Mercurial > mozreview > build-puppet / changeset / d06ad23cf437076a4fee8b97f628976103bf0e83
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1314517 - Refactor balrogworker deployment to be more like beetmover. r=jlund
authorMihai Tabara <mtabara@mozilla.com>
Fri, 11 Nov 2016 01:03:50 +0200
changeset 4471 d06ad23cf437076a4fee8b97f628976103bf0e83
parent 4470 f295d0822bd4abfcb2da43a77fd16e28d4cb32e9
child 4473 630b31047080544c23cbff5ce54ead54cbfa76af
child 4551 761c9ed124f3b56f9e2153f386166bbdbe701bbf
push id2518
push userbmo:mtabara@mozilla.com
push dateThu, 10 Nov 2016 23:04:49 +0000
reviewersjlund
bugs1314517
Bug 1314517 - Refactor balrogworker deployment to be more like beetmover. r=jlund MozReview-Commit-ID: 8HnR4KfsrAs
manifests/moco-config.pp file | annotate | diff | comparison | revisions
manifests/moco-nodes.pp file | annotate | diff | comparison | revisions
modules/balrog_scriptworker/manifests/init.pp file | annotate | diff | comparison | revisions
modules/balrog_scriptworker/manifests/services.pp file | annotate | diff | comparison | revisions
modules/balrog_scriptworker/manifests/settings.pp file | annotate | diff | comparison | revisions
modules/balrog_scriptworker/templates/config.json.erb file | annotate | diff | comparison | revisions 
--- a/manifests/moco-config.pp
+++ b/manifests/moco-config.pp
@@ -415,35 +415,36 @@ class config inherits config::base {
     $signing_scriptworker_artifact_expiration_hours = 336
     $signing_scriptworker_artifact_upload_timeout = 600
     $signing_scriptworker_verbose_logging = true
     $signing_scriptworker_gpg_private_keys = hiera_hash('signing_scriptworker_gpg_private_keys')
     $signing_scriptworker_gpg_public_keys = hiera_hash('signing_scriptworker_gpg_public_keys')
     $signing_scriptworker_gpg_repo_url = "https://github.com/mozilla-releng/cot-gpg-keys.git"
 
     # TC balrog scriptworkers
-    $balrog_scriptworker_provisioner_id = "scriptworker-prov-v1"
-    $balrog_scriptworker_worker_group = "balrogworker-v1"
-    $balrog_scriptworker_worker_type = "balrogworker-v1"
-    $balrog_scriptworker_taskcluster_client_id = secret("balrog_scriptworker_taskcluster_client_id")
-    $balrog_scriptworker_taskcluster_access_token = secret("balrog_scriptworker_taskcluster_access_token")
     $balrog_scriptworker_task_max_timeout = 1200
     $balrog_scriptworker_artifact_expiration_hours = 336
     $balrog_scriptworker_artifact_upload_timeout = 600
     $balrog_scriptworker_verbose_logging = false
-    $balrog_scriptworker_base = "/builds/balrog"
-    $balrog_scriptworker_root = "/builds/balrog/scriptworker"
-    $balrog_scriptworker_py27venv = "/builds/balrog/py27venv"
-    $balrog_scriptworker_py35venv = "/builds/balrog/py35venv"
-    $balrog_scriptworker_hg_tools_path = '/builds/balrog/balrogscript/tools'
+    $balrog_scriptworker_root = "/builds/balrogworker"
+    $balrog_scriptworker_git_balrogscript_repo = 'https://github.com/mozilla-releng/balrogscript.git'
     $balrog_scriptworker_hg_tools_repo = 'https://hg.mozilla.org/build/tools'
     $balrog_scriptworker_hg_tools_branch = 'default'
-    $balrog_scriptworker_git_balrogscript_path = '/builds/balrog/balrogscript'
-    $balrog_scriptworker_git_balrogscript_keys = '/builds/balrog/balrogscript/keys'
-    $balrog_scriptworker_git_balrogscript_repo = 'https://github.com/mozilla-releng/funsize-balrogworker.git'
+    $balrog_scriptworker_env_config = {
+        "dev" => {
+            provisioner_id => "scriptworker-prov-v1",
+            worker_group => "balrogworker-v1",
+            worker_type => "balrogworker-v1",
+            taskcluster_client_id => secret("balrogworker_dev_taskcluster_client_id"),
+            taskcluster_access_token => secret("balrogworker_dev_taskcluster_access_token"),
+            balrog_username => "stage-ffxbld",
+            balrog_password => secret("stage-ffxbld_ldap_password"),
+            balrog_api_root => "https://balrog-admin.stage.mozaws.net/api",
+        }
+    }
 
     # TC beetmover scriptworkers
     $beetmover_scriptworker_task_max_timeout = 2400
     $beetmover_scriptworker_artifact_expiration_hours = 336
     $beetmover_scriptworker_artifact_upload_timeout = 600
     $beetmover_scriptworker_verbose_logging = false
     $beetmover_scriptworker_root = "/builds/beetmoverworker"
     $beetmover_scriptworker_env_config = {
--- a/manifests/moco-nodes.pp
+++ b/manifests/moco-nodes.pp
@@ -1160,16 +1160,17 @@ node /signing-linux-.*\.srv\.releng\..*\
     $aspects = [ 'maximum-security' ]
     $timezone = "UTC"
     include toplevel::server::signingscriptworker
 }
 
 # Balrog scriptworkers
 node /balrogworker-.*\.srv\.releng\..*\.mozilla\.com/ {
     $aspects = [ 'maximum-security' ]
+    $balrogworker_env = "dev"
     $timezone = "UTC"
     include toplevel::server::balrogscriptworker
 }
 
 # Beetmover scriptworkers
 node /beetmoverworker-.*\.srv\.releng\..*\.mozilla\.com/ {
     $aspects = [ 'maximum-security' ]
     $beetmoverworker_env = "dev"
--- a/modules/balrog_scriptworker/manifests/init.pp
+++ b/modules/balrog_scriptworker/manifests/init.pp
@@ -8,27 +8,20 @@ class balrog_scriptworker {
     include packages::mozilla::git
     include packages::mozilla::py27_mercurial
     include users::builder
     include tweaks::swap_on_instance_storage
     include packages::gcc
     include packages::make
     include packages::libffi
 
-    file {
-        ["${balrog_scriptworker::settings::base}",
-        "${balrog_scriptworker::settings::root}"]:
-            mode        => 700,
-            owner       => "${users::builder::username}",
-            group       => "${users::builder::group}",
-            ensure => 'directory';
-    }
+    $env_config = $config::balrog_scriptworker_env_config[$balrogworker_env]
 
     python35::virtualenv {
-        "${balrog_scriptworker::settings::py35venv}":
+        "${balrog_scriptworker::settings::root}":
             python3  => "${packages::mozilla::python35::python3}",
             require  => Class["packages::mozilla::python35"],
             user     => "${users::builder::username}",
             group    => "${users::builder::group}",
             mode     => 700,
             packages => [
                   "aiohttp==0.22.5",
                   "arrow==0.8.0",
@@ -43,27 +36,27 @@ class balrog_scriptworker {
                   "pefile==2016.7.26",
                   "pexpect==4.2.1",
                   "ptyprocess==0.5.1",
                   "pycrypto==2.6.1",
                   "python-dateutil==2.5.3",
                   "python-gnupg==0.3.8",
                   "python-jose==1.2.0",
                   "requests==2.11.1",
-                  "scriptworker==0.6.0",
+                  "scriptworker==0.7.2",
                   "signtool==2.0.3",
                   "six==1.10.0",
                   "slugid==1.0.7",
                   "taskcluster==0.3.4",
                   "virtualenv==15.0.3",
             ];
     }
 
     python::virtualenv {
-        "${balrog_scriptworker::settings::py27venv}":
+        "${balrog_scriptworker::settings::root}/py27venv":
             python   => "${packages::mozilla::python27::python}",
             require  => Class["packages::mozilla::python27"],
             user     => "${users::builder::username}",
             group    => "${users::builder::group}",
             packages => [
                   "balrogclient==0.0.1",
                   "boto==2.41.0",
                   "cryptography==1.2.3",
@@ -73,55 +66,59 @@ class balrog_scriptworker {
                   "mar==1.2",
                   "pyasn1==0.1.9",
                   "requests==2.8.1",
                   "six==1.10.0",
             ];
     }
 
     git::repo {
-        "balrogscript-clone":
+        "balrogscript":
             repo    => "${balrog_scriptworker::settings::balrogscript_repo}",
-            dst_dir => "${balrog_scriptworker::settings::balrogscript_path}",
+            dst_dir => "${balrog_scriptworker::settings::root}/balrogscript",
             user    => "${users::builder::username}",
             require => [
                 Class["packages::mozilla::git"],
+                Python35::Virtualenv["${balrog_scriptworker::settings::root}"],
             ];
     }
 
     mercurial::repo {
-        "tools-clone":
+        "tools":
             hg_repo => "${balrog_scriptworker::settings::tools_repo}",
-            dst_dir => "${balrog_scriptworker::settings::tools_path}",
+            dst_dir => "${balrog_scriptworker::settings::root}/balrogscript/tools",
             user    => "${users::builder::username}",
             branch  => "${balrog_scriptworker::settings::tools_branch}",
             require => [
                 Class["packages::mozilla::py27_mercurial"],
+                Python35::Virtualenv["${balrog_scriptworker::settings::root}"],
+                Git::Repo["balrogscript"],
             ];
     }
 
     file {
         "${balrog_scriptworker::settings::root}/config.json":
-            require     => Python35::Virtualenv["${balrog_scriptworker::settings::py35venv}"],
+            require     => Python35::Virtualenv["${balrog_scriptworker::settings::root}"],
             mode        => 600,
             owner       => "${users::builder::username}",
             group       => "${users::builder::group}",
             content     => template("${module_name}/config.json.erb"),
             show_diff   => false;
+        # requirement as part of scriptworker pentest bug 1298199#c23
         '/root/certs.sh':
             ensure => absent;
-        "${balrog_scriptworker::settings::balrogscript_keys}/dep.pubkey":
+        "${balrog_scriptworker::settings::root}/balrogscript/keys/dep.pubkey":
             source => "puppet:///modules/balrog_scriptworker/dep.pubkey",
-            require     => Git::Repo["balrogscript-clone"],
+            require     => Git::Repo["balrogscript"],
             owner       => "${users::builder::username}",
             group       => "${users::builder::group}";
-        "${balrog_scriptworker::settings::balrogscript_keys}/nightly.pubkey":
+        "${balrog_scriptworker::settings::root}/balrogscript/keys/nightly.pubkey":
             source => "puppet:///modules/balrog_scriptworker/nightly.pubkey",
-            require     => Git::Repo["balrogscript-clone"],
+            require     => Git::Repo["balrogscript"],
             owner       => "${users::builder::username}",
             group       => "${users::builder::group}";
-        "${balrog_scriptworker::settings::balrogscript_keys}/release.pubkey":
+        "${balrog_scriptworker::settings::root}/balrogscript/keys/release.pubkey":
             source => "puppet:///modules/balrog_scriptworker/release.pubkey",
-            require     => Git::Repo["balrogscript-clone"],
+            require     => Git::Repo["balrogscript"],
             owner       => "${users::builder::username}",
             group       => "${users::builder::group}";
     }
 }
--- a/modules/balrog_scriptworker/manifests/services.pp
+++ b/modules/balrog_scriptworker/manifests/services.pp
@@ -1,20 +1,20 @@
 class balrog_scriptworker::services {
     include ::config
     include balrog_scriptworker::settings
     include packages::mozilla::supervisor
 
     supervisord::supervise {
         "balrog_scriptworker":
-            command      => "${balrog_scriptworker::settings::py35venv}/bin/scriptworker ${balrog_scriptworker::settings::root}/config.json",
+            command      => "${balrog_scriptworker::settings::root}/bin/scriptworker ${balrog_scriptworker::settings::root}/config.json",
             user         => $::config::builder_username,
             require      => [ File["${balrog_scriptworker::settings::root}/config.json"]],
             extra_config => template("${module_name}/supervisor_config.erb");
     }
     exec {
-        "restart-scriptworker":
+        "restart-balrogworker":
             command     => "/usr/bin/supervisorctl restart balrog_scriptworker",
             refreshonly => true,
-            subscribe   => [Python35::Virtualenv["${balrog_scriptworker::settings::py35venv}"],
+            subscribe   => [Python35::Virtualenv["${balrog_scriptworker::settings::root}"],
                             File["${balrog_scriptworker::settings::root}/config.json"]];
     }
 }
--- a/modules/balrog_scriptworker/manifests/settings.pp
+++ b/modules/balrog_scriptworker/manifests/settings.pp
@@ -1,14 +1,8 @@
 class balrog_scriptworker::settings {
     include ::config
 
