Move some base job roles from openstack-zuul-roles

Change-Id: I7ac8d2335518c06808461f2fb30ea896709f09ed
2017-07-13 15:13:41 -07:00 · 2017-07-13 15:13:41 -07:00 · cfffd4431b
commit cfffd4431b
parent e680449351
12 changed files with 106 additions and 0 deletions
--- a/roles/add-build-sshkey/README.rst
+++ b/roles/add-build-sshkey/README.rst
@ -0,0 +1,13 @@
+Generate and install a build-local SSH key on all hosts
+
+This role is intended to be run on the Zuul Executor at the start of
+every job.  It generates an SSH keypair and installs the public key in
+the authorized_keys file of every host in the inventory.  It then
+removes all keys from this job's SSH agent so that the original key
+used to log into all of the hosts is no longer accessible, then adds
+the newly generated private key.
+
+Role Variables
+
+zuul_temp_ssh_key
+  Where to put the newly-generated SSH private key.
--- a/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
+++ b/roles/add-build-sshkey/tasks/create-key-and-replace.yaml
@ -0,0 +1,20 @@
+- name: Create Temp SSH key
+  command: ssh-keygen -t rsa -b 1024 -N '' -f {{ zuul_temp_ssh_key }}
+  delegate_to: localhost
+
+- name: Distribute it to all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    state: present
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+
+- name: Remove all keys from local agent
+  command: ssh-add -D
+  delegate_to: localhost
+
+- name: Add back temp key
+  command: ssh-add {{ zuul_temp_ssh_key }}
+  delegate_to: localhost
+
+- name: Verify we can still SSH to all nodes
+  ping:
--- a/roles/add-build-sshkey/tasks/main.yaml
+++ b/roles/add-build-sshkey/tasks/main.yaml
@ -0,0 +1,10 @@
+- name: Check to see if ssh key was already created for this build
+  stat:
+    path: "{{ zuul_temp_ssh_key }}"
+  register: zuul_temp_ssh_key_stat
+  delegate_to: localhost
+  failed_when: false
+
+- name: Create a new key in workspace based on build UUID
+  include: create-key-and-replace.yaml
+  when: zuul_temp_ssh_key_stat is defined
--- a/roles/add-build-sshkey/vars/main.yml
+++ b/roles/add-build-sshkey/vars/main.yml
@ -0,0 +1 @@
+zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.uuid }}_id_rsa"
--- a/roles/prepare-workspace/README.rst
+++ b/roles/prepare-workspace/README.rst
@ -0,0 +1,7 @@
+Prepare remote workspaces
+
+This role is intended to run before any other role in a Zuul job.
+
+It starts the Zuul console streamer on every host in the inventory,
+and then copies the prepared source repos to the working directory on
+every host.
--- a/roles/prepare-workspace/tasks/main.yaml
+++ b/roles/prepare-workspace/tasks/main.yaml
@ -0,0 +1,9 @@
+# TODO(pabelanger): Handle cleanup on static nodes
+- name: Start zuul_console daemon.
+  zuul_console:
+
+- name: Synchronize src repos to workspace directory.
+  synchronize:
+    dest: .
+    src: "{{ zuul.executor.src_root }}"
+  no_log: true
--- a/roles/remove-build-sshkey/README.rst
+++ b/roles/remove-build-sshkey/README.rst
@ -0,0 +1,9 @@
+Remove the per-build SSH key from all hosts
+
+The complement to `add-build-sshkey`.  It removes the build's SSH key
+from the authorized_keys files of all remote hosts.
+
+Role Variables
+
+zuul_temp_ssh_key
+  Where the per-build SSH private key was stored.
--- a/roles/remove-build-sshkey/tasks/main.yml
+++ b/roles/remove-build-sshkey/tasks/main.yml
@ -0,0 +1,5 @@
+- name: Remove the build SSH key from all nodes
+  authorized_key:
+    user: "{{ ansible_ssh_user }}"
+    key: "{{ lookup('file', zuul_temp_ssh_key + '.pub') }}"
+    state: absent
--- a/roles/remove-build-sshkey/vars/main.yml
+++ b/roles/remove-build-sshkey/vars/main.yml
@ -0,0 +1 @@
+zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.uuid }}_id_rsa"
--- a/roles/upload-logs/README.rst
+++ b/roles/upload-logs/README.rst
@ -0,0 +1,8 @@
+Upload logs to a static webserver
+
+This uploads logs to a static webserver using SSH.
+
+Role Variables
+
+zuul_logserver_root
+  The root path to the logs on the logserver.
--- a/roles/upload-logs/tasks/main.yaml
+++ b/roles/upload-logs/tasks/main.yaml
@ -0,0 +1,22 @@
+- name: Set log path for a change
+  when: zuul.change is defined
+  set_fact:
+    log_path: "{{ zuul.change[-2:] }}/{{ zuul.change }}/{{ zuul.patchset }}/{{ zuul.pipeline }}/{{ zuul.job }}/{{ zuul.uuid[:7] }}"
+
+- name: Set log path for a ref update
+  when: zuul.newrev is defined
+  set_fact:
+    log_path: "{{ zuul.newrev[-2:] }}/{{ zuul.newrev }}/{{ zuul.pipeline }}/{{ zuul.job }}/{{ zuul.uuid[:7] }}"
+
+- name: Create log directories
+  file:
+    path: "{{zuul_logserver_root}}{{ log_path }}"
+    state: directory
+    recurse: yes
+    mode: 0775
+
+- name: Upload logs to log server
+  synchronize:
+    src: "{{ zuul.executor.log_root }}/"
+    dest: "{{zuul_logserver_root}}{{ log_path }}/"
+  no_log: true
--- a/roles/upload-logs/vars/main.yaml
+++ b/roles/upload-logs/vars/main.yaml
@ -0,0 +1 @@
+zuul_logserver_root: /srv/static/logs
				`@ -0,0 +1 @@`
				`zuul_temp_ssh_key: "{{ zuul.executor.src_root }}/../{{ zuul.uuid }}_id_rsa"`