- hosts: localhost tasks: - name: Set up gitea namespace k8s: context: gitea state: present definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}" # This is not in a file because that doesn't seem to handle multiline # strings well. - name: Set up gitea secrets k8s: context: gitea state: present definition: apiVersion: v1 kind: Secret metadata: name: gitea-app namespace: gitea type: Opaque stringData: secret_key: "{{ gitea_secret_key }}" internal_token: "{{ gitea_internal_token }}" lfs_jwt_secret: "{{ gitea_lfs_jwt_secret }}" db_username: "{{ gitea_db_username }}" db_password: "{{ gitea_db_password }}" gitea_tls_cert: "{{ gitea_tls_cert }}" gitea_tls_key: "{{ gitea_tls_key }}" - name: Set up gitea configmap k8s: context: gitea state: present definition: apiVersion: v1 kind: ConfigMap metadata: name: gitea-conf namespace: gitea data: # Note: we are not asking ansible to template this, it # will be run by jinja-init app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}" - name: Set up gitea deployment k8s: context: gitea state: present definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}" - name: Set up gitea service k8s: context: gitea state: present definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}" - name: Get service IP k8s: context: gitea namespace: gitea kind: Service name: gitea-service register: gitea_service until: gitea_service.result.status.loadBalancer and gitea_service.result.status.loadBalancer.ingress and gitea_service.result.status.loadBalancer.ingress | length > 0 and gitea_service.result.status.loadBalancer.ingress[0].ip delay: 1 retries: 300 - name: Set service url fact set_fact: gitea_url: "http://{{ gitea_service.result.status.loadBalancer.ingress[0].ip }}" - name: Check if root user exists uri: url: "{{ gitea_url }}/api/v1/users/root" status_code: 200, 404 register: root_user_check - name: Create root user when: root_user_check.status==404 block: - name: Find gitea pods k8s_facts: namespace: gitea kind: Pod label_selectors: - "app = gitea" register: gitea_pods - name: Create root user command: "kubectl --context gitea exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin" no_log: true - name: Check if gerrit user exists uri: url: "{{ gitea_url }}/api/v1/users/gerrit" status_code: 200, 404 register: gerrit_user_check - name: Create gerrit user when: gerrit_user_check.status==404 no_log: true uri: url: "{{ gitea_url }}/api/v1/admin/users" method: POST user: root password: "{{ gitea_root_password }}" force_basic_auth: true status_code: 201 body_format: json body: email: "gerrit@review.opendev.org" full_name: Gerrit login_name: gerrit password: "{{ gitea_gerrit_password }}" send_notify: false source_id: 0 username: gerrit - name: Check if gerrit ssh key exists uri: user: root password: "{{ gitea_root_password }}" force_basic_auth: true url: "{{ gitea_url }}/api/v1/users/gerrit/keys" status_code: 200 register: gerrit_key_check no_log: true - name: Delete old gerrit ssh key when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key no_log: true uri: user: root password: "{{ gitea_root_password }}" force_basic_auth: true url: "{{ gitea_url }}/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}" method: DELETE status_code: 204 - name: Add gerrit ssh key when: gerrit_key_check.json | length == 0 no_log: true uri: user: root password: "{{ gitea_root_password }}" force_basic_auth: true url: "{{ gitea_url }}/api/v1/admin/users/gerrit/keys" method: POST status_code: 201 body_format: json body: key: "{{ gitea_gerrit_public_key }}" read_only: false title: "Gerrit replication key"