Run matrix-gerritbot on eavesdrop

Thin runs the new gerritbot-matrix bot on the eavesdrop server. Change-Id: Ic11ca46aa4da61d5b80a8996ad900fdf83ab70dc
2021-07-12 13:54:18 +00:00 · 2021-07-12 13:54:18 +00:00 · c4b0a8950d
parent 82c966e6da
commit c4b0a8950d
8 changed files with 138 additions and 0 deletions
--- a/playbooks/roles/matrix-gerritbot/README.rst
+++ b/playbooks/roles/matrix-gerritbot/README.rst
@ -0,0 +1,24 @@
+Run the gerritbot-matrix bot.
+
+Create the *gerritbot_matrix_access_token* with this command:
+
+.. code-block::
+
+    HOMESERVER_URL="https://opendev.ems.host"
+    USER="@gerritbot:opendev.org"
+    PASS="supersecret"
+
+    export MATRIX_TOKEN=$(curl -XPOST ${HOMESERVER_URL}/_matrix/client/r0/login -d '{"user": "'${USER}'", "password": "'${PASS}'", "type": "m.login.password"}' | jq -r ".access_token")
+    echo "gerritbot_matrix_access_token: ${MATRIX_TOKEN}"
+
+Verify the token:
+
+.. code-block::
+
+    curl -H "Authorization: Bearer ${MATRIX_TOKEN}" ${HOMESERVER_URL}/_matrix/client/r0/account/whoami
+
+Delete the token:
+
+.. code-block::
+
+    curl -H "Authorization: Bearer ${MATRIX_TOKEN}" -X POST ${HOMESERVER_URL}/_matrix/client/r0/logout -d{}
--- a/playbooks/roles/matrix-gerritbot/defaults/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/defaults/main.yaml
@ -0,0 +1,15 @@
+gerritbot_matrix_version: 0.1.0.0
+gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
+
+# gerrit ssh configuration
+gerritbot_ssh_key: ""
+gerritbot_ssh_key_format: "rsa"
+gerritbot_known_hosts: |
+  [review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH
+
+gerritbot_gerrit_host: "review.opendev.org"
+gerritbot_gerrit_user: "gerritbot"
+
+# matrix configuration
+gerritbot_matrix_homeserver: "https://opendev.ems.host"
+gerritbot_matrix_access_token: ""
--- a/playbooks/roles/matrix-gerritbot/files/gerritbot.yaml
+++ b/playbooks/roles/matrix-gerritbot/files/gerritbot.yaml
@ -0,0 +1,9 @@
+- room: "#test:opendev.org"
+  projects:
+    - "opendev/ci-sandbox"
+  events:
+    - "PatchsetCreated"
+  branches:
+    - "master"
+  servers:
+    - "review.opendev.org"
--- a/playbooks/roles/matrix-gerritbot/tasks/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/tasks/main.yaml
@ -0,0 +1,64 @@
+- name: Ensure bot directories
+  file:
+    state: directory
+    path: '/var/lib/matrix-gerritbot/{{ item }}'
+    mode: 0700
+  loop:
+    - config
+    - ssh
+
+- name: Install gerritbot config
+  copy:
+    src: gerritbot.yaml
+    dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml
+  register: _gerritbot_config
+
+- name: Lookup the configuration schema
+  command: docker run --rm "{{ gerritbot_matrix_image }}" print-config-schema
+  register: _gerritbot_schema
+
+- name: Validate and create the configuration
+  when: _gerritbot_config.changed
+  shell: >-
+    cat {{ config }}/gerritbot.yaml | {{ yaml_to_dhall }} "{{ schema }}"
+    --output {{ config }}/gerritbot.dhall
+  vars:
+    config: /var/lib/matrix-gerritbot/config
+    yaml_to_dhall: >-
+      docker run -i -v {{ config }}:{{ config }}
+      --rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall
+    schema: "List {{ _gerritbot_schema.stdout }}"
+
+- name: Install gerritbot ssh key
+  copy:
+    content: "{{ gerritbot_ssh_key }}"
+    dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}"
+    mode: 0400
+  no_log: true
+
+- name: Install gerritbot known host
+  copy:
+    content: "{{ gerritbot_known_hosts }}"
+    dest: "/var/lib/matrix-gerritbot/ssh/known_hosts"
+
+- name: Ensure /etc/matrix-gerritbot-docker directory
+  file:
+    state: directory
+    path: /etc/matrix-gerritbot-docker
+    mode: 0755
+
+- name: Put docker-compose file in place
+  template:
+    src: docker-compose.yaml.j2
+    dest: /etc/matrix-gerritbot-docker/docker-compose.yaml
+    # The token is written into the file
+    mode: 0600
+
+- name: Run docker-compose up
+  shell:
+    cmd: "docker-compose up -d"
+    chdir: /etc/matrix-gerritbot-docker/
+
+- name: Run docker prune to cleanup unneeded images
+  shell:
+    cmd: docker image prune -f
--- a/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
@ -0,0 +1,23 @@
+# Version 2 is the latest that is supported by docker-compose in
+# Ubuntu Xenial.
+version: '2'
+
+services:
+  gerritbot-matrix:
+    image: {{ gerritbot_matrix_image }}
+    network_mode: host
+    restart: always
+    logging:
+      driver: syslog
+      options:
+        tag: "docker-matrix-gerritbot"
+    environment:
+      MATRIX_TOKEN: {{ gerritbot_matrix_access_token }}
+    volumes:
+      - /var/lib/matrix-gerritbot/config:/config
+      - /var/lib/matrix-gerritbot/ssh:/root/.ssh
+    command: >-
+      --gerrit-host    {{ gerritbot_gerrit_host }}
+      --gerrit-user    {{ gerritbot_gerrit_user }}
+      --homeserver-url {{ gerritbot_matrix_homeserver }}
+      --config-file    /config/gerritbot.dhall
--- a/playbooks/service-eavesdrop.yaml
+++ b/playbooks/service-eavesdrop.yaml
@ -10,3 +10,4 @@
    - statusbot
    - limnoria
    - matrix-eavesdrop
+    - matrix-gerritbot
--- a/zuul.d/infra-prod.yaml
+++ b/zuul.d/infra-prod.yaml
@ -474,6 +474,7 @@
      - playbooks/roles/statusbot
      - playbooks/roles/logrotate
      - playbooks/roles/matrix-eavesdrop
+      - playbooks/roles/matrix-gerritbot
      - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
      - docker/accessbot/
      - docker/ircbot
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@ -165,6 +165,7 @@
      - docker/accessbot/
      - docker/ircbot
      - docker/matrix-eavesdrop
+      - docker/matrix-gerritbot
      - testinfra/test_eavesdrop.py

 - job: