diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-12-10 17:39:34 +0200 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-12-10 17:39:34 +0200 |
commit | a3fcdd723de848c799956090e2ae0f6a78d9c88d (patch) | |
tree | 258328823aee4e473442f44381d6de7052d1fb6b | |
parent | 46a314296e00307f9fb18fb050597d17804aa239 (diff) |
Ansible deployment moved to https://git.linaro.org/infrastructure/linaro-jenkins-tools.git
40 files changed, 0 insertions, 913 deletions
diff --git a/ansible-deploy/README b/ansible-deploy/README deleted file mode 100644 index 02ea923..0000000 --- a/ansible-deploy/README +++ /dev/null @@ -1,22 +0,0 @@ -This directory contains proof-of-concept scripts for deploying Jenkins & -Android Build infrastructure using Ansible http://www.ansibleworks.com/ . - -So far, only deployment to local Vagrant VM was tested: - -1. Create new VM with: - - vagrant up - -2. Check which hosts are targetted by the deployment process: - - ansible-playbook -i hosts-devel -l "rdk-ci:&vagrant" site.yml --list-hosts - -Verify that this is consistent with your expectations - -3. Deploy infrastructure: - - ansible-playbook -i hosts-devel -l "rdk-ci:&vagrant" site.yml - -Add -v for verboseness, repeat for more. Use other *.yml to deploy just parts -of infrastructure (e.g. jenkins.yml will deploy just Jenkins service with -dependencies like Apache). diff --git a/ansible-deploy/Vagrantfile b/ansible-deploy/Vagrantfile deleted file mode 100644 index 9c3caa4..0000000 --- a/ansible-deploy/Vagrantfile +++ /dev/null @@ -1,104 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# -# This is vagrant config file for local VM setup of android-build -# - -Vagrant::Config.run do |config| - # All Vagrant configuration is done here. The most common configuration - # options are documented and commented below. For a complete reference, - # please see the online documentation at vagrantup.com. - - # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "precise32" - - # The url from where the 'config.vm.box' box will be fetched if it - # doesn't already exist on the user's system. - # config.vm.box_url = "http://domain.com/path/to/above.box" - - # Boot with a GUI so you can see the screen. (Default is headless) - config.vm.boot_mode = :gui - - # Assign this VM to a host-only network IP, allowing you to access it - # via the IP. Host-only networks can talk to the host machine as well as - # any other machines on the same network, but cannot be accessed (through this - # network interface) by any external networks. - # config.vm.network :hostonly, "192.168.33.10" - - # Assign this VM to a bridged network, allowing you to connect directly to a - # network using the host's network device. This makes the VM appear as another - # physical device on your network. - # config.vm.network :bridged - - # Forward a port from the guest to the host, which allows for outside - # computers to access the VM, whereas host only networking does not. - config.vm.forward_port 80, 6080 - config.vm.forward_port 443, 6443 - - # Share an additional folder to the guest VM. The first argument is - # an identifier, the second is the path on the guest to mount the - # folder, and the third is the path on the host to the actual folder. - # config.vm.share_folder "v-data", "/vagrant_data", "../data" - - # Enable provisioning with Puppet stand alone. Puppet manifests - # are contained in a directory path relative to this Vagrantfile. - # You will need to create the manifests directory and a manifest in - # the file base.pp in the manifests_path directory. - # - # An example Puppet manifest to provision the message of the day: - # - # # group { "puppet": - # # ensure => "present", - # # } - # # - # # File { owner => 0, group => 0, mode => 0644 } - # # - # # file { '/etc/motd': - # # content => "Welcome to your Vagrant-built virtual machine! - # # Managed by Puppet.\n" - # # } - # - # config.vm.provision :puppet do |puppet| - # puppet.manifests_path = "manifests" - # puppet.manifest_file = "base.pp" - # end - - # Enable provisioning with chef solo, specifying a cookbooks path, roles - # path, and data_bags path (all relative to this Vagrantfile), and adding - # some recipes and/or roles. - # - # config.vm.provision :chef_solo do |chef| - # chef.cookbooks_path = "../my-recipes/cookbooks" - # chef.roles_path = "../my-recipes/roles" - # chef.data_bags_path = "../my-recipes/data_bags" - # chef.add_recipe "mysql" - # chef.add_role "web" - # - # # You may also specify custom JSON attributes: - # chef.json = { :mysql_password => "foo" } - # end - - # Enable provisioning with chef server, specifying the chef server URL, - # and the path to the validation key (relative to this Vagrantfile). - # - # The Opscode Platform uses HTTPS. Substitute your organization for - # ORGNAME in the URL and validation key. - # - # If you have your own Chef Server, use the appropriate URL, which may be - # HTTP instead of HTTPS