster/tasks/main.yml | 4 - ansible/roles/buildmaster/tasks/pre.yml | 19 -- ansible/roles/buildmaster/tasks/www.yml | 15 -- .../buildmaster/templates/buildbot.tac.j2 | 31 --- .../buildmaster/templates/buildmaster.sudoers | 2 - .../roles/buildmaster/templates/master.cfg.j2 | 206 ------------------ .../buildmaster/templates/repomaster.sudoers | 1 - ansible/roles/buildmaster/templates/run.j2 | 5 - .../buildmaster/templates/user_settings.py.j2 | 22 -- .../templates/xbps-clean-repos.sh.j2 | 71 ------ ansible/roles/buildmaster/vars/main.yml | 3 - ansible/roles/buildslave/defaults/main.yml | 69 ------ ansible/roles/buildslave/tasks/main.yml | 58 ----- ansible/roles/buildslave/templates/admin.j2 | 1 - .../buildslave/templates/buildbot.tac.j2 | 42 ---- .../templates/buildslave.sudoers.j2 | 4 - ansible/roles/buildslave/templates/host.j2 | 1 - ansible/roles/buildslave/templates/info.j2 | 1 - .../templates/local-repository.conf | 1 - ansible/roles/buildslave/templates/run.j2 | 3 - .../buildslave/templates/xbps-src.conf.j2 | 7 - ansible/secret/README.md | 40 ---- 38 files changed, 916 deletions(-) delete mode 100644 ansible/group_vars/build.yml delete mode 100644 ansible/group_vars/buildmaster.yml delete mode 100644 ansible/roles/buildmaster/defaults/main.yml delete mode 100644 ansible/roles/buildmaster/files/ShellCommandChangeList.py delete mode 100644 ansible/roles/buildmaster/files/__init__.py delete mode 100644 ansible/roles/buildmaster/files/buildmaster.6rules delete mode 100644 ansible/roles/buildmaster/files/buildmaster.rules delete mode 100644 ansible/roles/buildmaster/files/buildmaster_root.conf delete mode 100644 ansible/roles/buildmaster/files/state.sqlite delete mode 100644 ansible/roles/buildmaster/files/terse-irc.patch delete mode 100644 ansible/roles/buildmaster/meta/main.yml delete mode 100644 ansible/roles/buildmaster/tasks/buildbot.yml delete mode 100644 ansible/roles/buildmaster/tasks/main.yml delete mode 100644 ansible/roles/buildmaster/tasks/pre.yml delete mode 100644 ansible/roles/buildmaster/tasks/www.yml delete mode 100644 ansible/roles/buildmaster/templates/buildbot.tac.j2 delete mode 100644 ansible/roles/buildmaster/templates/buildmaster.sudoers delete mode 100644 ansible/roles/buildmaster/templates/master.cfg.j2 delete mode 100644 ansible/roles/buildmaster/templates/repomaster.sudoers delete mode 100644 ansible/roles/buildmaster/templates/run.j2 delete mode 100644 ansible/roles/buildmaster/templates/user_settings.py.j2 delete mode 100644 ansible/roles/buildmaster/templates/xbps-clean-repos.sh.j2 delete mode 100644 ansible/roles/buildmaster/vars/main.yml delete mode 100644 ansible/roles/buildslave/defaults/main.yml delete mode 100644 ansible/roles/buildslave/tasks/main.yml delete mode 100644 ansible/roles/buildslave/templates/admin.j2 delete mode 100644 ansible/roles/buildslave/templates/buildbot.tac.j2 delete mode 100644 ansible/roles/buildslave/templates/buildslave.sudoers.j2 delete mode 100644 ansible/roles/buildslave/templates/host.j2 delete mode 100644 ansible/roles/buildslave/templates/info.j2 delete mode 100644 ansible/roles/buildslave/templates/local-repository.conf delete mode 100644 ansible/roles/buildslave/templates/run.j2 delete mode 100644 ansible/roles/buildslave/templates/xbps-src.conf.j2 diff --git a/ansible/group_vars/build.yml b/ansible/group_vars/build.yml deleted file mode 100644 index 6f090e3a..00000000 --- a/ansible/group_vars/build.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -buildmaster_default_workdir: buildmaster-workdir - -buildslave_buildslaves: - - name: x86_64-primary - sname: x86_64_void - mach: x86_64 - zone: DE-1 - - - name: i686-primary - sname: i686_void - mach: i686 - zone: DE-1 - - - name: armv6l-primary - sname: cross-rpi_void - mach: armv6l - zone: DE-1 - - - name: armv7l-primary - sname: cross-armv7l_void - mach: armv7l - zone: DE-1 - - - name: x86_64-musl-primary - sname: x86_64-musl_void - mach: x86_64-musl - service_name: buildslave-x86_64-musl - zone: FI-1 - - - name: armv6l-musl-primary - sname: cross-armv6-musl_void - mach: armv6l-musl - service_name: buildslave-cross-armv6l-musl - zone: FI-1 - - - name: armv7l-musl-primary - sname: cross-armv7-musl_void - mach: armv7l-musl - service_name: buildslave-cross-armv7l-musl - zone: FI-1 - - - name: aarch64-primary - sname: cross-aarch64_builder - mach: aarch64 - bootstrapargs: "" - zone: DE-2 - - - name: aarch64-musl-primary - sname: cross-aarch64-musl_builder - mach: aarch64-musl - bootstrapargs: "" - zone: DE-2 - -buildslave_zones: - DE-1: - admin: - nick: maldridge - name: maldridge - mail: maldridge@voidlinux.org - xbps: - makejobs: 16 - DE-2: - admin: - nick: leah2 - name: Leah Neukirchen - mail: leah@vuxu.org - xbps: - makejobs: 3 - FI-1: - admin: - nick: maldridge - name: maldridge - mail: maldridge@voidlinux.org - xbps: - makejobs: 6 - -buildmaster_remote_zones: - - DE-2 - - FI-1 diff --git a/ansible/group_vars/buildmaster.yml b/ansible/group_vars/buildmaster.yml deleted file mode 100644 index e76a76df..00000000 --- a/ansible/group_vars/buildmaster.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -buildslave_hostdir_group: void-repo diff --git a/ansible/host_vars/a-fsn-de.m.voidlinux.org.yml b/ansible/host_vars/a-fsn-de.m.voidlinux.org.yml index 921feaf1..f8955eac 100644 --- a/ansible/host_vars/a-fsn-de.m.voidlinux.org.yml +++ b/ansible/host_vars/a-fsn-de.m.voidlinux.org.yml @@ -19,9 +19,6 @@ xbps_repository_multilib_nonfree: /data/pkgs/multilib/nonfree sshd_AllowGroups: - build-ops - - void-buildsync - -buildslave_zone: DE-1 nomad_host_volumes: - name: void-packages diff --git a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml index 0eebc803..ee1d20c5 100644 --- a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml +++ b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml @@ -14,22 +14,9 @@ network_static_interfaces: sshd_AllowGroups: - build-ops - - syncpeers nginx_dhparam_bits: 2048 -buildmaster_ssl_cert_path: /var/lib/acme/live/build.voidlinux.org/fullchain -buildmaster_ssl_certkey_path: /var/lib/acme/live/build.voidlinux.org/privkey - -buildslave_zone: FI-1 -buildslave_master: localhost - -buildslave_groups: - - xbuilder - - void-repo - -buildslave_hostdir_group: void-repo - acmetool: sites: - site: build.voidlinux.org diff --git a/ansible/host_vars/b-fsn-de.m.voidlinux.org.yml b/ansible/host_vars/b-fsn-de.m.voidlinux.org.yml index 607536ef..a6a8f35b 100644 --- a/ansible/host_vars/b-fsn-de.m.voidlinux.org.yml +++ b/ansible/host_vars/b-fsn-de.m.voidlinux.org.yml @@ -1,9 +1,6 @@ --- sshd_AllowGroups: - build-ops - - void-buildsync - -buildslave_zone: DE-2 nomad_host_volumes: - name: ccache diff --git a/ansible/inventory b/ansible/inventory index 68cbc25e..f96003e9 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -1,15 +1,3 @@ -[buildmaster] -a-hel-fi.m.voidlinux.org - -[buildslave] -a-hel-fi.m.voidlinux.org -a-fsn-de.m.voidlinux.org -b-fsn-de.m.voidlinux.org - -[build:children] -buildmaster -buildslave - [buildworker] a-hel-fi.m.voidlinux.org a-fsn-de.m.voidlinux.org diff --git a/ansible/roles/buildmaster/defaults/main.yml b/ansible/roles/buildmaster/defaults/main.yml deleted file mode 100644 index c9257da7..00000000 --- a/ansible/roles/buildmaster/defaults/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -buildmaster_version: 0.8.12 -buildmaster_user: void-buildmaster -buildmaster_repomgr: void-repomaster - -buildmaster_rootdir: /home/void-buildmaster/ - -buildmaster_machmap: - x86_64: - cross: native - subarch: x86_64 - x86_64-musl: - cross: native-x86_64-musl - subarch: x86_64-musl - i686: - cross: native-i686 - subarch: i686 - i686-musl: - cross: native-i686-musl - subarch: i686-musl - armv6l: - cross: armv6hf - subarch: x86_64 - armv6l-musl: - cross: armv6hf-musl - subarch: x86_64-musl - armv7l: - cross: armv7hf - subarch: x86_64 - armv7l-musl: - cross: armv7hf-musl - subarch: x86_64-musl - aarch64: - cross: aarch64 - subarch: x86_64 - aarch64-musl: - cross: aarch64-musl - subarch: x86_64-musl - -# The following variable is populated by loading the plaintext file at -# secret/buildmaster_github-secret -#buildmaster_github_secret: GithubSecret! - -# The following variable is loaded from -# secret/buildmaster_users.yml and has a structure as shown below -# buildmaster_users: -# - name: foobar -# pass: ItsaPassword! - -buildmaster_www_servername: build.voidlinux.org - -buildmaster_groups: - - void-repo diff --git a/ansible/roles/buildmaster/files/ShellCommandChangeList.py b/ansible/roles/buildmaster/files/ShellCommandChangeList.py deleted file mode 100644 index 79f6f306..00000000 --- a/ansible/roles/buildmaster/files/ShellCommandChangeList.py +++ /dev/null @@ -1,52 +0,0 @@ -from twisted.python import log -from buildbot.steps import shell -from buildbot.process.buildstep import RemoteShellCommand - -# Executes a remote command with changed files appended onto the end -class ShellCommandChangeList(shell.ShellCommand): - def start(self): - # Substitute build properties into command - #command = self._interpolateProperties(self.command) - command = self.command - # fail assert if command is not of correct type - assert isinstance(command, (list, tuple, str)) - - # Get changed file list from the build which invoked this step - files = self.build.allFiles() - - # Now we can do whatever we want with the list of changed files. - # I will just append them to the end of the command. - - ## IGNORE THIS - #log.msg("Build Files (STR): %s" % files) - #files = " -t {quot}{files}{quot}".format(files=" ".join(files),quot='"') - #command += files - #log.msg("Build Files (TUPLE): %s" % files) - #command += tuple(["-t", "{files}".format(files=" ".join(files))]) - #elif isinstance(command, list): - # log.msg("Build Files (LIST): %s" % files) - # command += ["-t", "{files}".format(files=" ".join(files))] - - # Convert file list so it can be appended to the command's type - if isinstance(command, str): - files = " ".join(files) - elif isinstance(command, tuple): - files = tuple(files) - - # .. and append files to end of command - # (the type 'lists' is not handled above because it doesn't have to be) - command += files - - # We have created the final command string - # so we can fill out the arguments for a RemoteShellCommand - # using our new command string - kwargs = self.remote_kwargs - kwargs['command'] = command - kwargs['logfiles'] = self.logfiles - kwargs['timeout'] = 3600 - - # Create the RemoteShellCommand and start it - cmd = RemoteShellCommand(**kwargs) - self.setupEnvironment(cmd) - #self.checkForOldSlaveAndLogfiles() - self.startCommand(cmd) diff --git a/ansible/roles/buildmaster/files/__init__.py b/ansible/roles/buildmaster/files/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/ansible/roles/buildmaster/files/buildmaster.6rules b/ansible/roles/buildmaster/files/buildmaster.6rules deleted file mode 100644 index 2c947f6a..00000000 --- a/ansible/roles/buildmaster/files/buildmaster.6rules +++ /dev/null @@ -1,6 +0,0 @@ -*filter --A INPUT -p tcp --dport 80 -j ACCEPT --A INPUT -p tcp --dport 443 -j ACCEPT --A INPUT -p tcp --dport 9989 -j ACCEPT --A INPUT -p udp --dport 9989 -j ACCEPT -COMMIT diff --git a/ansible/roles/buildmaster/files/buildmaster.rules b/ansible/roles/buildmaster/files/buildmaster.rules deleted file mode 100644 index 2c947f6a..00000000 --- a/ansible/roles/buildmaster/files/buildmaster.rules +++ /dev/null @@ -1,6 +0,0 @@ -*filter --A INPUT -p tcp --dport 80 -j ACCEPT --A INPUT -p tcp --dport 443 -j ACCEPT --A INPUT -p tcp --dport 9989 -j ACCEPT --A INPUT -p udp --dport 9989 -j ACCEPT -COMMIT diff --git a/ansible/roles/buildmaster/files/buildmaster_root.conf b/ansible/roles/buildmaster/files/buildmaster_root.conf deleted file mode 100644 index 45c01be3..00000000 --- a/ansible/roles/buildmaster/files/buildmaster_root.conf +++ /dev/null @@ -1,4 +0,0 @@ -location / { - proxy_buffering off; - proxy_pass http://127.0.0.1:8010; -} diff --git a/ansible/roles/buildmaster/files/state.sqlite b/ansible/roles/buildmaster/files/state.sqlite deleted file mode 100644 index 88423f3aeea4e7418a530de5f38e9088b46a68ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 262144 zcmeI)O>i66VZd>$C~`?i6y+w$MrB;BqAJ8jlqrdp6xmU1n1WAdI?84lCg>UxBLlgoCAb%c&uN00IagfB*sr zAb0R#|0 z009ILKmY**5I_I{1jbo_{r_?9UCs>w1Q0*~0R#|0009ILKmdVIfaiZk0s;sifB*sr zAb~DB zsgK9sgfm3oGZ$Dhr;LT;+Ky8z+mA{ur&4wcwN|xcH^YNpUCHONn>llJ{aWsxsU$Er z)}sJ36K1gv8mSkQQ#kwbl#!j+QbF_*Ys-nHH6*O7>QGyBF`&Wr-hOnSyCi>}zr-N@z5^^Hw) zeQRxP(M-<-DJu3uyD~VsP%66irI*dk+&z&|%IvmEWv3a0FNSsbeY9H-gUoBW>)EZf zO><#E$`w>t*sfQrcFhZmOiY)ac{{&)E1Q4EyqSB)%s6E$ZB6|!wfIRp_Q6+mbO=2>W}7Lsp*u%xARIZQnWlV{p42r z;W6Dfeq7tT5e&63Y53=~GSI@Xea2Zh&lAU(UsGa)>lK?