commit aadd6feb0302552da49eac8cae440c1510a436f3 Author: Nicolas Vigier boklm@torproject.org Date: Mon Mar 1 17:19:03 2021 +0100
Bug 40244: Remove tools/ansible/roles/tbb-nightly-build --- tools/ansible/Makefile | 3 - tools/ansible/README | 8 -- tools/ansible/boklm-tbb-nightly-build.yml | 10 -- tools/ansible/group_vars/boklm-tbb-nightly/dma.yml | 9 -- .../boklm-tbb-nightly/tbb-nightly-build.yml | 6 - tools/ansible/inventory | 4 - .../roles/tbb-nightly-build/defaults/main.yml | 13 -- .../roles/tbb-nightly-build/files/prune-old-builds | 136 --------------------- .../roles/tbb-nightly-build/handlers/main.yml | 5 - .../ansible/roles/tbb-nightly-build/tasks/main.yml | 99 --------------- .../roles/tbb-nightly-build/templates/nginx.conf | 20 --- .../tbb-nightly-build/templates/rbm.local.conf | 114 ----------------- .../tbb-nightly-build/templates/start-tbb-nightly | 5 - .../tbb-nightly-build.auth_basic_user_file | 1 - .../tbb-nightly-build/templates/testsuite-config | 34 ------ .../tbb-nightly-build/templates/www-index.html | 10 -- .../vaulted_vars/boklm-tbb-nightly/dma-auth.yml | 10 -- 17 files changed, 487 deletions(-)
diff --git a/tools/ansible/Makefile b/tools/ansible/Makefile index ea63a44..608f932 100644 --- a/tools/ansible/Makefile +++ b/tools/ansible/Makefile @@ -3,6 +3,3 @@ ansible-tbb-build:
fpcentral: ANSIBLE_CONFIG='$(@D)/ansible-fpcentral.cfg' ansible-playbook -i inventory --ask-become-pass fpcentral.yml - -boklm-tbb-nightly-build: - ansible-playbook --vault-password-file=~/ansible-vault/boklm-tbb-nightly -i inventory boklm-tbb-nightly-build.yml diff --git a/tools/ansible/README b/tools/ansible/README index 6056372..2cdcfcb 100644 --- a/tools/ansible/README +++ b/tools/ansible/README @@ -17,14 +17,6 @@ fpcentral: you need to be in the fpcentral tpo ldap group. Your ldap password will be asked, to sudo to the fpcentral user.
-boklm-tbb-nightly-build: - This target is used by boklm to deploy a nightly build machine. If - anybody else wants to set up their own nightly builds, it is possible to - do it by adding a new host to the inventory file and making copies of - group_vars/boklm-tbb-nightly/ and boklm-tbb-nightly-build.yml. - For more details, see also this ticket: - https://trac.torproject.org/projects/tor/ticket/33948 -
Adding, removing, updating users on the Tor Browser team build machine ====================================================================== diff --git a/tools/ansible/boklm-tbb-nightly-build.yml b/tools/ansible/boklm-tbb-nightly-build.yml deleted file mode 100644 index dd9e1dc..0000000 --- a/tools/ansible/boklm-tbb-nightly-build.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- hosts: boklm-tbb-nightly-build - roles: - - role: tbb-builder - - role: tbb-nightly-build - - role: unattended-upgrades - - role: mta - vars_files: - - vaulted_vars/boklm-tbb-nightly/dma-auth.yml diff --git a/tools/ansible/group_vars/boklm-tbb-nightly/dma.yml b/tools/ansible/group_vars/boklm-tbb-nightly/dma.yml deleted file mode 100644 index 0148da5..0000000 --- a/tools/ansible/group_vars/boklm-tbb-nightly/dma.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -dma_conf: | - SMARTHOST mail.riseup.net - PORT 587 - AUTHPATH /etc/dma/auth.conf - SECURETRANSFER - STARTTLS - MAILNAME /etc/mailname - MASQUERADE boklm-tbb-nightly@riseup.net diff --git a/tools/ansible/group_vars/boklm-tbb-nightly/tbb-nightly-build.yml b/tools/ansible/group_vars/boklm-tbb-nightly/tbb-nightly-build.yml deleted file mode 100644 index 6addb1d..0000000 --- a/tools/ansible/group_vars/boklm-tbb-nightly/tbb-nightly-build.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -nightly_build_hostname: f4amtbsowhix7rrf.onion -nightly_build_url: 'http://%7B%7B nightly_build_hostname }}' -nightly_build_email_from: "'Tor Browser Nightly Builds (boklm) boklm-tbb-nightly@riseup.net'," -nightly_build_email_to: "[ 'boklm@torproject.org', 'gk@torproject.org', 'sysrqb@torproject.org', ]," -nightly_build_sign_build: 1 diff --git a/tools/ansible/inventory b/tools/ansible/inventory index fc25842..32a5805 100644 --- a/tools/ansible/inventory +++ b/tools/ansible/inventory @@ -1,12 +1,8 @@ build-sunet-a ansible_ssh_user=root ansible_ssh_host=build-sunet-a.torproject.net fpcentral ansible_become=True ansible_become_method=sudo ansible_become_user=fpcentral ansible_ssh_host=forrestii.torproject.org allow_world_readable_tmpfiles=True -boklm-tbb-nightly-build ansible_ssh_user=root ansible_become_method=su
[tbb-build] build-sunet-a
[fpcentral] fpcentral - -[boklm-tbb-nightly] -boklm-tbb-nightly-build diff --git a/tools/ansible/roles/tbb-nightly-build/defaults/main.yml b/tools/ansible/roles/tbb-nightly-build/defaults/main.yml deleted file mode 100644 index 1e45b1a..0000000 --- a/tools/ansible/roles/tbb-nightly-build/defaults/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -nightly_build_user: tbb-nightly -nightly_build_cron_hour: 2 -nightly_build_cron_minute: 20 -nightly_build_keep_builds: 3 -testsuite_dir: "/home/{{ nightly_build_user }}/tbb-testsuite" -testsuite_git_url: https://git.torproject.org/tor-browser-bundle-testsuite.git -testsuite_git_commit: 71bce1264f10e8f184095aad54cf27e81f56a7a4 -nightly_build_wwwdir: "/home/{{ nightly_build_user }}/www" -nightly_build_nginx_enable: true -nightly_build_nginx_listen: 127.0.0.1:80 -nightly_build_nginx_auth_basic_enable: true -nightly_build_nginx_auth_basic_content: tor-guest:ezmjAG/jVTat. diff --git a/tools/ansible/roles/tbb-nightly-build/files/prune-old-builds b/tools/ansible/roles/tbb-nightly-build/files/prune-old-builds deleted file mode 100755 index 852a9da..0000000 --- a/tools/ansible/roles/tbb-nightly-build/files/prune-old-builds +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/perl -w - -# Copyright (c) 2019, The Tor Project, Inc. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# * Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following disclaimer -# in the documentation and/or other materials provided with the -# distribution. -# -# * Neither the names of the copyright owners nor the names of its -# contributors may be used to endorse or promote products derived from -# this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -# 'prune-old-builds' is a script to prune old builds. -# -# -# Usage: -# $ ./prune-old-builds [options] <directory> -# -# -# Available options: -# -# --dry-run -# Don't delete anything, but say what would be deleted. -# -# --prefix <prefix> -# Prefix of the directories to be removed. Default is 'tbb-nightly.'. -# -# --separator <c> -# Separator character to separate the year, month, day in the directory -# names. Default is '.'. -# -# --days <n> -# Number of days that we should keep. Default is 6. -# -# --weeks <n> -# Number of monday builds that we should keep. Default is 3. -# -# --months <n> -# Number of 1st day of the month builds that we should keep. -# Default is 3. - -use strict; -use Getopt::Long; -use DateTime; -use DateTime::Duration; -use File::Path qw(remove_tree); - -my %options = ( - days => 6, - weeks => 3, - months => 3, - prefix => 'tbb-nightly.', - separator => '.', -); - -sub keep_builds { - my %res; - - my $day = DateTime::Duration->new(days => 1); - my $week = DateTime::Duration->new(weeks => 1); - my $month = DateTime::Duration->new(months => 1); - - my $n = $options{days}; - my $dt = DateTime->now; - while ($n) { - $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; - $dt = $dt - $day; - $n--; - } - - my $w = $options{weeks}; - while ($dt->day_of_week != 1) { - $dt = $dt - $day; - } - while ($w) { - $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; - $dt = $dt - $week; - $w--; - } - - my $m = $options{months}; - $dt = DateTime->now; - while ($dt->day != 1) { - $dt = $dt - $day; - } - while ($m) { - $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; - $dt = $dt - $month; - $m--; - } - - return %res; -} - -sub clean_directory { - my ($directory) = @_; - my $k = keep_builds; - chdir $directory || die "Error entering $directory"; - foreach my $file (glob "$options{prefix}*") { - next unless $file =~ m/^$options{prefix}\d{4}$options{separator}\d{2}$options{separator}\d{2}$/; - next if $k->{$file}; - if ($options{'dry-run'}) { - print "Would remove $file\n"; - } else { - remove_tree($file); - } - } -} - -my @opts = qw(days=i weeks=i months=i prefix=s dry-run!); -Getopt::Long::GetOptions(%options, @opts); -die "Missing argument: directory to clean" unless @ARGV; -foreach my $dir (@ARGV) { - clean_directory($dir); -} diff --git a/tools/ansible/roles/tbb-nightly-build/handlers/main.yml b/tools/ansible/roles/tbb-nightly-build/handlers/main.yml deleted file mode 100644 index 3350d73..0000000 --- a/tools/ansible/roles/tbb-nightly-build/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart nginx - service: - name: nginx - state: restarted diff --git a/tools/ansible/roles/tbb-nightly-build/tasks/main.yml b/tools/ansible/roles/tbb-nightly-build/tasks/main.yml deleted file mode 100644 index d5254b6..0000000 --- a/tools/ansible/roles/tbb-nightly-build/tasks/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -- name: create tbb-nightly user - user: - name: "{{ nightly_build_user }}" - comment: "Tor Browser Nightly Builds" - groups: tbb-build - createhome: yes - home: "/home/{{ nightly_build_user }}" - -- name: clone tor browser testsuite - become: yes - become_user: "{{ nightly_build_user }}" - git: - repo: "{{ testsuite_git_url }}" - dest: "{{ testsuite_dir }}" - version: "{{ testsuite_git_commit }}" - -- name: install testsuite dependencies - command: "{{ testsuite_dir }}/install-deps" - -- name: add testsuite config - template: - src: testsuite-config - dest: "{{ testsuite_dir }}/config/tbb-nightly" - mode: 0644 - owner: "{{ nightly_build_user }}" - -- name: create rbm-config directory - file: - path: '{{ testsuite_dir }}/rbm-config/' - state: directory - owner: '{{ nightly_build_user }}' - mode: 0755 - -- name: add rbm config - template: - src: rbm.local.conf - dest: "{{ testsuite_dir }}/rbm-config/tbb-nightly.rbm.local.conf" - mode: 0644 - owner: "{{ nightly_build_user }}" - -- name: prune-old-builds - copy: - src: prune-old-builds - dest: "/home/{{ nightly_build_user }}/prune-old-builds" - mode: 0755 - owner: "{{ nightly_build_user }}" - -- name: add start-tbb-nightly script - template: - src: start-tbb-nightly - dest: "/home/{{ nightly_build_user }}/start-tbb-nightly" - mode: 0755 - owner: "{{ nightly_build_user }}" - -- name: add cron to start nighly build - cron: - name: tbb-nightly-build - user: "{{ nightly_build_user }}" - hour: "{{ nightly_build_cron_hour }}" - minute: "{{ nightly_build_cron_minute }}" - job: "/home/{{ nightly_build_user }}/start-tbb-nightly" - -- name: create wwwdir - file: - path: '{{ nightly_build_wwwdir }}' - state: directory - owner: '{{ nightly_build_user }}' - mode: 0755 - -- name: add index page - template: - src: www-index.html - dest: "{{ nightly_build_wwwdir }}/index.html" - mode: 0644 - owner: "{{ nightly_build_user }}" - -- name: create tbb-nightly-build.auth_basic_user_file - template: - src: tbb-nightly-build.auth_basic_user_file - dest: /etc/nginx/tbb-nightly-build.auth_basic_user_file - mode: 0644 - owner: root - when: nightly_build_nginx_auth_basic_enable - -- name: install nginx - apt: - name: nginx - state: present - when: nightly_build_nginx_enable - -- name: add nginx config - template: - src: nginx.conf - dest: /etc/nginx/sites-enabled/tbb-nightly-build - mode: 0644 - notify: - - restart nginx - when: nightly_build_nginx_enable diff --git a/tools/ansible/roles/tbb-nightly-build/templates/nginx.conf b/tools/ansible/roles/tbb-nightly-build/templates/nginx.conf deleted file mode 100644 index 62ca8e3..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/nginx.conf +++ /dev/null @@ -1,20 +0,0 @@ -server { - listen {{ nightly_build_nginx_listen }}; - server_name {{ nightly_build_hostname }}; - root {{ nightly_build_wwwdir }}; - index index.html; - location / { - try_files $uri $uri/ =404; - } - location /reports { - alias {{ testsuite_dir }}/reports; - } - location /tor-browser-builds { - alias {{ testsuite_dir }}/tor-browser-builds; - autoindex on; - {% if nightly_build_nginx_auth_basic_enable %} - auth_basic "Use tor-guest as username and password"; - auth_basic_user_file /etc/nginx/tbb-nightly-build.auth_basic_user_file; - {% endif %} - } -} diff --git a/tools/ansible/roles/tbb-nightly-build/templates/rbm.local.conf b/tools/ansible/roles/tbb-nightly-build/templates/rbm.local.conf deleted file mode 100644 index 4380480..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/rbm.local.conf +++ /dev/null @@ -1,114 +0,0 @@ ---- -### This file is used to override options from rbm.conf to adapt them -### to your local setup. -### -### Copy this file as rbm.local.conf to enable it, and uncomment the -### options you want to modify. - - -### The tmp_dir option defines where temporary files are stored. The -### builds are made from this directory, so using a directory on a fast -### disk can improve build time. By default we are using a tmp directory -### under the tor-browser-build directory. -#tmp_dir: /tmp - -### The debug option defines whether a debugging shell should be opened -### automatically in the build directory/container in case of build -### failure. If you are doing automated builds, you might want to disable -### this. -#debug: 0 - -### The build_log option defines in which file the build logs of each -### component are stored. If you set it to '-' the logs are output on -### stdout and stderr. -#build_log: '-' - -### By default, the logs from previous builds are kept in the log files. -### If you set build_log_append to 0, then previous logs are cleaned -### when starting a new build. -#build_log_append: 0 - -buildconf: - buildconf: 1 - - ### The buildconf/num_procs option can be used to select the number of - ### build processes to run simultaneously. You can also use the - ### RBM_NUM_PROCS environment variable. The default is 4. - #num_procs: 8 - - ### The buildconf/git_signtag_opt option is useful when you tag a release. - ### It is used to set the 'git tag' argument to select the keyid for - ### signing the tag. - #git_signtag_opt: '-u keyid' - -var: - local_conf: 1 - - ### The var/sign_build option defines if you want to sign the - ### sha256sums-unsigned-build.txt and - ### sha256sums-unsigned-build.incrementals.txt files with gpg. - {% if nightly_build_sign_build is defined %}sign_build: {{ nightly_build_sign_build }}{% endif %} - - - ### The var/sign_build_gpg_opts option can be used to define some gpg - ### options to select the key to use to sign the sha256sums-unsigned-build.txt - ### and sha256sums-unsigned-build.incrementals.txt files. - #sign_build_gpg_opts: '--local-user XXXXXXXX' - - ### The clean configuration is used by the cleaning script to find the - ### branches and build targets you are using, to compute the list of - ### files that should be kept. - ### - ### If you only do alpha builds for all platforms, you can use the - ### following configuration: - clean: - HEAD: - - project: release - target: - - nightly - - torbrowser-all - # - ### If you are doing 'release' builds in the maint-7.0 branch and - ### 'alpha' builds in the master branch, you can use the following - ### configuration: - #clean: - # master: - # - project: release - # target: - # - alpha - # - torbrowser-all - # maint-7.0: - # - project: release - # target: - # - release - # - torbrowser-all - -targets: - - ### testbuild is based on alpha by default. Uncomment this if you want it - ### to be based on nightly. - #torbrowser-testbuild: - # - testbuild - # - nightly - - testbuild: - var: - testbuild: 1 - - ### Uncomment this if you want to create mar files in your test build. - #build_mar: 1 - - nightly: - - ### By default 'fetch' is set to 1 for nightly builds, meaning that new - ### commits will be fetched automatically during each build. You can - ### disable this during development if you want to do rebuilds to test - ### a specific change, but don't want rebuilds caused by unrelated - ### changes, or if you want to decide at which point new commits are - ### fetched. When 'fetch' is set to 'if_needed', new commits will only - ### be fetched if the selected commit (or branch, or tag) is not present, - ### which means that existing branches won't be updated. In that case - ### you can fetch new commits by running 'make fetch'. - fetch: 'if_needed' - -# vim: filetype=yaml sw=2 diff --git a/tools/ansible/roles/tbb-nightly-build/templates/start-tbb-nightly b/tools/ansible/roles/tbb-nightly-build/templates/start-tbb-nightly deleted file mode 100644 index fafc1d9..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/start-tbb-nightly +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -cd {{ testsuite_dir }} -export RBM_NO_DEBUG=1 -./tbb-testsuite --config=tbb-nightly "$@" -/home/{{ nightly_build_user }}/prune-old-builds --days {{ nightly_build_keep_builds }} ./tor-browser-builds diff --git a/tools/ansible/roles/tbb-nightly-build/templates/tbb-nightly-build.auth_basic_user_file b/tools/ansible/roles/tbb-nightly-build/templates/tbb-nightly-build.auth_basic_user_file deleted file mode 100644 index 45d673c..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/tbb-nightly-build.auth_basic_user_file +++ /dev/null @@ -1 +0,0 @@ -{{ nightly_build_nginx_auth_basic_content }} diff --git a/tools/ansible/roles/tbb-nightly-build/templates/testsuite-config b/tools/ansible/roles/tbb-nightly-build/templates/testsuite-config deleted file mode 100644 index 90b08ac..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/testsuite-config +++ /dev/null @@ -1,34 +0,0 @@ -# vim: filetype=perl expandtab -use strict; -use FindBin; -use DateTime; -use TBBTestSuite::TestSuite::TorBrowserBuild; - -my $date = DateTime->now->ymd; -my $tbb_version = 'tbb-nightly.' . DateTime->now->ymd('.'); -my $name = "tor-browser-$date"; - -if (-d "$options->{'reports-dir'}/r/$name") { - print "Doing nothing: $name already done\n"; - return ( args => [] ); -} - -my $testsuite = TBBTestSuite::TestSuite::TorBrowserBuild->new({ - tbb_version => $tbb_version, - publish_dir => "$FindBin::Bin/tor-browser-builds/$tbb_version", - publish_url => "{{ nightly_build_url }}/tor-browser-builds/$tbb_version", - rbm_local_conf => "$FindBin::Bin/rbm-config/tbb-nightly.rbm.local.conf", - make_clean => 1, - }); - -my %res = ( - name => $name, - args => [ $testsuite ], - tags => [ 'nightly' ], - 'reports-url' => '{{ nightly_build_url }}/reports/', - 'email-subject' => '[build result: [% success ? "ok" : "failed" %]] [% options.name %]', - {% if nightly_build_email_to is defined %}'email-report' => 1,{% endif %} - {% if nightly_build_email_to is defined %}'email-to' => {{ nightly_build_email_to }}{% endif %} - {% if nightly_build_email_from is defined %}'email-from' => {{ nightly_build_email_from }}{% endif %} -); -%res; diff --git a/tools/ansible/roles/tbb-nightly-build/templates/www-index.html b/tools/ansible/roles/tbb-nightly-build/templates/www-index.html deleted file mode 100644 index 05050d8..0000000 --- a/tools/ansible/roles/tbb-nightly-build/templates/www-index.html +++ /dev/null @@ -1,10 +0,0 @@ -<html> -<head> - <title>Tor Browser Nightly Builds</title> -</head> -<body> - <h1>Tor Browser Nightly Builds</title> - <a href="reports/"><h3>Build Reports</h3></a> - <a href="tor-browser-builds/"><h3>Build files</h3></a> -</body> -</html> diff --git a/tools/ansible/vaulted_vars/boklm-tbb-nightly/dma-auth.yml b/tools/ansible/vaulted_vars/boklm-tbb-nightly/dma-auth.yml deleted file mode 100644 index 254291c..0000000 --- a/tools/ansible/vaulted_vars/boklm-tbb-nightly/dma-auth.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64353537366566623534653938363036396164303631616138313130663766626463303034336564 -6339346639633765383534653561646366626665393333340a343533636436333838633039363265 -33393762363563323338356634396137393466616336326337323761643332363438313735646135 -6633326462616261310a663738306463613237326164663533326230316662333935333361636334 -61336433633964643631653230633861393131646532666536653738376261386535356636666262 -30303761333230623662323037376130386134373939613861343233363038636464623132363135 -66386532346165303839346563383934633462386534383330636432356166666238383332353930 -39316439653733376239343661373265303033323237366132366161316535636165336539333130 -3033