README.mdwn: Remove Masons

These are obsolete, see:

  https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-January/013765.html

2 files changed, 0 insertions, 87 deletions

diff --git a/README.mdwn b/README.mdwn
index de7a668a..f653efaf 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -684,39 +684,6 @@ the final SSH command showing any errors.
     ansible-playbook -i hosts baserock_storyboard/instance-backup-config.yml
     ansible-playbook -i hosts baserock_storyboard/instance-storyboard-config.yml
 
-### Masons
-
-Mason is the name we use for an automated build and test system used in the
-Baserock project. The V2 Mason that runs as <https://mason-x86-32.baserock.org/>
-and <https://mason-x86-64.baserock.org/> lives in definitions.git, and is thus
-available in infrastructure.git too by default.
-
-To build mason-x86-64:
-
-    git clone git://git.baserock.org/baserock/baserock/infrastructure.git
-    cd infrastructure
-
-    morph build systems/build-system-x86_64.morph
-    morph deploy baserock_mason_x86_64/mason-x86-64.morph
-
-    nova boot mason-x86-64.baserock.org \
-        --key-name $keyname \
-        --flavor 'dc1.2x2' \
-        --image baserock_mason_x86_64 \
-        --nic "net-id=$network_id,v4-fixed-ip=192.168.222.80" \
-        --security-groups internal-only,mason-x86
-        --user-data baserock-ops-team.cloud-config
-
-The mason-x86-32 system is the same, just subsitute '64' for '32' in the above
-commands.
-
-Note that the Masons are NOT in the 'default' security group, they are in
-'internal-only'. This is a way of enforcing the [policy] that the Baserock
-reference system definitions can only use source code hosted on
-git.baserock.org, by making it impossible to fetch code from anywhere else.
-
-[policy]: http://wiki.baserock.org/policies/
-
 ### Trove
 
 To deploy to production, run these commands in a Baserock 'devel'
diff --git a/firewall.yaml b/firewall.yaml
index 64c9200c..6556a986 100644
--- a/firewall.yaml
+++ b/firewall.yaml
@@ -268,60 +268,6 @@
             protocol: tcp
             remote_ip_prefix: 192.168.222.0/24
 
-    - name: Mason x86 security group
-      neutron_sec_group:
-        name: mason-x86
-        description: Allow inbound HTTP and HTTPS, and cache server fetches from port 8080.
-        state: present
-
-        auth_url: "{{ ansible_env.OS_AUTH_URL }}"
-        login_username: "{{ ansible_env.OS_USERNAME }}"
-        login_password: "{{ ansible_env.OS_PASSWORD }}"
-        login_tenant_name: "{{ ansible_env.OS_TENANT_NAME }}"
-
-        rules:
-          # 80: HTTP
-          - direction: ingress
-            port_range_min: 80
-            port_range_max: 80
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 0.0.0.0/0
-
-          # 443: HTTPS
-          - direction: ingress
-            port_range_min: 443
-            port_range_max: 443
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 0.0.0.0/0
-
-          # 7878: morph distbuild controller port. This rule allows a devel
-          # system inside the Baserock cloud to use the Mason instances for
-          # distbuilding, which is useful when building a Baserock release
-          # among other things.
-          - direction: ingress
-            port_range_min: 7878
-            port_range_max: 7878
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 192.168.222.0/24
-
-          # 8080: morph-cache-server server port. The x86 Masons use
-          # cache.baserock.org as the cache server for their distbuild
-          # networks. So cache.baserock.org needs to be able to connect to
-          # them on this port to fetch artifacts.
-          - direction: ingress
-            port_range_min: 8080
-            port_range_max: 8080
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 185.43.218.0/0
-            # It'd be nice to limit access by security group, but it doesn't
-            # seem to actually work. Perhaps because we use external IP to
-            # access instead of internal IP.
-            #remote_group_id: "{{ default_group.sec_group.id }}"
-
     - name: shared-artifact-cache security group
       neutron_sec_group:
         name: shared-artifact-cache