diff --git a/roles/distgit/files/RepoAliases.header b/roles/distgit/files/RepoAliases.header deleted file mode 100644 index 3ecea867ff..0000000000 --- a/roles/distgit/files/RepoAliases.header +++ /dev/null @@ -1,8 +0,0 @@ -package RepoAliases; -use Exporter; -our @ISA= qw( Exporter ); -our @EXPORT_OK = qw( repo_aliases ); -sub repo_aliases { - return { -# Content auto-generated by genacls.sh... - diff --git a/roles/distgit/files/genacls.cron b/roles/distgit/files/genacls.cron deleted file mode 100644 index 91a657ab5d..0000000000 --- a/roles/distgit/files/genacls.cron +++ /dev/null @@ -1 +0,0 @@ -02 10 * * * root /usr/local/bin/genacls.sh diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 5e01e16bad..9e3030122c 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -5,20 +5,6 @@ # -- Common ---------------------------------------------- # This is very basic stuff that is needed by multiple of the next sections. -- name: install the needed packages - package: name={{item}} state=present - with_items: - - git - - httpd - - mod_ssl - - mod_auth_gssapi - - python-fedmsg-genacls - - /usr/sbin/semanage - - mod_auth_openidc - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - - name: Enable the mod_auth_openidc module on rhel8 copy: dest: /etc/dnf/modules.d/mod_auth_openidc.module @@ -28,7 +14,6 @@ stream=2.3 profiles= state=enabled - when: env == "staging" or datacenter == "iad2" - name: install the needed packages package: name={{item}} state=present @@ -39,7 +24,6 @@ - mod_auth_gssapi - /usr/sbin/semanage - mod_auth_openidc - when: env == "staging" or datacenter == "iad2" tags: - distgit @@ -252,146 +236,6 @@ - distgit - mass-branching -# -- Gitolite -------------------------------------------- -# This is the permission management for package maintainers, using Gitolite. -- name: create the /var/log/gitolite directory - file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: create the gen-acls group - group: name=gen-acls gid=417 state=present - tags: - - distgit - -- name: create the gen-acls user - user: > - name=gen-acls - comment="dummy system account for the gen-acls fedmsg job" - uid=417 - group=gen-acls - shell=/bin/bash - home=/srv/git - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: create the /etc/gitolite/conf directory - file: path=/etc/gitolite/conf owner=pagure group=pagure - state=directory mode=0755 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: create the /etc/gitolite/logs directory - file: path=/etc/gitolite/logs owner=pagure group=packager - state=directory mode=0775 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: create the /etc/gitolite/local/VREF directory - file: path=/etc/gitolite/local/VREF owner=pagure group=packager - state=directory mode=0775 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: create /etc/gitolite/gitolite.rc - template: src=gitolite.rc dest=/etc/gitolite/gitolite.rc - owner=root group=root mode=0755 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: Create the rpms symlink (should not be needed, might still be used by some old scripts) - command: ln -s /srv/git/repositories/ /srv/git/rpms - creates=/srv/git/rpms - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: Create the gitolite.rc symlink - command: ln -s /etc/gitolite/gitolite.rc /srv/git/.gitolite.rc - creates=/srv/git/.gitolite.rc - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: Create the gitolite configuration symlink - command: ln -s /etc/gitolite/ /srv/git/.gitolite - creates=/srv/git/.gitolite - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: Copy in RepoAliases.header - copy: src=RepoAliases.header dest=/etc/gitolite/RepoAliases.header - owner=root group=root mode=0755 - when: env != "staging" and datacenter != "iad2" - -- name: Create the update-block-push-origin symlink - command: ln -s /usr/share/git-core/update-block-push-origin /etc/gitolite/local/VREF/update-block-push-origin - creates=/etc/gitolite/local/VREF/update-block-push-origin - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: install the fedmsg configuration - template: src=fedmsg-genacls-config.py dest=/etc/fedmsg.d/genacls.py - owner=root group=root mode=0644 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - -- name: remove file pre-dating pagure over dist-git - file: path={{ item }} state=absent - with_items: - - /usr/local/bin/genacls.sh - - /etc/cron.d/genacls.cron - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: Get admin users - command: "/srv/web/infra/ansible/scripts/users-from-fas @sysadmin-main {{ admin_groups }}" - register: admin_user_list - check_mode: no - changed_when: "1 != 1" - run_once: True - delegate_to: localhost - tags: - - config - - distgit - -- name: Save the list the users having a shell access - template: src=gitolite_admins dest=/etc/gitolite/admins - owner=gen-acls group=packager mode=660 - when: env != "staging" and datacenter != "iad2" - tags: - - config - - distgit - -- name: Fix permissions on the Gitolite stuff - file: dest={{ item.name }} group=packager mode={{ item.mode }} state={{ item.state }} - with_items: - - {name: /etc/gitolite/hooks, mode: 770, state: directory} - - {name: /etc/gitolite/hooks/common, mode: 770, state: directory} - when: env != "staging" and datacenter != "iad2" - -- name: Fix permissions on the Gitolite stuff (touch update if it does not exist) - copy: content="" dest=/etc/gitolite/hooks/common/update force=no owner=root group=packager mode=0755 - when: env != "staging" and datacenter != "iad2" - tags: - - distgit - - config - # -- Lookaside Cache ------------------------------------- # This is the annex to Dist Git, where we host source tarballs. - name: install the Lookaside Cache httpd configs @@ -510,16 +354,8 @@ when: nfs_selinux_module is changed tags: selinux -- name: setup grokmirror for repos - package: name=python-grokmirror state=installed - when: env != "staging" and datacenter != "iad2" - tags: - - grokmirror - - pkgs - - name: setup grokmirror for repos package: name=python3-grokmirror state=installed - when: env == "staging" or datacenter == "iad2" tags: - grokmirror - pkgs diff --git a/roles/distgit/templates/fedmsg-genacls-config.py b/roles/distgit/templates/fedmsg-genacls-config.py deleted file mode 100644 index 419dcbd01c..0000000000 --- a/roles/distgit/templates/fedmsg-genacls-config.py +++ /dev/null @@ -1,12 +0,0 @@ -config = { - 'genacls.consumer.enabled': False, - 'genacls.consumer.delay': 5, # 5 seconds - - # New world - 'gitoliteprefix.consumer.enabled': True, - 'gitoliteprefix.consumer.delay': 5, # 5 seconds - 'gitoliteprefix.consumer.filename': '/var/tmp/gitolite-prefix.txt', - 'gitoliteprefix.consumer.fasurl': 'https://admin.fedoraproject.org/accounts', - 'gitoliteprefix.consumer.username': "{{ blockerbugs_fas_user }}", - 'gitoliteprefix.consumer.password': '{{ blockerbugs_fas_password }}', -} diff --git a/roles/distgit/templates/gitolite.rc b/roles/distgit/templates/gitolite.rc deleted file mode 100644 index e7ea639bb7..0000000000 --- a/roles/distgit/templates/gitolite.rc +++ /dev/null @@ -1,205 +0,0 @@ -# configuration variables for gitolite - -# This file is in perl syntax. But you do NOT need to know perl to edit it -- -# just mind the commas, use single quotes unless you know what you're doing, -# and make sure the brackets and braces stay matched up! - -# (Tip: perl allows a comma after the last item in a list also!) - -# HELP for commands can be had by running the command with "-h". - -# HELP for all the other FEATURES can be found in the documentation (look for -# "list of non-core programs shipped with gitolite" in the master index) or -# directly in the corresponding source file. - - -# Hack! -# Pull in our repo aliases generated by genacls.sh -use lib ('/etc/gitolite/'); -use RepoAliases qw( repo_aliases ); - -%RC = ( - - # ------------------------------------------------------------------ - HTTP_ANON_USER => 'ANONYMOUS_', - - # default umask gives you perms of '0700'; see the rc file docs for - # how/why you might change this - UMASK => 0002, - - # look for "git-config" in the documentation - GIT_CONFIG_KEYS => '', - - # comment out if you don't need all the extra detail in the logfile - LOG_EXTRA => 1, - # syslog options - # 1. leave this section as is for normal gitolite logging - # 2. uncomment this line to log only to syslog: - LOG_DEST => 'syslog', - # 3. uncomment this line to log to syslog and the normal gitolite log: - # LOG_DEST => 'syslog,normal', - - # roles. add more roles (like MANAGER, TESTER, ...) here. - # WARNING: if you make changes to this hash, you MUST run 'gitolite - # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' - ROLES => { - READERS => 1, - WRITERS => 1, - }, - - REPO_ALIASES => repo_aliases(), - - # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! - # CACHE => 'Redis', - - # ------------------------------------------------------------------ - - # rc variables used by various features - - # the 'info' command prints this as additional info, if it is set - # SITE_INFO => 'Please see http://blahblah/gitolite for more help', - - # the CpuTime feature uses these - # display user, system, and elapsed times to user after each git operation - # DISPLAY_CPU_TIME => 1, - # display a warning if total CPU times (u, s, cu, cs) crosses this limit - # CPU_TIME_WARN_LIMIT => 0.1, - - # the Mirroring feature needs this - # HOSTNAME => "foo", - - # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! - # CACHE_TTL => 600, - - # ------------------------------------------------------------------ - - # suggested locations for site-local gitolite code (see cust.html) - - # this one is managed directly on the server - LOCAL_CODE => "/etc/gitolite/local", - - # or you can use this, which lets you put everything in a subdirectory - # called "local" in your gitolite-admin repo. For a SECURITY WARNING - # on this, see http://gitolite.com/gitolite/non-core.html#pushcode - # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", - - # ------------------------------------------------------------------ - - # List of commands and features to enable - - ENABLE => [ - - # COMMANDS - - # These are the commands enabled by default - 'help', - 'desc', - 'info', - 'perms', - 'writable', - - # Uncomment or add new commands here. - # 'create', - # 'fork', - # 'mirror', - # 'readme', - # 'sskm', - # 'D', - - # These FEATURES are enabled by default. - - # essential (unless you're using smart-http mode) - 'ssh-authkeys', - - # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz' - 'git-config', - - # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out - # 'daemon', - - # creates projects.list file; if you don't use gitweb, comment this out - # 'gitweb', - - # These FEATURES are disabled by default; uncomment to enable. If you - # need to add new ones, ask on the mailing list :-) - - # user-visible behaviour - - # prevent wild repos auto-create on fetch/clone - # 'no-create-on-read', - # no auto-create at all (don't forget to enable the 'create' command!) - 'no-auto-create', - - # access a repo by another (possibly legacy) name - 'Alias', - - # give some users direct shell access. See documentation in - # sts.html for details on the following two choices. - # "Shell $ENV{HOME}/.gitolite.shell-users", - # 'Shell alice bob', - "Shell /etc/gitolite/admins", - - # set default roles from lines like 'option default.roles-1 = ...', etc. - # 'set-default-roles', - - # show more detailed messages on deny - # 'expand-deny-messages', - - # show a message of the day - # 'Motd', - - # system admin stuff - - # enable mirroring (don't forget to set the HOSTNAME too!) - # 'Mirroring', - - # allow people to submit pub files with more than one key in them - # 'ssh-authkeys-split', - - # selective read control hack - # 'partial-copy', - - # manage local, gitolite-controlled, copies of read-only upstream repos - # 'upstream', - - # updates 'description' file instead of 'gitweb.description' config item - 'cgit', - - # allow repo-specific hooks to be added - 'repo-specific-hooks', - - # performance, logging, monitoring... - - # be nice - # 'renice 10', - - # log CPU times (user, system, cumulative user, cumulative system) - # 'CpuTime', - - # syntactic_sugar for gitolite.conf and included files - - # allow backslash-escaped continuation lines in gitolite.conf - # 'continuation-lines', - - # create implicit user groups from directory names in keydir/ - # 'keysubdirs-as-groups', - - # allow simple line-oriented macros - # 'macros', - - # Kindergarten mode - - # disallow various things that sensible people shouldn't be doing anyway - # 'Kindergarten', - ], - -); - -# ------------------------------------------------------------------------------ -# per perl rules, this should be the last line in such a file: -1; - -# Local variables: -# mode: perl -# End: -# vim: set syn=perl: