diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-12 16:35:34 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-12 21:05:14 +0100 |
commit | cedd6a3e354d8dd032568bb42e0ad0973608afee (patch) | |
tree | cb74d024288d46bcf6807fa2fe81cfbfc24a1c10 | |
parent | d24309fcd82d5abe399ef1cb6b46e6e1802206b8 (diff) | |
download | infrastructure-cedd6a3e354d8dd032568bb42e0ad0973608afee.tar.gz |
README.mdwn: Remove Masons
These are obsolete, see:
https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-January/013765.html
-rw-r--r-- | README.mdwn | 33 | ||||
-rw-r--r-- | firewall.yaml | 54 |
2 files changed, 0 insertions, 87 deletions
diff --git a/README.mdwn b/README.mdwn index de7a668a..f653efaf 100644 --- a/README.mdwn +++ b/README.mdwn @@ -684,39 +684,6 @@ the final SSH command showing any errors. ansible-playbook -i hosts baserock_storyboard/instance-backup-config.yml ansible-playbook -i hosts baserock_storyboard/instance-storyboard-config.yml -### Masons - -Mason is the name we use for an automated build and test system used in the -Baserock project. The V2 Mason that runs as <https://mason-x86-32.baserock.org/> -and <https://mason-x86-64.baserock.org/> lives in definitions.git, and is thus -available in infrastructure.git too by default. - -To build mason-x86-64: - - git clone git://git.baserock.org/baserock/baserock/infrastructure.git - cd infrastructure - - morph build systems/build-system-x86_64.morph - morph deploy baserock_mason_x86_64/mason-x86-64.morph - - nova boot mason-x86-64.baserock.org \ - --key-name $keyname \ - --flavor 'dc1.2x2' \ - --image baserock_mason_x86_64 \ - --nic "net-id=$network_id,v4-fixed-ip=192.168.222.80" \ - --security-groups internal-only,mason-x86 - --user-data baserock-ops-team.cloud-config - -The mason-x86-32 system is the same, just subsitute '64' for '32' in the above -commands. - -Note that the Masons are NOT in the 'default' security group, they are in -'internal-only'. This is a way of enforcing the [policy] that the Baserock -reference system definitions can only use source code hosted on -git.baserock.org, by making it impossible to fetch code from anywhere else. - -[policy]: http://wiki.baserock.org/policies/ - ### Trove To deploy to production, run these commands in a Baserock 'devel' diff --git a/firewall.yaml b/firewall.yaml index 64c9200c..6556a986 100644 --- a/firewall.yaml +++ b/firewall.yaml @@ -268,60 +268,6 @@ protocol: tcp remote_ip_prefix: 192.168.222.0/24 - - name: Mason x86 security group - neutron_sec_group: - name: mason-x86 - description: Allow inbound HTTP and HTTPS, and cache server fetches from port 8080. - state: present - - auth_url: "{{ ansible_env.OS_AUTH_URL }}" - login_username: "{{ ansible_env.OS_USERNAME }}" - login_password: "{{ ansible_env.OS_PASSWORD }}" - login_tenant_name: "{{ ansible_env.OS_TENANT_NAME }}" - - rules: - # 80: HTTP - - direction: ingress - port_range_min: 80 - port_range_max: 80 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - # 443: HTTPS - - direction: ingress - port_range_min: 443 - port_range_max: 443 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - # 7878: morph distbuild controller port. This rule allows a devel - # system inside the Baserock cloud to use the Mason instances for - # distbuilding, which is useful when building a Baserock release - # among other things. - - direction: ingress - port_range_min: 7878 - port_range_max: 7878 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 192.168.222.0/24 - - # 8080: morph-cache-server server port. The x86 Masons use - # cache.baserock.org as the cache server for their distbuild - # networks. So cache.baserock.org needs to be able to connect to - # them on this port to fetch artifacts. - - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 185.43.218.0/0 - # It'd be nice to limit access by security group, but it doesn't - # seem to actually work. Perhaps because we use external IP to - # access instead of internal IP. - #remote_group_id: "{{ default_group.sec_group.id }}" - - name: shared-artifact-cache security group neutron_sec_group: name: shared-artifact-cache |