Move part of the Taskcluster configuration

… to https://github.com/servo/taskcluster-config

etc/taskcluster/macos/.gitignore

@@ -1 +0,0 @@
-.salt

etc/taskcluster/macos/README.md

@@ -1,69 +0,0 @@
-# macOS
-
-This is the configuration for the `proj-servo/macos` worker type.
-These macOS workers are configured with SaltStack in [agentless] mode.
-
-[agentless]: https://docs.saltstack.com/en/getstarted/ssh/index.html
-
-Either run `./salt-ssh`
-to automatically install `salt-ssh` in `mach`’s existing Python virtualenv,
-or install `salt-ssh` through some other mean and run in from this directory.
-
-```sh
-cd etc/taskcluster/macos
-./salt-ssh '*' test.ping
-./salt-ssh '*' state.apply test=True
-```
-
-## Troubleshooting
-
-SSH into `servo-tc-mac1.servo.org`.
-`generic-worker` logs are in `less /Users/worker/stderr.log`.
-
-If the worker seems stuck but nothing seems wrong in the log,
-try running `launchctl stop net.generic.worker`.
-(It is configured to restart automatically.)
-This issue is tracked at
-[generic-worker#133](https://github.com/taskcluster/generic-worker/issues/133).
-
-
-## (Re)deploying a server
-
-* Place an order or file a ticket with MacStadium to get a new hardware or reinstall an OS.
-
-* Change the administrator password to one generated with
-  `</dev/urandom tr -d -c 'a-zA-Z' | head -c 8; echo`
-  (this short because of VNC),
-  and save it in the shared 1Password account.
-
-* Give the public IPv4 address a DNS name through Cloudflare.
-
-* Add a correponding entry in the `config/roster` file.
-
-* Log in through VNC, and run `xcode-select --install`
-
-* Still in VNC, install the jdk8 package from http://adoptopenjdk.net
-
-* Install an ssh key into /Users/administrator/.ssh/authorized_keys and
-/var/root/.ssh/authorized_keys.
-
-## Taskcluster secrets
-
-This SaltStack configuration has a custom module that uses Taskcluster’s
-[secrets service](https://tools.taskcluster.net/secrets/).
-These secrets include an authentication token.
-You’ll need to authenticate with a Taskcluster client ID
-that has scope `secrets:get:project/servo/*`.
-This should be the case if you’re a Servo project administrator (the `project-admin:servo` role).
-
-To authenticate, install [taskcluster-cli](https://github.com/taskcluster/taskcluster-cli)
-and run `eval \`taskcluster signin\``. This will set up the TASKCLUSTER_CLIENT_ID and
-TASKCLUSTER_ACCESS_TOKEN variables to allow retrieving secrets appropriately in the current
-terminal session.
-
-## Worker’s client ID
-
-Workers are configured to authenticate with client ID
-[`project/servo/worker/macos/1`](
-https://tools.taskcluster.net/auth/clients/project%2Fservo%2Fworker%macos%2F1).
-This client has the scopes required to run tasks for this worker type.

etc/taskcluster/macos/Saltfile

@@ -1,3 +0,0 @@
-salt-ssh:
-  config_dir: ./config
-  state_verbose: False

etc/taskcluster/macos/config/master

@@ -1,14 +0,0 @@
-root_dir: .salt
-file_roots:
-  base:
-    - states
-extension_modules: ../modules
-ext_pillar:
-  - taskcluster_secrets:
-  - ssh_keys:
-roster_defaults:
-    # https://github.com/saltstack/salt/issues/50477
-    minion_opts:
-        providers:
-            user: mac_user
-            group: mac_group

etc/taskcluster/macos/config/roster

@@ -1,16 +0,0 @@
-mac1:
-    host: servo-tc-mac1.servo.org
-mac2:
-    host: servo-tc-mac2.servo.org
-mac3:
-    host: servo-tc-mac3.servo.org
-mac4:
-    host: servo-tc-mac4.servo.org
-mac5:
-    host: servo-tc-mac5.servo.org
-mac6:
-    host: servo-tc-mac6.servo.org
-mac7:
-    host: servo-tc-mac8.servo.org
-mac8:
-    host: servo-tc-mac8.servo.org

etc/taskcluster/macos/modules/pillar/ssh_keys.py

@@ -1,14 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at https://mozilla.org/MPL/2.0/.
-
-import urllib
-
-
-def ext_pillar(_minion_id, _pillar, *_args):
-    url = "https://raw.githubusercontent.com/servo/saltfs/master/admin/files/ssh/%s.pub"
-    return {"ssh_keys": [urllib.urlopen(url % name).read() for name in [
-        "jdm",
-        "manishearth",
-        "simonsapin",
-    ]]}

etc/taskcluster/macos/modules/pillar/taskcluster_secrets.py

@@ -1,13 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at https://mozilla.org/MPL/2.0/.
-
-import os
-import sys
-sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "..", "packet.net"))
-import tc
-
-
-def ext_pillar(_minion_id, _pillar, *_args):
-    tc.check()
-    return tc.secret("project/servo/tc-client/worker/macos/1")

etc/taskcluster/macos/salt-ssh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at https://mozilla.org/MPL/2.0/.
-
-set -o errexit
-set -o nounset
-set -o pipefail
-
-cd "$(dirname $0)"
-VENV_BIN="../../../python/_virtualenv/bin"
-[ -x "${VENV_BIN}/salt-ssh" ] || "${VENV_BIN}/pip" install salt-ssh
-"${VENV_BIN}/salt-ssh" "${@}"

etc/taskcluster/macos/states/generic-worker.plist.jinja

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-    <key>Label</key>             <string>net.generic.worker</string>
-    <key>KeepAlive</key>         <true/>
-    <key>StandardOutPath</key>   <string>stdout.log</string>
-    <key>StandardErrorPath</key> <string>stderr.log</string>
-    <key>WorkingDirectory</key>  <string>{{ home }}</string>
-    <key>UserName</key>          <string>{{ username }}</string>
-    <key>ProgramArguments</key>  <array>
-        <string>{{ bin }}/generic-worker</string>
-        <string>run</string>
-        <string>--config</string>
-        <string>{{ etc }}/config.json</string>
-    </array>
-</dict>
-</plist>

etc/taskcluster/macos/states/generic-worker.sls

@@ -1,108 +0,0 @@
-{% set bin = "/usr/local/bin" %}
-{% set etc = "/etc/generic-worker" %}
-{% set user = "worker" %}
-{% set home = "/Users/" + user %}
-
-GMT:
-  timezone.system
-
-sshkeys:
-  ssh_auth.present:
-    - user: root
-    - names:
-    {% for key in pillar["ssh_keys"] %}
-      - {{ key | yaml_encode }}
-    {% endfor %}
-
-{{ bin }}/generic-worker:
-  file.managed:
-    - name:
-    - source: https://github.com/taskcluster/generic-worker/releases/download/v14.1.1/generic-worker-nativeEngine-darwin-amd64
-    - source_hash: sha256=817e72972a7c077f1a829d5824e5c0e831eb6f9b254672e7427246a8dd476a59
-    - mode: 755
-    - makedirs: True
-    - watch_in:
-      - service: net.generic.worker
-
-{{ bin }}/livelog:
-  file.managed:
-    - source: https://github.com/taskcluster/livelog/releases/download/v1.1.0/livelog-darwin-amd64
-    - source_hash: sha256=be5d4b998b208afd802ac6ce6c4d4bbf0fb3816bb039a300626abbc999dfe163
-    - mode: 755
-    - makedirs: True
-    - watch_in:
-      - service: net.generic.worker
-
-{{ bin }}/taskcluster-proxy:
-  file.managed:
-    - source: https://github.com/taskcluster/taskcluster-proxy/releases/download/v5.1.0/taskcluster-proxy-darwin-amd64
-    - source_hash: sha256=3faf524b9c6b9611339510797bf1013d4274e9f03e7c4bd47e9ab5ec8813d3ae
-    - mode: 755
-    - makedirs: True
-    - watch_in:
-      - service: net.generic.worker
-
-{{ user }} group:
-  group.present:
-    - name: {{ user }}
-
-{{ user }}:
-  user.present:
-    - home: {{ home }}
-    - gid_from_name: True
-
-# `user.present`’s `createhome` is apparently not supported on macOS
-{{ home }}:
-  file.directory:
-    - user: {{ user }}
-
-{{ etc }}/config.json:
-  file.serialize:
-    - makedirs: True
-    - group: {{ user }}
-    - mode: 640
-    - show_changes: False
-    - formatter: json
-    - dataset:
-        provisionerId: proj-servo
-        workerType: macos
-        workerGroup: servo-macos
-        workerId: {{ grains["id"] }}
-        tasksDir: {{ home }}/tasks
-        publicIP: {{ salt.network.ip_addrs()[0] }}
-        ed25519SigningKeyLocation: {{ home }}/keypair
-        clientId: {{ pillar["client_id"] }}
-        accessToken: {{ pillar["access_token"] }}
-        taskclusterProxyExecutable: {{ bin }}/taskcluster-proxy
-        taskclusterProxyPort: 8080
-        livelogExecutable: {{ bin }}/livelog
-        wstAudience: taskcluster-net
-        wstServerURL: https://websocktunnel.tasks.build
-        rootURL: https://taskcluster.net
-    - watch_in:
-      - service: net.generic.worker
-
-{{ bin }}/generic-worker new-ed25519-keypair --file {{ home }}/keypair:
-  cmd.run:
-    - creates: {{ home }}/keypair
-    - runas: {{ user }}
-
-/Library/LaunchAgents/net.generic.worker.plist:
-  file.absent: []
-
-net.generic.worker:
-  file.managed:
-    - name: /Library/LaunchDaemons/net.generic.worker.plist
-    - mode: 600
-    - user: root
-    - template: jinja
-    - source: salt://generic-worker.plist.jinja
-    - context:
-      bin: {{ bin }}
-      etc: {{ etc }}
-      home: {{ home }}
-      username: {{ user }}
-  service.running:
-    - enable: True
-    - watch:
-      - file: /Library/LaunchDaemons/net.generic.worker.plist

etc/taskcluster/macos/states/top.sls

@@ -1,3 +0,0 @@
-base:
-  'mac*':
-    - generic-worker