From 506a11f9d23872e6f65c7dca95adf3c5d83d9919 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Tue, 4 Aug 2020 15:14:28 -0700 Subject: [PATCH] Add ansible role to manage gerritbot This new ansible role deploys gerritbot with docker-compose on eavesdrop.openstack.org. This way we can run it where the other bots live. Testing is rudimentary for now as we don't really want to connect to a production gerrit and freenode. We check things the best we can. We will want to coordinate deployment of this change with disabling the running service on the gerrit server. Depends-On: https://review.opendev.org/745240 Change-Id: I008992978791ff0a38f92fb4bc529ff643f01dd6 --- playbooks/roles/gerritbot/README.rst | 1 + playbooks/roles/gerritbot/defaults/main.yaml | 4 ++ .../roles/gerritbot/files/docker-compose.yaml | 15 +++++ .../roles/gerritbot/files/logging.config | 32 +++++++++ playbooks/roles/gerritbot/tasks/main.yaml | 67 +++++++++++++++++++ .../gerritbot/templates/gerritbot.config.j2 | 13 ++++ playbooks/service-eavesdrop.yaml | 1 + .../templates/group_vars/eavesdrop.yaml.j2 | 35 ++++++++++ testinfra/test_eavesdrop.py | 12 ++++ zuul.d/system-config-run.yaml | 5 +- 10 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 playbooks/roles/gerritbot/README.rst create mode 100644 playbooks/roles/gerritbot/defaults/main.yaml create mode 100644 playbooks/roles/gerritbot/files/docker-compose.yaml create mode 100644 playbooks/roles/gerritbot/files/logging.config create mode 100644 playbooks/roles/gerritbot/tasks/main.yaml create mode 100644 playbooks/roles/gerritbot/templates/gerritbot.config.j2 diff --git a/playbooks/roles/gerritbot/README.rst b/playbooks/roles/gerritbot/README.rst new file mode 100644 index 0000000000..96d69f11ab --- /dev/null +++ b/playbooks/roles/gerritbot/README.rst @@ -0,0 +1 @@ +Set up gerritbot diff --git a/playbooks/roles/gerritbot/defaults/main.yaml b/playbooks/roles/gerritbot/defaults/main.yaml new file mode 100644 index 0000000000..b61c23490e --- /dev/null +++ b/playbooks/roles/gerritbot/defaults/main.yaml @@ -0,0 +1,4 @@ +gerritbot_irc_nick: openstackgerrit +gerritbot_irc_server: irc.freenode.net +gerritbot_gerrit_user: gerritbot +gerritbot_gerrit_host: review.openstack.org diff --git a/playbooks/roles/gerritbot/files/docker-compose.yaml b/playbooks/roles/gerritbot/files/docker-compose.yaml new file mode 100644 index 0000000000..0d1f9e2b9d --- /dev/null +++ b/playbooks/roles/gerritbot/files/docker-compose.yaml @@ -0,0 +1,15 @@ +# Version 2 is the latest that is supported by docker-compose in +# Ubuntu Xenial. +version: '2' + +services: + gerritbot: + image: docker.io/opendevorg/gerritbot:latest + network_mode: host + # TODO For testing our broken config may cause this to restart + # in a loop making freenode sad. Avoid that for now while we + # sort out how to test this. + restart: 'no' + volumes: + # This contains the main config, channel config, and ssh key + - /etc/gerritbot:/etc/gerritbot diff --git a/playbooks/roles/gerritbot/files/logging.config b/playbooks/roles/gerritbot/files/logging.config new file mode 100644 index 0000000000..5a8dd149d1 --- /dev/null +++ b/playbooks/roles/gerritbot/files/logging.config @@ -0,0 +1,32 @@ +[loggers] +keys=root,gerrit,gerritbot + +[handlers] +keys=console + +[formatters] +keys=simple + +[logger_root] +level=DEBUG +handlers=console + +[logger_gerrit] +level=DEBUG +handlers=console +qualname=gerrit + +[logger_gerritbot] +level=DEBUG +handlers=console +qualname=gerritbot + +[handler_console] +level=INFO +class=StreamHandler +formatter=simple +args=(sys.stdout,) + +[formatter_simple] +format=%(asctime)s %(levelname)s %(name)s: %(message)s +datefmt= diff --git a/playbooks/roles/gerritbot/tasks/main.yaml b/playbooks/roles/gerritbot/tasks/main.yaml new file mode 100644 index 0000000000..b8b8437a84 --- /dev/null +++ b/playbooks/roles/gerritbot/tasks/main.yaml @@ -0,0 +1,67 @@ +- name: Ensure /etc/gerritbot directory + file: + state: directory + path: /etc/gerritbot + mode: 0755 + +- name: Put gerritbot config in place + template: + src: gerritbot.config.j2 + dest: /etc/gerritbot/gerritbot.config + owner: root + group: root + mode: 0600 + +- name: Put gerritbot logging config in place + copy: + src: logging.config + dest: /etc/gerritbot/logging.config + owner: root + group: root + mode: 0644 + +- name: Put gerritbot channel config in place + copy: + src: /opt/project-config/gerritbot/channels.yaml + remote_src: yes + dest: /etc/gerritbot/channel_config.yaml + owner: root + group: root + mode: 0644 + register: channel_config_copied + +- name: Put gerritbot ssh key in place + copy: + content: "{{ gerritbot_ssh_key }}" + dest: /etc/gerritbot/gerritbot_rsa + owner: root + group: root + mode: 0600 + +- name: Ensure /etc/gerritbot-docker directory + file: + state: directory + path: /etc/gerritbot-docker + mode: 0755 + +- name: Put docker-compose file in place + copy: + src: docker-compose.yaml + dest: /etc/gerritbot-docker/docker-compose.yaml + owner: root + group: root + mode: 0644 + +- name: Run docker-compose pull + shell: + cmd: docker-compose pull + chdir: /etc/gerritbot-docker/ + +- name: Run docker-compose up + shell: + cmd: "docker-compose up -d {{ channel_config_copied is changed | ternary('--force-recreate', '') }}" + chdir: /etc/gerritbot-docker/ + +- name: Run docker prune to cleanup unneeded images + shell: + cmd: docker image prune -f diff --git a/playbooks/roles/gerritbot/templates/gerritbot.config.j2 b/playbooks/roles/gerritbot/templates/gerritbot.config.j2 new file mode 100644 index 0000000000..5157c59f98 --- /dev/null +++ b/playbooks/roles/gerritbot/templates/gerritbot.config.j2 @@ -0,0 +1,13 @@ +[ircbot] +nick={{ gerritbot_irc_nick }} +pass={{ gerritbot_irc_password }} +server={{ gerritbot_irc_server }} +port=6697 +channel_config=/etc/gerritbot/channel_config.yaml +log_config=/etc/gerritbot/logging.config + +[gerrit] +user={{ gerritbot_gerrit_user }} +key=/etc/gerritbot/gerritbot_rsa +host={{ gerritbot_gerrit_host }} +port=29418 diff --git a/playbooks/service-eavesdrop.yaml b/playbooks/service-eavesdrop.yaml index f41d9db53d..8be03a3139 100644 --- a/playbooks/service-eavesdrop.yaml +++ b/playbooks/service-eavesdrop.yaml @@ -7,5 +7,6 @@ - sync-project-config - install-docker - accessbot + - gerritbot - name: run-puppet manifest: /opt/system-config/production/manifests/eavesdrop.pp diff --git a/playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 b/playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 index 8ca4039908..7223b2b8ac 100644 --- a/playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 @@ -9,3 +9,38 @@ accessbot_nick: username accessbot_nick_password: password ptgbot_password: password access_bot_install_only: true +gerritbot_irc_nick: gerritbottest +gerritbot_irc_password: notarealpassword +gerritbot_irc_server: irc.doesnotexist.com +gerritbot_gerrit_user: gerritbottest +gerritbot_gerrit_host: review-dev.opendev.org +# This is a real key to make paramiko happy +# but it was generated just for testing. +gerritbot_ssh_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn + NhAAAAAwEAAQAAAQEAsCCW/N5CWfLqUfO51GpTYFiF1a6oNVROj1l67Jftql7iocOnoS/b + BUgNWryLgt8zGeCdjMZMOlzeO9zIs8T7GhCM/1uhha11MDYuy2WxXmRrOWkgOsqvdQ8Zbr + yQToNRbnrmkTPVpQLVMo+i9lD/t9SUKPAZ1mmMpEMQcA3Pwx8xtGdZJZHr4ePSuval89Jn + 8aUXBeTVQ2gfo6iffQnqAHJwQDjgskM41TfuZaQnNpFb9jBpJ68sWnV/1VWO6PjWJB0UfO + lwFOuB920kponfn3oge8mlH4aEHRqeN8uCSVewLU/4VVSxlV69jpbaFpGzCWn4tY7tebq4 + /suCIvJpPwAAA8iHujUFh7o1BQAAAAdzc2gtcnNhAAABAQCwIJb83kJZ8upR87nUalNgWI + XVrqg1VE6PWXrsl+2qXuKhw6ehL9sFSA1avIuC3zMZ4J2Mxkw6XN473MizxPsaEIz/W6GF + rXUwNi7LZbFeZGs5aSA6yq91DxluvJBOg1FueuaRM9WlAtUyj6L2UP+31JQo8BnWaYykQx + BwDc/DHzG0Z1klkevh49K69qXz0mfxpRcF5NVDaB+jqJ99CeoAcnBAOOCyQzjVN+5lpCc2 + kVv2MGknryxadX/VVY7o+NYkHRR86XAU64H3bSSmid+feiB7yaUfhoQdGp43y4JJV7AtT/ + hVVLGVXr2OltoWkbMJafi1ju15urj+y4Ii8mk/AAAAAwEAAQAAAQAvOJ2isGhzu1gtnr3t + AJDYHQPM9aXtnmvtrRzzAAzdh9EVc+KmqbD8KoRCFpkE/pix0HINQ0E+yJVg0WISKLb2Fw + fmkwesUoQ/59cF+37hguTooJHekWcXaHP2J6I9GqIjj9nvhkk6k5bbln0nszHMdLdAfpc+ + 0E+/3qcyk9FnS6zei3aYHCNDYkfSmE9eFr0STrvk4XgmrWfZMZ8nO3vq5GS8KrH0PA03s1 + 91UEb0yZS3eqdpTGv+it11TAwuz+5sW4YxDcBdCU9PwdIQt6KXauE4bfAFrSNIPf0dyEW6 + noAtQ1ynad50eOpfLuo353CV3svaasmxXvuL3c26T4UZAAAAgQCkXQDZ03Q6Yt2V51FFXl + KyXao7LHMlvkvMJtiD/VXlZx2OEyqcEoalJjclMDTQA9Ars6cHvoysXQm1XSpjSzYuePRR + TyUNN1gLN/qFL51y5ZaJNUM/f/wRNziCIbwFlPIuR0fq/FlMRSmeElaOUyzsWcYJ0R2hIw + YyqPXgLQk90gAAAIEA2dyydT1DkJ/yhfg3PCoANDUtGQV9Pbd4cwfP5ynauuLw1W3FHAWS + KmpE8TG+KKtlTnx0f4n4lySx69BE+46TVE6yhRTEYVtelvEJRDvXAeI/zjtLNwNNrHfLxG + tDh3jI6c6OMA7ldwzlgxyRPlPtFsx5/UoHN5xN6BrVjZmMZ9MAAACBAM71lW7KLirHAxnI + tGY2iXCbU3avoFMy+0dItNSTxqkZkWdL2m//de1GnnCvUfbztvcRGvcfZf6xhN8JG5GMbS + cXQaQheBjtMHv9eMHbVu2pru0MRk1OMWXhwLS1XC0u0ZukL+oBt6BPdTWbXakQm/Lr++Ou + 60qDzGhMay/gX+FlAAAAEWNsYXJrQG5pYmJsZXIubGFuAQ== + -----END OPENSSH PRIVATE KEY----- diff --git a/testinfra/test_eavesdrop.py b/testinfra/test_eavesdrop.py index f2772f40e3..390d21433a 100644 --- a/testinfra/test_eavesdrop.py +++ b/testinfra/test_eavesdrop.py @@ -23,3 +23,15 @@ def test_eavesdrop(host): web = ('-A openstack-INPUT -p tcp -m state --state NEW' ' -m tcp --dport 80 -j ACCEPT') assert web in rules + +def test_gerritbot_logs(host): + # A simple check that docker-compose and our container did something + cmd = host.run("docker logs gerritbot-docker_gerritbot_1") + # We expect auth to fail so check that it did + assert "Authentication (publickey) failed" in cmd.stdout + +def test_gerritbot_running(host): + # Check that the container hasn't stopped + cmd = host.run("docker ps -a") + assert 'gerritbot-docker_gerritbot_1' in cmd.stdout + assert 'Up ' in cmd.stdout diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index 68c8a997f3..a4ccb41fea 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -116,7 +116,9 @@ - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config - requires: accessbot-container-image + requires: + - accessbot-container-image + - gerritbot-container-image nodeset: nodes: - name: bridge.openstack.org @@ -137,6 +139,7 @@ - playbooks/roles/disable-puppet-agent/ - playbooks/roles/accessbot - playbooks/roles/logrotate + - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 - modules/openstack_project/manifests/eavesdrop.pp - manifests/eavesdrop.pp - docker/accessbot/