[tor-commits] [tor-browser-build/master] Bug 33952: Add instructions related to build-sunet-a.torproject.net
gk at torproject.org
gk at torproject.org
Wed Apr 29 15:39:47 UTC 2020
commit 513da8008078851501da2e4e9c2d91c4fbfdb5bf
Author: Nicolas Vigier <boklm at torproject.org>
Date: Mon Apr 27 22:59:20 2020 +0200
Bug 33952: Add instructions related to build-sunet-a.torproject.net
Add instructions for adding/removing/updating users on
build-sunet-a.torproject.net as well as installing new packages.
We also update the tbb-team role to make it possible to remove users.
While updating the README file we also add a link for more details about
setting up a new nightly build machine.
---
tools/ansible/README | 38 ++++++++++++++++++++++++--
tools/ansible/roles/tbb-team/defaults/main.yml | 1 +
tools/ansible/roles/tbb-team/tasks/main.yml | 7 +++++
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/tools/ansible/README b/tools/ansible/README
index dc69ad7..6056372 100644
--- a/tools/ansible/README
+++ b/tools/ansible/README
@@ -1,4 +1,4 @@
-This directory contains some ansible script that we use to setup some
+This directory contains some ansible script that we use to set up some
machines that we use for Tor Browser development.
To deploy some changes you need the ansible package to be installed on
@@ -9,7 +9,8 @@ You can then use one of the following makefile targets:
ansible-tbb-build:
Deploy changes to the machine used by Tor Browser team members to do
- some Tor Browser builds.
+ some Tor Browser builds. See below for more details about adding,
+ removing and updating users on this machine.
fpcentral:
Deploy fpcentral to forrestii.torproject.org. To be able to run this
@@ -21,4 +22,37 @@ boklm-tbb-nightly-build:
anybody else wants to set up their own nightly builds, it is possible to
do it by adding a new host to the inventory file and making copies of
group_vars/boklm-tbb-nightly/ and boklm-tbb-nightly-build.yml.
+ For more details, see also this ticket:
+ https://trac.torproject.org/projects/tor/ticket/33948
+
+
+Adding, removing, updating users on the Tor Browser team build machine
+======================================================================
+
+The tbb-build.yml playbook is used to set up the Tor Browser team build
+machine (build-sunet-a.torproject.net).
+
+To add a new user:
+
+ - add the new username to roles/tbb-team/defaults/main.yml
+ - add the ssh key file to roles/tbb-team/files/${username}.pub
+ - run "make ansible-tbb-build"
+
+To update the ssh key for an existing user:
+ - update roles/tbb-team/files/${username}.pub
+ - run "make ansible-tbb-build"
+
+To remove a user and their home directory from the build machine:
+ - in roles/tbb-team/defaults/main.yml, move the user from
+ tbb_team_members to tbb_team_alums
+ - remove roles/tbb-team/files/${username}.pub
+ - run "make ansible-tbb-build"
+
+To install additional packages you can add them to
+roles/tbb-builder/tasks/main.yml if they are necessary to build
+Tor Browser, or to roles/useful-packages/tasks/main.yml otherwise.
+
+If you don't want to apply the changes directly, but first want to check
+what would be the changes done by ansible, you can edit the ansible-playbook
+command in the Makefile to add the --check argument.
diff --git a/tools/ansible/roles/tbb-team/defaults/main.yml b/tools/ansible/roles/tbb-team/defaults/main.yml
index 4ce9c03..75a1db5 100644
--- a/tools/ansible/roles/tbb-team/defaults/main.yml
+++ b/tools/ansible/roles/tbb-team/defaults/main.yml
@@ -8,3 +8,4 @@ tbb_team_members:
- mikeperry
- pospeselr
- sukhbir
+tbb_team_alums: []
diff --git a/tools/ansible/roles/tbb-team/tasks/main.yml b/tools/ansible/roles/tbb-team/tasks/main.yml
index 5cc5755..8e63416 100644
--- a/tools/ansible/roles/tbb-team/tasks/main.yml
+++ b/tools/ansible/roles/tbb-team/tasks/main.yml
@@ -13,3 +13,10 @@
state: present
key: "{{ lookup('file', item + '.pub') }}"
with_items: "{{ tbb_team_members }}"
+
+- name: Remove tbb-team alums users
+ user:
+ name: "{{ item }}"
+ state: absent
+ remove: yes
+ with_items: "{{ tbb_team_alums }}"
More information about the tor-commits
mailing list