`!E>s1V)T8d=D52`yg#CQ zhm9Y0eIuV+y|L~OrA%;QWEITmFsCdX#0eIa0iTdSEy14#35m>%6euRglc^)R zvAnG9EeGOKWL$4T(45i}2?_jOk%9+IjdIO|FnPiqHdf%t?j)g&75#nMZ+|hZ!al5C&&0*79J1iEoG`) zxOhpOP7jNfmR)$yt=Iamu+o(A3n_>zNObelnKE(Bi>9B#>g~liTIt0wFkbB1?u>3M zEopnl0)Vh*3*8G#UqD)+=!^C};^C1vK%=4`t7}LfOea|&)LoCxU3gg)lm~oVv2wm) zpgL;Xm#2ene{x);L{I-}tIOwzdqF;6{BKb6w;=ZDkss|Tix+h+z{BdX3$)4x1C zw41I|uNBVs1WdGF(RAa?8STlL;KX~PdkzmMr{5Fl3pDLU-F3Wr^RZaXJAHKF;yJa8 zq-5d_a5uVVOwUBEjE70z1zgG(+yb)yKfLvik`O=u0R#|0009ILKmY**5ExZ~*@<7I zUeJD?n*5hZ`{3Um`04bYYd=5u-Gc|GH}sZ1J@d4-{yxT+@w{C$%THgU_Z~uJ{m3>|))oci(+M z`9!K4?td878t?&Z(es)G?{QvPQB^xyu_QrolV$t z@@}p8Ah%v^RBW%i1t%r+Kdo!pZmS~p&FR8`k`K{}^arLCuJ{4>Tbw@x!=!+7guI`2(kCdZLrtljH-DowNzxmUR z3wm_X>=bI<$xRv7N$o*G)!kfQj4Dj3DWQC;J^KyaxGA={te{xuQ9&LG1+g9GRNd%v z|7a688ctE%Nu|Q4B&g9Fz2&f*^~u#n=Ako8eZ; z`#~qj+2!}=6?Qqs_YRK-tXYE=Zka1CK;a4l<(-{g<$YJ`#tq##E0&TIz4O_h@oslU ze>rJTccX(<$L*ckomC@RK>VwV)js!zZWxC4B;0Kb$_V~AsOSYj`(4t)t@Hbi-RxYj zdKURosoOV-v>oe0?IkoE`rC1Ft0xLIM$Zx?ZD`UR|&lo zjTq_MtkLaCH$(4zm48u+%Ca8a(v8hUUe~?fre)(w?2U!Ny8$?=nZ;G!68`^h*T7!#OA-Wy~2S(BiRFe6{2LWbAx{z7y z{||R2P#OXVAbb009ILKmY**5I_I{1cocXzyCj6 zPf9}o0R#|0009ILKmY**5I|rQ1=#-|#a^LJ2q1s}0tg_000IagfB*sr3|D~X|KWO4 z8UhF)fB*srAb=oLC00IagfB*srAbBKmY**5I_I{1Q0*~0R)CC!1MobJt++V1Q0*~ z0R#|0009ILKmdVJ6yW)P6nlj>A%Fk^2q1s}0tg_000IagFkAti|A*^IX$T;I00Iag zfB*srAb00IagfB*srAbO00IagfB*sr zAbQ!Oq)zi|JC%?)Q_jmP5!kuIr-MXI}?91ar?ku%*`J8&fz~k{O+NDKlGDB ztLcAD=V$&|sqdG{(erw+_sYAvar(6O(Pgh#s@QJ5)!epSuUKuk^83k^d@j40GdHtu ztmRBO#>}K=oU*yPzL~p`%bV*Po96n~+S;O-o+&kpwe4N=ZZ^O2W;UO>aPgAm2RH49 zj_cHGeG!eKx4qjfD@@y{yN*|HJ~lUV_cqOIx$D`jwM}zjL8+t(xCbZw<&gX(-czj`a1f5*I;d&kT;<>1t=Z{%~UH`e{IOmsGuna^F%<#X#R zxjSYMX1j^$d)udER3pOz(pLNMwr*Tq(%M&?TG@W&ZtvRVR>f`>ws(uQ9osFmYR>yD zyDvNw_2$<4>g}zZ=(}sVduCs%D7U$>-XCXX>Lp*?DKDB~WkTS?l5S*0Yvu>ECQjH_ z(?ZmqK@EvB4rodoZGBkWzX5TZ`x@}VQyLIw9MFI`+G=~hsT)g6+MW^4rrr+etN4&Q zuX@w_lPfMfo?`yAh|gFKbE=Jc(<|0IIZz&uaY4$!3ImfzWL%4qAq*55Iy+i=7ghHCvIX)|0y85QV%5(jPhF#enU5|oY2~bdMa>RrK;n3cDYdWI{987P>Gzl zry@DZ+PnBI-8gYV`{+tAk~-yf-h4?JIi28rmSg*oXE$rbNSrf1~VCnks;%{#ZUYir_q(Op>2sjGRMQh3HCg{^a270>PD_rspH2=_K! z8On0xu$E-+o^G5uqqR@;T~5VVlq(d6uPI&F6S+@E_MUXw`t~<<!SUg!GG)#0P3e!wAk628vs>cc<}aVu`r2L;(dR>axr^o%$mD#FHJ*RfR z9^U%McVGRZy9@-vC$#)*`2<3Q_eXUeeVwFgRj!<)*e)UPI%8r^rwZ4HAgXICuY^YIcMpWO$$ zcCFw!)$qPI3bhi8R+B2tR->%9cM=+3YmxJ#2UgRO37i6wfEM2-I$-(K6((0 zuBepg*RMo{g*WI?pg*F*w~4pA>6xf9`3_wfSz;xwie4!qPO^u^O3UsakMfOfw?^f1 z9|y-zPyGG=&c%^82q1s}0tg_000IagfB*srjI99A|6|*=oEQQKAbi~1Q0*~0R#|0009ILKwxYIc>W*TuI0oKKmY**5I_I{1Q0*~0R#}} z2=M&hq2LVy2q1s}0tg_000IagfB*srAb/dev/null - done -} - -clean() { - local _arch="$1" - local _repo="$2" - - XBPS_TARGET_ARCH=${_arch} xbps-rindex -c ${_repo} 2>/dev/null -} - -remove() { - local _arch="$1" - local _repo="$2" - - XBPS_TARGET_ARCH=${_arch} xbps-rindex -c ${_repo} 2>/dev/null -} - -# Register binpkgs just in case... -for f in ${REPOS}; do - for x in ${ARCHS}; do - ( XBPS_TARGET_ARCH=$x xbps-rindex -a ${f}/*.{${x},noarch}.xbps 2>/dev/null ) & - done -done -wait -for f in ${REPOS64}; do - ( xbps-rindex -a ${f}/*.{x86_64,noarch}.xbps 2>/dev/null ) & -done -wait -for f in ${REPOS64}; do - ( xbps-rindex -c ${f} 2>/dev/null ) & -done -wait -for f in ${REPOS}; do - for x in ${ARCHS}; do - XBPS_TARGET_ARCH=$x xbps-rindex -c ${f} 2>/dev/null - done -done -wait - -# do not delete packages if there are staged packages -for f in ${REPOS} ${REPOS64}; do - for x in ${ARCHS}; do - [ -e "$f/${x}-stagedata" ] && exit 0 - done -done - -for f in ${REPOS}; do - for x in ${ARCHS}; do - XBPS_TARGET_ARCH=$x xbps-rindex -r ${f} 2>/dev/null - done -done -wait -for f in ${REPOS64}; do - ( xbps-rindex -r ${f} 2>/dev/null ) & -done -wait - -exit 0 diff --git a/ansible/roles/buildmaster/vars/main.yml b/ansible/roles/buildmaster/vars/main.yml deleted file mode 100644 index 62ed3392..00000000 --- a/ansible/roles/buildmaster/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -buildmaster_github_secret: "{{ lookup('file', 'secret/buildmaster_github_secret') }}" -buildmaster_irc_password: "{{ lookup('file', 'secret/buildmaster_irc_password') }}" diff --git a/ansible/roles/buildslave/defaults/main.yml b/ansible/roles/buildslave/defaults/main.yml deleted file mode 100644 index 0957425d..00000000 --- a/ansible/roles/buildslave/defaults/main.