commit 513da8008078851501da2e4e9c2d91c4fbfdb5bf Author: Nicolas Vigier boklm@torproject.org Date: Mon Apr 27 22:59:20 2020 +0200
Bug 33952: Add instructions related to build-sunet-a.torproject.net
Add instructions for adding/removing/updating users on build-sunet-a.torproject.net as well as installing new packages.
We also update the tbb-team role to make it possible to remove users.
While updating the README file we also add a link for more details about setting up a new nightly build machine. --- tools/ansible/README | 38 ++++++++++++++++++++++++-- tools/ansible/roles/tbb-team/defaults/main.yml | 1 + tools/ansible/roles/tbb-team/tasks/main.yml | 7 +++++ 3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/tools/ansible/README b/tools/ansible/README index dc69ad7..6056372 100644 --- a/tools/ansible/README +++ b/tools/ansible/README @@ -1,4 +1,4 @@ -This directory contains some ansible script that we use to setup some +This directory contains some ansible script that we use to set up some machines that we use for Tor Browser development.
To deploy some changes you need the ansible package to be installed on @@ -9,7 +9,8 @@ You can then use one of the following makefile targets:
ansible-tbb-build: Deploy changes to the machine used by Tor Browser team members to do - some Tor Browser builds. + some Tor Browser builds. See below for more details about adding, + removing and updating users on this machine.
fpcentral: Deploy fpcentral to forrestii.torproject.org. To be able to run this @@ -21,4 +22,37 @@ boklm-tbb-nightly-build: anybody else wants to set up their own nightly builds, it is possible to do it by adding a new host to the inventory file and making copies of group_vars/boklm-tbb-nightly/ and boklm-tbb-nightly-build.yml. + For more details, see also this ticket: + https://trac.torproject.org/projects/tor/ticket/33948 + + +Adding, removing, updating users on the Tor Browser team build machine +====================================================================== + +The tbb-build.yml playbook is used to set up the Tor Browser team build +machine (build-sunet-a.torproject.net). + +To add a new user: + + - add the new username to roles/tbb-team/defaults/main.yml + - add the ssh key file to roles/tbb-team/files/${username}.pub + - run "make ansible-tbb-build" + +To update the ssh key for an existing user: + - update roles/tbb-team/files/${username}.pub + - run "make ansible-tbb-build" + +To remove a user and their home directory from the build machine: + - in roles/tbb-team/defaults/main.yml, move the user from + tbb_team_members to tbb_team_alums + - remove roles/tbb-team/files/${username}.pub + - run "make ansible-tbb-build" + +To install additional packages you can add them to +roles/tbb-builder/tasks/main.yml if they are necessary to build +Tor Browser, or to roles/useful-packages/tasks/main.yml otherwise. + +If you don't want to apply the changes directly, but first want to check +what would be the changes done by ansible, you can edit the ansible-playbook +command in the Makefile to add the --check argument.
diff --git a/tools/ansible/roles/tbb-team/defaults/main.yml b/tools/ansible/roles/tbb-team/defaults/main.yml index 4ce9c03..75a1db5 100644 --- a/tools/ansible/roles/tbb-team/defaults/main.yml +++ b/tools/ansible/roles/tbb-team/defaults/main.yml @@ -8,3 +8,4 @@ tbb_team_members: - mikeperry - pospeselr - sukhbir +tbb_team_alums: [] diff --git a/tools/ansible/roles/tbb-team/tasks/main.yml b/tools/ansible/roles/tbb-team/tasks/main.yml index 5cc5755..8e63416 100644 --- a/tools/ansible/roles/tbb-team/tasks/main.yml +++ b/tools/ansible/roles/tbb-team/tasks/main.yml @@ -13,3 +13,10 @@ state: present key: "{{ lookup('file', item + '.pub') }}" with_items: "{{ tbb_team_members }}" + +- name: Remove tbb-team alums users + user: + name: "{{ item }}" + state: absent + remove: yes + with_items: "{{ tbb_team_alums }}"