Browse Source

Run gerritbot with a user that will be shared with matrix-gerritbot

They have roughly the same level of access so lets align things.

Change-Id: Ifbe9dae7038345e20e8b498c87a37c519829a8cc
changes/69/816769/4
Clark Boylan 7 months ago
parent
commit
fd88087335
  1. 2
      inventory/service/group_vars/eavesdrop.yaml
  2. 2
      playbooks/roles/gerritbot/defaults/main.yaml
  3. 41
      playbooks/roles/gerritbot/tasks/main.yaml
  4. 3
      playbooks/roles/gerritbot/templates/docker-compose.yaml.j2

2
inventory/service/group_vars/eavesdrop.yaml

@ -188,3 +188,5 @@ statusbot_auth_nicks:
- clarkb
- ianw
- frickler
gerritbot_gid: 11000
gerritbot_uid: 11000

2
playbooks/roles/gerritbot/defaults/main.yaml

@ -1,3 +1,5 @@
gerritbot_gid: 11000
gerritbot_uid: 11000
gerritbot_irc_nick: opendevreview
gerritbot_irc_server: irc.oftc.net
gerritbot_gerrit_user: gerritbot

41
playbooks/roles/gerritbot/tasks/main.yaml

@ -1,23 +1,40 @@
- name: Create gerritbot group
group:
name: "gerritbot"
gid: "{{ gerritbot_gid }}"
system: yes
- name: Create gerritbot user
user:
name: "gerritbot"
group: "gerritbot"
uid: "{{ gerritbot_uid }}"
home: "/var/lib/gerritbot"
create_home: yes
shell: /bin/bash
system: yes
- name: Ensure /etc/gerritbot directory
file:
state: directory
path: /etc/gerritbot
owner: gerritbot
group: gerritbot
mode: 0755
- name: Put gerritbot config in place
template:
src: gerritbot.config.j2
dest: /etc/gerritbot/gerritbot.config
owner: root
group: root
owner: gerritbot
group: gerritbot
mode: 0600
- name: Put gerritbot logging config in place
copy:
src: logging.config
dest: /etc/gerritbot/logging.config
owner: root
group: root
owner: gerritbot
group: gerritbot
mode: 0644
- name: Put gerritbot channel config in place
@ -25,8 +42,8 @@
src: /opt/project-config/gerritbot/channels.yaml
remote_src: yes
dest: /etc/gerritbot/channel_config.yaml
owner: root
group: root
owner: gerritbot
group: gerritbot
mode: 0644
register: channel_config_copied
@ -34,16 +51,16 @@
copy:
content: "{{ gerritbot_ssh_key }}"
dest: /etc/gerritbot/gerritbot_rsa
owner: root
group: root
owner: gerritbot
group: gerritbot
mode: 0600
- name: Put gerritbot ssh pubkey in place
copy:
content: "{{ gerritbot_ssh_pubkey }}"
dest: /etc/gerritbot/gerritbot_rsa.pub
owner: root
group: root
owner: gerritbot
group: gerritbot
mode: 0600
- name: Ensure /etc/gerritbot-docker directory
@ -53,8 +70,8 @@
mode: 0755
- name: Put docker-compose file in place
copy:
src: docker-compose.yaml
template:
src: docker-compose.yaml.j2
dest: /etc/gerritbot-docker/docker-compose.yaml
owner: root
group: root

3
playbooks/roles/gerritbot/files/docker-compose.yaml → playbooks/roles/gerritbot/templates/docker-compose.yaml.j2

@ -6,6 +6,7 @@ services:
gerritbot:
image: docker.io/opendevorg/gerritbot:latest
network_mode: host
user: "{{ gerritbot_uid }}:{{ gerritbot_gid }}"
restart: always
logging:
driver: syslog
@ -13,4 +14,4 @@ services:
tag: "docker-gerritbot"
volumes:
# This contains the main config, channel config, and ssh key
- /etc/gerritbot:/etc/gerritbot
- /etc/gerritbot:/etc/gerritbot:ro
Loading…
Cancel
Save