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- - -# Default user to create buildbots under, set this on a per host level -# to match existing buildslave users if applicable. -buildslave_user: void-buildslave - -# Additional groups for the buildslave user. At minimum this must -# contain xbuilder for the chroot to work correctly within xbps-src -buildslave_groups: - - xbuilder - -# Is this a remote builder? The general case is yes since builders -# are heavy computationally and only a limited number can run on the -# buildmaster. This sets up the sync job to exfiltrate the build -# artifacts back to the master repo. -buildslave_isremote: true - -# Default user to syncronize with main repo. This user gets read -# access on the /hostdir but that's it. -buildslave_sync_user: void-buildsync - -# Default location to provision new buildslaves into. Set this on a -# per host level to match existing buildslave home folders if -# applicable. -buildslave_rootdir: /home/void-buildslave/ - -# At which server does the buildmaster reside? This should be in the -# form of a dotted hostname or an IP address. While this may be -# overriden in the case of builders running on the buildmaster itself -# to 'localhost', it is preferred to use the full canonical name in -# all locations for consistency. If persistent resolution issues are -# preventing a host from connecting to the buildmaster this name -# should very likely be specified in the hosts file. -buildslave_master: build.voidlinux.org - -# The following list contains hashes for the builders. For standards -# and sake of debugging, the 'mach' should be the architecture as -# specified by `xbps-uhelper arch`. Only the name is required, though -# if existing builders are being captured for ansible management, the -# directory and service_name should be specified to match those of the -# existing buildbot directory name and runit service directory -# respecitvely. - -# buildslave_buildslaves: -# - name: x86_64-primary -# mach: x86_64 -# directory: x86_64 -# service_name: arbitrary-builder-name -# zone: Zone-for-this-builder - -# The following hash is shown for structure, but should never be -# present in a commited file. This hash contains the secure usernames -# and passwords which are recognized by the buildmaster. At least one -# complete copy of this must be available to at least a single -# infrastructure maintainer in order to deploy the buildmaster. To -# re-iterate: never commit this hash under any circumstances, it is to -# be included from the secret/ directory and by default will be -# included from the 'secret/buildslave_credentials.yml' path. In -# order for this map to work correctly, the architecture must match -# exactly that of the builder that is performing the lookup as -# specified in the above list. For standards, use architecture -# identifiers as they would be printed by `xbps-uhelper arch`. - -# buildslave_credentials: -# username: password -# Where the username and password fields are as follows: -# username: name of the builder -# password: password to connect to the buildmaster with - diff --git a/ansible/roles/buildslave/tasks/main.yml b/ansible/roles/buildslave/tasks/main.yml deleted file mode 100644 index 3036b4b1..00000000 --- a/ansible/roles/buildslave/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: Disable BuildSlave - file: - path: "/var/service/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: absent - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- name: Remove Service Directories - file: - path: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: absent - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- name: Uninstall BuildBot Slave and Dependencies - xbps: - pkg: - - buildbot-slave - - git - state: absent - -- name: Remove Buildslave user ({{ buildslave_user}}) - user: - name: "{{ buildslave_user }}" - state: absent - remove: true - -- name: Remove Buildsync user ({{ buildslave_sync_user }}) - user: - name: "{{ buildslave_sync_user }}" - state: absent - remove: true - when: buildslave_isremote - -- name: Remove Builder Directories - file: - path: "/{{ buildslave_rootdir }}" - state: absent - -- include_vars: secret/buildslave_credentials.yml - -- name: Unconfigure local build mirror - file: - path: /etc/xbps.d/99-local-repository.conf - state: absent - when: buildslave_zone in buildmaster_remote_zones - -- name: Remove sudo policy - file: - path: /etc/sudoers.d/buildslave - state: absent diff --git a/ansible/roles/buildslave/templates/admin.j2 b/ansible/roles/buildslave/templates/admin.j2 deleted file mode 100644 index 8f0ebe43..00000000 --- a/ansible/roles/buildslave/templates/admin.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ buildslave_zones[buildslave_zone].admin.name }} <{{ buildslave_zones[buildslave_zone].admin.mail }}> diff --git a/ansible/roles/buildslave/templates/buildbot.tac.j2 b/ansible/roles/buildslave/templates/buildbot.tac.j2 deleted file mode 100644 index 3fb30477..00000000 --- a/ansible/roles/buildslave/templates/buildbot.tac.j2 +++ /dev/null @@ -1,42 +0,0 @@ -import os - -from buildslave.bot import BuildSlave -from twisted.application import service - -basedir = '{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach)}}' -rotateLength = 10000000 -maxRotatedFiles = 10 - -# if this is a relocatable tac file, get the directory containing the TAC -if basedir == '.': - import os.path - basedir = os.path.abspath(os.path.dirname(__file__)) - -# note: this line is matched against to check that this is a buildslave -# directory; do not edit it. -application = service.Application('buildslave') - -try: - from twisted.python.logfile import LogFile - from twisted.python.log import ILogObserver, FileLogObserver - logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, - maxRotatedFiles=maxRotatedFiles) - application.setComponent(ILogObserver, FileLogObserver(logfile).emit) -except ImportError: - # probably not yet twisted 8.2.0 and beyond, can't set log yet - pass - -buildmaster_host = '{{ buildslave_master }}' -port = 9989 -slavename = '{{ item.sname | default(item.name) }}' -passwd = '{{ buildslave_credentials[item.name] }}' -keepalive = 600 -usepty = 0 -umask = None -maxdelay = 300 -allow_shutdown = None - -s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir, - keepalive, usepty, umask=umask, maxdelay=maxdelay, - allow_shutdown=allow_shutdown) -s.setServiceParent(application) diff --git a/ansible/roles/buildslave/templates/buildslave.sudoers.j2 b/ansible/roles/buildslave/templates/buildslave.sudoers.j2 deleted file mode 100644 index adf58533..00000000 --- a/ansible/roles/buildslave/templates/buildslave.sudoers.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{% for buildbot in local_buildbots %} -%build-ops ALL=(ALL) NOPASSWD: /usr/bin/sv restart {{ buildbot.service_name | default('void-builder-' + buildbot.mach) }} -{% endfor %} -%build-ops ALL=({{ buildslave_user }}) ALL diff --git a/ansible/roles/buildslave/templates/host.j2 b/ansible/roles/buildslave/templates/host.j2 deleted file mode 100644 index e3872eed..00000000 --- a/ansible/roles/buildslave/templates/host.j2 +++ /dev/null @@ -1 +0,0 @@ -Void Linux builder for {{ item.mach }}. This builder is located in the {{ buildslave_zone }} zone. diff --git a/ansible/roles/buildslave/templates/info.j2 b/ansible/roles/buildslave/templates/info.j2 deleted file mode 100644 index 57dac54b..00000000 --- a/ansible/roles/buildslave/templates/info.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ item.info }} diff --git a/ansible/roles/buildslave/templates/local-repository.conf b/ansible/roles/buildslave/templates/local-repository.conf deleted file mode 100644 index 573edf56..00000000 --- a/ansible/roles/buildslave/templates/local-repository.conf +++ /dev/null @@ -1 +0,0 @@ -repository={{ buildslave_zones[buildslave_zone].xbps.hostdir | default('/hostdir/binpkgs') }} diff --git a/ansible/roles/buildslave/templates/run.j2 b/ansible/roles/buildslave/templates/run.j2 deleted file mode 100644 index 142a35fe..00000000 --- a/ansible/roles/buildslave/templates/run.