Browse Source

Initial commit for ansible-role-zuul-registry

Depends-On: https://review.opendev.org/763098/
Change-Id: Icf7cd02a91372ec7d8a0843f08dbc4c9d45914cc
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
changes/69/763069/25
Paul Belanger 2 years ago
parent
commit
aaf03fda0d
  1. 54
      .zuul.yaml
  2. 5
      bindep.txt
  3. 80
      defaults/main.yaml
  4. 33
      meta/main.yml
  5. 55
      tasks/config.yaml
  6. 35
      tasks/install.yaml
  7. 27
      tasks/install/git.yaml
  8. 35
      tasks/install/pip.yaml
  9. 21
      tasks/main.yaml
  10. 33
      tasks/pre.yaml
  11. 94
      tasks/service.yaml
  12. 14
      templates/etc/systemd/system/zuul-registry.service
  13. 3
      templates/etc/systemd/system/zuul-registry.service.d/override.conf
  14. 18
      templates/etc/zuul-registry/registry.yaml
  15. 4
      templates/etc/zuul-registry/ssl/cert.key
  16. 4
      templates/etc/zuul-registry/ssl/cert.pem
  17. 36
      tests/collect-logs.yaml
  18. 1
      tests/inventory
  19. 25
      tests/playbooks/pre.yaml
  20. 125
      tests/playbooks/run.yaml
  21. 24
      vars/debian.yaml
  22. 24
      vars/redhat.yaml

54
.zuul.yaml

@ -1,8 +1,62 @@
---
- job:
name: ansible-role-zuul-registry-base
pre-run: tests/playbooks/pre.yaml
run: tests/playbooks/run.yaml
post-run: tests/collect-logs.yaml
roles:
- zuul: windmill/ansible-role-zuul-registry
# Testing for zuul_registry_install_method: pip
- job:
name: ansible-role-zuul-registry
parent: ansible-role-zuul-registry-base
- job:
name: ansible-role-zuul-registry-fedora-latest
parent: ansible-role-zuul-registry
nodeset: fedora-latest
- job:
name: ansible-role-zuul-registry-ubuntu-bionic
parent: ansible-role-zuul-registry
nodeset: ubuntu-bionic
# Testing for zuul_registry_install_method: git
- job:
name: ansible-role-zuul-registry-src
parent: ansible-role-zuul-registry-base
required-projects:
- name: zuul/zuul-registry
vars:
zuul_registry_git_update: false
zuul_registry_install_method: git
- job:
name: ansible-role-zuul-registry-src-fedora-latest
parent: ansible-role-zuul-registry-src
nodeset: fedora-latest
- job:
name: ansible-role-zuul-registry-src-ubuntu-bionic
parent: ansible-role-zuul-registry-src
nodeset: ubuntu-bionic
- project:
templates:
- windmill-jobs-fedora-latest
- windmill-jobs-bionic
check:
jobs:
- ansible-role-zuul-registry-fedora-latest
- ansible-role-zuul-registry-ubuntu-bionic
- ansible-role-zuul-registry-src-fedora-latest
- ansible-role-zuul-registry-src-ubuntu-bionic
- tox-linters
gate:
jobs:
- ansible-role-zuul-registry-fedora-latest
- ansible-role-zuul-registry-ubuntu-bionic
- ansible-role-zuul-registry-src-fedora-latest
- ansible-role-zuul-registry-src-ubuntu-bionic
- tox-linters

5
bindep.txt

@ -0,0 +1,5 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
python3-pip [test]
python3-setuptools [test]