-    $base = $config::balrog_scriptworker_base
     $root = $config::balrog_scriptworker_root
-    $py27venv = $config::balrog_scriptworker_py27venv
-    $py35venv = $config::balrog_scriptworker_py35venv
-    $tools_path = $config::balrog_scriptworker_hg_tools_path
+    $balrogscript_repo = $config::balrog_scriptworker_git_balrogscript_repo
     $tools_repo = $config::balrog_scriptworker_hg_tools_repo
     $tools_branch = $config::balrog_scriptworker_hg_tools_branch
-    $balrogscript_path = $config::balrog_scriptworker_git_balrogscript_path
-    $balrogscript_keys = $config::balrog_scriptworker_git_balrogscript_keys
-    $balrogscript_repo = $config::balrog_scriptworker_git_balrogscript_repo
 }
--- a/modules/balrog_scriptworker/templates/config.json.erb
+++ b/modules/balrog_scriptworker/templates/config.json.erb
@@ -1,30 +1,34 @@
 {
-    "provisioner_id": "<%= scope.lookupvar("config::balrog_scriptworker_provisioner_id") %>",
-    "worker_group": "<%= scope.lookupvar("config::balrog_scriptworker_worker_group") %>",
-    "worker_type": "<%= scope.lookupvar("config::balrog_scriptworker_worker_type") %>",
+    "provisioner_id": "<%= @env_config["provisioner_id"] %>",
+    "worker_group": "<%= @env_config["worker_group"] %>",
+    "worker_type": "<%= @env_config["worker_type"] %>",
     "worker_id": "<%= @hostname %>",
 
     "work_dir": "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/work",
     "log_dir": "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/logs",
     "artifact_dir": "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/artifacts",
     "task_log_dir": "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/artifacts/public/logs",
     "valid_artifact_path_regexes": ["^/v1/task/(?P<taskId>[^/]+)(/runs/\\d+)?/artifacts/(?P<filepath>.*)$"],
     "verify_chain_of_trust": false,
     "sign_chain_of_trust": false,
 
 
     "credentials": {
-        "clientId": "<%= scope.function_secret(["balrog_scriptworker_taskcluster_client_id"]) %>",
-        "accessToken": "<%= scope.function_secret(["balrog_scriptworker_taskcluster_access_token"]) %>"
+        "clientId": "<%= @env_config["taskcluster_client_id"] %>",
+        "accessToken": "<%= @env_config["taskcluster_access_token"] %>"
     },
 
     "artifact_expiration_hours": <%= scope.lookupvar("config::balrog_scriptworker_artifact_expiration_hours") %>,
     "artifact_upload_timeout": <%= scope.lookupvar("config::balrog_scriptworker_artifact_upload_timeout") %>,
-    "task_script": ["<%= scope.lookupvar("config::balrog_scriptworker_py27venv") %>/bin/python",
-                    "<%= scope.lookupvar("config::balrog_scriptworker_git_balrogscript_path") %>/bin/balrogworker.py",
+    "task_script": ["<%= scope.lookupvar("config::balrog_scriptworker_root") %>/py27venv/bin/python",
+                    "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/balrogscript/bin/balrogworker.py",
                     "--taskdef", "<%= scope.lookupvar("config::balrog_scriptworker_root") %>/work/task.json",
+                    "--balrog-api-root", "<%= @env_config["balrog_api_root"] %>",
+                    "--balrog-username", "<%= @env_config["balrog_username"] %>",
+                    "--balrog-password", "<%= @env_config["balrog_password"] %>",
+                    "--disable-s3",
                     "--verbose"],
 
     "task_max_timeout": <%= scope.lookupvar("config::balrog_scriptworker_task_max_timeout") %>,
     "verbose": <%= scope.lookupvar("config::balrog_scriptworker_verbose_logging") %>
 }
build-puppet
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.