Skip to content

Commit

Permalink
Merge branch 'master' into issue568
Browse files Browse the repository at this point in the history
  • Loading branch information
MarcoIeni authored Nov 26, 2024
2 parents 152e7f1 + 40dfffe commit d579a99
Show file tree
Hide file tree
Showing 46 changed files with 310 additions and 365 deletions.
11 changes: 11 additions & 0 deletions ansible/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,22 @@ aws ec2-instance-connect send-ssh-public-key \
--instance-id $HOST_INSTANCE_ID \
--instance-os-user $USER \
--ssh-public-key file://$PATH_TO_PUBLIC_KEY
--region $REGION
```

You will then have 60 seconds to kick off the `./apply` script before the
public key is removed again.

> [!NOTE]
> If the server is an fresh Ubuntu instance, use `ubuntu` as `$USER`, and
> run ansible with the `-u ubuntu` flag.
> E.g.:
>
> ```sh
> $ aws ec2-instance-connect send-ssh-public-key [...] --instance-os-user 'ubuntu' [...]
> $ ./apply [...] -u ubuntu
> ```
## Environments
Making changes directly on production is not a great idea: to ease local
Expand Down
3 changes: 3 additions & 0 deletions ansible/apply
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ def run_playbook(args):
ansible_args += ["--check"]
if args.diff:
ansible_args += ["--diff"]
if args.verbose > 0:
ansible_args += [f"-{'v' * args.verbose}"]

env = os.environ.copy()
# Set environment variable if running on macOS to avoid python crash
Expand Down Expand Up @@ -112,6 +114,7 @@ if __name__ == "__main__":
"--diff", help="perform an Ansible diff run",
action="store_true",
)
parser.add_argument('-v', '--verbose', action='count', default=0)
args = parser.parse_args()

install_ansible()
Expand Down
12 changes: 0 additions & 12 deletions ansible/envs/dev-example/group_vars/crater.yml

This file was deleted.

2 changes: 0 additions & 2 deletions ansible/envs/dev-example/group_vars/playground.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
---

vars_playground_domain: example.com

vars_playground_s3_bucket: bucket-name

vars_playground_aws:
Expand Down
3 changes: 0 additions & 3 deletions ansible/envs/dev-example/hosts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,3 @@

[monitoring]
# monitoring-server.local

[crater]
# crater-agent.local
11 changes: 0 additions & 11 deletions ansible/envs/prod/group_vars/crater.yml

This file was deleted.

2 changes: 0 additions & 2 deletions ansible/envs/prod/group_vars/playground.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ ssm_playground: "{{ lookup('aws_ssm', '/prod/ansible/playground/', region='us-we
vars_extra_sudo_users:
- shep

vars_playground_domain: play-1.infra.rust-lang.org

vars_playground_s3_bucket: rust-playground-artifacts

vars_playground_env_github_token: "{{ ssm_playground['github-token'] }}"

This file was deleted.

This file was deleted.

6 changes: 1 addition & 5 deletions ansible/envs/prod/hosts
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,8 @@ bastion.infra.rust-lang.org
[monitoring]
monitoring.infra.rust-lang.org

[crater]
crater-azure-1.infra.rust-lang.org
crater-azure-2.infra.rust-lang.org

[playground]
play-1.infra.rust-lang.org
play-2.infra.rust-lang.org

[dev-desktop]
dev-desktop-eu-1.infra.rust-lang.org
Expand Down
27 changes: 0 additions & 27 deletions ansible/playbooks/crater.yml

This file was deleted.

11 changes: 9 additions & 2 deletions ansible/playbooks/monitoring.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
- crater.infra.rust-lang.org:9100
- docsrs.infra.rust-lang.org:9100
- bastion.infra.rust-lang.org:9100
- play-1.infra.rust-lang.org:9100
- play-2.infra.rust-lang.org:9100
- dev-desktop-staging.infra.rust-lang.org:9100
- dev-desktop-eu-1.infra.rust-lang.org:9100
- dev-desktop-eu-2.infra.rust-lang.org:9100
Expand Down Expand Up @@ -130,7 +130,14 @@
scheme: https
static_configs:
- targets:
- play.rust-lang.org:443
- play-2.infra.rust-lang.org:443

- job_name: playground-docker
metrics_path: /docker-metrics
scheme: https
static_configs:
- targets:
- play-2.infra.rust-lang.org:443

- job_name: cratesio_heroku_metrics
scheme: https
Expand Down
7 changes: 5 additions & 2 deletions ansible/playbooks/playground.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,17 @@
dummy_certs: "{{ vars_letsencrypt_dummy_certs }}"
email: [email protected]
domains:
- "{{ vars_playground_domain }}"
- "{{ inventory_hostname }}"

- role: nginx
worker_connections: "{{ vars_playground_number_connections }}"
proxied:
- domain: "{{ vars_playground_domain }}"
- domain: "{{ inventory_hostname }}"
to: "http://127.0.0.1:{{ vars_playground_env_ui_port }}"
websockets:
- '/websocket'
extra_locations:
- path: '/docker-metrics'
to: 'http://127.0.0.1:9323/metrics'

- role: playground
10 changes: 5 additions & 5 deletions ansible/roles/common/templates/networking/firewall.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@ set -euo pipefail
IFS=$'\n\t'

# Check if ip6tables is supported by the machine
if which ip6tables >/dev/null 2>&1 && /sbin/ip6tables -L >/dev/null 2>&1; then
if which ip6tables >/dev/null 2>&1 && /usr/sbin/ip6tables -L >/dev/null 2>&1; then
IPv6=true
COMMANDS=( "/sbin/iptables" "/sbin/ip6tables" )
COMMANDS=( "/usr/sbin/iptables" "/usr/sbin/ip6tables" )

echo "Operating on the following protocols: ipv4, ipv6"
else
IPv6=false
COMMANDS=( "/sbin/iptables" )
COMMANDS=( "/usr/sbin/iptables" )

echo "Operating on the following protocols: ipv4"
fi
Expand All @@ -31,12 +31,12 @@ cmd() {
}

cmd4() {
"/sbin/iptables" $@
"/usr/sbin/iptables" $@
}

cmd6() {
if "${IPv6}"; then
"/sbin/ip6tables" $@
"/usr/sbin/ip6tables" $@
fi
}

Expand Down
2 changes: 2 additions & 0 deletions ansible/roles/dev-desktop/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
---
vars_rustup_version: "1.27.1"
vars_rustup_checksum: "32a680a84cf76014915b3f8aa44e3e40731f3af92cd45eb0fcc6264fd257c428"

vars_team_login_path: "/root/team_login"
allow_ssh_extra_groups: "dev-desktop-allow-ssh"
Expand Down
30 changes: 19 additions & 11 deletions ansible/roles/dev-desktop/tasks/dependencies.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
- clang
- cmake
- gcc-mingw-w64-x86-64 # Allows running `x check --target x86_64-pc-windows-gnu`
- earlyoom # Earlyoom kills processes using too much memory before they can cause trouble.
- jq
- libssl-dev
- llvm
Expand All @@ -33,6 +32,8 @@
- "linux-tools-{{ kernel.stdout }}"
- "linux-tools-{{ kernel_flavor.stdout }}"
- libatk1.0-0 # Allows running `x test rustdoc-gui`
- libnss3
- libnspr4
- libatk-bridge2.0-0
- libcups2
- libxkbcommon0
Expand Down Expand Up @@ -113,15 +114,20 @@
- linux-image-extra-virtual
when: kernel_flavor.stdout == "generic"

- name: Install rustup in userspace for root
shell: |
set -eu
RUSTUP_VERSION=1.24.3
RUSTUP_SHA="a3cb081f88a6789d104518b30d4aa410009cd08c3822a1226991d6cf0442a0f8"
curl --proto '=https' --tlsv1.2 -sSf -O \
https://raw.githubusercontent.com/rust-lang/rustup/${RUSTUP_VERSION}/rustup-init.sh
echo "${RUSTUP_SHA} rustup-init.sh" | sha256sum --check --
sh rustup-init.sh --default-toolchain nightly -y --component rust-src
- name: Download Rustup installer
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/rust-lang/rustup/{{ vars_rustup_version }}/rustup-init.sh"
dest: /tmp/rustup-init.sh
mode: 0744
checksum: "sha256:{{ vars_rustup_checksum }}"

- name: Install Rustup in userspace for root
ansible.builtin.command: /tmp/rustup-init.sh --default-toolchain nightly -y --component rust-src

- name: Clean up Rustup installer
ansible.builtin.file:
path: /tmp/rustup-init.sh
state: absent

- name: Check if Node is installed
command: node --version
Expand All @@ -136,7 +142,9 @@

- name: Install Node
apt:
name: nodejs
name:
- nodejs
- npm
state: present
update_cache: yes

Expand Down
32 changes: 32 additions & 0 deletions ansible/roles/dev-desktop/tasks/fix_llvm_55575.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---

# lldb 14 fails to load Python modules due to a wrong path. The workaround for
# this issue is to symlink the modules to the path that lldb expects.
# https://github.com/llvm/llvm-project/issues/55575
#
# This fix can be removed once we move to llvm 16

- name: Find all lldb Python files
ansible.builtin.find:
paths: /usr/lib/llvm-14/lib/python3.12/dist-packages/lldb
file_type: file
register: lldb_python_files

- name: Find all lldb Python modules
ansible.builtin.find:
paths: /usr/lib/llvm-14/lib/python3.12/dist-packages/lldb
file_type: directory
register: lldb_python_directories

- name: Fix llvm/llvm-project#55575
ansible.builtin.file:
src: "{{ item.path }}"
dest: "/usr/lib/python3/dist-packages/lldb/{{ item.path | basename }}"
state: link
with_items: "{{ lldb_python_files.files + lldb_python_directories.files }}"

- name: Fix lldb-server-14.0.0
ansible.builtin.file:
src: /usr/lib/llvm-14/bin/lldb-server
dest: /usr/bin/lldb-server-14.0.6
state: link
2 changes: 2 additions & 0 deletions ansible/roles/dev-desktop/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---

- include_tasks: oom.yml
- include_tasks: dependencies.yml
- include_tasks: podman.yml
- include_tasks: quota.yml
Expand All @@ -12,3 +13,4 @@
- include_tasks: github.yml
- include_tasks: motd.yml
- include_tasks: scripts.yml
- include_tasks: fix_llvm_55575.yml
15 changes: 15 additions & 0 deletions ansible/roles/dev-desktop/tasks/oom.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
# earlyoom kills processes using too much memory before they can cause trouble.
- name: Install earlyoom
ansible.builtin.apt:
name: earlyoom
state: present

# The staging instance is so small that earlyoom prevents Ansible from executing
# the playbook successfully.
- name: Disable earlyoom on staging
ansible.builtin.service:
name: earlyoom
enabled: no
state: stopped
when: ansible_hostname == "dev-desktop-staging"
9 changes: 9 additions & 0 deletions ansible/roles/dev-desktop/tasks/services.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---

- name: Disable the apport service
ansible.builtin.systemd:
enabled: false
state: stopped
name: apport.service
# Not all of our hosts actually have this, just ignore it if it fails.
ignore_errors: true
15 changes: 13 additions & 2 deletions ansible/roles/docker/tasks/install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,21 @@
apt:
name:
- docker.io
# Needed to pull images from ECR:
- awscli
state: present

# Install AWS to pull images from ECR
- name: Install aws (Ubuntu < 24)
apt:
name: awscli
state: present
when: ansible_distribution_version is version('24', '<')
- name: Install aws (Ubuntu >= 24)
community.general.snap:
name: aws-cli
classic: true
state: present
when: ansible_distribution_version is version('24', '>=')

- name: unmask docker.service
systemd:
name: docker.service
Expand Down
6 changes: 6 additions & 0 deletions ansible/roles/nginx/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,10 @@ this role as well.
- domain: subdomain.example.com
# The destination to proxy to
to: http://localhost:8000
# Additional `location` directives to proxy, beyond the default `/` location [optional]
extra_locations:
# The location to respond to
- path: /my/awesome/location
# The URL to proxy to
to: http:127.0.0.1:9999/something
```
Loading

0 comments on commit d579a99

Please sign in to comment.