ansible/hg-web: support CentOS 7 (
bug 1263680); r?fubar
The changes to support CentOS 7 in Ansible aren't too bad.
Unlike the hg-ssh conversion, we still support CentOS 6 because we'll
need to keep the old hgweb machines running for a little bit.
MozReview-Commit-ID: 4f4X0XqL2Bj
--- a/ansible/roles/docker-hg-web/files/entrypoint.py
+++ b/ansible/roles/docker-hg-web/files/entrypoint.py
@@ -14,23 +14,23 @@ sys.stderr = sys.stdout
if 'MASTER_PORT_22_TCP_ADDR' not in os.environ:
print('error: container invoked improperly. please link to a master container')
sys.exit(1)
ssh_hostname = os.environ['MASTER_PORT_22_TCP_ADDR']
hostname = socket.gethostname()
-if not os.path.exists('/etc/ssh/ssh_host_dsa_key'):
- subprocess.check_call(['/usr/bin/ssh-keygen', '-t', 'dsa',
- '-f', '/etc/ssh/ssh_host_dsa_key'])
+if not os.path.exists('/etc/ssh/ssh_host_ed25519_key'):
+ subprocess.check_call(['/usr/bin/ssh-keygen', '-t', 'ed25519',
+ '-f', '/etc/ssh/ssh_host_ed25519_key', '-N', ''])
if not os.path.exists('/etc/ssh/ssh_host_rsa_key'):
subprocess.check_call(['/usr/bin/ssh-keygen', '-t', 'rsa', '-b', '2048',
- '-f', '/etc/ssh/ssh_host_rsa_key'])
+ '-f', '/etc/ssh/ssh_host_rsa_key', '-N', ''])
REPLACEMENTS = {
'@mirror_source@': ssh_hostname,
}
mirror_pull = open('/usr/local/bin/mirror-pull', 'rb').readlines()
with open('/usr/local/bin/mirror-pull', 'wb') as fh:
for line in mirror_pull:
--- a/ansible/roles/hg-web/tasks/main.yml
+++ b/ansible/roles/hg-web/tasks/main.yml
@@ -13,36 +13,56 @@
# To build mod_wsgi from source so it can be placed in virtualenvs.
- httpd-devel
# Secures processes, especially moz.build evaluation.
- libcgroup
# We use logrotate to control log files
- logrotate
- openssh-clients
- openssh-server
- # Machines are RHEL 6 or CentOS 6, which has Python 2.6 installed by
- # default. The Python 2.7 packages from IUS don't conflict with the
- # system Python.
- - python27
- - python27-devel
+ - python-devel
- rsync
# Needed for hg user to execute mozbuild-eval as root.
- rsyslog
- sudo
- tar
+- name: install system packages (CentOS 6)
+ yum: name={{ item }} state=present
+ with_items:
+ # RHEL 6 and CentOS 6 have Python 2.6 installed by default. The Python 2.7 packages
+ # from IUS don't conflict with the system Python.
+ - python27
+ - python27-devel
+ when: ansible_distribution_major_version == '6'
+
+- name: install system packages (CentOS 7)
+ yum: name={{ item }} state=present
+ with_items:
+ - libcgroup-tools
+ when: ansible_distribution_major_version == '7'
+
# Some packages aren't available on an public yum repo. Fetch them from
# a public server and install them manually. This is a bit hacky, but it
# gets the job done.
-- name: download Mozilla rpms
+- name: download Mozilla rpms (CentOS 6)
get_url: url=https://s3-us-west-2.amazonaws.com/moz-packages/CentOS6/{{ item.path }}
dest=/var/tmp/{{ item.path}}
sha256sum={{ item.sha256 }}
with_items:
- { path: mercurial-3.7.3-1.x86_64.rpm, sha256: 924a8828cfe53901db1366115d927b958f35f5e6a9c418cbc670c5e19137c090 }
+ when: ansible_distribution_major_version == '6'
+
+- name: download Mozilla rpms (CentOS 7)
+ get_url: url=https://s3-us-west-2.amazonaws.com/moz-packages/CentOS7/{{ item.path }}
+ dest=/var/tmp/{{ item.path}}
+ sha256sum={{ item.sha256 }}
+ with_items:
+ - { path: mercurial-3.7.3-1.x86_64.rpm, sha256: 7cdd06e8fb5266fe9bd726c79db6040b68053a601daecb2418820c1d3e4f56a2 }
+ when: ansible_distribution_major_version == '7'
- name: install Mozilla rpms
command: yum localinstall -y /var/tmp/mercurial-3.7.3-1.x86_64.rpm
- name: install global ssh config
copy: src=ssh_config
dest=/etc/ssh/ssh_config
owner=root
@@ -208,18 +228,23 @@
- name: directory for httpd logs
file: path=/var/log/httpd/hg.mozilla.org
state=directory
owner=root
group=root
mode=0755
-- name: configure httpd to start at system startup
+- name: configure httpd to start at system startup (CentOS 6)
command: /sbin/chkconfig --level 2345 httpd on
+ when: ansible_distribution_major_version == '6'
+
+- name: configure httpd to run at system startup (CentOS 7)
+ command: /usr/bin/systemctl enable httpd.service
+ when: ansible_distribution_major_version == '7'
- name: install mirror-pull script
template: src=mirror-pull.j2
dest=/usr/local/bin/mirror-pull
owner=root
group=root
mode=0755
@@ -317,20 +342,24 @@
- name: control group for mozbuild evaluation
copy: src=cgconfig-mozbuild.conf
dest=/etc/cgconfig.d/mozbuild.conf
owner=root
group=root
mode=0664
-- name: configure cgconfig to run at system startup
+- name: configure cgconfig to run at system startup (CentOS 6)
command: /sbin/chkconfig --level 2345 cgconfig on
notify: restart cgconfig
- when: vct_dir.stat.exists == False
+ when: vct_dir.stat.exists == False and ansible_distribution_major_version == '6'
+
+- name: configure cgconfig to run at system startup (CentOS 7)
+ command: /usr/bin/systemctl enable cgconfig.service
+ when: vct_dir.stat.exists == False and ansible_distribution_major_version == '7'
- name: install control group rules
copy: src=cgrules.conf
dest=/etc/cgrules.conf
owner=root
group=root
mode=0664
new file mode 100644
--- /dev/null
+++ b/testing/clobber.hgweb
@@ -0,0 +1,1 @@
+upgrade to CentOS 7
--- a/testing/vcttesting/docker.py
+++ b/testing/vcttesting/docker.py
@@ -690,17 +690,17 @@ class Docker(object):
hg-master runs the ssh service while hg-slave runs hgweb. The mirroring
and other bits should be the same as in production with the caveat that
LDAP integration is probably out of scope.
"""
images = self.ensure_images_built([
'ldap',
], ansibles={
'hgmaster': ('docker-hgmaster', 'centos7'),
- 'hgweb': ('docker-hgweb', 'centos6'),
+ 'hgweb': ('docker-hgweb', 'centos7'),
}, existing=images, verbose=verbose, use_last=use_last)
self.state['last-hgmaster-id'] = images['hgmaster']
self.state['last-hgweb-id'] = images['hgweb']
self.state['last-ldap-id'] = images['ldap']
return images
@@ -1240,24 +1240,24 @@ class Docker(object):
'autoland',
'bmoweb',
'ldap',
'pulse',
'treestatus',
}
ansible_images['hgrb'] = ('docker-hgrb', 'centos6')
ansible_images['rbweb'] = ('docker-rbweb', 'centos6')
- ansible_images['hgweb'] = ('docker-hgweb', 'centos6')
+ ansible_images['hgweb'] = ('docker-hgweb', 'centos7')
if hgmo:
docker_images |= {
'ldap',
}
ansible_images['hgmaster'] = ('docker-hgmaster', 'centos7')
- ansible_images['hgweb'] = ('docker-hgweb', 'centos6')
+ ansible_images['hgweb'] = ('docker-hgweb', 'centos7')
if bmo:
docker_images |= {
'bmoweb',
}
images = self.ensure_images_built(docker_images,
ansibles=ansible_images, verbose=verbose, use_last=use_last)