80
defaults/main.yaml

@ -0,0 +1,80 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
# tasks/main.yaml
zuul_registry_task_manager:
- pre
- install
- config
- service
# tasks/config.yaml
zuul_registry_user_name: zuul-registry
zuul_registry_user_group: zuul-registry
zuul_registry_user_home: /var/lib/zuul-registry
zuul_registry_user_home_mode: 0755
# zuul_registry_user_shell:
zuul_registry_file_registry_yaml_dest: /etc/zuul-registry/registry.yaml
zuul_registry_file_registry_yaml_group: "{{ zuul_registry_user_group }}"
zuul_registry_file_registry_yaml_mode: 0644
zuul_registry_file_registry_yaml_owner: "{{ zuul_registry_user_name }}"
zuul_registry_file_registry_yaml_src: etc/zuul-registry/registry.yaml
zuul_registry_file_ssl_cert_content:
zuul_registry_file_ssl_cert_dest: /etc/zuul-registry/ssl/cert.pem
zuul_registry_file_ssl_cert_group: "{{ zuul_registry_user_group }}"
zuul_registry_file_ssl_cert_mode: 0644
zuul_registry_file_ssl_cert_owner: "{{ zuul_registry_user_name }}"
zuul_registry_file_ssl_cert_src: etc/zuul-registry/ssl/cert.pem
zuul_registry_file_ssl_key_content:
zuul_registry_file_ssl_key_dest: /etc/zuul-registry/ssl/cert.key
zuul_registry_file_ssl_key_group: "{{ zuul_registry_user_group }}"
zuul_registry_file_ssl_key_mode: 0600
zuul_registry_file_ssl_key_owner: "{{ zuul_registry_user_name }}"
zuul_registry_file_ssl_key_src: etc/zuul-registry/ssl/cert.key
# tasks/install.yaml
zuul_registry_git_dest: "{{ ansible_user_dir }}/src/opendev.org/zuul/zuul-registry"
zuul_registry_git_uri: https://opendev.org/zuul/zuul-registry
zuul_registry_git_version: master
# zuul_registry_git_refspec:
# zuul_registry_git_update:
zuul_registry_install_method: pip
zuul_registry_pip_name: zuul-registry
# zuul_registry_pip_executable:
# zuul_registry_pip_editable:
# zuul_registry_pip_extra_args:
# zuul_registry_pip_version:
# zuul_registry_pip_virtualenv_python:
# zuul_registry_pip_virtualenv:
# zuul_registry_pip_virtualenv_symlink:
# tasks/service.yaml
zuul_registry_file_zuul_registry_service_manage: true
zuul_registry_file_zuul_registry_service_group: root
zuul_registry_file_zuul_registry_service_owner: root
zuul_registry_file_zuul_registry_service_config_manage: true
zuul_registry_file_zuul_registry_service_config_group: root
zuul_registry_file_zuul_registry_service_config_owner: root
zuul_registry_service_zuul_registry_daemon_reload: true
zuul_registry_service_zuul_registry_enabled: true
zuul_registry_service_zuul_registry_manage: true
zuul_registry_service_zuul_registry_name: zuul-registry
zuul_registry_service_zuul_registry_state: started

33
meta/main.yml

@ -0,0 +1,33 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
galaxy_info:
author: Paul Belanger
description: |
This is a container image registry for use with the Zuul project gating
system.
company: Red Hat, Inc.
license: Apache
min_ansible_version: 2.4
platforms:
- name: Fedora
versions:
- 27
- name: Ubuntu
versions:
- 16.04
- 18.04
categories:
- system
dependencies: []

55
tasks/config.yaml

@ -0,0 +1,55 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Create required directories
become: true
file:
group: "{{ zuul_registry_user_group }}"
owner: "{{ zuul_registry_user_name }}"
path: "{{ item }}"
state: directory
with_items:
- /etc/zuul-registry
- /etc/zuul-registry/ssl
- /var/lib/zuul-registry/storage
- name: Install zuul-registry configuration
become: true
template:
dest: "{{ zuul_registry_file_registry_yaml_dest }}"
group: "{{ zuul_registry_file_registry_yaml_group }}"
mode: "{{ zuul_registry_file_registry_yaml_mode }}"
owner: "{{zuul_registry_file_registry_yaml_owner }}"
src: "{{ zuul_registry_file_registry_yaml_src }}"
register: zuul_registry_file_registry_yaml
- name: Install zuul ssl cert configuration
become: true
template:
dest: "{{ zuul_registry_file_ssl_cert_dest }}"
group: "{{ zuul_registry_file_ssl_cert_group }}"
mode: "{{ zuul_registry_file_ssl_cert_mode }}"
owner: "{{ zuul_registry_file_ssl_cert_owner }}"
src: "{{ zuul_registry_file_ssl_cert_src }}"
register: zuul_registry_file_ssl_cert
- name: Install zuul ssl key configuration
become: true
template:
dest: "{{ zuul_registry_file_ssl_key_dest }}"
group: "{{ zuul_registry_file_ssl_key_group }}"
mode: "{{ zuul_registry_file_ssl_key_mode }}"
owner: "{{ zuul_registry_file_ssl_key_owner }}"
src: "{{ zuul_registry_file_ssl_key_src }}"
register: zuul_registry_file_ssl_key

35
tasks/install.yaml

@ -0,0 +1,35 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Define zuul_registry_build_depends
set_fact:
zuul_registry_build_depends: "{{ __zuul_registry_build_depends | list }}"
when: zuul_registry_build_depends is not defined
- name: Ensure build dependencies are present
become: true
package:
name: "{{ zuul_registry_build_depends }}"
state: present
when: zuul_registry_install_method == 'git'
- name: Define zuul_registry_pip_executable if needed
set_fact:
zuul_registry_pip_executable: pip3
when:
- zuul_registry_install_method == 'git' or zuul_registry_install_method == 'pip'
- zuul_registry_pip_virtualenv_python is not defined
- zuul_registry_pip_executable is not defined
- include: "install/{{ zuul_registry_install_method }}.yaml"

27
tasks/install/git.yaml

@ -0,0 +1,27 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Git clone zuul-registry
git:
dest: "{{ zuul_registry_git_dest }}"
refspec: "{{ zuul_registry_git_refspec|default(omit) }}"
repo: "{{ zuul_registry_git_uri }}"
update: "{{ zuul_registry_git_update|default(omit) }}"
version: "{{ zuul_registry_git_version|default(omit) }}"
- name: Set zuul_registry_pip_name to local git repo
set_fact:
zuul_registry_pip_name: "file://{{ zuul_registry_git_dest }}"
- include: pip.yaml

35
tasks/install/pip.yaml

@ -0,0 +1,35 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Install zuul-registry using pip
become: true
pip:
executable: "{{ zuul_registry_pip_executable|default(omit) }}"
editable: "{{ zuul_registry_pip_editable|default(omit) }}"
extra_args: "{{ zuul_registry_pip_extra_args|default(omit) }}"
name: "{{ zuul_registry_pip_name }}"
version: "{{ zuul_registry_pip_version|default(omit) }}"
virtualenv_python: "{{ zuul_registry_pip_virtualenv_python|default(omit) }}"
virtualenv: "{{ zuul_registry_pip_virtualenv|default(omit) }}"
- name: Symlink zuul-registry virtualenv
become: true
file:
src: "{{ zuul_registry_pip_virtualenv }}"
dest: "{{ zuul_registry_pip_virtualenv_symlink }}"
state: link
when:
- zuul_registry_pip_virtualenv is defined
- zuul_registry_pip_virtualenv_symlink is defined
- zuul_registry_pip_virtualenv != zuul_registry_pip_virtualenv_symlink

21
tasks/main.yaml

@ -0,0 +1,21 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Include OS-specific variables
include_vars: "{{ ansible_os_family | lower }}.yaml"
- include: "{{ zuul_registry_task }}.yaml"
with_items: "{{ zuul_registry_task_manager }}"
loop_control:
loop_var: zuul_registry_task

33
tasks/pre.yaml

@ -0,0 +1,33 @@
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Create group account
become: true
group:
name: "{{ zuul_registry_user_group }}"
- name: Create user account
become: true
user:
createhome: true
group: "{{ zuul_registry_user_group }}"
home: "{{ zuul_registry_user_home }}"
name: "{{ zuul_registry_user_name }}"
shell: "{{ zuul_registry_user_shell|default(omit) }}"
- name: Set permissions on home directory
become: true
file:
path: "{{ zuul_registry_user_home }}"
mode: "{{ zuul_registry_user_home_mode }}"

94
tasks/service.yaml

@ -0,0 +1,94 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Define zuul_registry_file_zuul_registry_service_dest
set_fact:
zuul_registry_file_zuul_registry_service_dest: "{{ __zuul_registry_file_zuul_registry_service_dest }}"
when: zuul_registry_file_zuul_registry_service_dest is not defined
- name: Define zuul_registry_file_zuul_registry_service_mode
set_fact:
zuul_registry_file_zuul_registry_service_mode: "{{ __zuul_registry_file_zuul_registry_service_mode }}"
when: zuul_registry_file_zuul_registry_service_mode is not defined
- name: Define zuul_registry_file_zuul_registry_service_src
set_fact:
zuul_registry_file_zuul_registry_service_src: "{{ __zuul_registry_file_zuul_registry_service_src }}"
when: zuul_registry_file_zuul_registry_service_src is not defined
- name: Define zuul_registry_file_zuul_registry_service_config_dest
set_fact:
zuul_registry_file_zuul_registry_service_config_dest: "{{ __zuul_registry_file_zuul_registry_service_config_dest }}"
when: zuul_registry_file_zuul_registry_service_config_dest is not defined
- name: Define zuul_registry_file_zuul_registry_service_config_mode
set_fact:
zuul_registry_file_zuul_registry_service_config_mode: "{{ __zuul_registry_file_zuul_registry_service_config_mode }}"
when: zuul_registry_file_zuul_registry_service_config_mode is not defined
- name: Define zuul_registry_file_zuul_registry_service_config_src
set_fact:
zuul_registry_file_zuul_registry_service_config_src: "{{ __zuul_registry_file_zuul_registry_service_config_src }}"
when: zuul_registry_file_zuul_registry_service_config_src is not defined
- name: Install zuul-registry service script into place
become: true
template:
dest: "{{ zuul_registry_file_zuul_registry_service_dest }}"
group: "{{ zuul_registry_file_zuul_registry_service_group }}"
mode: "{{ zuul_registry_file_zuul_registry_service_mode }}"
owner: "{{ zuul_registry_file_zuul_registry_service_owner }}"
src: "{{ zuul_registry_file_zuul_registry_service_src }}"
register: zuul_registry_file_zuul_registry_service
when: zuul_registry_file_zuul_registry_service_manage
- name: Create zuul-registry service config directory
become: true
file:
group: "{{ zuul_registry_file_zuul_registry_service_config_group }}"
owner: "{{ zuul_registry_file_zuul_registry_service_config_owner }}"
path: "{{ zuul_registry_file_zuul_registry_service_dest }}.d"
state: directory
when: zuul_registry_file_zuul_registry_service_config_manage
- name: Install zuul-registry service config into place
become: true
template:
dest: "{{ zuul_registry_file_zuul_registry_service_config_dest }}"
group: "{{ zuul_registry_file_zuul_registry_service_config_group }}"
mode: "{{ zuul_registry_file_zuul_registry_service_config_mode }}"
owner: "{{ zuul_registry_file_zuul_registry_service_config_owner }}"
src: "{{ zuul_registry_file_zuul_registry_service_config_src }}"
register: zuul_registry_file_zuul_registry_service_config
when: zuul_registry_file_zuul_registry_service_config_manage
- name: Enable zuul-registry service
become: true
systemd:
daemon_reload: "{{ zuul_registry_service_zuul_registry_daemon_reload }}"
enabled: "{{ zuul_registry_service_zuul_registry_enabled }}"
name: "{{ zuul_registry_service_zuul_registry_name }}"
register: zuul_registry_service_zuul_registry
when: zuul_registry_service_zuul_registry_manage
- name: Set zuul-registry service state
become: true
systemd:
daemon_reload: "{{ zuul_registry_service_zuul_registry_daemon_reload }}"
name: "{{ zuul_registry_service_zuul_registry_name }}"
state: "{{ zuul_registry_service_zuul_registry_state }}"
register: zuul_registry_service_zuul_registry_state_info
when:
- zuul_registry_service_zuul_registry_manage
- zuul_registry_service_zuul_registry_state in ['reloaded', 'restarted', 'started', 'stopped']

14
templates/etc/systemd/system/zuul-registry.service

@ -0,0 +1,14 @@
[Unit]
Description=Zuul Registry Service
After=syslog.target network.target
[Service]
Type=simple
# Options to pass to zuul-registry.
Environment="ARGS=-c /etc/zuul-registry/registry.yaml"
Group=zuul-registry
User=zuul-registry
ExecStart={{ zuul_registry_pip_virtualenv | default('/usr/local') }}/bin/zuul-registry -d $ARGS
[Install]
WantedBy=multi-user.target

3
templates/etc/systemd/system/zuul-registry.service.d/override.conf

@ -0,0 +1,3 @@
# This file is generated by Ansible
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#

18
templates/etc/zuul-registry/registry.yaml

@ -0,0 +1,18 @@
---
registry:
address: '127.0.0.1'
port: 9000
tls-cert: /etc/zuul-registry/ssl/cert.pem
tls-key: /etc/zuul-registry/ssl/cert.key
secret: test_token_secret
public-url: https://localhost:9000
users:
- name: testuser
pass: testpass
access: write
- name: anonymous
pass: ''
access: read
storage:
driver: filesystem
root: /var/lib/zuul-registry/storage

4
templates/etc/zuul-registry/ssl/cert.key

@ -0,0 +1,4 @@
# This file is generated by Ansible
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
{{ zuul_registry_file_ssl_key_content }}

4
templates/etc/zuul-registry/ssl/cert.pem

@ -0,0 +1,4 @@
# This file is generated by Ansible
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
{{ zuul_registry_file_ssl_cert_content }}

36
tests/collect-logs.yaml

@ -0,0 +1,36 @@
---
- hosts: all
tasks:
- name: Ensure journald logs directory exists
file:
path: "{{ zuul_output_dir }}/logs/logs/var/log/journal"
state: directory
- name: Collect journald logs
shell: "sudo journalctl -u {{ item }}.service | tee {{ zuul_output_dir }}/logs/logs/var/log/journal/{{ item }}.service.log"
args:
creates: "{{ zuul_output_dir }}/logs/logs/var/log/journal/{{ item }}.service.log"
with_items:
- zuul-registry
- name: Prepare zuul-registry log files
become: true
synchronize:
dest: "{{ zuul_output_dir }}/logs/logs"
rsync_opts:
- "--relative"
- "--chown={{ ansible_user_id }}:{{ ansible_user_id }}"
src: "{{ item }}"
verify_host: true
delegate_to: "{{ inventory_hostname }}"
with_items:
- /etc/zuul-registry
# TODO: Migrate to fetch-zuul-logs when
# https://review.opendev.org/#/c/583346/ is merged.
- name: Collect log output
synchronize:
dest: "{{ zuul.executor.log_root }}/"
mode: pull
src: "{{ zuul_output_dir }}/logs/"
verify_host: true

1
tests/inventory

@ -0,0 +1 @@
localhost

25
tests/playbooks/pre.yaml

@ -0,0 +1,25 @@
---
- hosts: all
tasks:
# TODO(pabelanger): Remove once this lands in our base job in
# project-config.
- name: Execute ensure-output-dirs role
include_role:
name: ensure-output-dirs
- name: Disable extra wheels mirror
become: true
lineinfile:
dest: /etc/pip.conf
regexp: ^extra-index-url
state: absent
- name: Execute bindep role
include_role:
name: bindep
vars:
bindep_profile: ansible test
- name: Execute test-setup role
include_role:
name: test-setup

125
tests/playbooks/run.yaml

@ -0,0 +1,125 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- hosts: all
vars:
rolename: ansible-role-zuul-registry
zuul_registry_file_ssl_cert_content: |
-----BEGIN CERTIFICATE-----
MIIDTzCCAjcCFBfoHAg0EQQloogrr6mpLimi+YUJMA0GCSqGSIb3DQEBCwUAMGIx
CzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMR0w
GwYDVQQKDBRPcGVuU3RhY2sgRm91bmRhdGlvbjETMBEGA1UEAwwKZ2Vhcm1hbi1j
YTAeFw0yMDExMTcyMTIxMzVaFw0zMDExMTUyMTIxMzVaMGYxCzAJBgNVBAYTAlVT
MQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMR0wGwYDVQQKDBRPcGVu
U3RhY2sgRm91bmRhdGlvbjEXMBUGA1UEAwwOZ2Vhcm1hbi1jbGllbnQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cIGCILH7E15Pl0tK6TUKd/8DlsQW
R+sUju2pSwETz+/sW3TFWcWacS91BX8A3uMuneLTf1xgN/IhH/z4/6+XQi4BUN1a
/vI8t2xOWAFgq9h9pM2GvYTlPJC2Xj4vTONdZSEIPJE5d/QYpNzHA/NKlQq61A1n
/bdTALRxdPEeGLF63uY/kiiU+UtR3SF69lysJSw8ryHlCnSUPKc/2NpOvgmzPBVz
0CjSMeKQzvLxvV31sD1jYa/qEGORwURQl4GrKch4KlOBelEHsjZhKaWnr/19Dhgy
WoLeXxeACMfa822D5kWza1p5aIMHYXELjKa3PlDCUQnqYqoWIqrNG7FpAgMBAAEw
DQYJKoZIhvcNAQELBQADggEBAFZVHK2ZxDO9aIAnB03akKQ5WQ1tpljtidBdTvuf
+Xw76BxCtMFZpk7n3IlfMuhOyTjRyuswb1eTP7VQwW/v3UDJOVzxBrGcCgSA1MEU
MmftGuV9DMHCELmKGBQKstK59oSCLp55U0cEdHF9Uxuwxv5b5MHdUFiHsKqDYQST
CUSpLqE7WwZhAu9+vVQq6+4Dr1llu72i4sSV6Yo8/qLALoIhUnocyco1pO/Uh7uQ
WLpKtURdHg6l4lfhIe3RySTL00W4iSVVZbVX2D234DD7kr4Uj9NhJuNZHap7k4WN
+pq0Knq5gJvNe49BTgsulj9Inv3gkR9FiWQlidPOKXP0T0s=
-----END CERTIFICATE-----
zuul_registry_file_ssl_key_content: |
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC4cIGCILH7E15P
l0tK6TUKd/8DlsQWR+sUju2pSwETz+/sW3TFWcWacS91BX8A3uMuneLTf1xgN/Ih
H/z4/6+XQi4BUN1a/vI8t2xOWAFgq9h9pM2GvYTlPJC2Xj4vTONdZSEIPJE5d/QY
pNzHA/NKlQq61A1n/bdTALRxdPEeGLF63uY/kiiU+UtR3SF69lysJSw8ryHlCnSU
PKc/2NpOvgmzPBVz0CjSMeKQzvLxvV31sD1jYa/qEGORwURQl4GrKch4KlOBelEH
sjZhKaWnr/19DhgyWoLeXxeACMfa822D5kWza1p5aIMHYXELjKa3PlDCUQnqYqoW
IqrNG7FpAgMBAAECggEBAIZeKGul6CQzcxTm8wprJaIv05BIySg2UtQSYKBiLTHC
3lbCNisEgMpIRTuqumDnAHlYuwQ8GA9dEsABLuo0VDcNFrkMsYb2j4GeW4Aj6zUD
XOAELVtJPMVIv2Cs/f61tDq5TzxR67cDZciCavluLlOai0ua6v1kwKbur4asnHDA
bagRhqa5Kij+63Wq1o08AtpfUVcvr3iAtuqTf0dw0Fz+iMSxvResy57U/r1sByAa
vNbLliBXgkO6IfHeiIQ6JdOVNBsjE9Lz1d5yFshOf8SROdBmIKedtSY29nc/2Rit
+wuWlp2nOdzq+KIaPRqfacWYomcSdwLLhsrSOJKO/JECgYEA5CFJv5wmzTJ3RaZF
LcErfKWA98jS46oStWWf4DQIltEoWeb/3anoAxyzx1KsId1LCWtEQzf9LlQ2IuRz
CYhv2T5FWiXT1Ia4OX/WFUMRYXho4hMPxLNOxMPw2rR06FDWDRUAyJdc5g9as6vp
JRCjiVmFuiV2Ln/tBts/jFgjI50CgYEAzvjOYm05HKwPlnlIMv6sOJtCZslgNcH2
FRfKUPPTAos8iBu/joprCzUd3TRJn2QlOORvB00M+gQRZTT/+ig60h1stWVkjg6K
LKpdCBeCS7/2CirFx7cNsLA6fgalqBA1QnwAsCh9ykW1Ao0yM11gq6A0lfMNXW7l
bwlGMqlTeT0CgYEAnW+Lobx12q61OU/h9g2VoVPmiRoC0DMS7jTP/L5sHwkBO+n7
MlKLV3p7Z1dai5RYsItidLEy/MIJClN2QGH0LoyW9/ubENRYVvYuHEZIvGeImlxl
SW4lMg23LnfTJnCDCEwyWjx7VBnMkqpVH8s30RYC/8/Sm4yVW2H7nTNGLNECgYEA
l+A1uj5B6YtNCPNIirsc75DmwfxFkE0bYdEKUisJjVVU/t+1ykhCUoAQwRCscb0Q
H1ZpLudYfWJczXJ94DiDKUoUSmvzxNZgiHQfPl/Z6fIb/svyRCJMdnprAa2pA9GY
84eBDcM4wyQxtoSb8Ns1o9s0m1A2X3iP/dHFZEmiilUCgYEA2tzCS7zu6VXaBXFq
CwhImmNmBWMrncx7TeCLL2UGxl53z6hmNTZ2N216O+cNItpXeBWmjbyDK1wyLAug
7fLNnW3xMlIRNaqo5qkoj1iPyaYzAz/RfhIjSH7EHHcm0L5HssjanOGW9YOpTpqv
4VFGmzIrdzue1QSi4qkP8DuY7Nk=
-----END PRIVATE KEY-----
roles:
- "{{ rolename }}"
post_tasks:
- name: Assert results are registered.
assert:
that:
- zuul_registry_file_registry_yaml
- zuul_registry_file_zuul_registry_service
- zuul_registry_file_zuul_registry_service_config
- zuul_registry_service_zuul_registry
- name: Register zuul_registry_git_dest_stat.
stat:
path: /home/zuul/src/opendev.org/zuul/zuul-registry
register: zuul_registry_git_dest_stat
when: zuul_registry_install_method == 'git'
- name: Assert zuul_registry_git_dest tests.
assert:
that:
- zuul_registry_git_dest_stat.stat.exists
- zuul_registry_git_dest_stat.stat.isdir
when: zuul_registry_install_method == 'git'
- name: Register /etc/systemd/system/zuul-registry.service
stat:
path: /etc/systemd/system/zuul-registry.service
register: _zuul_registry_service_systemd_stat
- name: Assert _zuul_registry_service_systemd_stat tests.
assert:
that:
- _zuul_registry_service_systemd_stat.stat.exists
- _zuul_registry_service_systemd_stat.stat.isreg
- _zuul_registry_service_systemd_stat.stat.pw_name == 'root'
- _zuul_registry_service_systemd_stat.stat.gr_name == 'root'
- _zuul_registry_service_systemd_stat.stat.mode == '0644'
- name: Register /etc/systemd/system/zuul-registry.service.d/override.conf
stat:
path: /etc/systemd/system/zuul-registry.service.d/override.conf
register: zuul_registry_service_config_stat
- name: Assert zuul_registry_service_config_stat tests.
assert:
that:
- zuul_registry_service_config_stat.stat.exists
- zuul_registry_service_config_stat.stat.isreg
- zuul_registry_service_config_stat.stat.pw_name == 'root'
- zuul_registry_service_config_stat.stat.gr_name == 'root'
- zuul_registry_service_config_stat.stat.mode == '0644'
- name: Ensure zuul-registry is running
become: true
shell: /usr/sbin/service zuul-registry status
tags: skip_ansible_lint

24
vars/debian.yaml

@ -0,0 +1,24 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
__zuul_registry_build_depends:
- python3-dev
__zuul_registry_file_zuul_registry_service_dest: /etc/systemd/system/zuul-registry.service
__zuul_registry_file_zuul_registry_service_mode: 0644
__zuul_registry_file_zuul_registry_service_src: etc/systemd/system/zuul-registry.service
__zuul_registry_file_zuul_registry_service_config_dest: /etc/systemd/system/zuul-registry.service.d/override.conf
__zuul_registry_file_zuul_registry_service_config_mode: 0644
__zuul_registry_file_zuul_registry_service_config_src: etc/systemd/system/zuul-registry.service.d/override.conf

24
vars/redhat.yaml

@ -0,0 +1,24 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
__zuul_registry_build_depends:
- python3-devel
__zuul_registry_file_zuul_registry_service_dest: /etc/systemd/system/zuul-registry.service
__zuul_registry_file_zuul_registry_service_mode: 0644
__zuul_registry_file_zuul_registry_service_src: etc/systemd/system/zuul-registry.service
__zuul_registry_file_zuul_registry_service_config_dest: /etc/systemd/system/zuul-registry.service.d/override.conf
__zuul_registry_file_zuul_registry_service_config_mode: 0644
__zuul_registry_file_zuul_registry_service_config_src: etc/systemd/system/zuul-registry.service.d/override.conf
Loading…
Cancel
Save