opendev
/
system-config
Code Issues Proposed changes
system-config/playbooks/roles/gerrit/tasks/main.yaml

284 lines
7.6 KiB
YAML
Raw Blame History

# TODO(mordred) We should do *something* where this could use a zuul cloned
# copy of project-config instead. This is needed not just for things like
# manage-projects (which could be run completely differently and non-locally)
# but also for things like notify-impact, which is currently run by a gerrit
# hook inside of the container via jeepyb.
- name: Clone project-config repo
git:
repo: https://opendev.org/openstack/project-config
dest: /opt/project-config
force: yes
- name: Ensure /etc/gerrit-compose directory
file:
state: directory
path: /etc/gerrit-compose
mode: 0755
- name: Put docker-compose file in place
template:
src: docker-compose.yaml.j2
dest: /etc/gerrit-compose/docker-compose.yaml
mode: 0644
- name: Clean up old directory
file:
state: absent
path: /etc/gerrit-podman
- name: Create Gerrit Group
group:
name: "{{ gerrit_user_name }}"
gid: "{{ gerrit_id }}"
system: yes
- name: Create Gerrit User
user:
name: "{{ gerrit_user_name }}"
uid: "{{ gerrit_id }}"
comment: Gerrit User
shell: /bin/bash
home: "{{ gerrit_home_dir }}"
group: "{{ gerrit_user_name }}"
create_home: yes
system: yes
- name: Ensure review_site directory exists
file:
state: directory
path: "{{ gerrit_site_dir }}"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0755
- name: Ensure Gerrit volume directories exists
file:
state: directory
path: "{{ gerrit_site_dir }}/{{ item }}"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0755
loop:
- etc
- git
- index
- cache
- static
- hooks
- tmp
- logs
- name: Write Gerrit config file
template:
src: gerrit.config
dest: "{{ gerrit_site_dir }}/etc/gerrit.config"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0644
- name: Write Gerrit secure config file
template:
src: secure.config
dest: "{{ gerrit_site_dir }}/etc/secure.config"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
- name: Write Gerrit replication config
template:
src: replication.config.j2
dest: "{{ gerrit_site_dir }}/etc/replication.config"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
when: gerrit_replication is defined
# Server host key for SSH service on port 29418
- name: Write Gerrit SSH host private key
copy:
content: "{{ gerrit_ssh_rsa_key_contents }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
- name: Write Gerrit SSH host public key
copy:
content: "{{ gerrit_ssh_rsa_pubkey_contents }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key.pub"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0644
# Private key for openstack-project-creator user
- name: Write Gerrit SSH project private key
copy:
content: "{{ gerrit_project_ssh_rsa_key_contents }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_project_rsa_key"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
# Public key for openstack-project-creator user
- name: Write Gerrit SSH project public key
copy:
content: "{{ gerrit_project_ssh_rsa_pubkey_contents }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_project_rsa_key.pub"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0644
# Private key for welcome message user
- name: Write Welcome SSH private key
copy:
content: "{{ welcome_message_gerrit_ssh_private_key }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
when: welcome_message_gerrit_ssh_private_key is defined
- name: Write Welcome SSH public key
copy:
content: "{{ welcome_message_gerrit_ssh_public_key }}"
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key.pub"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0644
when: welcome_message_gerrit_ssh_public_key is defined
- name: Ensure .ssh directory exists
file:
state: directory
path: "{{ gerrit_home_dir }}/.ssh"
mode: 0700
# Private key for gerrit user to connect to other systems,
# such as for replication.
- name: Write Gerrit SSH private key
copy:
content: "{{ gerrit_replication_ssh_rsa_key_contents }}"
dest: "{{ gerrit_home_dir }}/.ssh/id_rsa"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
- name: Write Gerrit SSH public key
copy:
content: "{{ gerrit_replication_ssh_rsa_pubkey_contents }}"
dest: "{{ gerrit_home_dir }}/.ssh/id_rsa.pub"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0644
# Make the directory even if we don't have creds to make
# bind mounting in the docker-compose file simple.
- name: Ensure launchpadlib directory exists
file:
state: directory
path: "{{ gerrit_home_dir }}/.launchpadlib"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0775
- name: Write Launchpad creds file
template:
src: infra_lp_creds.j2
dest: "{{ gerrit_home_dir }}/.launchpadlib/creds"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0600
when: lp_access_token is defined
- name: Copy static hooks
copy:
src: "hooks/{{ item }}"
dest: "{{ gerrit_site_dir }}/hooks/{{ item }}"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0555
loop:
- change-merged
- change-abandoned
- name: Copy notify-impact yaml file
copy:
src: "/opt/project-config/gerrit/notify_impact.yaml"
dest: "{{ gerrit_site_dir }}/hooks/notify_impact.yaml"
remote_src: yes
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0444
- name: Install patchset-created hook
template:
src: patchset-created.j2
dest: "{{ gerrit_site_dir }}/hooks/patchset-created"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: 0555
# TODO(mordred) These things should really go into the image instead.
- name: Copy static and etc
copy:
src: "{{ item }}"
dest: "{{ gerrit_site_dir }}/{{ item }}"
owner: "{{ gerrit_user_name }}"
group: "{{ gerrit_user_name }}"
mode: preserve
loop:
- static
- etc
- name: Install apache2
apt:
name:
- apache2
- apache2-utils
state: present
- name: Apache modules
apache2_module:
state: present
name: "{{ item }}"
loop:
- rewrite
- proxy
- proxy_http
- ssl
- headers
- name: Copy apache config
template:
src: gerrit.vhost.j2
dest: /etc/apache2/sites-enabled/000-default.conf
owner: root
group: root
mode: 0644
notify: gerrit Reload apache2
- name: Install podman-compose
pip:
name: podman-compose
state: latest
# NOTE(mordred) Cannot use full path to pip3 here because it is
# different on zuul test nodes and in production. This is, of
# course, not stellar.
executable: pip3
# TODO(mordred) Make this suck less, like if we could do an init container
# or something just generally less gross.
- name: Run gerrit init
when: gerrit_run_init | bool
command: >
podman run -it --rm --net=host -u gerrit
{% for volume in gerrit_container_volumes %}
-v {{ volume }}
{% endfor %}
{{ gerrit_container_image }}
/usr/local/openjdk-8/bin/java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit -b --no-auto-start --install-all-plugins
- name: Run podman-compose up
shell:
cmd: podman-compose up -d
chdir: /etc/gerrit-compose/
View Git Blame Copy Permalink