Add ansible role to manage gerritbot
This new ansible role deploys gerritbot with docker-compose on eavesdrop.openstack.org. This way we can run it where the other bots live. Testing is rudimentary for now as we don't really want to connect to a production gerrit and freenode. We check things the best we can. We will want to coordinate deployment of this change with disabling the running service on the gerrit server. Depends-On: https://review.opendev.org/745240 Change-Id: I008992978791ff0a38f92fb4bc529ff643f01dd6
This commit is contained in:
parent
4092ef34e5
commit
506a11f9d2
1
playbooks/roles/gerritbot/README.rst
Normal file
1
playbooks/roles/gerritbot/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Set up gerritbot
|
4
playbooks/roles/gerritbot/defaults/main.yaml
Normal file
4
playbooks/roles/gerritbot/defaults/main.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
gerritbot_irc_nick: openstackgerrit
|
||||
gerritbot_irc_server: irc.freenode.net
|
||||
gerritbot_gerrit_user: gerritbot
|
||||
gerritbot_gerrit_host: review.openstack.org
|
15
playbooks/roles/gerritbot/files/docker-compose.yaml
Normal file
15
playbooks/roles/gerritbot/files/docker-compose.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
# Version 2 is the latest that is supported by docker-compose in
|
||||
# Ubuntu Xenial.
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
gerritbot:
|
||||
image: docker.io/opendevorg/gerritbot:latest
|
||||
network_mode: host
|
||||
# TODO For testing our broken config may cause this to restart
|
||||
# in a loop making freenode sad. Avoid that for now while we
|
||||
# sort out how to test this.
|
||||
restart: 'no'
|
||||
volumes:
|
||||
# This contains the main config, channel config, and ssh key
|
||||
- /etc/gerritbot:/etc/gerritbot
|
32
playbooks/roles/gerritbot/files/logging.config
Normal file
32
playbooks/roles/gerritbot/files/logging.config
Normal file
@ -0,0 +1,32 @@
|
||||
[loggers]
|
||||
keys=root,gerrit,gerritbot
|
||||
|
||||
[handlers]
|
||||
keys=console
|
||||
|
||||
[formatters]
|
||||
keys=simple
|
||||
|
||||
[logger_root]
|
||||
level=DEBUG
|
||||
handlers=console
|
||||
|
||||
[logger_gerrit]
|
||||
level=DEBUG
|
||||
handlers=console
|
||||
qualname=gerrit
|
||||
|
||||
[logger_gerritbot]
|
||||
level=DEBUG
|
||||
handlers=console
|
||||
qualname=gerritbot
|
||||
|
||||
[handler_console]
|
||||
level=INFO
|
||||
class=StreamHandler
|
||||
formatter=simple
|
||||
args=(sys.stdout,)
|
||||
|
||||
[formatter_simple]
|
||||
format=%(asctime)s %(levelname)s %(name)s: %(message)s
|
||||
datefmt=
|
67
playbooks/roles/gerritbot/tasks/main.yaml
Normal file
67
playbooks/roles/gerritbot/tasks/main.yaml
Normal file
@ -0,0 +1,67 @@
|
||||
- name: Ensure /etc/gerritbot directory
|
||||
file:
|
||||
state: directory
|
||||
path: /etc/gerritbot
|
||||
mode: 0755
|
||||
|
||||
- name: Put gerritbot config in place
|
||||
template:
|
||||
src: gerritbot.config.j2
|
||||
dest: /etc/gerritbot/gerritbot.config
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Put gerritbot logging config in place
|
||||
copy:
|
||||
src: logging.config
|
||||
dest: /etc/gerritbot/logging.config
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Put gerritbot channel config in place
|
||||
copy:
|
||||
src: /opt/project-config/gerritbot/channels.yaml
|
||||
remote_src: yes
|
||||
dest: /etc/gerritbot/channel_config.yaml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
register: channel_config_copied
|
||||
|
||||
- name: Put gerritbot ssh key in place
|
||||
copy:
|
||||
content: "{{ gerritbot_ssh_key }}"
|
||||
dest: /etc/gerritbot/gerritbot_rsa
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
|
||||
- name: Ensure /etc/gerritbot-docker directory
|
||||
file:
|
||||
state: directory
|
||||
path: /etc/gerritbot-docker
|
||||
mode: 0755
|
||||
|
||||
- name: Put docker-compose file in place
|
||||
copy:
|
||||
src: docker-compose.yaml
|
||||
dest: /etc/gerritbot-docker/docker-compose.yaml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Run docker-compose pull
|
||||
shell:
|
||||
cmd: docker-compose pull
|
||||
chdir: /etc/gerritbot-docker/
|
||||
|
||||
- name: Run docker-compose up
|
||||
shell:
|
||||
cmd: "docker-compose up -d {{ channel_config_copied is changed | ternary('--force-recreate', '') }}"
|
||||
chdir: /etc/gerritbot-docker/
|
||||
|
||||
- name: Run docker prune to cleanup unneeded images
|
||||
shell:
|
||||
cmd: docker image prune -f
|
13
playbooks/roles/gerritbot/templates/gerritbot.config.j2
Normal file
13
playbooks/roles/gerritbot/templates/gerritbot.config.j2
Normal file
@ -0,0 +1,13 @@
|
||||
[ircbot]
|
||||
nick={{ gerritbot_irc_nick }}
|
||||
pass={{ gerritbot_irc_password }}
|
||||
server={{ gerritbot_irc_server }}
|
||||
port=6697
|
||||
channel_config=/etc/gerritbot/channel_config.yaml
|
||||
log_config=/etc/gerritbot/logging.config
|
||||
|
||||
[gerrit]
|
||||
user={{ gerritbot_gerrit_user }}
|
||||
key=/etc/gerritbot/gerritbot_rsa
|
||||
host={{ gerritbot_gerrit_host }}
|
||||
port=29418
|
@ -7,5 +7,6 @@
|
||||
- sync-project-config
|
||||
- install-docker
|
||||
- accessbot
|
||||
- gerritbot
|
||||
- name: run-puppet
|
||||
manifest: /opt/system-config/production/manifests/eavesdrop.pp
|
||||
|
@ -9,3 +9,38 @@ accessbot_nick: username
|
||||
accessbot_nick_password: password
|
||||
ptgbot_password: password
|
||||
access_bot_install_only: true
|
||||
gerritbot_irc_nick: gerritbottest
|
||||
gerritbot_irc_password: notarealpassword
|
||||
gerritbot_irc_server: irc.doesnotexist.com
|
||||
gerritbot_gerrit_user: gerritbottest
|
||||
gerritbot_gerrit_host: review-dev.opendev.org
|
||||
# This is a real key to make paramiko happy
|
||||
# but it was generated just for testing.
|
||||
gerritbot_ssh_key: |
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAQEAsCCW/N5CWfLqUfO51GpTYFiF1a6oNVROj1l67Jftql7iocOnoS/b
|
||||
BUgNWryLgt8zGeCdjMZMOlzeO9zIs8T7GhCM/1uhha11MDYuy2WxXmRrOWkgOsqvdQ8Zbr
|
||||
yQToNRbnrmkTPVpQLVMo+i9lD/t9SUKPAZ1mmMpEMQcA3Pwx8xtGdZJZHr4ePSuval89Jn
|
||||
8aUXBeTVQ2gfo6iffQnqAHJwQDjgskM41TfuZaQnNpFb9jBpJ68sWnV/1VWO6PjWJB0UfO
|
||||
lwFOuB920kponfn3oge8mlH4aEHRqeN8uCSVewLU/4VVSxlV69jpbaFpGzCWn4tY7tebq4
|
||||
/suCIvJpPwAAA8iHujUFh7o1BQAAAAdzc2gtcnNhAAABAQCwIJb83kJZ8upR87nUalNgWI
|
||||
XVrqg1VE6PWXrsl+2qXuKhw6ehL9sFSA1avIuC3zMZ4J2Mxkw6XN473MizxPsaEIz/W6GF
|
||||
rXUwNi7LZbFeZGs5aSA6yq91DxluvJBOg1FueuaRM9WlAtUyj6L2UP+31JQo8BnWaYykQx
|
||||
BwDc/DHzG0Z1klkevh49K69qXz0mfxpRcF5NVDaB+jqJ99CeoAcnBAOOCyQzjVN+5lpCc2
|
||||
kVv2MGknryxadX/VVY7o+NYkHRR86XAU64H3bSSmid+feiB7yaUfhoQdGp43y4JJV7AtT/
|
||||
hVVLGVXr2OltoWkbMJafi1ju15urj+y4Ii8mk/AAAAAwEAAQAAAQAvOJ2isGhzu1gtnr3t
|
||||
AJDYHQPM9aXtnmvtrRzzAAzdh9EVc+KmqbD8KoRCFpkE/pix0HINQ0E+yJVg0WISKLb2Fw
|
||||
fmkwesUoQ/59cF+37hguTooJHekWcXaHP2J6I9GqIjj9nvhkk6k5bbln0nszHMdLdAfpc+
|
||||
0E+/3qcyk9FnS6zei3aYHCNDYkfSmE9eFr0STrvk4XgmrWfZMZ8nO3vq5GS8KrH0PA03s1
|
||||
91UEb0yZS3eqdpTGv+it11TAwuz+5sW4YxDcBdCU9PwdIQt6KXauE4bfAFrSNIPf0dyEW6
|
||||
noAtQ1ynad50eOpfLuo353CV3svaasmxXvuL3c26T4UZAAAAgQCkXQDZ03Q6Yt2V51FFXl
|
||||
KyXao7LHMlvkvMJtiD/VXlZx2OEyqcEoalJjclMDTQA9Ars6cHvoysXQm1XSpjSzYuePRR
|
||||
TyUNN1gLN/qFL51y5ZaJNUM/f/wRNziCIbwFlPIuR0fq/FlMRSmeElaOUyzsWcYJ0R2hIw
|
||||
YyqPXgLQk90gAAAIEA2dyydT1DkJ/yhfg3PCoANDUtGQV9Pbd4cwfP5ynauuLw1W3FHAWS
|
||||
KmpE8TG+KKtlTnx0f4n4lySx69BE+46TVE6yhRTEYVtelvEJRDvXAeI/zjtLNwNNrHfLxG
|
||||
tDh3jI6c6OMA7ldwzlgxyRPlPtFsx5/UoHN5xN6BrVjZmMZ9MAAACBAM71lW7KLirHAxnI
|
||||
tGY2iXCbU3avoFMy+0dItNSTxqkZkWdL2m//de1GnnCvUfbztvcRGvcfZf6xhN8JG5GMbS
|
||||
cXQaQheBjtMHv9eMHbVu2pru0MRk1OMWXhwLS1XC0u0ZukL+oBt6BPdTWbXakQm/Lr++Ou
|
||||
60qDzGhMay/gX+FlAAAAEWNsYXJrQG5pYmJsZXIubGFuAQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
@ -23,3 +23,15 @@ def test_eavesdrop(host):
|
||||
web = ('-A openstack-INPUT -p tcp -m state --state NEW'
|
||||
' -m tcp --dport 80 -j ACCEPT')
|
||||
assert web in rules
|
||||
|
||||
def test_gerritbot_logs(host):
|
||||
# A simple check that docker-compose and our container did something
|
||||
cmd = host.run("docker logs gerritbot-docker_gerritbot_1")
|
||||
# We expect auth to fail so check that it did
|
||||
assert "Authentication (publickey) failed" in cmd.stdout
|
||||
|
||||
def test_gerritbot_running(host):
|
||||
# Check that the container hasn't stopped
|
||||
cmd = host.run("docker ps -a")
|
||||
assert 'gerritbot-docker_gerritbot_1' in cmd.stdout
|
||||
assert 'Up ' in cmd.stdout
|
||||
|
@ -116,7 +116,9 @@
|
||||
- opendev/ansible-role-puppet
|
||||
- opendev/system-config
|
||||
- openstack/project-config
|
||||
requires: accessbot-container-image
|
||||
requires:
|
||||
- accessbot-container-image
|
||||
- gerritbot-container-image
|
||||
nodeset:
|
||||
nodes:
|
||||
- name: bridge.openstack.org
|
||||
@ -137,6 +139,7 @@
|
||||
- playbooks/roles/disable-puppet-agent/
|
||||
- playbooks/roles/accessbot
|
||||
- playbooks/roles/logrotate
|
||||
- playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
|
||||
- modules/openstack_project/manifests/eavesdrop.pp
|
||||
- manifests/eavesdrop.pp
|
||||
- docker/accessbot/
|
||||
|
Loading…
Reference in New Issue
Block a user