Buildbot infrastructure
Python Shell HTML
Switch branches/tags
Nothing to show
Clone or download
seankelly Merge pull request #202 from seankelly/no-jinja-in-when
Remove Jinja2 templating from when statements
Latest commit d2abc0d Jul 7, 2018
Permalink
Failed to load latest commit information.
docs add events service for buildbot statistics Sep 1, 2016
files update agenda link Jun 3, 2017
group_vars Merge pull request #187 from djmitche/issue187 Jun 18, 2018
library proxy development Sep 12, 2016
roles Remove Jinja2 templating from when statements Jun 17, 2018
templates add comment about ansible become_user bug Sep 14, 2016
.flake8 Add python linting to infra. Jun 6, 2016
.gitignore vagrant development Sep 12, 2016
.travis.yml Add python linting to infra. Jun 6, 2016
LICENSE add MIT license Dec 27, 2014
README.rst readme rst-formating Mar 31, 2017
Vagrantfile sethostname in vagrantfile Sep 30, 2016
ansible.cfg proxy development Sep 12, 2016
bootstrap unify bootstrapping of jails and service hosts Dec 30, 2014
bootstrap.yml unify bootstrapping of jails and service hosts Dec 30, 2014
buildbot.asc Update keyring with sa2ajj key Oct 24, 2014
common.yml vagrant development Sep 12, 2016
host-service1.yml move jails on service1 to service2 Apr 27, 2018
host-service2.yml move jails on service1 to service2 Apr 27, 2018
host-service3.yml add events service for buildbot statistics Sep 1, 2016
host-vm1.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-bot.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-bslave1.yml install enchant in the right place Aug 23, 2016
jail-buildbot.yml finish nine.bb.net config to use bbtravis and hyper Sep 16, 2016
jail-docs.yml update docs building reciepe to use requirements.txt Aug 16, 2017
jail-events.yml add json native logger for buildbot master Sep 21, 2016
jail-ftp.yml always set internal_ip Sep 15, 2016
jail-lists.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-mx.yml Configure the mx host May 19, 2018
jail-mysql.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-nine.yml quoting the template Feb 6, 2017
jail-ns1.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-supybot.yml Change sudo: to become: in *.yml files. pt1 May 26, 2016
jail-syslog.yml Open ELK access to buidbot-infra team May 2, 2018
jail-trac.yml Include uwsgi and nginx in trac's playbook Feb 16, 2018
jail-www.yml only setup le when ssl is enabled Mar 31, 2017
load-secrets.yml vagrant development Sep 12, 2016
local.yml Give all tasks a name Feb 5, 2017
localhost revert unnecessary change to localhost inventory file Jan 3, 2015
secrets.yml add gravatar login details Jan 8, 2018
tox.ini Add python linting to infra. Jun 6, 2016
track-config.yml add comment about cannot sudo error Mar 31, 2017
vagrant.yml vagrant development Sep 12, 2016
vagrant_inventory.py fix lint Jan 3, 2017
vault-merge.sh update bbot-password to put in the right place Sep 17, 2016
vm-build1.yml Replace sudo with become Feb 6, 2017

README.rst

Ansible

Production Runs

Production runs of Ansible take place on the host or jail to be configured, as the {{service_user}}, with a command line such as

ansible-playbook local.yml --vault-password=~/.vault-password

This playbook automatically determines which host it's runnning on based on the hostname and configures it accordingly. Supply host-specific variables in group_vars/$hostname.

Bootstrapping

To bootstrap a newly-installed system, use ./bootstrap HOSTNAME. Before running the script, ensure:

  • The basic system is installed (FreeBSD 10.0+) on the host
  • Networking for the host is fully configured
  • The hostname (uname -n) of the host is set correctly
  • The root password is known (or SSH keys set up)
  • Ssh access for 'root' is enabled (PermitRootLogin yes; note that this is not the default!)
  • You know the vault password

Development

Development is made easier with Vagrant.

First install 3 vagrant box with FreeBSD 10.3. Each of them representing one of the hw hosts:

vagrant up

Those vagrant boxes will be used to host all jails as it is in prod. vagrant up will run the Ansible script for all those 3 boxes, and create all the jails. The jails will not be fully provisioned though (they only will be provisioned with ssh and vagrant user). You need to run Ansible on each of those jails to actually activate the services.

Internal network is mapped to the virtualbox host's network, so you can connect to the jails using their ip address.

Difference between prod are:

  • sshd is enabled in jails
  • a vagrant user is added in jail, which can be connected using the identity file that vagrant generated to create the host (.vagrant/machines/<host>/virtualbox/private_key)
  • connection is over ssh
  • ansible-pull is disabled
  • keep only internal network ip addresses

To setup all jails on your dev system just run:

ansible-playbook --vault-password=~/.vault-password -i vagrant_inventory.py vagrant.yml

But it is preferable to only run Ansible for the jail you are working on:

ansible-playbook --vault-password=~/.vault-password -i vagrant_inventory.py vagrant.yml -l ns1

vagrant_inventory.py will automatically figure out which jail needs to be connected to, and with which ssh key

To use development secrets (which may be unencrypted), create dev-secrets.yml and invoke Ansible with -e secrets_file=dev-secrets.yml.

Development with proxies

Because of https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212452 the vagrant boostrap will not work when your environment requires http proxies to access internet.

In that case, during VM creation phase, vagrant will indefinitly try to connect via ssh.

  • You need to attach to the VM using virtualbox UI, and go to the freebsd console.

  • Hit CTRL-C will stop the firstboot script and give you login prompt

  • Use root:vagrant as login:password

  • Type following in the console:

    setenv http_proxy http://xxx
    pkg install -y sudo
  • then you can run vagrant provision again

You need to do this setup for the three hosts VMs. Once this is done the environment variables http_proxy, https_proxy, and https_proxy are copied inside the Ansible run for the commands that needs internet access.

Secrets

Secrets are stored in secrets.yml in the top-level directory, which is encrypted with ansible-vault. To run Ansible with these production secrets, you will need to supply a shared vault password.

All secrets are loaded into Ansible variables. By convention, these variables should be named with the prefix secret_.

You can edit the secrets with ansible-vault edit secrets.yml.

Other files

This repository contains a few files unrelated to Ansible:

  • buildbot.asc - Buildbot Release Team Keyring
  • scripts/ - some scripts not under configuration management yet