From c4b0a8950de667817e8dde880471deab3a3ac8c3 Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Mon, 12 Jul 2021 13:54:18 +0000 Subject: [PATCH] Run matrix-gerritbot on eavesdrop Thin runs the new gerritbot-matrix bot on the eavesdrop server. Change-Id: Ic11ca46aa4da61d5b80a8996ad900fdf83ab70dc --- playbooks/roles/matrix-gerritbot/README.rst | 24 +++++++ .../roles/matrix-gerritbot/defaults/main.yaml | 15 +++++ .../matrix-gerritbot/files/gerritbot.yaml | 9 +++ .../roles/matrix-gerritbot/tasks/main.yaml | 64 +++++++++++++++++++ .../templates/docker-compose.yaml.j2 | 23 +++++++ playbooks/service-eavesdrop.yaml | 1 + zuul.d/infra-prod.yaml | 1 + zuul.d/system-config-run.yaml | 1 + 8 files changed, 138 insertions(+) create mode 100644 playbooks/roles/matrix-gerritbot/README.rst create mode 100644 playbooks/roles/matrix-gerritbot/defaults/main.yaml create mode 100644 playbooks/roles/matrix-gerritbot/files/gerritbot.yaml create mode 100644 playbooks/roles/matrix-gerritbot/tasks/main.yaml create mode 100644 playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 diff --git a/playbooks/roles/matrix-gerritbot/README.rst b/playbooks/roles/matrix-gerritbot/README.rst new file mode 100644 index 0000000000..9c3b54b79f --- /dev/null +++ b/playbooks/roles/matrix-gerritbot/README.rst @@ -0,0 +1,24 @@ +Run the gerritbot-matrix bot. + +Create the *gerritbot_matrix_access_token* with this command: + +.. code-block:: + + HOMESERVER_URL="https://opendev.ems.host" + USER="@gerritbot:opendev.org" + PASS="supersecret" + + export MATRIX_TOKEN=$(curl -XPOST ${HOMESERVER_URL}/_matrix/client/r0/login -d '{"user": "'${USER}'", "password": "'${PASS}'", "type": "m.login.password"}' | jq -r ".access_token") + echo "gerritbot_matrix_access_token: ${MATRIX_TOKEN}" + +Verify the token: + +.. code-block:: + + curl -H "Authorization: Bearer ${MATRIX_TOKEN}" ${HOMESERVER_URL}/_matrix/client/r0/account/whoami + +Delete the token: + +.. code-block:: + + curl -H "Authorization: Bearer ${MATRIX_TOKEN}" -X POST ${HOMESERVER_URL}/_matrix/client/r0/logout -d{} diff --git a/playbooks/roles/matrix-gerritbot/defaults/main.yaml b/playbooks/roles/matrix-gerritbot/defaults/main.yaml new file mode 100644 index 0000000000..1375812a16 --- /dev/null +++ b/playbooks/roles/matrix-gerritbot/defaults/main.yaml @@ -0,0 +1,15 @@ +gerritbot_matrix_version: 0.1.0.0 +gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }} + +# gerrit ssh configuration +gerritbot_ssh_key: "" +gerritbot_ssh_key_format: "rsa" +gerritbot_known_hosts: | + [review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH + +gerritbot_gerrit_host: "review.opendev.org" +gerritbot_gerrit_user: "gerritbot" + +# matrix configuration +gerritbot_matrix_homeserver: "https://opendev.ems.host" +gerritbot_matrix_access_token: "" diff --git a/playbooks/roles/matrix-gerritbot/files/gerritbot.yaml b/playbooks/roles/matrix-gerritbot/files/gerritbot.yaml new file mode 100644 index 0000000000..69f7b28bdd --- /dev/null +++ b/playbooks/roles/matrix-gerritbot/files/gerritbot.yaml @@ -0,0 +1,9 @@ +- room: "#test:opendev.org" + projects: + - "opendev/ci-sandbox" + events: + - "PatchsetCreated" + branches: + - "master" + servers: + - "review.opendev.org" diff --git a/playbooks/roles/matrix-gerritbot/tasks/main.yaml b/playbooks/roles/matrix-gerritbot/tasks/main.yaml new file mode 100644 index 0000000000..19fcbeb219 --- /dev/null +++ b/playbooks/roles/matrix-gerritbot/tasks/main.yaml @@ -0,0 +1,64 @@ +- name: Ensure bot directories + file: + state: directory + path: '/var/lib/matrix-gerritbot/{{ item }}' + mode: 0700 + loop: + - config + - ssh + +- name: Install gerritbot config + copy: + src: gerritbot.yaml + dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml + register: _gerritbot_config + +- name: Lookup the configuration schema + command: docker run --rm "{{ gerritbot_matrix_image }}" print-config-schema + register: _gerritbot_schema + +- name: Validate and create the configuration + when: _gerritbot_config.changed + shell: >- + cat {{ config }}/gerritbot.yaml | {{ yaml_to_dhall }} "{{ schema }}" + --output {{ config }}/gerritbot.dhall + vars: + config: /var/lib/matrix-gerritbot/config + yaml_to_dhall: >- + docker run -i -v {{ config }}:{{ config }} + --rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall + schema: "List {{ _gerritbot_schema.stdout }}" + +- name: Install gerritbot ssh key + copy: + content: "{{ gerritbot_ssh_key }}" + dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}" + mode: 0400 + no_log: true + +- name: Install gerritbot known host + copy: + content: "{{ gerritbot_known_hosts }}" + dest: "/var/lib/matrix-gerritbot/ssh/known_hosts" + +- name: Ensure /etc/matrix-gerritbot-docker directory + file: + state: directory + path: /etc/matrix-gerritbot-docker + mode: 0755 + +- name: Put docker-compose file in place + template: + src: docker-compose.yaml.j2 + dest: /etc/matrix-gerritbot-docker/docker-compose.yaml + # The token is written into the file + mode: 0600 + +- name: Run docker-compose up + shell: + cmd: "docker-compose up -d" + chdir: /etc/matrix-gerritbot-docker/ + +- name: Run docker prune to cleanup unneeded images + shell: + cmd: docker image prune -f diff --git a/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000000..d396c0f6c5 --- /dev/null +++ b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 @@ -0,0 +1,23 @@ +# Version 2 is the latest that is supported by docker-compose in +# Ubuntu Xenial. +version: '2' + +services: + gerritbot-matrix: + image: {{ gerritbot_matrix_image }} + network_mode: host + restart: always + logging: + driver: syslog + options: + tag: "docker-matrix-gerritbot" + environment: + MATRIX_TOKEN: {{ gerritbot_matrix_access_token }} + volumes: + - /var/lib/matrix-gerritbot/config:/config + - /var/lib/matrix-gerritbot/ssh:/root/.ssh + command: >- + --gerrit-host {{ gerritbot_gerrit_host }} + --gerrit-user {{ gerritbot_gerrit_user }} + --homeserver-url {{ gerritbot_matrix_homeserver }} + --config-file /config/gerritbot.dhall diff --git a/playbooks/service-eavesdrop.yaml b/playbooks/service-eavesdrop.yaml index 0331f4a333..ca230c3cd0 100644 --- a/playbooks/service-eavesdrop.yaml +++ b/playbooks/service-eavesdrop.yaml @@ -10,3 +10,4 @@ - statusbot - limnoria - matrix-eavesdrop + - matrix-gerritbot diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 600072d227..991850812b 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -474,6 +474,7 @@ - playbooks/roles/statusbot - playbooks/roles/logrotate - playbooks/roles/matrix-eavesdrop + - playbooks/roles/matrix-gerritbot - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 - docker/accessbot/ - docker/ircbot diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index c6e0763fee..d8d61e1cf4 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -165,6 +165,7 @@ - docker/accessbot/ - docker/ircbot - docker/matrix-eavesdrop + - docker/matrix-gerritbot - testinfra/test_eavesdrop.py - job: