Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

dist-git: clean up the playbook for the left over phx2 sections

Browse source 
Remove all the sections there were RHEL7/phx2/gitolite related
now that we're running on RHEL8 with python3 and all of its goodies

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This commit is contained in:
Pierre-Yves Chibon 2020-07-02 16:40:44 +02:00 committed by pingou
parent 5ced342e9e
commit 19ad9380b0
5 changed files with 0 additions and 390 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/distgit/files/RepoAliases.header
View file

@ -1,8 +0,0 @@
package RepoAliases;
use Exporter;
our @ISA= qw( Exporter );
our @EXPORT_OK = qw( repo_aliases );
sub repo_aliases {
return {
# Content auto-generated by genacls.sh...

1
roles/distgit/files/genacls.cron
View file

@ -1 +0,0 @@
02 10 * * * root /usr/local/bin/genacls.sh

164
roles/distgit/tasks/main.yml
View file

@ -5,20 +5,6 @@
# -- Common ---------------------------------------------- # -- Common ----------------------------------------------
# This is very basic stuff that is needed by multiple of the next sections. # This is very basic stuff that is needed by multiple of the next sections.
- name: install the needed packages
package: name={{item}} state=present
with_items:
- git
- httpd
- mod_ssl
- mod_auth_gssapi
- python-fedmsg-genacls
- /usr/sbin/semanage
- mod_auth_openidc
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: Enable the mod_auth_openidc module on rhel8 - name: Enable the mod_auth_openidc module on rhel8
copy: copy:
dest: /etc/dnf/modules.d/mod_auth_openidc.module dest: /etc/dnf/modules.d/mod_auth_openidc.module
@ -28,7 +14,6 @@
stream=2.3 stream=2.3
profiles= profiles=
state=enabled state=enabled
when: env == "staging" or datacenter == "iad2"
- name: install the needed packages - name: install the needed packages
package: name={{item}} state=present package: name={{item}} state=present
@ -39,7 +24,6 @@
- mod_auth_gssapi - mod_auth_gssapi
- /usr/sbin/semanage - /usr/sbin/semanage
- mod_auth_openidc - mod_auth_openidc
when: env == "staging" or datacenter == "iad2"
tags: tags:
- distgit - distgit
@ -252,146 +236,6 @@
- distgit - distgit
- mass-branching - mass-branching
# -- Gitolite --------------------------------------------
# This is the permission management for package maintainers, using Gitolite.
- name: create the /var/log/gitolite directory
file: path=/var/log/gitolite owner=root group=packager state=directory mode=2775
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: create the gen-acls group
group: name=gen-acls gid=417 state=present
tags:
- distgit
- name: create the gen-acls user
user: >
name=gen-acls
comment="dummy system account for the gen-acls fedmsg job"
uid=417
group=gen-acls
shell=/bin/bash
home=/srv/git
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: create the /etc/gitolite/conf directory
file: path=/etc/gitolite/conf owner=pagure group=pagure
state=directory mode=0755
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: create the /etc/gitolite/logs directory
file: path=/etc/gitolite/logs owner=pagure group=packager
state=directory mode=0775
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: create the /etc/gitolite/local/VREF directory
file: path=/etc/gitolite/local/VREF owner=pagure group=packager
state=directory mode=0775
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: create /etc/gitolite/gitolite.rc
template: src=gitolite.rc dest=/etc/gitolite/gitolite.rc
owner=root group=root mode=0755
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: Create the rpms symlink (should not be needed, might still be used by some old scripts)
command: ln -s /srv/git/repositories/ /srv/git/rpms
creates=/srv/git/rpms
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: Create the gitolite.rc symlink
command: ln -s /etc/gitolite/gitolite.rc /srv/git/.gitolite.rc
creates=/srv/git/.gitolite.rc
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: Create the gitolite configuration symlink
command: ln -s /etc/gitolite/ /srv/git/.gitolite
creates=/srv/git/.gitolite
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: Copy in RepoAliases.header
copy: src=RepoAliases.header dest=/etc/gitolite/RepoAliases.header
owner=root group=root mode=0755
when: env != "staging" and datacenter != "iad2"
- name: Create the update-block-push-origin symlink
command: ln -s /usr/share/git-core/update-block-push-origin /etc/gitolite/local/VREF/update-block-push-origin
creates=/etc/gitolite/local/VREF/update-block-push-origin
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: install the fedmsg configuration
template: src=fedmsg-genacls-config.py dest=/etc/fedmsg.d/genacls.py
owner=root group=root mode=0644
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- name: remove file pre-dating pagure over dist-git
file: path={{ item }} state=absent
with_items:
- /usr/local/bin/genacls.sh
- /etc/cron.d/genacls.cron
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: Get admin users
command: "/srv/web/infra/ansible/scripts/users-from-fas @sysadmin-main {{ admin_groups }}"
register: admin_user_list
check_mode: no
changed_when: "1 != 1"
run_once: True
delegate_to: localhost
tags:
- config
- distgit
- name: Save the list the users having a shell access
template: src=gitolite_admins dest=/etc/gitolite/admins
owner=gen-acls group=packager mode=660
when: env != "staging" and datacenter != "iad2"
tags:
- config
- distgit
- name: Fix permissions on the Gitolite stuff
file: dest={{ item.name }} group=packager mode={{ item.mode }} state={{ item.state }}
with_items:
- {name: /etc/gitolite/hooks, mode: 770, state: directory}
- {name: /etc/gitolite/hooks/common, mode: 770, state: directory}
when: env != "staging" and datacenter != "iad2"
- name: Fix permissions on the Gitolite stuff (touch update if it does not exist)
copy: content="" dest=/etc/gitolite/hooks/common/update force=no owner=root group=packager mode=0755
when: env != "staging" and datacenter != "iad2"
tags:
- distgit
- config
# -- Lookaside Cache ------------------------------------- # -- Lookaside Cache -------------------------------------
# This is the annex to Dist Git, where we host source tarballs. # This is the annex to Dist Git, where we host source tarballs.
- name: install the Lookaside Cache httpd configs - name: install the Lookaside Cache httpd configs
@ -510,16 +354,8 @@
when: nfs_selinux_module is changed when: nfs_selinux_module is changed
tags: selinux tags: selinux
- name: setup grokmirror for repos
package: name=python-grokmirror state=installed
when: env != "staging" and datacenter != "iad2"
tags:
- grokmirror
- pkgs
- name: setup grokmirror for repos - name: setup grokmirror for repos
package: name=python3-grokmirror state=installed package: name=python3-grokmirror state=installed
when: env == "staging" or datacenter == "iad2"
tags: tags:
- grokmirror - grokmirror
- pkgs - pkgs