depending on your configuration. Also change the - # validation key to validation.pem. - # - # config.vm.provision :chef_client do |chef| - # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" - # chef.validation_key_path = "ORGNAME-validator.pem" - # end - # - # If you're using the Opscode platform, your validator client is - # ORGNAME-validator, replacing ORGNAME with your organization name. - # - # IF you have your own Chef Server, the default validation client name is - # chef-validator, unless you changed the configuration. - # - # chef.validation_client_name = "ORGNAME-validator" -end diff --git a/ansible-deploy/files/android-build.linaro.org b/ansible-deploy/files/android-build.linaro.org deleted file mode 100644 index e61c21d..0000000 --- a/ansible-deploy/files/android-build.linaro.org +++ /dev/null @@ -1,81 +0,0 @@ -<VirtualHost _default_:443> - ServerAdmin webmaster@localhost - ServerName android-build.linaro.org - <Proxy *> - Order deny,allow - Allow from all - </Proxy> - - RewriteEngine on - RewriteRule ^/builds/~([a-z][-a-z0-9]+)/([-A-Za-z0-9_.]+)/([0-9]+)/output(.*) http://127.0.0.1:600/$1_$2/builds/$3/archive$4 [L,P] - RewriteRule ^/builds/~([a-z][-a-z0-9]+)/([-A-Za-z0-9_.]+)/lastSuccessful/output(.*) http://127.0.0.1:600/$1_$2/lastSuccessful/archive$3 [L,P] - RewriteRule ^/mockup(.*) $1 [R=301] - - ProxyPass /jenkins http://localhost:8080/jenkins - ProxyPassReverse /jenkins http://localhost:8080/jenkins - - Alias /static /home/build-system-frontend/frontend/static - Alias /3.3.0/build /home/build-system-frontend/yui/build - - WSGIScriptAlias /combo /home/build-system-frontend/lazr-js/combo.wsgi - WSGIScriptAlias / /home/build-system-frontend/frontend/linaro-abs-frontend.wsgi - - <LocationMatch "/(3.3.0/build|combo)"> - SetOutputFilter DEFLATE - FileETag none - ExpiresActive on - ExpiresDefault "access plus 10 years" - Header append Cache-Control "public" - </LocationMatch> - - SSLEngine on - SSLCertificateFile /etc/ssl/private/android-build.linaro.org.crt - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown -</VirtualHost> - -<VirtualHost 127.0.0.1:600> - ServerAdmin webmaster@localhost - ServerName android-build.linaro.org - DocumentRoot /var/lib/jenkins/jobs -</VirtualHost> - -<VirtualHost _default_:80> - ServerAdmin webmaster@localhost - ServerName android-build.linaro.org - Alias /download/ /var/lib/jenkins/jobs/ - # Provide shortcut URLs to access artifacts - AliasMatch ^/builds/~([^/]+)/([^/]+)/(lastStable|lastSuccessful)(.*) /var/lib/jenkins/jobs/$1_$2/$3/archive/build/out$4 - AliasMatch ^/builds/~([^/]+)/([^/]+)/([^/]+)(.*) /var/lib/jenkins/jobs/$1_$2/builds/$3/archive/build/out$4 - <Directory "/var/lib/jenkins/jobs/"> - Options Indexes MultiViews FollowSymLinks - AllowOverride None - </Directory> - Alias /seed/ /mnt2/seed/ - <Directory "/mnt2/seed/"> - Options Indexes MultiViews FollowSymLinks - AllowOverride None -# Order deny,allow -# Deny from all -# Allow from 127.0.0.0/8 ::1/128 10.0.0.0/8 - </Directory> - -# RewriteLog /var/log/apache2/mod_rewrite_log -# RewriteLogLevel 3 - - RewriteEngine on - RewriteCond %{REQUEST_URI} !^/(download|seed|builds) - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [redirect=301,last] - # Allow to access everything in /builds/* - RewriteCond %{REQUEST_URI} ^/builds/ - RewriteRule .* - [last] - # Allow to access XMLs in build artifact archives - RewriteCond %{REQUEST_URI} .+/archive/.+\.xml$ - RewriteRule .* - [last] - # But disallow access any other XMLs (e.g. configs) - RewriteCond %{REQUEST_URI} .+\.xml$ - RewriteRule .* - [forbidden] -</VirtualHost> diff --git a/ansible-deploy/files/jenkins b/ansible-deploy/files/jenkins deleted file mode 100644 index eede3e7..0000000 --- a/ansible-deploy/files/jenkins +++ /dev/null @@ -1,36 +0,0 @@ -<VirtualHost *:80> - ServerAdmin webmaster@localhost - ServerName {{site_name}} - ServerName {{inventory_hostname}} -# ServerAlias rdk.ci - ProxyRequests Off - <Proxy *> - Order deny,allow - Allow from all - </Proxy> - ProxyPreserveHost on - ProxyPass / http://localhost:8080/ - - RewriteEngine on - ReWriteCond %{SERVER_PORT} !^443$ - RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] -</VirtualHost> - -<VirtualHost *:443> - ServerAdmin webmaster@localhost - ServerName {{site_name}} - ServerName {{inventory_hostname}} -# ServerAlias rdk.ci - ProxyRequests Off - <Proxy *> - Order deny,allow - Allow from all - </Proxy> - ProxyPreserveHost off - ProxyPass / http://localhost:8080/ - ProxyPassReverse / http://localhost:8080/ - - SSLEngine on - SSLCertificateFile {{ssl_cert}} - SSLCertificateKeyFile {{ssl_key}} -</VirtualHost> diff --git a/ansible-deploy/files/jenkins_users.xml b/ansible-deploy/files/jenkins_users.xml deleted file mode 100644 index c3c4cb5..0000000 --- a/ansible-deploy/files/jenkins_users.xml +++ /dev/null @@ -1,6 +0,0 @@ - <permission>hudson.model.Hudson.Read:frontend</permission> - <permission>hudson.model.Item.Build:frontend</permission> - <permission>hudson.model.Item.Configure:frontend</permission> - <permission>hudson.model.Item.Create:frontend</permission> - <permission>hudson.model.Item.Delete:frontend</permission> - <permission>hudson.model.Item.Read:frontend</permission> diff --git a/ansible-deploy/filter_plugins/custom_plugins.py b/ansible-deploy/filter_plugins/custom_plugins.py deleted file mode 100644 index 45a2031..0000000 --- a/ansible-deploy/filter_plugins/custom_plugins.py +++ /dev/null @@ -1,17 +0,0 @@ -import hashlib - - -class FilterModule(object): - ''' Custom filters are loaded by FilterModule objects ''' - - def filters(self): - return { - 'jenkins_hash': self.jenkins_hash, - } - - def jenkins_hash(self, value): - # TODO: generate salt randomly - salt = "salt" - h = hashlib.sha256() - h.update("%s{%s}" % (value, salt)) - return salt + ":" + h.hexdigest() diff --git a/ansible-deploy/frontend.yml b/ansible-deploy/frontend.yml deleted file mode 100644 index 0d41040..0000000 --- a/ansible-deploy/frontend.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: frontend - gather_facts: no - vars: - - linaro_android_frontend_repo: lp:linaro-android-frontend - - linaro_android_frontend_rev: 337 - vars_files: - - ../ansible-private-vars/main.yml - roles: - - common - - jenkins-user - - frontend diff --git a/ansible-deploy/group_vars/all b/ansible-deploy/group_vars/all deleted file mode 100644 index 290d329..0000000 --- a/ansible-deploy/group_vars/all +++ /dev/null @@ -1,5 +0,0 @@ -# These are global variables, applying to every play ---- -# The path is relative to roles' main.yml file. Do not use in non-role tasks! -# TODO: Ansible really should provide var for top-level playbook dir -cred_store: ../../../../ansible-credentials/{{inventory_hostname}}_{{ansible_ssh_port}} diff --git a/ansible-deploy/group_vars/ec2 b/ansible-deploy/group_vars/ec2 deleted file mode 100644 index a187b39..0000000 --- a/ansible-deploy/group_vars/ec2 +++ /dev/null @@ -1 +0,0 @@ -ansible_ssh_user: ubuntu diff --git a/ansible-deploy/group_vars/vagrant b/ansible-deploy/group_vars/vagrant deleted file mode 100644 index 04b66b1..0000000 --- a/ansible-deploy/group_vars/vagrant +++ /dev/null @@ -1,2 +0,0 @@ -ansible_ssh_user: vagrant -ansible_ssh_pass: vagrant diff --git a/ansible-deploy/host_vars/tcwg.ci.linaro.org b/ansible-deploy/host_vars/tcwg.ci.linaro.org deleted file mode 100644 index c5a41e0..0000000 --- a/ansible-deploy/host_vars/tcwg.ci.linaro.org +++ /dev/null @@ -1,5 +0,0 @@ -# Until DNS set up -ansible_ssh_host: 50.19.223.142 - -# Block device to use for Jenkins jobs storage -job_store_dev: /dev/xvdc diff --git a/ansible-deploy/hosts-devel b/ansible-deploy/hosts-devel deleted file mode 100644 index a0b73d0..0000000 --- a/ansible-deploy/hosts-devel +++ /dev/null @@ -1,24 +0,0 @@ -[vagrant] -localhost:2222 - -[ec2-devel] -#ec2-54-196-47-13.compute-1.amazonaws.com -ec2-174-129-179-83.compute-1.amazonaws.com - -[ec2:children] -ec2-devel - -[devel:children] -vagrant -ec2-devel - -[android-build:children] -devel - -[rdk-ci:children] -devel - -[jenkins-generic:children] -android-build -rdk-ci - diff --git a/ansible-deploy/hosts-prod b/ansible-deploy/hosts-prod deleted file mode 100644 index 3cd4ea0..0000000 --- a/ansible-deploy/hosts-prod +++ /dev/null @@ -1,26 +0,0 @@ -[android-build] -android-build.linaro.org - -[ci] -ci.linaro.org - -[rdk-ci] -rdk.ci.linaro.org - -[tcwg-ci] -tcwg.ci.linaro.org - -# All individual services are based on jenkins-generic -[jenkins-generic:children] -android-build -ci -rdk-ci -tcwg-ci - -# Superset of all services -[production:children] -jenkins-generic - -# All production sites are ec2 -[ec2:children] -production diff --git a/ansible-deploy/jenkins-ec2-dirs.yml b/ansible-deploy/jenkins-ec2-dirs.yml deleted file mode 100644 index 623df0b..0000000 --- a/ansible-deploy/jenkins-ec2-dirs.yml +++ /dev/null @@ -1,21 +0,0 @@ -# This play sets up production Jenkins partition/directory structure ---- -- hosts: production:&ec2 - gather_facts: no - tasks: - - name: Prepare jobs volume mount point - file: state=directory dest=/mnt2 - sudo: yes - - name: Add jobs volume mount point to /etc/fstab - mount: state=mounted src={{job_store_dev}} name=/mnt2 fstype=auto passno=2 - sudo: yes - - name: Prepare jobs volume directory structure - file: state=directory dest=/mnt2/jenkins/jobs - sudo: yes - - name: Prepare Jenkins jobs bind mount point - file: state=directory dest=/var/lib/jenkins/jobs - sudo: yes - - name: Add Jenkins jobs bind mount point to /etc/fstab - mount: state=mounted src=/mnt2/jenkins/jobs name=/var/lib/jenkins/jobs - fstype=none opts="defaults,bind" passno=0 - sudo: yes diff --git a/ansible-deploy/jenkins.yml b/ansible-deploy/jenkins.yml deleted file mode 100644 index 7fb7ae4..0000000 --- a/ansible-deploy/jenkins.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- hosts: jenkins-generic - gather_facts: no - vars: - - linaro_android_build_tools_repo: lp:linaro-android-build-tools - - linaro_android_build_tools_rev: 676 - - jenkins_version: 1.509.3 - - ssl_cert: /etc/ssl/certs/{{site_name}}.crt - - ssl_key: /etc/ssl/private/{{site_name}}.key - - private_vars: ../ansible-private-vars/main.yml - - jenkins_extra_users: files/jenkins_users.xml - # "native" or "crowd" - - jenkins_auth: crowd - vars_files: - # Include private settings only if they exist - not all modes need - # them (e.g. jenkins_auth: native). - # Following construct works as: find first file which exists and use it. - - ["{{private_vars}}", "vars/empty.yml"] - roles: - - common - - apache - - sslcert - - jenkins - - {role: apache-site, config: "jenkins"} - tasks: - - name: Check out linaro-android-build-tools - bzr: name={{linaro_android_build_tools_repo}} version={{linaro_android_build_tools_rev}} dest=~/linaro-android-build-tools diff --git a/ansible-deploy/new_publish.yml b/ansible-deploy/new_publish.yml deleted file mode 100644 index 3edd6f1..0000000 --- a/ansible-deploy/new_publish.yml +++ /dev/null @@ -1,46 +0,0 @@ -# Note: older development, not ported to fit with new plays! ---- -- hosts: publishing - gather_facts: no - connection: local - user: root - vars: - - root: '' - - publish_home: $root/mnt/publish - # not ideal - - keys_dir: $publish_home - tasks: - - name: Create top-level publishing dir - # Home dir must be owned by root for ssh ChrootDirectory to work - file: dest=$publish_home state=directory mode=0755 owner=root group=root - - name: Create publish group - group: name=publish state=present - - name: Create publish-copy user - user: name=publish-copy comment='Publishing - transfer user' - group=publish home=$publish_home - generate_ssh_key=yes - ssh_key_file=$keys_dir/publish-copy - - name: Create publish-trigger user - user: name=publish-trigger comment='Publishing - trigger user' - group=publish home=$publish_home - generate_ssh_key=yes - ssh_key_file=$keys_dir/publish-trigger - - name: Create upload dir - # Actual uploads will happen to this dir - # publish-copy should have write access there, publish-trigger - # generally only read (cleanup can be handled by cronjob) - file: dest=$publish_home/uploads state=directory mode=0755 owner=publish-copy group=publish - - - - name: Create /etc/ssh/user-authorized-keys/ - file: dest=$root/etc/ssh/user-authorized-keys/ state=directory mode=0755 owner=root group=root - - - name: Setup publish-copy user SSH restrictions - template: src=templates/publish-copy.j2 - dest=$root/etc/ssh/user-authorized-keys/publish-copy - owner=root group=root mode=0644 - - - name: Setup publish-trigger user SSH restrictions - template: src=templates/publish-trigger.j2 - dest=$root/etc/ssh/user-authorized-keys/publish-trigger - owner=root group=root mode=0644 diff --git a/ansible-deploy/reposeed.yml b/ansible-deploy/reposeed.yml deleted file mode 100644 index 3239f38..0000000 --- a/ansible-deploy/reposeed.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: reposeed - gather_facts: no - roles: - - common - - reposeed diff --git a/ansible-deploy/roles/apache-site/tasks/main.yml b/ansible-deploy/roles/apache-site/tasks/main.yml deleted file mode 100644 index 7d6d7b6..0000000 --- a/ansible-deploy/roles/apache-site/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install Apache site config - template: src=files/{{config}} dest=/etc/apache2/sites-available/{{config}} - sudo: yes - notify: - - Restart Apache -- name: Enable site config - command: a2ensite {{config}} creates=/etc/apache2/sites-enabled/{{config}} - sudo: yes - notify: - - Restart Apache diff --git a/ansible-deploy/roles/apache/tasks/main.yml b/ansible-deploy/roles/apache/tasks/main.yml deleted file mode 100644 index 2db8e3a..0000000 --- a/ansible-deploy/roles/apache/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Install Apache2 - apt: pkg={{item}} - sudo: yes - with_items: - - apache2 -- name: Enable Apache modules - command: a2enmod {{item}} creates=/etc/apache2/mods-enabled/{{item}}.load - sudo: yes - with_items: - - proxy - - proxy_http - - headers - - rewrite - - expires - - ssl diff --git a/ansible-deploy/roles/common/handlers/main.yml b/ansible-deploy/roles/common/handlers/main.yml deleted file mode 100644 index 604dd7f..0000000 --- a/ansible-deploy/roles/common/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Restart Apache - service: name=apache2 state=restarted - sudo: yes diff --git a/ansible-deploy/roles/common/tasks/main.yml b/ansible-deploy/roles/common/tasks/main.yml deleted file mode 100644 index e0409be..0000000 --- a/ansible-deploy/roles/common/tasks/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: apt-get update - apt: update_cache=yes - sudo: yes - -- name: Install base packages - apt: pkg={{item}} - sudo: yes - with_items: - - bzr - - git-core - - gnupg - - make diff --git a/ansible-deploy/roles/frontend/tasks/main.yml b/ansible-deploy/roles/frontend/tasks/main.yml deleted file mode 100644 index ec46071..0000000 --- a/ansible-deploy/roles/frontend/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ -- name: Install Frontend package dependencies - apt: pkg={{item}} - sudo: yes - with_items: - - libapache2-mod-wsgi - - python-virtualenv - - python-lxml - - python-openid - - tidy - - unzip - - python-cssutils - - python-lxml - - sqlite3 - # ?? - - python-pycurl - -- name: Create frontend user - user: name=build-system-frontend comment="Android Build Frontend" - sudo: yes - -- name: Create Frontend var dir - file: state=directory path=/var/lib/linaro-abs-frontend/ owner=www-data - sudo: yes - -- name: Install Frontend/Jenkins auth password - copy: content={{ lookup('password', cred_store + '/jenkins/frontend') }} - dest=/var/lib/linaro-abs-frontend/jenkins-password mode=0640 - sudo_user: www-data - sudo: yes - -- name: Check out Frontend - bzr: name={{linaro_android_frontend_repo}} version={{linaro_android_frontend_rev}} dest=~/frontend-{{linaro_android_frontend_rev}} - sudo_user: build-system-frontend - sudo: yes -- name: Create Frontend current version symlink - file: state=link src=~/frontend-{{linaro_android_frontend_rev}}/ dest=~/frontend - sudo_user: build-system-frontend - sudo: yes - -- name: Install Frontend - shell: cd ~/frontend; make - sudo_user: build-system-frontend - sudo: yes - -- name: Create production config - # TODO: actually replace SECRET_KEY - template: src=settings_prod.py dest=~build-system-frontend/ mode=0640 owner=build-system-frontend group=www-data - sudo: yes - notify: - - Restart Apache -- name: Create config symlink - # wart: relative symlinks not supported - file: state=link src=~/settings_prod.py dest=~/frontend/settings_prod.py - sudo_user: build-system-frontend - sudo: yes -- name: Create DB - shell: cd ~build-system-frontend/frontend; ./bin/manage syncdb --noinput --settings settings_prod - sudo_user: www-data - sudo: yes - # Fixture is automatically installed by syncdb - #sudo -u www-data ./bin/manage loaddata --settings settings_prod group-fixture.json - -- name: Download YUI3 - get_url: url=http://yui.zenfs.com/releases/yui3/yui_3.3.0.zip dest=~/yui_3.3.0.zip - sudo_user: build-system-frontend - sudo: yes - register: download_yui3 -- name: Extract YUI3 - shell: cd ~; unzip -o -q yui_3.3.0.zip - sudo_user: build-system-frontend - sudo: yes - when: download_yui3.changed -- name: Checkout patched lazr-js - bzr: name=lp:~mwhudson/lazr-js/combo-mod_wsgi-config dest=~/lazr-js - # version=? - sudo_user: build-system-frontend - sudo: yes -- name: Setup lazr-js - file: state=directory path=~/lazr-js/{{item}} - with_items: - - build/3.3.0 - - build/gallery - sudo_user: build-system-frontend - sudo: yes -- name: Setup lazr-js 2 - file: state=link src=~/yui/build/ dest=~/lazr-js/build/3.3.0/build - sudo_user: build-system-frontend - sudo: yes -- name: Setup lazr-js 3 - file: state=directory path=~/lazr-js/build/gallery/{{item}} - with_items: - - gallery-overlay-extras - - gallery-outside-events - - gallery-base64 - sudo_user: build-system-frontend - sudo: yes -- name: Fetch YUI gallery components - get_url: url=http://yui.yahooapis.com/combo?gallery-2010.12.16-18-24/build/{{item}}/{{item}}-min.js - dest=~/lazr-js/build/gallery/{{item}}/{{item}}-min.js - with_items: - - gallery-overlay-extras - - gallery-outside-events - - gallery-base64 - sudo_user: build-system-frontend - sudo: yes diff --git a/ansible-deploy/roles/frontend/templates/settings_prod.py b/ansible-deploy/roles/frontend/templates/settings_prod.py deleted file mode 100644 index be8b199..0000000 --- a/ansible-deploy/roles/frontend/templates/settings_prod.py +++ /dev/null @@ -1,17 +0,0 @@ -from settings import * - -MEDIA_URL = '/static/' - -DATABASES['default']['NAME'] = '/var/lib/linaro-abs-frontend/session.db' - -FRONTEND_JENKINS_USER = 'frontend' -FRONTEND_JENKINS_PASSWORD = open('/var/lib/linaro-abs-frontend/jenkins-password').read().strip() - -{% if frontend_auth == "openid" %} -LOGIN_URL = '/openid/login/' -{% elif frontend_auth == "crowd" %} -AUTH_CROWD_APPLICATION_USER = '{{crowd_user}}' -AUTH_CROWD_APPLICATION_PASSWORD = '{{crowd_passwd}}' -{% endif %} - -SECRET_KEY = "{{ lookup('password', cred_store + '/frontend/django_secret_key') }}" diff --git a/ansible-deploy/roles/frontend/vars/main.yml b/ansible-deploy/roles/frontend/vars/main.yml deleted file mode 100644 index e927a04..0000000 --- a/ansible-deploy/roles/frontend/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -# "crowd" or "openid" -frontend_auth: crowd diff --git a/ansible-deploy/roles/jenkins-user/tasks/main.yml b/ansible-deploy/roles/jenkins-user/tasks/main.yml deleted file mode 100644 index 13abbfc..0000000 --- a/ansible-deploy/roles/jenkins-user/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Create Jenkins "frontend" user dir - file: state=directory dest=/var/lib/jenkins/users/frontend owner=jenkins - sudo: yes - -- name: Create Jenkins "frontend" user config - template: src=jenkins-config/users/frontend/config.xml - dest=/var/lib/jenkins/users/frontend/config.xml owner=jenkins - sudo: yes diff --git a/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml b/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml deleted file mode 100644 index 4ca3b9f..0000000 --- a/ansible-deploy/roles/jenkins-user/tasks/templates/jenkins-config/users/frontend/config.xml +++ /dev/null @@ -1,23 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<user> - <fullName>Linaro Cloud Buildd Frontend</fullName> - <properties> - <hudson.model.MyViewsProperty> - <primaryViewName>All</primaryViewName> - <views> - <hudson.model.AllView> - <owner class="hudson.model.MyViewsProperty" reference="../../.."/> - <name>All</name> - <filterExecutors>false</filterExecutors> - <filterQueue>false</filterQueue> - </hudson.model.AllView> - </views> - </hudson.model.MyViewsProperty> - <hudson.security.HudsonPrivateSecurityRealm_-Details> - <passwordHash>{{ lookup('password', cred_store + '/jenkins/frontend') | jenkins_hash }}</passwordHash> - </hudson.security.HudsonPrivateSecurityRealm_-Details> - <hudson.tasks.Mailer_-UserProperty> - <emailAddress>frontend@address.org</emailAddress> - </hudson.tasks.Mailer_-UserProperty> - </properties> -</user>
\ No newline at end of file diff --git a/ansible-deploy/roles/jenkins/files/jenkins-config/jobs/blank/config.xml b/ansible-deploy/roles/jenkins/files/jenkins-config/jobs/blank/config.xml deleted file mode 100644 index 72bc44e..0000000 --- a/ansible-deploy/roles/jenkins/files/jenkins-config/jobs/blank/config.xml +++ /dev/null @@ -1,40 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<project> - <actions/> - <description></description> - <keepDependencies>false</keepDependencies> - <properties> - <hudson.model.ParametersDefinitionProperty> - <parameterDefinitions> - <hudson.model.StringParameterDefinition> - <name>CONFIG</name> - <description></description> - <defaultValue></defaultValue> - </hudson.model.StringParameterDefinition> - </parameterDefinitions> - </hudson.model.ParametersDefinitionProperty> - </properties> - <scm class="hudson.scm.NullSCM"/> - <assignedNode>ec2</assignedNode> - <canRoam>false</canRoam> - <disabled>false</disabled> - <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding> - <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding> - <triggers class="vector"/> - <concurrentBuild>true</concurrentBuild> - <builders> - <hudson.tasks.Shell> - <command>rm -rf build-tools -bzr clone lp:linaro-android-build-tools build-tools -build-tools/node/build "$JENKINS_URL" "$CONFIG" -</command> - </hudson.tasks.Shell> - </builders> - <publishers> - <hudson.tasks.ArtifactArchiver> - <artifacts>build/out/target/*/*/*.img,build/out/target/*/*/*.tar.bz2,build/out/*.tar.bz2,build/out/*.xml</artifacts> - <latestOnly>false</latestOnly> - </hudson.tasks.ArtifactArchiver> - </publishers> - <buildWrappers/> -</project>
\ No newline at end of file diff --git a/ansible-deploy/roles/jenkins/files/jenkins-config/users/admin/config.xml b/ansible-deploy/roles/jenkins/files/jenkins-config/users/admin/config.xml deleted file mode 100644 index 4747f35..0000000 --- a/ansible-deploy/roles/jenkins/files/jenkins-config/users/admin/config.xml +++ /dev/null @@ -1,24 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<user> - <fullName>Jenkins Admin</fullName> - <properties> - <hudson.model.MyViewsProperty> - <primaryViewName>All</primaryViewName> - <views> - <hudson.model.AllView> - <owner class="hudson.model.MyViewsProperty" reference="../../.."/> - <name>All</name> - <filterExecutors>false</filterExecutors> - <filterQueue>false</filterQueue> - <properties class="hudson.model.View$PropertyList"/> - </hudson.model.AllView> - </views> - </hudson.model.MyViewsProperty> - <hudson.security.HudsonPrivateSecurityRealm_-Details> - <passwordHash>pmqdNw:4a3d61f112ade59bf1e53b2743de44ea68d165490a2b6936bd7ec8f314e43a86</passwordHash> - </hudson.security.HudsonPrivateSecurityRealm_-Details> - <hudson.tasks.Mailer_-UserProperty> - <emailAddress>admin@address.org</emailAddress> - </hudson.tasks.Mailer_-UserProperty> - </properties> -</user> diff --git a/ansible-deploy/roles/jenkins/handlers/main.yml b/ansible-deploy/roles/jenkins/handlers/main.yml deleted file mode 100644 index 183c2bb..0000000 --- a/ansible-deploy/roles/jenkins/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Restart Jenkins - service: name=jenkins state=restarted - sudo: yes - # Apache proxy module sees that Jenkins is gone and then - # goes into some timeout before reconnecting to it again. - # Restart forces reconnect ASAP. - notify: Restart Apache diff --git a/ansible-deploy/roles/jenkins/tasks/main.yml b/ansible-deploy/roles/jenkins/tasks/main.yml deleted file mode 100644 index 7587714..0000000 --- a/ansible-deploy/roles/jenkins/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ -- name: Verify Jenkins parameters - fail: msg="crowd_user and crowd_passwd should be defined in {{private_vars}}" - when: jenkins_auth == "crowd" and (crowd_user is not defined or crowd_passwd is not defined) - -- name: Install Jenkins dependency packages - apt: pkg={{item}} - sudo: yes - with_items: - - default-jre - - daemon -- name: Download Jenkins {{jenkins_version}} LTS package - get_url: url=http://pkg.jenkins-ci.org/debian-stable/binary/jenkins_{{jenkins_version}}_all.deb - dest=/tmp/jenkins_{{jenkins_version}}_all.deb -- name: Install Jenkins - command: dpkg -i --skip-same-version /tmp/jenkins_{{jenkins_version}}_all.deb - sudo: yes -- name: Configure Jenkins port - lineinfile: regexp="^HTTP_PORT=" line="HTTP_PORT=9090" dest=/etc/default/jenkins backup=yes - sudo: yes - when: jenkins_port != 8080 -- name: Configure Jenkins URL prefix - # Add --prefix= arg to existing args if not there yet - lineinfile: regexp='^JENKINS_ARGS=(?!.*--prefix=/jenkins)"?(.+?)"?$' - line='JENKINS_ARGS="\1 --prefix=/jenkins"' - dest=/etc/default/jenkins backrefs=yes - sudo: yes - when: jenkins_prefix != "/" - -#- name: Set up minimal Jenkins configuration skeleton -# # This requires recursive copy patch -# copy: backup=yes src=jenkins-config/ dest=/var/lib/jenkins/ owner=jenkins -# sudo: yes -# notify: -# - Restart Jenkins - -- name: Set up minimal Jenkins configuration skeleton 1 - file: state=directory dest=/var/lib/jenkins/{{item}} owner=jenkins - sudo: yes - with_items: - - users/admin/ - - jobs/blank/ - -- name: Set up minimal Jenkins configuration skeleton 2 - copy: backup=yes src=jenkins-config/{{item}} dest=/var/lib/jenkins/{{item}} owner=jenkins - sudo: yes - with_items: - - users/admin/config.xml - - jobs/blank/config.xml - notify: - - Restart Jenkins - -- name: Set up Jenkins config file - template: backup=yes src=jenkins-config/config.xml dest=/var/lib/jenkins/ owner=jenkins - sudo: yes - notify: - - Restart Jenkins -- name: Create Jenkins plugin dir - file: state=directory path=~jenkins/plugins/ owner=jenkins - sudo: yes -- name: Download Jenkins plugins - get_url: url={{item}} dest=~jenkins/plugins/ owner=jenkins - sudo: yes - with_items: jenkins_plugins - notify: - - Restart Jenkins - -- name: Create Jenkins external address config - template: src=jenkins-config/hudson.tasks.Mailer.xml - dest=/var/lib/jenkins/hudson.tasks.Mailer.xml owner=jenkins - sudo: yes diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml deleted file mode 100644 index 6a738dc..0000000 --- a/ansible-deploy/roles/jenkins/templates/jenkins-config/config.xml +++ /dev/null @@ -1,88 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<hudson> - <version>1.415</version> - <numExecutors>0</numExecutors> - <mode>NORMAL</mode> - <useSecurity>true</useSecurity> - <authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy"> - <permission>hudson.model.Hudson.Administer:admin</permission> - <permission>hudson.model.Hudson.Administer:jenkins-admins</permission> - <permission>hudson.model.Hudson.Read:anonymous</permission> - <permission>hudson.model.Item.Read:anonymous</permission> -{% include jenkins_extra_users %} - - </authorizationStrategy> -{% if jenkins_auth == "native" %} - <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> - <disableSignup>false</disableSignup> - </securityRealm> -{% elif jenkins_auth == "crowd" %} - <securityRealm class="de.theit.jenkins.crowd.CrowdSecurityRealm" plugin="crowd2@1.6-SNAPSHOT"> - <url>https://login.linaro.org:8443/crowd</url> - <applicationName>{{crowd_user}}</applicationName> - <password>{{crowd_passwd}}</password> - <group>linaro-login-users</group> - <nestedGroups>true</nestedGroups> - <useSSO>false</useSSO> - <sessionValidationInterval>10</sessionValidationInterval> - </securityRealm> -{% else %} - {{ fail("Unknown jenkins_auth value: " + jenkins_auth) }} -{% endif %} - <markupFormatter class="hudson.markup.RawHtmlMarkupFormatter"/> - <jdks/> - <viewsTabBar class="hudson.views.DefaultViewsTabBar"/> - <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/> - <clouds> - <hudson.plugins.ec2.EC2Cloud> - <name>ec2-US_EAST_1</name> - <accessId></accessId> - <secretKey>NSdfT2gW7whnbhkIpFcg4Q==</secretKey> - <privateKey> - <privateKey>NSdfT2gW7whnbhkIpFcg4Q==</privateKey> - </privateKey> - <instanceCap>10</instanceCap> - <templates> - <hudson.plugins.ec2.SlaveTemplate> - <ami>ami-68ad5201</ami> - <description>Natty Release 64bit Instance Store</description> - <remoteFS>/mnt/jenkins</remoteFS> - <sshPort></sshPort> - <type>XLARGE</type> - <labels>ec2 natty 64bit</labels> - <initScript>{ -apt-get update -apt-get install -y bzr -bzr clone lp:linaro-android-build-tools /tmp/build-tools -time /tmp/build-tools/node/root-setup-android-build-node -} 2>&1 | tee /tmp/instance-log.txt -</initScript> - <userData></userData> - <numExecutors>1</numExecutors> - <remoteAdmin>ubuntu</remoteAdmin> - <rootCommandPrefix>sudo</rootCommandPrefix> - <jvmopts></jvmopts> - </hudson.plugins.ec2.SlaveTemplate> - </templates> - <region>US_EAST_1</region> - </hudson.plugins.ec2.EC2Cloud> - </clouds> - <slaves/> - <quietPeriod>5</quietPeriod> - <scmCheckoutRetryCount>0</scmCheckoutRetryCount> - <views> - <hudson.model.AllView> - <owner class="hudson" reference="../../.."/> - <name>All</name> - <filterExecutors>false</filterExecutors> - <filterQueue>false</filterQueue> - <properties class="hudson.model.View$PropertyList"/> - </hudson.model.AllView> - </views> - <primaryView>All</primaryView> - <slaveAgentPort>-1</slaveAgentPort> - <label></label> - <nodeProperties/> - <globalNodeProperties/> - <disabledAdministrativeMonitors/> -</hudson> diff --git a/ansible-deploy/roles/jenkins/templates/jenkins-config/hudson.tasks.Mailer.xml b/ansible-deploy/roles/jenkins/templates/jenkins-config/hudson.tasks.Mailer.xml deleted file mode 100644 index 5b0b7c3..0000000 --- a/ansible-deploy/roles/jenkins/templates/jenkins-config/hudson.tasks.Mailer.xml +++ /dev/null @@ -1,7 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<hudson.tasks.Mailer_-DescriptorImpl> - <hudsonUrl>https://{{site_name}}/jenkins/</hudsonUrl> - <adminAddress>address not configured yet <nobody@nowhere></adminAddress> - <useSsl>false</useSsl> - <charset>UTF-8</charset> -</hudson.tasks.Mailer_-DescriptorImpl> diff --git a/ansible-deploy/roles/jenkins/vars/main.yml b/ansible-deploy/roles/jenkins/vars/main.yml deleted file mode 100644 index b5f7281..0000000 --- a/ansible-deploy/roles/jenkins/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -jenkins_port: 8080 -jenkins_prefix: "/" -jenkins_plugins: - - http://updates.jenkins-ci.org/download/plugins/ec2/1.18/ec2.hpi - - http://people.linaro.org/~paul.sokolovsky/jenkins/shell-status-20120125.hpi - - http://people.linaro.org/~paul.sokolovsky/jenkins/crowd2-1.6-SNAPSHOT-20130816.hpi - - http://updates.jenkins-ci.org/download/plugins/greenballs/1.12/greenballs.hpi - - http://updates.jenkins-ci.org/download/plugins/build-timeout/1.8/build-timeout.hpi diff --git a/ansible-deploy/roles/publishing/templates/publish-copy.j2 b/ansible-deploy/roles/publishing/templates/publish-copy.j2 deleted file mode 100644 index d840e5d..0000000 --- a/ansible-deploy/roles/publishing/templates/publish-copy.j2 +++ /dev/null @@ -1 +0,0 @@ -command="/usr/lib/sftp-server",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding {{ lookup('file', keys_dir + '/publish-copy.pub') }}
\ No newline at end of file diff --git a/ansible-deploy/roles/publishing/templates/publish-trigger.j2 b/ansible-deploy/roles/publishing/templates/publish-trigger.j2 deleted file mode 100644 index 37cc03a..0000000 --- a/ansible-deploy/roles/publishing/templates/publish-trigger.j2 +++ /dev/null @@ -1 +0,0 @@ -command="/home/ubuntu/new-publish/utils/new-publish/trigger ${SSH_ORIGINAL_COMMAND#* }",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding {{ lookup('file', keys_dir + '/publish-trigger.pub') }}
\ No newline at end of file diff --git a/ansible-deploy/roles/reposeed/tasks/main.yml b/ansible-deploy/roles/reposeed/tasks/main.yml deleted file mode 100644 index 774caff..0000000 --- a/ansible-deploy/roles/reposeed/tasks/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Create seed directory - file: state=directory path=/mnt2/seed - sudo: yes diff --git a/ansible-deploy/roles/sslcert/tasks/main.yml b/ansible-deploy/roles/sslcert/tasks/main.yml deleted file mode 100644 index eaf555e..0000000 --- a/ansible-deploy/roles/sslcert/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: Prepare OpenSSL config - template: src=ssleay.conf dest=/tmp/ -- name: Create self-signed SSL certificate - command: openssl req -config /tmp/ssleay.conf -new -x509 -days 3650 -nodes -out {{ssl_cert}} -keyout {{ssl_key}} - creates={{ssl_cert}} - sudo: yes - notify: - - Restart Apache -- name: Set permissions on certificate - file: path={{ssl_cert}} mode=600 - sudo: yes -- name: Set permissions on certificate key - file: path={{ssl_key}} mode=600 - sudo: yes diff --git a/ansible-deploy/roles/sslcert/templates/ssleay.conf b/ansible-deploy/roles/sslcert/templates/ssleay.conf deleted file mode 100644 index f333d5e..0000000 --- a/ansible-deploy/roles/sslcert/templates/ssleay.conf +++ /dev/null @@ -1,9 +0,0 @@ -RANDFILE = /dev/urandom -[req] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -prompt = no -policy = policy_anything -[req_distinguished_name] -commonName = {{site_name}} diff --git a/ansible-deploy/site.yml b/ansible-deploy/site.yml deleted file mode 100644 index bd2a790..0000000 --- a/ansible-deploy/site.yml +++ /dev/null @@ -1,5 +0,0 @@ -# Main site file - deploys everything ---- -- include: jenkins.yml -- include: frontend.yml -- include: reposeed.yml diff --git a/ansible-deploy/vars/empty.yml b/ansible-deploy/vars/empty.yml deleted file mode 100644 index 69c7f75..0000000 --- a/ansible-deploy/vars/empty.yml +++ /dev/null @@ -1 +0,0 @@ -__none__: __none__ |