Run matrix-gerritbot with gerritbot user
This updates matrix-gerritbot to run with the same user as gerritbot. Change-Id: Id2a473db9354871aa48ac9fd851573843cbac1b5
This commit is contained in:
Clark Boylan
parent
fd88087335
commit
7f9f1a2fad
@ -1,3 +1,5 @@
|
|||||||
|
gerritbot_gid: 11000
|
||||||
|
gerritbot_uid: 11000
|
||||||
gerritbot_matrix_version: 4aeeac8
|
gerritbot_matrix_version: 4aeeac8
|
||||||
gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
|
gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
|
||||||
gerritbot_matrix_prometheus_port: 9001
|
gerritbot_matrix_prometheus_port: 9001
|
||||||
|
|||||||
@ -1,7 +1,24 @@
|
|||||||
|
- name: Create gerritbot group
|
||||||
|
group:
|
||||||
|
name: "gerritbot"
|
||||||
|
gid: "{{ gerritbot_gid }}"
|
||||||
|
system: yes
|
||||||
|
- name: Create gerritbot user
|
||||||
|
user:
|
||||||
|
name: "gerritbot"
|
||||||
|
group: "gerritbot"
|
||||||
|
uid: "{{ gerritbot_uid }}"
|
||||||
|
home: "/var/lib/gerritbot"
|
||||||
|
create_home: yes
|
||||||
|
shell: /bin/bash
|
||||||
|
system: yes
|
||||||
|
|
||||||
- name: Ensure bot directories
|
- name: Ensure bot directories
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: '/var/lib/matrix-gerritbot/{{ item }}'
|
path: '/var/lib/matrix-gerritbot/{{ item }}'
|
||||||
|
owner: gerritbot
|
||||||
|
group: gerritbot
|
||||||
mode: 0700
|
mode: 0700
|
||||||
loop:
|
loop:
|
||||||
- config
|
- config
|
||||||
@ -11,6 +28,8 @@
|
|||||||
copy:
|
copy:
|
||||||
src: gerritbot.yaml
|
src: gerritbot.yaml
|
||||||
dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml
|
dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml
|
||||||
|
owner: gerritbot
|
||||||
|
group: gerritbot
|
||||||
register: _gerritbot_config
|
register: _gerritbot_config
|
||||||
|
|
||||||
- name: Lookup the configuration schema
|
- name: Lookup the configuration schema
|
||||||
@ -25,7 +44,7 @@
|
|||||||
vars:
|
vars:
|
||||||
config: /var/lib/matrix-gerritbot/config
|
config: /var/lib/matrix-gerritbot/config
|
||||||
yaml_to_dhall: >-
|
yaml_to_dhall: >-
|
||||||
docker run -i -v {{ config }}:{{ config }}
|
docker run --user {{ gerritbot_uid }}:{{ gerritbot_gid }} -i -v {{ config }}:{{ config }}
|
||||||
--rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall
|
--rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall
|
||||||
schema: "List {{ _gerritbot_schema.stdout }}"
|
schema: "List {{ _gerritbot_schema.stdout }}"
|
||||||
|
|
||||||
@ -34,17 +53,23 @@
|
|||||||
content: "{{ gerritbot_ssh_key }}"
|
content: "{{ gerritbot_ssh_key }}"
|
||||||
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}"
|
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}"
|
||||||
mode: 0400
|
mode: 0400
|
||||||
|
owner: gerritbot
|
||||||
|
group: gerritbot
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: Install gerritbot ssh key
|
- name: Install gerritbot ssh key
|
||||||
copy:
|
copy:
|
||||||
content: "{{ gerritbot_ssh_pubkey }}"
|
content: "{{ gerritbot_ssh_pubkey }}"
|
||||||
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}.pub"
|
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}.pub"
|
||||||
|
owner: gerritbot
|
||||||
|
group: gerritbot
|
||||||
|
|
||||||
- name: Install gerritbot known host
|
- name: Install gerritbot known host
|
||||||
copy:
|
copy:
|
||||||
content: "{{ gerritbot_known_hosts }}"
|
content: "{{ gerritbot_known_hosts }}"
|
||||||
dest: "/var/lib/matrix-gerritbot/ssh/known_hosts"
|
dest: "/var/lib/matrix-gerritbot/ssh/known_hosts"
|
||||||
|
owner: gerritbot
|
||||||
|
group: gerritbot
|
||||||
|
|
||||||
- name: Ensure /etc/matrix-gerritbot-docker directory
|
- name: Ensure /etc/matrix-gerritbot-docker directory
|
||||||
file:
|
file:
|
||||||
|
|||||||
@ -6,6 +6,7 @@ services:
|
|||||||
gerritbot-matrix:
|
gerritbot-matrix:
|
||||||
image: {{ gerritbot_matrix_image }}
|
image: {{ gerritbot_matrix_image }}
|
||||||
network_mode: host
|
network_mode: host
|
||||||
|
user: "{{ gerritbot_uid }}:{{ gerritbot_gid }}"
|
||||||
restart: always
|
restart: always
|
||||||
logging:
|
logging:
|
||||||
driver: syslog
|
driver: syslog
|
||||||
@ -15,8 +16,8 @@ services:
|
|||||||
MATRIX_TOKEN: {{ gerritbot_matrix_access_token }}
|
MATRIX_TOKEN: {{ gerritbot_matrix_access_token }}
|
||||||
MATRIX_IDENTITY_TOKEN: {{ gerritbot_matrix_identity_token }}
|
MATRIX_IDENTITY_TOKEN: {{ gerritbot_matrix_identity_token }}
|
||||||
volumes:
|
volumes:
|
||||||
- /var/lib/matrix-gerritbot/config:/config
|
- /var/lib/matrix-gerritbot/config:/config:ro
|
||||||
- /var/lib/matrix-gerritbot/ssh:/root/.ssh
|
- /var/lib/matrix-gerritbot/ssh:/root/.ssh:ro
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "gerritbot-matrix check {{ gerritbot_matrix_prometheus_port }}"
|
test: "gerritbot-matrix check {{ gerritbot_matrix_prometheus_port }}"
|
||||||
retries: 6
|
retries: 6
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user