60f16695ca2edff174cefc0cf637c3293d669695: ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 16:16:43 -0700 - rev 361121
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: create webroot_wsgi directory (bug 1187090); r=fubar Without this, the chown of this directory later on fails on Docker because the directory doesn't exist. With this commit, we are once again able to build the hgweb Docker images! Only this time we're using the hg-web role.
72dd1270b971fda59d79fbc4d228e9bc697b485d: ansible/hg-web: install cronie (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 16:06:40 -0700 - rev 361120
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: install cronie (bug 1187090); r=fubar Docker doesn't have a cron agent installed. cronie seems to be the CentOS 6 cron package (at least it is what is installed in production). Without this package, Ansible is unable to configure cron jobs from Docker.
b18f712a10680fd1547b3d602dcbcaa456951744: ansible/hg-web: install an older version of virtualenv (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Fri, 24 Jul 2015 11:12:24 -0700 - rev 361119
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: install an older version of virtualenv (bug 1187090); r=fubar The virtualenv package in the IUS repository isn't compatible with peep due to peep not yet being compatible with pip 7. Work around this issue by installing an old version of virtualenv.
8c7a8ba2e73e817c88fe3f0dd9dedbfc4ac7b0be: ansible/hg-web: install mercurial package (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Fri, 24 Jul 2015 12:24:39 -0700 - rev 361118
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: install mercurial package (bug 1187090); r=fubar Believe it or not, the hg-web role wasn't installing the mercurial package! Change that. Again, we have to install from RPM if we don't have access to the yum repo.
ccd5ee0e9412bc8c1c4b0b416258bb31e3232281: ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 15:03:10 -0700 - rev 361117
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/docker-hg-web: remove hgrc from role (bug 1187090); r=fubar The hg-web roles already provides a hgrc file. The file contents are 95% identical. Differences appear to be from the docker variant drifting out of sync with production.
668edc7c1662e5ce9de406f24518d8833d3f8d75: ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 15:00:27 -0700 - rev 361116
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: create hg user and group consistently with production (bug 1187090); r=fubar We want Docker and production to align as closely as possible. The hg user/group was formerly managed by Puppet and has these values. Inherit them.
ae9be2160fea312655b7e84755549f46a307776a: ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 14:52:51 -0700 - rev 361115
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: configure hg user's ssh settings (bug 1187090); r=fubar This is a simple move of logic from docker-hg-web to hg-web. docker-hg-web was based on the state of an actual hgweb server and the Puppet configuration. So this should be trusted. I confirmed as part of this refactoring that the ssh_config file contents in Ansible match what is in production. Of course, we'll eventually need to rewrite the ssh_config file to be a template since the hostname of the hgssh server in the Docker cluster will almost certainly not be "hg.mozilla.org" (unless we install a hosts entry). But that's for another day.
f7cc48945bc496d35234674e99d9bfa6fba68167: ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 14:41:36 -0700 - rev 361114
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: create /repo and /repo_local directories and symlinks (bug 1187090); r=fubar We never added this to hg-web because the servers already had it. Now that we're moving Docker to use the hg-web role, we need this logic in hg-web. Note that the docker-hg-web symlink was incorrect. Production has /repo/hg -> /repo_local/mozilla. Also, Ansible's terminology around links is also kinda weird. This is more confusing than it needs to be.
7db3c72ae432ff595db5415ea37f55dca8438351: ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 14:34:43 -0700 - rev 361113
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/docker-hg-web: make hg-web a role dependency (bug 1187090); r=fubar We want the docker-hg-web role to be built on top of hg-web, not for there to be divergent roles. Make hg-web a role dependency of docker-hg-web so we can start working towards this goal. This does break the Docker hgweb environment. But some breakage is needed to manage a change this large. The following commits will unbust things.
245a29a22322dda2b01d3474175e7f935f8dc854: ansible/hg-web: configure IUS Community repository (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Fri, 24 Jul 2015 11:02:41 -0700 - rev 361112
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: configure IUS Community repository (bug 1187090); r=fubar Currently, Python 2.7 packages come from Mozilla's internal yum repo. This repo is behind a firewall and not public. This poses a problem for our Docker environment because we need to install Python 2.7 packages. The packages inside Mozilla's repo that we care about are all copies from the IUS Community repositories (https://iuscommunity.org/pages/Repos.html). So, just configure the canonical upstream repo.
ef7d31bcabd3a619cac02f5d32c35d2c5a917554: ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 14:10:17 -0700 - rev 361111
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: don't install python-pygments package (bug 1187090); r=fubar Now that we run hgweb out of a virtualenv, we no longer need some Python packages installed against the system Python. Don't install pygments against the system Python because it won't be used. We could probably remove simplejson and argparse as well, but I'm not 100% confident about their lack of usage.
262fad606d6b360ada4bf456e4ce1c39db3fa5d5: scripts: use proper variable when adjusting repo root permissions (bug 1186992)
Gregory Szorc <gps@mozilla.com> - Fri, 24 Jul 2015 10:19:38 -0700 - rev 361110
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
scripts: use proper variable when adjusting repo root permissions (bug 1186992) This is a follow-up from cba501d98a9a, which used a variable before assignment.
1178cbd906a6d1909dc9b6af6be4ecd06a7ada33: Bug 1186284 - Remove EOL B2G branches from the printurls commit hook. r=catlee
Ryan VanderMeulen <ryanvm@gmail.com> - Thu, 23 Jul 2015 16:37:59 -0400 - rev 361109
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
Bug 1186284 - Remove EOL B2G branches from the printurls commit hook. r=catlee
cba501d98a9a100523f68594ccf09b9d05d4d39a: scripts: ensure repo root has proper permissions (bug 1186992); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 11:24:44 -0700 - rev 361108
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
scripts: ensure repo root has proper permissions (bug 1186992); r=fubar We weren't adjusting permissions on the root directory of the repository. Derp.
9f5db4742f2fd3e6bf35a52585aac07cab8a7337: ansible/hg-web: remove outputif from permissions cron (bug 1186992); r=fubar
Gregory Szorc <gps@mozilla.com> - Thu, 23 Jul 2015 11:15:29 -0700 - rev 361107
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: remove outputif from permissions cron (bug 1186992); r=fubar We want to receive email reports of what changed so we can identify processes that are mucking about with repository permissions improperly. There should be no output if nothing changed. So remove outputif.
8e86cbe99820973530d701321801f9d9f941e846: ansible/hg-web: install CRON to normalize repository permissions (bug 1186256); r=fubar
Gregory Szorc <gps@mozilla.com> - Wed, 22 Jul 2015 11:16:24 -0700 - rev 361106
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
ansible/hg-web: install CRON to normalize repository permissions (bug 1186256); r=fubar The repository permissions on the hgweb machines are all over the place. While repositories are all likely read-write by the "hg" user, group permissions are inconsistent. Permissions for others is also inconsistent. This commit creates a short shell script for iterating over repositories in a base directory and adjusting permissions on them. We install a CRON on the hgweb machines to perform this iteration daily. We select permissions of 2775 for directories and 664 for files.
fc1c07f18570def20ab35e52622d8f92331c26a1: scripts: add a script to adjust repository permissions (bug 1186256); r=fubar
Gregory Szorc <gps@mozilla.com> - Wed, 22 Jul 2015 11:16:11 -0700 - rev 361105
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
scripts: add a script to adjust repository permissions (bug 1186256); r=fubar Inspection of repositories on production machines reveals incredible inconsistency in filesystem permissions. Sanity injection is needed. This script is roughly equivalent to: $ find repo -type f -exec chmod XXX {} \; $ find repo -type d -exec chmod XXXX {} \; Although the file modes are configurable and it prints a summary of what all changed. The summary is important: we can install this as a CRON and it will only whine if permissions were adjusted. This will give insight to server processes that are improperly adjusting permissions.
5fb72f958a6bbe5c6534eff163ff81b1dbfc6b2c: Fixup python syntax error from previous commit.
Steven MacLeod <smacleod@mozilla.com> - Wed, 22 Jul 2015 13:22:16 -0400 - rev 361104
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
Fixup python syntax error from previous commit.
7ed8fd035bbcca98cd5556340a3b2be5d6b90e75: mozreview: start passing cookie authentication when auto publishing (Bug 1184079). r=gps
Steven MacLeod <smacleod@mozilla.com> - Wed, 22 Jul 2015 11:52:45 -0400 - rev 361103
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
mozreview: start passing cookie authentication when auto publishing (Bug 1184079). r=gps We were not using provided cookie credentials to authenticate with Review Board when automatically publishing review requests on push. We now use these credentials if they are provided. Also, we use the RBClient context manager from reviewboardmods.pushhooks to avoid issues with the RBTools cache and cookie files that we hit with the RBTools version we are using. Once we are able to upgrade to a newer version of RBTools we should be able to remove the hacks here as well.
e7d868fc353b4f040f2d66bf798358535ce302c9: hgmo: use modern import syntax; r=smacleod
Gregory Szorc <gps@mozilla.com> - Tue, 21 Jul 2015 16:43:53 -0700 - rev 361102
Push 16998 by rwood@mozilla.com at Mon, 02 May 2016 19:42:03 +0000
hgmo: use modern import syntax; r=smacleod Mercurial has adopted a modern import syntax that is compatible with Python 3. Switch to it.
(0) -300000 -100000 -30000 -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 +1000 +3000 +10000 +30000 +100000 +300000 tip