Merge "Run matrix-gerritbot with gerritbot user"
This commit is contained in:
commit
76a605a1dc
@ -1,3 +1,5 @@
|
||||
gerritbot_gid: 11000
|
||||
gerritbot_uid: 11000
|
||||
gerritbot_matrix_version: 4aeeac8
|
||||
gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
|
||||
gerritbot_matrix_prometheus_port: 9001
|
||||
|
@ -1,7 +1,24 @@
|
||||
- name: Create gerritbot group
|
||||
group:
|
||||
name: "gerritbot"
|
||||
gid: "{{ gerritbot_gid }}"
|
||||
system: yes
|
||||
- name: Create gerritbot user
|
||||
user:
|
||||
name: "gerritbot"
|
||||
group: "gerritbot"
|
||||
uid: "{{ gerritbot_uid }}"
|
||||
home: "/var/lib/gerritbot"
|
||||
create_home: yes
|
||||
shell: /bin/bash
|
||||
system: yes
|
||||
|
||||
- name: Ensure bot directories
|
||||
file:
|
||||
state: directory
|
||||
path: '/var/lib/matrix-gerritbot/{{ item }}'
|
||||
owner: gerritbot
|
||||
group: gerritbot
|
||||
mode: 0700
|
||||
loop:
|
||||
- config
|
||||
@ -11,6 +28,8 @@
|
||||
copy:
|
||||
src: gerritbot.yaml
|
||||
dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml
|
||||
owner: gerritbot
|
||||
group: gerritbot
|
||||
register: _gerritbot_config
|
||||
|
||||
- name: Lookup the configuration schema
|
||||
@ -25,7 +44,7 @@
|
||||
vars:
|
||||
config: /var/lib/matrix-gerritbot/config
|
||||
yaml_to_dhall: >-
|
||||
docker run -i -v {{ config }}:{{ config }}
|
||||
docker run --user {{ gerritbot_uid }}:{{ gerritbot_gid }} -i -v {{ config }}:{{ config }}
|
||||
--rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall
|
||||
schema: "List {{ _gerritbot_schema.stdout }}"
|
||||
|
||||
@ -34,17 +53,23 @@
|
||||
content: "{{ gerritbot_ssh_key }}"
|
||||
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}"
|
||||
mode: 0400
|
||||
owner: gerritbot
|
||||
group: gerritbot
|
||||
no_log: true
|
||||
|
||||
- name: Install gerritbot ssh key
|
||||
copy:
|
||||
content: "{{ gerritbot_ssh_pubkey }}"
|
||||
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}.pub"
|
||||
owner: gerritbot
|
||||
group: gerritbot
|
||||
|
||||
- name: Install gerritbot known host
|
||||
copy:
|
||||
content: "{{ gerritbot_known_hosts }}"
|
||||
dest: "/var/lib/matrix-gerritbot/ssh/known_hosts"
|
||||
owner: gerritbot
|
||||
group: gerritbot
|
||||
|
||||
- name: Ensure /etc/matrix-gerritbot-docker directory
|
||||
file:
|
||||
|
@ -6,6 +6,7 @@ services:
|
||||
gerritbot-matrix:
|
||||
image: {{ gerritbot_matrix_image }}
|
||||
network_mode: host
|
||||
user: "{{ gerritbot_uid }}:{{ gerritbot_gid }}"
|
||||
restart: always
|
||||
logging:
|
||||
driver: syslog
|
||||
@ -15,8 +16,8 @@ services:
|
||||
MATRIX_TOKEN: {{ gerritbot_matrix_access_token }}
|
||||
MATRIX_IDENTITY_TOKEN: {{ gerritbot_matrix_identity_token }}
|
||||
volumes:
|
||||
- /var/lib/matrix-gerritbot/config:/config
|
||||
- /var/lib/matrix-gerritbot/ssh:/root/.ssh
|
||||
- /var/lib/matrix-gerritbot/config:/config:ro
|
||||
- /var/lib/matrix-gerritbot/ssh:/root/.ssh:ro
|
||||
healthcheck:
|
||||
test: "gerritbot-matrix check {{ gerritbot_matrix_prometheus_port }}"
|
||||
retries: 6
|
||||
|
Loading…
Reference in New Issue
Block a user