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exec su --login {{ buildslave_user }} -c 'buildslave start --nodaemon "{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}"' diff --git a/ansible/roles/buildslave/templates/xbps-src.conf.j2 b/ansible/roles/buildslave/templates/xbps-src.conf.j2 deleted file mode 100644 index b65f927c..00000000 --- a/ansible/roles/buildslave/templates/xbps-src.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -XBPS_MAKEJOBS={{ buildslave_zones[buildslave_zone].xbps.makejobs | default(4) }} -XBPS_CCACHE={{ buildslave_zones[buildslave_zone].xbps.ccache | default("yes") }} -XBPS_DEBUG_PKGS={{ buildslave_zones[buildslave_zone].xbps.debugpkgs | default("yes") }} -XBPS_CHROOT_CMD={{ buildslave_zones[buildslave_zone].xbps.chrootcmd | default("uchroot") }} -XBPS_USE_GIT_REVS={{ buildslave_zones[buildslave_zone].xbps.gitrevs | default("yes") }} -XBPS_DISTFILES_MIRROR="{{ buildslave_zones[buildslave_zone].xbps.distfiles_mirror | default('https://sources.voidlinux.org/') }}" -XBPS_PRESERVE_PKGS="yes" diff --git a/ansible/secret/README.md b/ansible/secret/README.md index f396e7ea..15663fb7 100644 --- a/ansible/secret/README.md +++ b/ansible/secret/README.md @@ -7,46 +7,6 @@ CONTAIN RESTRICTED INFORMATION. ## Description of Files - * `buildmaster_github_secret`: Secret that GitHub will send to the - buildbot to validate the authenticity of its event stream. - * `buildmaster_github_webhook_password`: Secret that GitHub must - supply to access the webhook provided by the buildbot. - * `buildmaster_signing_key`: Master repository signing key for xbps - to sign the repository files. - * `buildmaster_signing_keyphrase`: Passphrase for the signing key - defined above. - * `buildmaster_slave_reposync_private`: Private half of an SSH - keypair to be used for retreiving files from remote builders to - the root mirror. - * `buildmaster_slave_reposync_public`: Public half of an SSH - keypair to be used for retreiving files from remote builders to - the root mirror. - * `buildmaster_users.yml`: Data file defining the users and their - credentials to access the buildbot administrative interface. The - format is as follows: - - ```yaml - --- - buildmaster_users: - - name: maldridge - pass: 'password-with-special-chars' - ``` - - * `buildslave_credentials.yml`: Data file defining the machine - credentials used by the buildbot to log into remote buildbot - instances and invoke builds on them. The format is as follows: - - ```yaml - --- - buildslave_credentials: - x86_64-primary: "pure-random-bytes" - ``` - - The identifiers used in the map must match those provided in the - `group_vars/build.yml` file. - - * `known_hosts`: A known_hosts file in the correct format for SSH - which contains the host fingerprints for remote build machines. * `images.asc`: PGP public key associated with legacy installation images (Juan RP). * `void_image_key.asc`: PGP public key associated with legacy From f9fd12b56a3e8ec3cdd7e9325eb95a9efe773028 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 01:54:06 -0400 Subject: [PATCH 7/8] ansible: remove acmetool role --- .gitmodules | 3 -- .../host_vars/a-hel-fi.m.voidlinux.org.yml | 9 ------ ansible/roles/acmetool | 1 - ansible/roles/unacmetool/tasks/main.yml | 28 ------------------- 4 files changed, 41 deletions(-) delete mode 160000 ansible/roles/acmetool delete mode 100644 ansible/roles/unacmetool/tasks/main.yml diff --git a/.gitmodules b/.gitmodules index 79bbd96b..f33fcba8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,9 +7,6 @@ [submodule "roles/xbps-repoconf"] path = ansible/roles/xbps-repoconf url = git@github.com:void-ansible-roles/xbps-repoconf.git -[submodule "roles/acmetool"] - path = ansible/roles/acmetool - url = git@github.com:void-ansible-roles/acmetool.git [submodule "roles/mosh"] path = ansible/roles/mosh url = git@github.com:void-ansible-roles/mosh.git diff --git a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml index ee1d20c5..6771c685 100644 --- a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml +++ b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml @@ -17,15 +17,6 @@ sshd_AllowGroups: nginx_dhparam_bits: 2048 -acmetool: - sites: - - site: build.voidlinux.org - names: - - build.voidlinux.org - hostmaster_email: postmaster@voidlinux.org - services: - - nginx - nomad_host_volumes: - name: terrastate path: /nomad/terrastate diff --git a/ansible/roles/acmetool b/ansible/roles/acmetool deleted file mode 160000 index 0a4f6088..00000000 --- a/ansible/roles/acmetool +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 0a4f6088cccff6d888c2622e590250a580b6a0ff diff --git a/ansible/roles/unacmetool/tasks/main.yml b/ansible/roles/unacmetool/tasks/main.yml deleted file mode 100644 index a6d9eac1..00000000 --- a/ansible/roles/unacmetool/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Remove acmetool data root - file: - path: /var/lib/acme - state: absent - -- name: Remove renewal crontab - file: - path: /etc/cron.d/acmetool - state: absent - -- name: Remove acmetool firewall rules - file: - path: /etc/iptables.d/acmetool.rules - state: absent - notify: - - iptables - -- name: Remove Service Hooks - file: - path: /usr/libexec/acme/hooks/sv_restart - state: absent - when: acmetool.services is defined - -- name: Remove acmetool - xbps: - pkg: acmetool - state: absent From 6ac3f680bc495f1c02b4b9b5f86c720c7616707f Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Mon, 15 Jul 2024 02:08:07 -0400 Subject: [PATCH 8/8] ansible: remove nginx role --- .gitmodules | 3 -- ansible/group_vars/all.yml | 2 - ansible/group_vars/prod.yml | 4 -- .../host_vars/a-hel-fi.m.voidlinux.org.yml | 6 --- ansible/roles/nginx | 1 - ansible/roles/unnginx/tasks/main.yml | 37 ------------------- 6 files changed, 53 deletions(-) delete mode 160000 ansible/roles/nginx delete mode 100644 ansible/roles/unnginx/tasks/main.yml diff --git a/.gitmodules b/.gitmodules index f33fcba8..479faebc 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "roles/nginx"] - path = ansible/roles/nginx - url = git@github.com:void-ansible-roles/nginx.git [submodule "roles/sshd"] path = ansible/roles/sshd url = git@github.com:void-ansible-roles/sshd.git diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1a7625c0..78d3276b 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -26,5 +26,3 @@ network_forward_policy: ACCEPT network_static_dns_resolvers: - 127.0.0.1 - -nginx_bind_443: "{{void_aquire_certs}}" diff --git a/ansible/group_vars/prod.yml b/ansible/group_vars/prod.yml index 275c3de2..7fba425b 100644 --- a/ansible/group_vars/prod.yml +++ b/ansible/group_vars/prod.yml @@ -1,11 +1,7 @@ --- -void_aquire_certs: true - sshd_passwords: false sshd_challengeresponse: false -nginx_acme_challenge_path: /var/run/acme/acme-challenge/ - void_mesh: a-hel-fi.m.voidlinux.org: 192.168.99.100 b-lej-de.m.voidlinux.org: 192.168.99.101 diff --git a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml index 6771c685..f5225ff1 100644 --- a/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml +++ b/ansible/host_vars/a-hel-fi.m.voidlinux.org.yml @@ -15,8 +15,6 @@ network_static_interfaces: sshd_AllowGroups: - build-ops -nginx_dhparam_bits: 2048 - nomad_host_volumes: - name: terrastate path: /nomad/terrastate @@ -30,7 +28,3 @@ nomad_host_volumes: - name: ccache path: /hostdir/ccache read_only: true - -nomad_reserved_ports: - - 80 # Legacy nginx on this host - - 443 # Legacy nginx on this host diff --git a/ansible/roles/nginx b/ansible/roles/nginx deleted file mode 160000 index a4d54816..00000000 --- a/ansible/roles/nginx +++ /dev/null @@ -1 +0,0 @@ -Subproject commit a4d548166c7e8da544cc2018cf42ae938fb5ccbb diff --git a/ansible/roles/unnginx/tasks/main.yml b/ansible/roles/unnginx/tasks/main.yml deleted file mode 100644 index c0ea5cb4..00000000 --- a/ansible/roles/unnginx/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Create the webroot - file: - path: /srv/www - state: directory - owner: root - group: root - mode: 0755 - -- name: Disable nginx - runit: - name: nginx - enabled: false - -- name: Unconfigure nginx firewall rules - file: - path: /etc/iptables.d/nginx.rules - state: absent - notify: - - iptables - -- name: Unconfigure nginx firewall rules - file: - path: /etc/ip6tables.d/nginx.6rules - state: absent - notify: - - iptables - -- name: Remove nginx files - file: - path: /etc/nginx - state: absent - -- name: Remove nginx - xbps: - pkg: nginx - state: present