129083b840
This generates TLS certs for Zuul using the jaeger CA and enables tracing on all Zuul components, exporting to tracing.opendev.org. Change-Id: I821e5ce4738ea0c93e116684033fa7b78e2da8c6
103 lines
2.2 KiB
YAML
103 lines
2.2 KiB
YAML
- name: Create Zuul Group
|
|
group:
|
|
name: "{{ zuul_group }}"
|
|
gid: "{{ zuul_group_id }}"
|
|
system: yes
|
|
|
|
- name: Create Zuul User
|
|
user:
|
|
name: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
uid: "{{ zuul_user_id }}"
|
|
home: "/home/{{ zuul_user }}"
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
system: yes
|
|
|
|
- name: Create Zuul Config dir
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
|
|
- name: Generate ZooKeeper TLS cert
|
|
include_role:
|
|
name: opendev-ca
|
|
vars:
|
|
opendev_ca_name: zk
|
|
opendev_ca_cert_dir: /etc/zuul
|
|
opendev_ca_cert_dir_owner: "{{ zuul_user_id }}"
|
|
opendev_ca_cert_dir_group: "{{ zuul_group_id }}"
|
|
|
|
- name: Create Jaeger Config dir
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul/jaeger
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
|
|
- name: Generate Jaeger TLS cert
|
|
include_role:
|
|
name: opendev-ca
|
|
vars:
|
|
opendev_ca_name: jaeger
|
|
opendev_ca_cert_dir: /etc/zuul/jaeger
|
|
opendev_ca_cert_dir_owner: "{{ zuul_user_id }}"
|
|
opendev_ca_cert_dir_group: "{{ zuul_group_id }}"
|
|
|
|
- name: Write Zuul Conf File
|
|
template:
|
|
src: zuul.conf.j2
|
|
dest: /etc/zuul/zuul.conf
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Create Zuul directories
|
|
file:
|
|
state: directory
|
|
path: '{{ item }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
loop:
|
|
- /var/log/zuul
|
|
- /var/run/zuul
|
|
- /var/lib/zuul
|
|
- /var/lib/zuul/ssh
|
|
- /var/lib/zuul/backup
|
|
|
|
- name: Write Zuul SSH Key
|
|
copy:
|
|
dest: /var/lib/zuul/ssh/id_rsa
|
|
content: '{{ zuul_ssh_private_key_contents }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0400
|
|
|
|
- name: Create Zuul SSH directory
|
|
file:
|
|
state: directory
|
|
path: "~{{ zuul_user }}/.ssh"
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0700
|
|
|
|
- name: Write Known Hosts
|
|
copy:
|
|
dest: "~{{ zuul_user }}/.ssh/known_hosts"
|
|
content: '{{ zuul_known_hosts }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Sync project-config
|
|
include_role:
|
|
name: sync-project-config
|
|
|
|
- name: Install docker-compose
|
|
package:
|
|
name:
|
|
- docker-compose
|
|
state: present
|