12
roles/distgit/templates/fedmsg-genacls-config.py
View file

@ -1,12 +0,0 @@
config = {
'genacls.consumer.enabled': False,
'genacls.consumer.delay': 5, # 5 seconds
# New world
'gitoliteprefix.consumer.enabled': True,
'gitoliteprefix.consumer.delay': 5, # 5 seconds
'gitoliteprefix.consumer.filename': '/var/tmp/gitolite-prefix.txt',
'gitoliteprefix.consumer.fasurl': 'https://admin.fedoraproject.org/accounts',
'gitoliteprefix.consumer.username': "{{ blockerbugs_fas_user }}",
'gitoliteprefix.consumer.password': '{{ blockerbugs_fas_password }}',
}

205
roles/distgit/templates/gitolite.rc
View file

@ -1,205 +0,0 @@
# configuration variables for gitolite
# This file is in perl syntax. But you do NOT need to know perl to edit it --
# just mind the commas, use single quotes unless you know what you're doing,
# and make sure the brackets and braces stay matched up!
# (Tip: perl allows a comma after the last item in a list also!)
# HELP for commands can be had by running the command with "-h".
# HELP for all the other FEATURES can be found in the documentation (look for
# "list of non-core programs shipped with gitolite" in the master index) or
# directly in the corresponding source file.
# Hack!
# Pull in our repo aliases generated by genacls.sh
use lib ('/etc/gitolite/');
use RepoAliases qw( repo_aliases );
%RC = (
# ------------------------------------------------------------------
HTTP_ANON_USER => 'ANONYMOUS_',
# default umask gives you perms of '0700'; see the rc file docs for
# how/why you might change this
UMASK => 0002,
# look for "git-config" in the documentation
GIT_CONFIG_KEYS => '',
# comment out if you don't need all the extra detail in the logfile
LOG_EXTRA => 1,
# syslog options
# 1. leave this section as is for normal gitolite logging
# 2. uncomment this line to log only to syslog:
LOG_DEST => 'syslog',
# 3. uncomment this line to log to syslog and the normal gitolite log:
# LOG_DEST => 'syslog,normal',
# roles. add more roles (like MANAGER, TESTER, ...) here.
# WARNING: if you make changes to this hash, you MUST run 'gitolite
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
ROLES => {
READERS => 1,
WRITERS => 1,
},
REPO_ALIASES => repo_aliases(),
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
# CACHE => 'Redis',
# ------------------------------------------------------------------
# rc variables used by various features
# the 'info' command prints this as additional info, if it is set
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
# the CpuTime feature uses these
# display user, system, and elapsed times to user after each git operation
# DISPLAY_CPU_TIME => 1,
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
# CPU_TIME_WARN_LIMIT => 0.1,
# the Mirroring feature needs this
# HOSTNAME => "foo",
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
# CACHE_TTL => 600,
# ------------------------------------------------------------------
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
LOCAL_CODE => "/etc/gitolite/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
# List of commands and features to enable
ENABLE => [
# COMMANDS
# These are the commands enabled by default
'help',
'desc',
'info',
'perms',
'writable',
# Uncomment or add new commands here.
# 'create',
# 'fork',
# 'mirror',
# 'readme',
# 'sskm',
# 'D',
# These FEATURES are enabled by default.
# essential (unless you're using smart-http mode)
'ssh-authkeys',
# creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
'git-config',
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
# 'daemon',
# creates projects.list file; if you don't use gitweb, comment this out
# 'gitweb',
# These FEATURES are disabled by default; uncomment to enable. If you
# need to add new ones, ask on the mailing list :-)
# user-visible behaviour
# prevent wild repos auto-create on fetch/clone
# 'no-create-on-read',
# no auto-create at all (don't forget to enable the 'create' command!)
'no-auto-create',
# access a repo by another (possibly legacy) name
'Alias',
# give some users direct shell access. See documentation in
# sts.html for details on the following two choices.
# "Shell $ENV{HOME}/.gitolite.shell-users",
# 'Shell alice bob',
"Shell /etc/gitolite/admins",
# set default roles from lines like 'option default.roles-1 = ...', etc.
# 'set-default-roles',
# show more detailed messages on deny
# 'expand-deny-messages',
# show a message of the day
# 'Motd',
# system admin stuff
# enable mirroring (don't forget to set the HOSTNAME too!)
# 'Mirroring',
# allow people to submit pub files with more than one key in them
# 'ssh-authkeys-split',
# selective read control hack
# 'partial-copy',
# manage local, gitolite-controlled, copies of read-only upstream repos
# 'upstream',
# updates 'description' file instead of 'gitweb.description' config item
'cgit',
# allow repo-specific hooks to be added
'repo-specific-hooks',
# performance, logging, monitoring...
# be nice
# 'renice 10',
# log CPU times (user, system, cumulative user, cumulative system)
# 'CpuTime',
# syntactic_sugar for gitolite.conf and included files
# allow backslash-escaped continuation lines in gitolite.conf
# 'continuation-lines',
# create implicit user groups from directory names in keydir/
# 'keysubdirs-as-groups',
# allow simple line-oriented macros
# 'macros',
# Kindergarten mode
# disallow various things that sensible people shouldn't be doing anyway
# 'Kindergarten',
],
);
# ------------------------------------------------------------------------------
# per perl rules, this should be the last line in such a file:
1;
# Local variables:
# mode: perl
# End:
# vim: set syn=perl: