summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2014-07-14 15:10:09 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2014-07-14 15:10:09 +0000
commit160fd3f2f1d372751836c0073bdc944df1cfbb91 (patch)
treed6b46ce1ec600400883e53b82e12b390fa73f262
parenteafba37e2bfc3897e3e7f65f2ce087fbee358f43 (diff)
parentd349c9a35d3d53ebfc9f26df373e84fa5986a1b6 (diff)
downloadtrove-setup-160fd3f2f1d372751836c0073bdc944df1cfbb91.tar.gz
Merge branch 'baserock/pedroalvarez/trove-ansible3'
Reviewed-by: Richard Maw Reviewed-by: Lars Wirzenius
-rw-r--r--Makefile12
-rw-r--r--ansible/hosts1
-rw-r--r--ansible/roles/trove-setup/tasks/backups.yml16
-rw-r--r--ansible/roles/trove-setup/tasks/cache-setup.yml19
-rw-r--r--ansible/roles/trove-setup/tasks/check.yml73
-rw-r--r--ansible/roles/trove-setup/tasks/git.yml8
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-admin-setup.yml39
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-mason-setup.yml16
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-setup.yml45
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-worker-setup.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/hostname.yml26
-rw-r--r--ansible/roles/trove-setup/tasks/known-hosts-setup.yml7
-rw-r--r--ansible/roles/trove-setup/tasks/lighttpd.yml42
-rw-r--r--ansible/roles/trove-setup/tasks/lorry-controller-setup.yml92
-rw-r--r--ansible/roles/trove-setup/tasks/lorry-setup.yml20
-rw-r--r--ansible/roles/trove-setup/tasks/main.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/minions.yml20
-rw-r--r--ansible/roles/trove-setup/tasks/releases.yml30
-rw-r--r--ansible/roles/trove-setup/tasks/site-groups.yml88
-rw-r--r--ansible/roles/trove-setup/tasks/users.yml38
-rw-r--r--ansible/trove-setup.yml6
-rwxr-xr-xbins/trove-early-setup124
-rw-r--r--gitano-admin/users/lorry/user.conf2
-rwxr-xr-xlibexecs/remove-lorry-controller-from-lorry-crontab22
-rw-r--r--share/README.lorry-controller2
-rw-r--r--share/etc/cgitrc (renamed from etc/cgitrc)6
-rw-r--r--share/etc/gitano-setup.clod (renamed from etc/gitano-setup.clod)5
-rw-r--r--share/etc/lorry-controller/minion.conf6
-rw-r--r--share/etc/lorry-controller/webapp.conf12
-rw-r--r--share/etc/lorry.conf (renamed from etc/lorry.conf)2
-rw-r--r--share/gitano/skel/gitano-admin/global-hooks/post-receive.lua (renamed from gitano-admin/global-hooks/post-receive.lua)6
-rw-r--r--share/gitano/skel/gitano-admin/groups/local-config-admins.conf (renamed from gitano-admin/groups/local-config-admins.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/groups/local-config-managers.conf (renamed from gitano-admin/groups/local-config-managers.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/groups/local-config-readers.conf (renamed from gitano-admin/groups/local-config-readers.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/groups/local-config-writers.conf (renamed from gitano-admin/groups/local-config-writers.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/groups/trove-admin.conf (renamed from gitano-admin/groups/trove-admin.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/groups/workers.conf (renamed from gitano-admin/groups/workers.conf)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/adminchecks.lace (renamed from gitano-admin/rules/adminchecks.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/aschecks.lace (renamed from gitano-admin/rules/aschecks.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/core.lace (renamed from gitano-admin/rules/core.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/createrepo.lace (renamed from gitano-admin/rules/createrepo.lace)2
-rw-r--r--share/gitano/skel/gitano-admin/rules/defines.lace (renamed from gitano-admin/rules/defines.lace)8
-rw-r--r--share/gitano/skel/gitano-admin/rules/destroyrepo.lace (renamed from gitano-admin/rules/destroyrepo.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/other-project.lace (renamed from gitano-admin/rules/other-project.lace)6
-rw-r--r--share/gitano/skel/gitano-admin/rules/project.lace (renamed from gitano-admin/rules/project.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace (renamed from gitano-admin/rules/remoteconfigchecks.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/renamerepo.lace (renamed from gitano-admin/rules/renamerepo.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/selfchecks.lace (renamed from gitano-admin/rules/selfchecks.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/siteadmin.lace (renamed from gitano-admin/rules/siteadmin.lace)0
-rw-r--r--share/gitano/skel/gitano-admin/rules/trove-project.lace (renamed from gitano-admin/rules/trove-project.lace)2
-rw-r--r--share/gitano/skel/gitano-admin/users/distbuild/user.conf (renamed from gitano-admin/users/distbuild/user.conf)2
-rw-r--r--share/gitano/skel/gitano-admin/users/lorry/user.conf2
-rw-r--r--share/gitano/skel/gitano-admin/users/mason/user.conf (renamed from gitano-admin/users/mason/user.conf)2
-rw-r--r--share/lorry-controller.conf8
-rw-r--r--share/releases-repo-README4
-rwxr-xr-xshare/releases-repo-migration.sh132
-rw-r--r--units/drop-lorry-controller-cronjob.service13
-rw-r--r--units/git-daemon.service3
-rw-r--r--units/lighttpd-git.service3
-rw-r--r--units/lighttpd-morph-cache.service3
-rw-r--r--units/releases-repo-migration.service14
-rw-r--r--units/trove-setup.service16
63 files changed, 716 insertions, 343 deletions
diff --git a/Makefile b/Makefile
index 3a64344..134436b 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,9 @@
install:
- mkdir -p "${DESTDIR}/usr/share/gitano/skel"
- cp -a gitano-admin "${DESTDIR}/usr/share/gitano/skel"
+ mkdir -p "${DESTDIR}/usr/lib/trove-setup/ansible"
+ cp -r ansible/* "${DESTDIR}/usr/lib/trove-setup/ansible"
mkdir -p "${DESTDIR}/usr/lib/systemd/system/multi-user.target.wants"
cp units/* "${DESTDIR}/usr/lib/systemd/system"
- for I in $$(cd units; ls); do \
- ln -sf ../$$I "${DESTDIR}/usr/lib/systemd/system/multi-user.target.wants/$$I"; \
- done
+ ln -sf ../trove-setup.service "${DESTDIR}/usr/lib/systemd/system/multi-user.target.wants/trove-setup.service"
cp -r etc "${DESTDIR}"
mkdir -p "${DESTDIR}/var/www/htdocs"
cp http-assets/* "${DESTDIR}/var/www/htdocs"
@@ -14,10 +12,6 @@ install:
ln -s /home/lorry/tarballs "${DESTDIR}/var/www/htdocs/tarballs"
ln -s /home/lorry/lc-status.html "${DESTDIR}/var/www/htdocs/lc-status.html"
ln -s /usr/share/lorry-controller/static/ "${DESTDIR}/var/www/htdocs/lc-static"
- mkdir -p "${DESTDIR}/usr/bin"
- cp bins/* "${DESTDIR}/usr/bin/"
- mkdir -p "${DESTDIR}/usr/libexec"
- cp libexecs/* "${DESTDIR}/usr/libexec/"
mkdir -p "${DESTDIR}/usr/share/trove-setup"
cp -r share/* "${DESTDIR}/usr/share/trove-setup/"
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000..5b97818
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1 @@
+localhost ansible_connection=local
diff --git a/ansible/roles/trove-setup/tasks/backups.yml b/ansible/roles/trove-setup/tasks/backups.yml
new file mode 100644
index 0000000..65a1466
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/backups.yml
@@ -0,0 +1,16 @@
+# Depends on:
+# - check.yml
+---
+- name: Create the backups user if TROVE_BACKUP_KEYS is defined
+ user: name=backup comment="Backup user" shell=/bin/sh home=/root/backup-user-home group=root uid=0 non_unique=yes
+ when: TROVE_BACKUP_KEYS is defined
+
+- name: Creates the .ssh directory to the backups user if TROVE_BACKUP_KEYS is defined
+ file: path=/root/backup-user-home/.ssh state=directory
+ when: TROVE_BACKUP_KEYS is defined
+
+- name: Copy the TROVE_BACKUP_KEYS if defined to authorized_keys of the backup user
+ shell: |
+ cat {{ TROVE_BACKUP_KEYS }} >> /root/backup-user-home/.ssh/authorized_keys
+ creates=/root/backup-user-home/.ssh/authorized_keys
+ when: TROVE_BACKUP_KEYS is defined
diff --git a/ansible/roles/trove-setup/tasks/cache-setup.yml b/ansible/roles/trove-setup/tasks/cache-setup.yml
new file mode 100644
index 0000000..162dacc
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/cache-setup.yml
@@ -0,0 +1,19 @@
+# Depends on:
+# - users.yml
+---
+- name: Create artifacts and ccache folder for the cache user
+ file: path=/home/cache/{{ item }} state=directory owner=cache group=cache
+ with_items:
+ - artifacts
+ - ccache
+- name: Create /etc/exports.d folder
+ file: path=/etc/exports.d state=directory
+- name: Create /etc/exports.d/cache.exports
+ shell: |
+ echo '/home/cache/ccache *(rw,all_squash,no_subtree_check,anonuid=1002,anongid=1002)' > /etc/exports.d/cache.exports
+ creates=/etc/exports.d/cache.exports
+ register: cache_exports
+
+- name: Update nfs exports
+ shell: exportfs -av
+ when: cache_exports|changed
diff --git a/ansible/roles/trove-setup/tasks/check.yml b/ansible/roles/trove-setup/tasks/check.yml
new file mode 100644
index 0000000..d873030
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/check.yml
@@ -0,0 +1,73 @@
+---
+- fail: msg='TROVE_ID is mandatory'
+ when: TROVE_ID is not defined
+
+- fail: msg='TROVE_COMPANY is mandatory'
+ when: TROVE_COMPANY is not defined
+
+- fail: msg='TROVE_ADMIN_USER is mandatory'
+ when: TROVE_ADMIN_USER is not defined
+
+- fail: msg='TROVE_ADMIN_EMAIL is mandatory'
+ when: TROVE_ADMIN_EMAIL is not defined
+
+- fail: msg='TROVE_ADMIN_NAME is mandatory'
+ when: TROVE_ADMIN_NAME is not defined
+
+- fail: msg='LORRY_SSH_KEY is mandatory'
+ when: LORRY_SSH_KEY is not defined
+
+- fail: msg='LORRY_SSH_PUBKEY is mandatory'
+ when: LORRY_SSH_PUBKEY is not defined
+
+- fail: msg='TROVE_ADMIN_SSH_PUBKEY is mandatory'
+ when: TROVE_ADMIN_SSH_PUBKEY is not defined
+
+- fail: msg='WORKER_SSH_PUBKEY is mandatory'
+ when: WORKER_SSH_PUBKEY is not defined
+
+- fail: msg='UPSTREAM_TROVE is mandatory'
+ when: UPSTREAM_TROVE is not defined
+
+- set_fact: TROVE_HOSTNAME={{ TROVE_ID }}
+ when: TROVE_HOSTNAME is not defined
+
+- set_fact: LORRY_CONTROLLER_MINIONS=4
+ when: LORRY_CONTROLLER_MINIONS is not defined
+
+- set_fact: MASON_ID=''
+ when: MASON_ID is not defined
+
+- set_fact: MASON_PORT='18755'
+ when: MASON_PORT is not defined
+
+- name: Calculate ESC_PREFIX
+ shell: echo -n {{ TROVE_ID|quote }} | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g'
+ register: var_esc_prefix
+ changed_when: False
+
+- set_fact: ESC_PREFIX={{ var_esc_prefix.stdout }}
+
+- set_fact: ESC_PERSONAL_PREFIX='people'
+
+- set_fact: PEOPLE_COMMENT='#'
+
+- name: Check if the ssh keys are valid
+ shell: ssh-keygen -l -f {{ item }}
+ with_items:
+ - '{{ TROVE_ADMIN_SSH_PUBKEY }}'
+ - '{{ LORRY_SSH_PUBKEY }}'
+ - '{{ WORKER_SSH_PUBKEY }}'
+ changed_when: False
+
+- name: Check if the ssh keys are unique
+ shell: |
+ cat {{ TROVE_ADMIN_SSH_PUBKEY|quote}} \
+ {{ LORRY_SSH_PUBKEY|quote }} \
+ {{ WORKER_SSH_PUBKEY|quote }} \
+ | cut -d ' ' -f 1,2 | sort -u | wc -l
+ changed_when: False
+ register: number_ssh_keys
+
+- fail: msg="The ssh keys MUST be different"
+ when: number_ssh_keys.stdout != '3'
diff --git a/ansible/roles/trove-setup/tasks/git.yml b/ansible/roles/trove-setup/tasks/git.yml
new file mode 100644
index 0000000..2e6b1fa
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/git.yml
@@ -0,0 +1,8 @@
+# Depends on:
+# - users.yml
+---
+- name: Configure Git user.name and usr.email
+ shell: |
+ su git -c 'git config --global user.name "Trove Git Controller"'
+ su git -c 'git config --global user.email "git@trove"'
+ creates=/home/git/.gitconfig
diff --git a/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml
new file mode 100644
index 0000000..c4c3eb2
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml
@@ -0,0 +1,39 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if the admin user is configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost user' | grep '^'{{ TROVE_ADMIN_USER|regex_replace('(\\W)', '\\\\\\1')|quote}}':'
+ register: gitano_admin_user
+ changed_when: False
+ ignore_errors: True
+# If the admin user doesn't exist
+- name: Create the admin user
+ shell: su git -c 'ssh git@localhost user add '{{ TROVE_ADMIN_USER|quote|quote|quote}}' '{{ TROVE_ADMIN_EMAIL|quote|quote|quote }}' '{{ TROVE_ADMIN_NAME|quote|quote|quote }}
+ when: gitano_admin_user|failed
+
+- name: Check if admin user is in trove-admin group in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' whoami' | grep 'trove-admin. Trove-local administration'
+ register: gitano_admin_group
+ changed_when: False
+ ignore_errors: True
+# If the admin user is not in the trove-admin group
+- name: Add the admin user to the trove-admin group in gitano
+ shell: su git -c 'ssh git@localhost group adduser trove-admin '{{ TROVE_ADMIN_USER|quote|quote|quote }}
+ when: gitano_admin_group|failed
+
+- name: Check if admin user has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' sshkey' 2>&1 | grep WARNING
+ register: gitano_admin_key
+ changed_when: False
+ ignore_errors: True
+# If admin user doesn't have an sshkey configured
+- name: Create /home/git/keys/ to store sshkeys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_admin_key|success
+- name: Copy the TROVE_ADMIN_SSH_PUBKEY to /home/git/keys/admin.key.pub
+ copy: src={{ TROVE_ADMIN_SSH_PUBKEY }} dest=/home/git/keys/admin.key.pub mode=0644
+ when: gitano_admin_key|success
+
+- name: Add /home/git/keys/admin.key.pub ssh key to the admin user in gitano.
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote}}' sshkey add default < /home/git/keys/admin.key.pub'
+ when: gitano_admin_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml
new file mode 100644
index 0000000..d52927a
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml
@@ -0,0 +1,18 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if lorry has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as lorry sshkey' 2>&1 | grep WARNING
+ register: gitano_lorry_key
+ changed_when: False
+ ignore_errors: True
+# If lorry user doesn't have an sshkey configured
+- name: Create /home/git/keys folder to store ssh keys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_lorry_key|success
+- name: Copy LORRY_SSH_PUBKEY to /home/git/keys/lorry.key.pub
+ copy: src={{ LORRY_SSH_PUBKEY }} dest=/home/git/keys/lorry.key.pub mode=0644
+ when: gitano_lorry_key|success
+- name: Add to the gitano lorry user the /home/git/keys/lorry.key.pub
+ shell: su git -c 'ssh git@localhost as lorry sshkey add trove < /home/git/keys/lorry.key.pub'
+ when: gitano_lorry_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml
new file mode 100644
index 0000000..8439078
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml
@@ -0,0 +1,16 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if mason has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as mason sshkey' 2>&1 | grep WARNING
+ register: gitano_mason_key
+ changed_when: False
+ ignore_errors: True
+
+# If distbuild user doesn't have an sshkey configured
+- file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_mason_key|success
+- copy: src={{ MASON_SSH_PUBKEY }} dest=/home/git/keys/mason.key.pub mode=0644
+ when: gitano_mason_key|success
+- shell: su git -c 'ssh git@localhost as mason sshkey add trove < /home/git/keys/mason.key.pub'
+ when: gitano_mason_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-setup.yml b/ansible/roles/trove-setup/tasks/gitano-setup.yml
new file mode 100644
index 0000000..0fd3ba5
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-setup.yml
@@ -0,0 +1,45 @@
+# Depends on:
+# - git.yml
+---
+# Before configuring Gitano, it's necessary to modify the placeholders
+# of the skeleton template of Gitano with the values of /etc/trove/trove.conf.
+# Ansible does not provide an efficient way to do this. Its template module
+# is not able to run recursively over directories, and is not able to create
+# the directories needed.
+#
+# The solution implemented consists in create the directories first and then
+# using the template module in all the files. This could be possible to
+# implement using the 'with_lines' option combinated with the 'find' command.
+#
+# Create the directories
+- name: Create the directories needed for the Gitano skeleton.
+ file: path=/etc/{{ item }} state=directory
+ with_lines:
+ - (cd /usr/share/trove-setup && find gitano -type d)
+# Copy all the files to the right place and fill the templates whenever possible
+- name: Create the Gitano skeleton using the templates
+ template: src=/usr/share/trove-setup/{{ item }} dest=/etc/{{ item }}
+ with_lines:
+ - (cd /usr/share/trove-setup && find gitano -type f)
+
+# Configure gitano
+- name: Configure Gitano with /etc/gitano-setup.clod
+ shell: |
+ su git -c 'gitano-setup /etc/gitano-setup.clod'
+ creates=/home/git/repos/gitano-admin.git
+
+- name: Unlock the password of the git user (This task can fail)
+ shell: busybox passwd -u git
+ register: passwd_result
+ changed_when: passwd_result|success
+ ignore_errors: True
+
+# Now that /home/git/repos exists, we can enable the git-daemon service
+- name: Enable the git-daemon.service
+ service: name=git-daemon.service enabled=yes
+ register: git_daemon_service
+
+# Now we can start the service without rebooting the system
+- name: Restart git-daemon.service
+ service: name=git-daemon state=restarted
+ when: git_daemon_service|changed
diff --git a/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml
new file mode 100644
index 0000000..e0510e4
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml
@@ -0,0 +1,18 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if worker has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as distbuild sshkey' 2>&1 | grep WARNING
+ register: gitano_worker_key
+ changed_when: False
+ ignore_errors: True
+# If distbuild user doesn't have an sshkey configured
+- name: Create /home/git/keys/ to store ssh keys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_worker_key|success
+- name: Copy WORKER_SSH_PUBKEY to /home/git/keys/worker.key.pub
+ copy: src={{ WORKER_SSH_PUBKEY }} dest=/home/git/keys/worker.key.pub mode=0644
+ when: gitano_worker_key|success
+- name: Add /home/git/keys/worker.key.pub to the distbuild user in Gitano
+ shell: su git -c 'ssh git@localhost as distbuild sshkey add trove < /home/git/keys/worker.key.pub'
+ when: gitano_worker_key|success
diff --git a/ansible/roles/trove-setup/tasks/hostname.yml b/ansible/roles/trove-setup/tasks/hostname.yml
new file mode 100644
index 0000000..f4a11e2
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/hostname.yml
@@ -0,0 +1,26 @@
+# Depends on:
+# - check.yml
+---
+- name: Check the /etc/hostname and compare it with HOSTNAME (This task can fail)
+ shell: su -c '[ "$(cat /etc/hostname)" == '{{ HOSTNAME|quote|quote }}' ]'
+ register: hostname_file
+ ignore_errors: True
+ changed_when: False
+ when: HOSTNAME is defined
+
+# If /etc/hostname doesn't match with HOSTNAME
+- name: Rewrite /etc/hostname with HOSTNAME
+ shell: echo {{ HOSTNAME|quote }} > /etc/hostname
+ when: hostname_file|failed
+
+- name: Check the actual hostname with `hostname` and compare it with HOSTNAME (This task can fail)
+ shell: sh -c '[ "$(hostname)" == '{{ HOSTNAME|quote|quote }}' ]'
+ register: actual_hostname
+ ignore_errors: True
+ changed_when: False
+ when: HOSTNAME is defined
+
+# If `hostname` doesn't match with HOSTNAME
+- name: Change the hostname to HOSTNAME
+ shell: hostname {{ HOSTNAME|quote }}
+ when: actual_hostname|failed
diff --git a/ansible/roles/trove-setup/tasks/known-hosts-setup.yml b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml
new file mode 100644
index 0000000..6e988e0
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml
@@ -0,0 +1,7 @@
+# Depends on:
+# - check.yml
+---
+- name: Add localhost and UPSTREAM_TROVE to /etc/ssh/ssh_known_hosts
+ shell: |
+ ssh-keyscan localhost {{ UPSTREAM_TROVE|quote }} > /etc/ssh/ssh_known_hosts
+ creates=/etc/ssh/ssh_known_hosts
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml
new file mode 100644
index 0000000..7a530e7
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lighttpd.yml
@@ -0,0 +1,42 @@
+---
+- name: Create /etc/lighttpd/certs directory
+ file: path=/etc/lighttpd/certs state=directory
+- name: Create certificates for lighttpd in /etc/lighttpd/certs/lighttpd.pem
+ shell: |
+ yes '' | openssl req -new -x509 \
+ -keyout /etc/lighttpd/certs/lighttpd.pem \
+ -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
+ creates=/etc/lighttpd/certs/lighttpd.pem
+ register: lighttpd_certs
+- name: Create /var/run/lighttpd for cache user
+ file: path=/var/run/lighttpd state=directory owner=cache group=cache
+ register: lighttpd_folder
+
+# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can
+# enable the lighttpd-git service
+- name: Enable lighttpd-git service
+ service: name=lighttpd-git.service enabled=yes
+ register: lighttpd_git_service
+
+# Now we can start the service without rebooting the system
+- name: Restart the lighttpd-git service
+ service: name=lighttpd-git state=restarted
+ when: lighttpd_git_service|changed
+
+# Once the service lighttpd-git is running it's possible to do the same
+# with the following services:
+# - lighttpd-morph-cache
+# - lighttpd-lorry-controller-webapp
+- name: Enable lighttpd-morph-cache service
+ service: name=lighttpd-morph-cache.service enabled=yes
+ register: lighttpd_morph_cache_service
+- name: Restart the lighttpd-morph-cache service
+ service: name=lighttpd-morph-cache state=restarted
+ when: lighttpd_morph_cache_service|changed
+
+- name: Enable the lighttpd-lorry-controller-webapp service
+ service: name=lighttpd-lorry-controller-webapp.service enabled=yes
+ register: lighttpd_lorry_controller_webapp_service
+- name: Restart the lighttpd-lorry-controller-webapp service
+ service: name=lighttpd-lorry-controller-webapp state=restarted
+ when: lighttpd_lorry_controller_webapp_service|changed
diff --git a/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml
new file mode 100644
index 0000000..06fab96
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml
@@ -0,0 +1,92 @@
+# Depends on:
+# - gitano-setup.yml
+# - lighttpd.yml
+---
+- name: Create the TROVE_ID/local-config/lorries repository
+ shell: |
+ su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/local-config/lorries'
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git
+- name: Create a temporary folder to copy templates
+ shell: su git -c 'mktemp -d'
+ register: lorry_controller_templates
+
+- name: Create the configuration files of lorry-controller using templates
+ template: src=/usr/share/trove-setup/{{ item }} dest={{ lorry_controller_templates.stdout }}/{{ item }} owner=git group=git mode=0644
+ with_items:
+ - lorry-controller.conf
+ - README.lorry-controller
+- name: Create a temporary folder to copy the lorry-controller repository
+ shell: su git -c 'mktemp -d'
+ register: lorry_controller_repository
+
+- name: Configure the lorry-controller
+ shell: |
+ su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/local-config/lorries.git '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries'
+ su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/lorry-controller.conf '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/lorry-controller.conf'
+ su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/README.lorry-controller '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/README'
+ su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries'
+ su git -c 'cp /usr/share/trove-setup/open-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries/README'
+ su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries'
+ su git -c 'cp /usr/share/trove-setup/closed-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries/README'
+ su git -c 'cd '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries; git add README lorry-controller.conf open-source-lorries/README closed-source-lorries/README; git commit -m "Initial configuration"; git push origin master'
+ su git -c 'rm -rf '{{ lorry_controller_repository.stdout|quote|quote }}
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git/refs/heads/master
+
+# Migration: Remove the old lorry-controller cronjob if exists
+- name: Look for lorry-controller old cronjob (This task can fail)
+ shell: su lorry -c 'crontab -l | grep -e "-c lorry-controller"'
+ register: lorry_controller_cronjob
+ changed_when: False
+ ignore_errors: True
+
+- name: Remove the old lorry-controller cronjob
+ shell: su lorry -c '/usr/libexec/remove-lorry-controller-from-lorry-crontab'
+ when: lorry_controller_cronjob|success
+
+
+# Now that the lorry-controller is configured we can enable the following
+# services and timers, and also start them
+# - lorry-controller-status
+# - lorry-controller-readconf
+# - lorry-controller-ls-troves
+- name: Enable lorry-controller-status service
+ service: name=lorry-controller-status.service enabled=yes
+ register: lorry_controller_status_service
+- name: Start lorry-controller-status service
+ service: name=lorry-controller-status.service state=restarted
+ when: lorry_controller_status_service|changed
+
+- name: Enable lorry-controller-readconf service
+ service: name=lorry-controller-readconf.service enabled=yes
+ register: lorry_controller_readconf_service
+- name: Start lorry-controller-readconf service
+ service: name=lorry-controller-readconf.service state=restarted
+ when: lorry_controller_readconf_service|changed
+
+- name: Enable lorry-controller-ls-troves service
+ service: name=lorry-controller-ls-troves.service enabled=yes
+ register: lorry_controller_ls_troves_service
+- name: Start lorry-controller-ls-troves service
+ service: name=lorry-controller-ls-troves.service state=restarted
+ when: lorry_controller_ls_troves_service|changed
+
+- name: Enable lorry-controller-status timer
+ service: name=lorry-controller-status.timer enabled=yes
+ register: lorry_controller_status_timer
+- name: Start lorry-controller-status timer
+ service: name=lorry-controller-status.timer state=restarted
+ when: lorry_controller_status_timer|changed
+
+- name: Enable lorry-controller-readconf timer
+ service: name=lorry-controller-readconf.timer enabled=yes
+ register: lorry_controller_readconf_timer
+- name: Start lorry-controller-readconf timer
+ service: name=lorry-controller-readconf.timer state=restarted
+ when: lorry_controller_readconf_timer|changed
+
+- name: Enable lorry-controller-ls-troves timer
+ service: name=lorry-controller-ls-troves.timer enabled=yes
+ register: lorry_controller_ls_troves_timer
+- name: Start lorry-controller-ls-troves timer
+ service: name=lorry-controller-ls-troves.timer state=restarted
+ when: lorry_controller_ls_troves_timer|changed
diff --git a/ansible/roles/trove-setup/tasks/lorry-setup.yml b/ansible/roles/trove-setup/tasks/lorry-setup.yml
new file mode 100644
index 0000000..c50b49d
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lorry-setup.yml
@@ -0,0 +1,20 @@
+# Depends on:
+# - users.yml
+---
+- name: Create bundles and tarballs folder for the lorry user
+ file: path=/home/lorry/{{ item }} state=directory owner=lorry group=lorry
+ with_items:
+ - bundles
+ - tarballs
+# Following the same strategy as explained in gitano-setup.yml, use
+# templates recursively over directories.
+# Create the directories needed to copy the files
+- name: Create directories needed in /etc for the lorry configuration
+ file: path=/etc/{{ item }} state=directory
+ with_lines:
+ - (cd /usr/share/trove-setup/etc && find -type d)
+# Copy all the files to the right place and fill the templates whenever possible
+- name: Add the configuration needed for lorry in /etc using templates
+ template: src=/usr/share/trove-setup/etc/{{ item }} dest=/etc/{{ item }}
+ with_lines:
+ - (cd /usr/share/trove-setup/etc && find -type f)
diff --git a/ansible/roles/trove-setup/tasks/main.yml b/ansible/roles/trove-setup/tasks/main.yml
new file mode 100644
index 0000000..35fd807
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- include: check.yml
+- include: hostname.yml
+- include: known-hosts-setup.yml
+- include: users.yml
+- include: cache-setup.yml
+- include: lighttpd.yml
+- include: lorry-setup.yml
+- include: git.yml
+- include: gitano-setup.yml
+- include: lorry-controller-setup.yml
+- include: minions.yml
+- include: site-groups.yml
+- include: releases.yml
+- include: gitano-worker-setup.yml
+- include: gitano-lorry-setup.yml
+- include: gitano-admin-setup.yml
+- include: backups.yml
diff --git a/ansible/roles/trove-setup/tasks/minions.yml b/ansible/roles/trove-setup/tasks/minions.yml
new file mode 100644
index 0000000..a5b3d8d
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/minions.yml
@@ -0,0 +1,20 @@
+# Depends on:
+# - lorry-controller-setup.yml
+---
+# This is a workaround because the service module and the current
+# systemd version doesn't work well enough with template units.
+#
+# It ALWAYS runs `systemctl enable` for all the minions to be
+# created, but it only reports that the status of the task has changed
+# when in the stderr output is the string "ln -s" (which means the
+# unit has been enabled).
+- name: Enable as many MINIONS as specified in LORRY_CONTROLLER_MINIONS
+ shell: systemctl enable lorry-controller-minion@{{ item }}.service
+ with_sequence: count={{ LORRY_CONTROLLER_MINIONS }}
+ changed_when: "'ln -s' in minions_creation.stderr"
+ register: minions_creation
+
+- name: Start the all the MINIONS created (if any)
+ service: name=lorry-controller-minion@{{ item.item }} state=restarted
+ with_items: minions_creation.results
+ when: item|changed
diff --git a/ansible/roles/trove-setup/tasks/releases.yml b/ansible/roles/trove-setup/tasks/releases.yml
new file mode 100644
index 0000000..bcb031e
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/releases.yml
@@ -0,0 +1,30 @@
+# Depends on:
+# - site-groups.yml
+---
+- name: Create the releases repository
+ shell: |
+ su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/site/releases'
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git
+
+- name: Create temporary folder to copy templates
+ shell: su git -c 'mktemp -d'
+ register: releases_templates
+- name: Create the files needed for the releases repository
+ template: src=/usr/share/trove-setup/releases-repo-README dest={{ releases_templates.stdout }}/releases-repo-README owner=git group=git mode=0644
+
+- name: Create temporary folder to clone the releases repository
+ shell: su git -c 'mktemp -d'
+ register: releases_repository
+- name: Configure the releases repository
+ shell: |
+ su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/site/releases.git '{{ releases_repository.stdout|quote|quote }}'/releases'
+ su git -c 'cp '{{ releases_templates.stdout|quote|quote }}'/releases-repo-README '{{ releases_repository.stdout|quote|quote }}'/releases/README'
+ su git -c 'cd '{{ releases_repository.stdout|quote|quote }}'/releases; git add README; git commit -m "Add README"; git push origin master'
+ su -c "rm -Rf {{ releases_repository.stdout|quote|quote }}"
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git/refs/heads/master
+
+- name: Link the releases repository to enable the access throught browser
+ file: |
+ src=/home/git/repos/{{ TROVE_ID }}/site/releases.git/rsync
+ dest=/var/www/htdocs/releases state=link
+ force=yes
diff --git a/ansible/roles/trove-setup/tasks/site-groups.yml b/ansible/roles/trove-setup/tasks/site-groups.yml
new file mode 100644
index 0000000..e4aff14
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/site-groups.yml
@@ -0,0 +1,88 @@
+# Depends on:
+# - gitano-setup.yml
+---
+# First of all check if the site groups are created.
+- name: Check for site groups (This task can fail)
+ shell: su git -c 'ssh git@localhost group list' | grep '^'{{ item.name|quote }}':'
+ changed_when: False
+ ignore_errors: True
+ with_items:
+ - { name: 'site-readers', description: 'Users with read access to the site project' }
+ - { name: 'site-writers', description: 'Users with write access to the site project' }
+ - { name: 'site-admins', description: 'Users with admin access to the site project' }
+ - { name: 'site-managers', description: 'Users with manager access to the site project' }
+ register: gitano_groups
+# Iterate over the results of the previous check, and create the sites needed.
+# In this task we are using the list of results of the previous task
+# - item is the result of the execution of one of the elements of
+# the list of the previous task.
+# - item.item is the item of the previous task being executed when
+# the result (stored in item) was taken.
+#
+# For example, the task: (From http://docs.ansible.com/playbooks_loops.html#using-register-with-a-loop)
+#
+# - shell: echo "{{ item }}"
+# with_items:
+# - one
+# - two
+# register: echo
+#
+# Would register in the variable "echo":
+#
+# {
+# "changed": true,
+# "msg": "All items completed",
+# "results": [
+# {
+# "changed": true,
+# "cmd": "echo \"one\" ",
+# "delta": "0:00:00.003110",
+# "end": "2013-12-19 12:00:05.187153",
+# "invocation": {
+# "module_args": "echo \"one\"",
+# "module_name": "shell"
+# },
+# "item": "one",
+# "rc": 0,
+# "start": "2013-12-19 12:00:05.184043",
+# "stderr": "",
+# "stdout": "one"
+# },
+# {
+# "changed": true,
+# "cmd": "echo \"two\" ",
+# "delta": "0:00:00.002920",
+# "end": "2013-12-19 12:00:05.245502",
+# "invocation": {
+# "module_args": "echo \"two\"",
+# "module_name": "shell"
+# },
+# "item": "two",
+# "rc": 0,
+# "start": "2013-12-19 12:00:05.242582",
+# "stderr": "",
+# "stdout": "two"
+# }
+# ]
+# }
+
+- name: Create the site groups needed.
+ shell: su git -c 'ssh git@localhost group add '{{ item.item.name|quote|quote|quote }}' '{{ item.item.description|quote|quote|quote }}
+ when: item|failed
+ with_items: gitano_groups.results
+
+# When the groups are created, check if they are linked.
+- name: Check for linked groups (This task can fail)
+ shell: su git -c 'ssh git@localhost group show '{{ item.name|quote|quote|quote }} | grep '^ \[] '{{ item.super_group|quote }}
+ changed_when: False
+ ignore_errors: True
+ with_items:
+ - { name: 'site-readers', super_group: 'site-writers' }
+ - { name: 'site-writers', super_group: 'site-admins' }
+ - { name: 'site-admins', super_group: 'site-managers' }
+ register: gitano_linked_groups
+
+# Link the groups that weren't linked following the same strategy as for the groups
+- shell: su git -c 'ssh git@localhost group addgroup '{{ item.item.name|quote|quote|quote }}' '{{ item.item.super_group|quote|quote|quote }}
+ when: item|failed
+ with_items: gitano_linked_groups.results
diff --git a/ansible/roles/trove-setup/tasks/users.yml b/ansible/roles/trove-setup/tasks/users.yml
new file mode 100644
index 0000000..c1ab866
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/users.yml
@@ -0,0 +1,38 @@
+# Depends on:
+# - check.yml
+---
+- name: Create the lorry user without generating sshkeys.
+ user: name=lorry comment="Trove lorry service" shell=/bin/bash
+- name: Create the /home/lorry/.ssh folder
+ file: path=/home/lorry/.ssh state=directory owner=lorry group=lorry mode=0700
+
+- name: Create users (git, cache, mason) and ssh keys for them.
+ user: name={{ item }} comment="Trove {{ item }} service" shell=/bin/bash generate_ssh_key=yes
+ with_items:
+ - git
+ - cache
+ - mason
+- name: Create known_hosts for all the users
+ shell: |
+ cat /etc/ssh/ssh_host_*_key.pub | cut -d\ -f1,2 | \
+ sed -e's/^/'{{ TROVE_HOSTNAME|regex_replace('(\\W)', '\\\\\\1')|quote }}',localhost /' > \
+ /home/{{ item }}/.ssh/known_hosts
+ chown {{ item }}:{{ item }} /home/{{ item }}/.ssh/known_hosts
+ chmod 600 /home/{{ item }}/.ssh/known_hosts
+ creates=/home/{{ item }}/.ssh/known_hosts
+ with_items:
+ - git
+ - cache
+ - mason
+ - lorry
+
+- name: Copy the lorry ssh private key
+ copy: |
+ src={{ LORRY_SSH_KEY }}
+ dest=/home/lorry/.ssh/id_rsa
+ owner=lorry group=lorry mode=600
+- name: Copy the lorry ssh public key
+ copy: |
+ src={{ LORRY_SSH_PUBKEY }}
+ dest=/home/lorry/.ssh/id_rsa.pub
+ owner=lorry group=lorry mode=644
diff --git a/ansible/trove-setup.yml b/ansible/trove-setup.yml
new file mode 100644
index 0000000..0ab7f0e
--- /dev/null
+++ b/ansible/trove-setup.yml
@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/trove/trove.conf"
+ roles:
+ - trove-setup
diff --git a/bins/trove-early-setup b/bins/trove-early-setup
deleted file mode 100755
index 5ce2d7a..0000000
--- a/bins/trove-early-setup
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/usr/bin/make -f
-#
-# Copyright (C) 2013 Codethink Limited
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# -*- Make -*-
-
-
-all: gitano-configured lorry-configured cache-configured mason-configured nfs-configured cert-generated
-
-USERS := git lorry cache mason
-
-# $1 == username to make
-define make_user_rules
-
-/home/$1/.created:
- adduser -g "Trove $1 service" -s /bin/bash -D $1
- su -c 'mkdir .ssh; chmod 750 .ssh' - $1
- su -c 'ssh-keygen -t rsa -N "" -q -f .ssh/id_rsa' - $1
- (cat /etc/ssh/ssh_host_*_key.pub | cut -d\ -f1,2 | \
- sed -e's/^/'$(shell hostname)',localhost /' > \
- /home/$1/.ssh/known_hosts)
- chown $1:$1 /home/$1/.ssh/known_hosts
- chmod 600 /home/$1/.ssh/known_hosts
- touch $$@
-
-ALL_USER_TARGETS := $$(ALL_USER_TARGETS) /home/$1/.created
-
-endef
-
-$(eval $(foreach USER,$(USERS),$(call make_user_rules,$(USER))))
-
-/home/git/.git-setup: $(ALL_USER_TARGETS)
- su -c 'git config --global user.name "Trove Git Controller"' - git
- su -c 'git config --global user.email "git@trove"' - git
- touch $@
-
-/home/git/.gitano-setup: /home/git/.git-setup
- su -c 'gitano-setup /etc/gitano-setup.clod' - git
- passwd -u git
- touch $@
-
-/home/git/.gitano-lorry-setup: /home/git/.gitano-setup
- cp /home/lorry/.ssh/id_rsa.pub /tmp/lorry.pub
- su -c 'ssh git@localhost as lorry sshkey add trove < /tmp/lorry.pub' - git
- rm /tmp/lorry.pub
- touch $@
-
-.PHONY: gitano-configured
-gitano-configured: /home/git/.gitano-setup
-
-/home/lorry/.lorry-setup: $(ALL_USER_TARGETS)
- su -c 'mkdir /home/lorry/bundles /home/lorry/tarballs' - lorry
- touch $@
-
-/home/lorry/.lorry-controller-setup: /home/lorry/.lorry-setup /home/git/.gitano-lorry-setup
- PREFIX=$$(echo "##PREFIX##" | sed -f /etc/trove-setup.sed); \
- su -c "ssh localhost create $${PREFIX}/local-config/lorries" - git; \
- su -c "git clone ssh://localhost/$${PREFIX}/local-config/lorries.git /tmp/lorries" - git; \
- su -c "sed -f /etc/trove-setup.sed < /usr/share/trove-setup/lorry-controller.conf > /tmp/lorries/lorry-controller.conf" - git
- su -c "sed -f /etc/trove-setup.sed < /usr/share/trove-setup/README.lorry-controller > /tmp/lorries/README" - git
- su -c "mkdir /tmp/lorries/open-source-lorries" - git
- su -c "cp /usr/share/trove-setup/open-source-lorries/README /tmp/lorries/open-source-lorries/README" - git
- su -c "mkdir /tmp/lorries/closed-source-lorries" - git
- su -c "cp /usr/share/trove-setup/closed-source-lorries/README /tmp/lorries/closed-source-lorries/README" - git
- su -c "cd /tmp/lorries; git add README lorry-controller.conf open-source-lorries/README closed-source-lorries/README; git commit -m 'Initial configuration'; git push origin master" - git
- su -c "rm -rf /tmp/lorries" - git
- touch $@
-
-.PHONY: lorry-configured
-lorry-configured: /home/lorry/.lorry-setup /home/lorry/.lorry-controller-setup
-
-/home/cache/.cache-setup: $(ALL_USER_TARGETS)
- su -c 'mkdir /home/cache/artifacts' - cache
- su -c 'mkdir /home/cache/ccache' - cache
- echo '/home/cache/ccache *(rw,all_squash,no_subtree_check,anonuid=1002,anongid=1002)' > /etc/exports.cache
- touch $@
-
-.PHONY: cache-configured
-cache-configured: /home/cache/.cache-setup
-
-/home/git/.mason-setup: /home/git/.gitano-setup $(ALL_USER_TARGETS)
- PREFIX=$$(echo "##PREFIX##" | sed -f /etc/trove-setup.sed); \
- su -c "ssh localhost create $${PREFIX}/local-config/mason" - git; \
- su -c "git clone ssh://localhost/$${PREFIX}/local-config/mason.git /tmp/mason-config" - git
- su -c "mkdir /tmp/mason-config/ci1" - git
- su -c "cp /var/lib/trove-setup/hosts.json.txt /tmp/mason-config/ci1" - git
- su -c "cp /var/lib/trove-setup/systems.json.txt /tmp/mason-config/ci1" - git
- su -c "cd /tmp/mason-config; git add ci1; git commit -m 'Set initial Mason config'; git push origin master" - git
- su -c "rm -fr /tmp/mason-config" - git
- su -c 'mkdir /home/mason/jobs' - mason
- echo '/home/mason/jobs *(rw,all_squash,no_subtree_check,anonuid=1003,anongid=1003)' > /etc/exports.mason
- touch $@
-
-.PHONY: mason-configured
-mason-configured: /home/git/.mason-setup
-
-/etc/exports: /home/cache/.cache-setup /home/git/.mason-setup
- cat /etc/exports.cache /etc/exports.mason >/etc/exports
-
-.PHONY: nfs-configured
-nfs-configured: /etc/exports
-
-/home/git/.cert-generated:
- mkdir -p /etc/lighttpd/certs
- echo -ne '\n\n\n\n\n\n\n' | openssl req -new -x509 \
- -keyout /etc/lighttpd/certs/lighttpd.pem \
- -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
- touch $@
-
-.PHONY: cert-generated
-cert-generated: /home/git/.cert-generated
diff --git a/gitano-admin/users/lorry/user.conf b/gitano-admin/users/lorry/user.conf
deleted file mode 100644
index f21fac7..0000000
--- a/gitano-admin/users/lorry/user.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-email_address "lorry@##TROVE_HOSTNAME##"
-real_name "Source Code Lorry Service"
diff --git a/libexecs/remove-lorry-controller-from-lorry-crontab b/libexecs/remove-lorry-controller-from-lorry-crontab
deleted file mode 100755
index 8fc6cf3..0000000
--- a/libexecs/remove-lorry-controller-from-lorry-crontab
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-#
-# Trove used to run a version of Lorry Controller that wasn't a
-# daemon, but instead was invoked once a minute from a crontab owned
-# by the lorry user. When we upgrade to a version of Lorry Controller
-# that does run as a daemon, we need to disable the cronjob. This
-# script does that.
-#
-# The lorry user crontab may contain other jobs, so we can't just
-# willy-nilly delete the whole crontab. Instead, we remove the
-# specific line. The line looks like this:
-#
-# */1 * * * * flock -x -n /home/lorry/lorry-controller-area/lockfile
-# -c lorry-controller --work-area=/home/lorry/lorry-controller-area
-# --log=syslog --log-level=info --html-file=/home/lorry/lc-status.html
-#
-# Except, of course, all on one line.
-
-
-crontab -l |
-grep -v -e '-c lorry-controller' |
-crontab -
diff --git a/share/README.lorry-controller b/share/README.lorry-controller
index 1c70617..3bd0a90 100644
--- a/share/README.lorry-controller
+++ b/share/README.lorry-controller
@@ -14,5 +14,5 @@ scenarios regarding adding external software to your Trove before attempting to
add any additional configuration to this repository.
Remember, the Lorry tool is not permitted to manage repositories inside your
-prefix which is ##PREFIX##.
+prefix which is {{ TROVE_ID }}.
diff --git a/etc/cgitrc b/share/etc/cgitrc
index c526e17..28540dd 100644
--- a/etc/cgitrc
+++ b/share/etc/cgitrc
@@ -1,4 +1,4 @@
-clone-prefix=git://##TROVE_HOSTNAME## http://##TROVE_HOSTNAME##/git https://##TROVE_HOSTNAME##/git ssh://git@##TROVE_HOSTNAME##
+clone-prefix=git://{{ TROVE_HOSTNAME }} http://{{ TROVE_HOSTNAME }}/git https://{{ TROVE_HOSTNAME }}/git ssh://git@{{ TROVE_HOSTNAME }}
strict-export=git-daemon-export-ok
css=/cgit/cgit.css
@@ -8,8 +8,8 @@ head-include=/etc/cgit-trove-head.inc
footer=/etc/cgit-trove-footer.inc
enable-index-links=1
-root-title=##TROVE_TITLE## Git Repositories
-root-desc=Baserock Trove -- For ##TROVE_COMPANY##
+root-title={{ TROVE_ID }} Git Repositories
+root-desc=Baserock Trove -- For {{ TROVE_COMPANY }}
snapshots=tar.gz
enable-commit-graph=1
enable-log-filecount=1
diff --git a/etc/gitano-setup.clod b/share/etc/gitano-setup.clod
index b63aeb6..511479f 100644
--- a/etc/gitano-setup.clod
+++ b/share/etc/gitano-setup.clod
@@ -4,14 +4,15 @@ paths.home "/home/git"
paths.ssh "/home/git/.ssh"
paths.pubkey "/home/git/.ssh/id_rsa.pub"
paths.repos "/home/git/repos"
+paths.skel "/etc/gitano/skel/gitano-admin"
admin.username "trove"
admin.realname "Trove Instance Administrator"
admin.email "trove@trove-instance"
admin.keyname "trove"
-site.name "##TROVE_TITLE## for ##TROVE_COMPANY##"
-log.prefix "##TROVE_LOG_PREFIX##"
+site.name "{{ TROVE_ID }} for {{ TROVE_COMPANY }}"
+log.prefix "{{ TROVE_ID }}"
use.htpasswd "yes"
diff --git a/share/etc/lorry-controller/minion.conf b/share/etc/lorry-controller/minion.conf
new file mode 100644
index 0000000..99abdba
--- /dev/null
+++ b/share/etc/lorry-controller/minion.conf
@@ -0,0 +1,6 @@
+[config]
+log = syslog
+log-level = debug
+webapp-host = localhost
+webapp-port = 12765
+webapp-timeout = 3600
diff --git a/share/etc/lorry-controller/webapp.conf b/share/etc/lorry-controller/webapp.conf
new file mode 100644
index 0000000..2e9df0d
--- /dev/null
+++ b/share/etc/lorry-controller/webapp.conf
@@ -0,0 +1,12 @@
+[config]
+log = /home/lorry/webapp.log
+log-max = 100M
+log-keep = 10
+log-level = debug
+statedb = /home/lorry/webapp.db
+configuration-directory = /home/lorry/confgit
+status-html = /home/lorry/lc-status.html
+wsgi = yes
+debug-port = 12765
+templates = /usr/share/lorry-controller/templates
+confgit-url = ssh://git@localhost/{{ TROVE_ID }}/local-config/lorries
diff --git a/etc/lorry.conf b/share/etc/lorry.conf
index 16552cb..cc94e8d 100644
--- a/etc/lorry.conf
+++ b/share/etc/lorry.conf
@@ -1,6 +1,6 @@
[config]
mirror-base-url-push = ssh://git@localhost
-mirror-base-url-fetch = git://##TROVE_HOSTNAME##
+mirror-base-url-fetch = git://{{ TROVE_HOSTNAME }}
bundle = never
bundle-dest = /home/lorry/bundles
tarball = always
diff --git a/gitano-admin/global-hooks/post-receive.lua b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua
index d1b3864..c7ab051 100644
--- a/gitano-admin/global-hooks/post-receive.lua
+++ b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua
@@ -14,11 +14,11 @@ local project_hook, repo, updates = ...
local EMPTY_SHA = ("0"):rep(40)
-local masonhost = "##MASON_HOST##:##MASON_PORT##"
+local masonhost = "{{ MASON_ID }}:{{ MASON_PORT }}"
local basepath = "/1.0"
local urlbases = {
- "git://##TROVE_HOSTNAME##/",
- "ssh://git@##TROVE_HOSTNAME##/",
+ "git://{{ TROVE_HOSTNAME }}/",
+ "ssh://git@{{ TROVE_HOSTNAME }}/",
}
local notify_mason = false
diff --git a/gitano-admin/groups/local-config-admins.conf b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf
index 435a297..435a297 100644
--- a/gitano-admin/groups/local-config-admins.conf
+++ b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf
diff --git a/gitano-admin/groups/local-config-managers.conf b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf
index 711be8f..711be8f 100644
--- a/gitano-admin/groups/local-config-managers.conf
+++ b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf
diff --git a/gitano-admin/groups/local-config-readers.conf b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf
index 63e6bb3..63e6bb3 100644
--- a/gitano-admin/groups/local-config-readers.conf
+++ b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf
diff --git a/gitano-admin/groups/local-config-writers.conf b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf
index 9bbff24..9bbff24 100644
--- a/gitano-admin/groups/local-config-writers.conf
+++ b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf
diff --git a/gitano-admin/groups/trove-admin.conf b/share/gitano/skel/gitano-admin/groups/trove-admin.conf
index e912653..e912653 100644
--- a/gitano-admin/groups/trove-admin.conf
+++ b/share/gitano/skel/gitano-admin/groups/trove-admin.conf
diff --git a/gitano-admin/groups/workers.conf b/share/gitano/skel/gitano-admin/groups/workers.conf
index 5586538..5586538 100644
--- a/gitano-admin/groups/workers.conf
+++ b/share/gitano/skel/gitano-admin/groups/workers.conf
diff --git a/gitano-admin/rules/adminchecks.lace b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
index ffe99a0..ffe99a0 100644
--- a/gitano-admin/rules/adminchecks.lace
+++ b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
diff --git a/gitano-admin/rules/aschecks.lace b/share/gitano/skel/gitano-admin/rules/aschecks.lace
index fc76440..fc76440 100644
--- a/gitano-admin/rules/aschecks.lace
+++ b/share/gitano/skel/gitano-admin/rules/aschecks.lace
diff --git a/gitano-admin/rules/core.lace b/share/gitano/skel/gitano-admin/rules/core.lace
index dab7cfb..dab7cfb 100644
--- a/gitano-admin/rules/core.lace
+++ b/share/gitano/skel/gitano-admin/rules/core.lace
diff --git a/gitano-admin/rules/createrepo.lace b/share/gitano/skel/gitano-admin/rules/createrepo.lace
index bf4683e..a07a744 100644
--- a/gitano-admin/rules/createrepo.lace
+++ b/share/gitano/skel/gitano-admin/rules/createrepo.lace
@@ -11,7 +11,7 @@
# Administrators have already been permitted whatever they like
# so this is for site-wide non-admins.
-##PEOPLE_COMMENT##allow "Personal repo creation is okay" repo_is_personal
+{{ PEOPLE_COMMENT }}allow "Personal repo creation is okay" repo_is_personal
# Allow people in *-admins to create repositories under <foo>
allow "Project admins may make project repositories" repo_is_local_project project_admin
diff --git a/gitano-admin/rules/defines.lace b/share/gitano/skel/gitano-admin/rules/defines.lace
index 380948a..466ac6f 100644
--- a/gitano-admin/rules/defines.lace
+++ b/share/gitano/skel/gitano-admin/rules/defines.lace
@@ -83,9 +83,9 @@ define is_admin_ref ref refs/gitano/admin
#
#
-define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/
-define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/
-define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/
+define repo_is_personal repository ~^{{ ESC_PERSONAL_PREFIX }}/${user}/
+define ref_is_personal ref ~^refs/heads/{{ ESC_PREFIX }}/${user}/
+define repo_is_local_project repository ~^{{ ESC_PREFIX }}/[^/]+/
define project_reader group ${repository/2}-readers
define project_writer group ${repository/2}-writers
@@ -100,7 +100,7 @@ define trove_site_admin group trove-admin
define target_group_gitano_admin targetgroup gitano-admin
define is_lorry user lorry
-define is_local_ref ref ~^refs/heads/##ESC_PREFIX##/
+define is_local_ref ref ~^refs/heads/{{ ESC_PREFIX }}/
define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo
define is_worker group workers
diff --git a/gitano-admin/rules/destroyrepo.lace b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace
index 6e6b446..6e6b446 100644
--- a/gitano-admin/rules/destroyrepo.lace
+++ b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace
diff --git a/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace
index 7bc80cc..e5f05be 100644
--- a/gitano-admin/rules/other-project.lace
+++ b/share/gitano/skel/gitano-admin/rules/other-project.lace
@@ -6,7 +6,7 @@
#
# Copyright 2012,2013 Codethink Limited
#
-# Rules for any repository not under ##PREFIX##
+# Rules for any repository not under {{ TROVE_ID }}
# This is, by default, /baserock/ and /delta/
@@ -15,11 +15,11 @@ allow "Anyone may read here" op_read
allow "Anyone may write here" op_write !is_anonymous
# Lorry can do anything reffy which is not inside the local refs
-allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref
+allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_ref
# Noone can rewind/rebase outside of their personal refs
deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal
-# Everyone else can do reffy things inside refs/heads/##PREFIX##
+# Everyone else can do reffy things inside refs/heads/{{ TROVE_ID }}
allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref
diff --git a/gitano-admin/rules/project.lace b/share/gitano/skel/gitano-admin/rules/project.lace
index aa5e1e2..aa5e1e2 100644
--- a/gitano-admin/rules/project.lace
+++ b/share/gitano/skel/gitano-admin/rules/project.lace
diff --git a/gitano-admin/rules/remoteconfigchecks.lace b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace
index 6f88f5f..6f88f5f 100644
--- a/gitano-admin/rules/remoteconfigchecks.lace
+++ b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace
diff --git a/gitano-admin/rules/renamerepo.lace b/share/gitano/skel/gitano-admin/rules/renamerepo.lace
index e4a51be..e4a51be 100644
--- a/gitano-admin/rules/renamerepo.lace
+++ b/share/gitano/skel/gitano-admin/rules/renamerepo.lace
diff --git a/gitano-admin/rules/selfchecks.lace b/share/gitano/skel/gitano-admin/rules/selfchecks.lace
index 83ef778..83ef778 100644
--- a/gitano-admin/rules/selfchecks.lace
+++ b/share/gitano/skel/gitano-admin/rules/selfchecks.lace
diff --git a/gitano-admin/rules/siteadmin.lace b/share/gitano/skel/gitano-admin/rules/siteadmin.lace
index 06c71bb..06c71bb 100644
--- a/gitano-admin/rules/siteadmin.lace
+++ b/share/gitano/skel/gitano-admin/rules/siteadmin.lace
diff --git a/gitano-admin/rules/trove-project.lace b/share/gitano/skel/gitano-admin/rules/trove-project.lace
index 383ba98..c13b307 100644
--- a/gitano-admin/rules/trove-project.lace
+++ b/share/gitano/skel/gitano-admin/rules/trove-project.lace
@@ -6,7 +6,7 @@
#
# Copyright 2012,2013 Codethink Limited
#
-# Rules for ##PREFIX##/... repositories
+# Rules for {{ TROVE_ID }}/... repositories
# Reading the repository
allow "Project readers may read" op_read project_reader
diff --git a/gitano-admin/users/distbuild/user.conf b/share/gitano/skel/gitano-admin/users/distbuild/user.conf
index 62ac3f5..6954826 100644
--- a/gitano-admin/users/distbuild/user.conf
+++ b/share/gitano/skel/gitano-admin/users/distbuild/user.conf
@@ -1,2 +1,2 @@
-email_address "distbuild@##TROVE_HOSTNAME##"
+email_address "distbuild@{{ TROVE_HOSTNAME }}"
real_name "Baserock Distributed Build Service"
diff --git a/share/gitano/skel/gitano-admin/users/lorry/user.conf b/share/gitano/skel/gitano-admin/users/lorry/user.conf
new file mode 100644
index 0000000..d00b635
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/users/lorry/user.conf
@@ -0,0 +1,2 @@
+email_address "lorry@{{ TROVE_HOSTNAME }}"
+real_name "Source Code Lorry Service"
diff --git a/gitano-admin/users/mason/user.conf b/share/gitano/skel/gitano-admin/users/mason/user.conf
index 639de4e..3139295 100644
--- a/gitano-admin/users/mason/user.conf
+++ b/share/gitano/skel/gitano-admin/users/mason/user.conf
@@ -1,2 +1,2 @@
-email_address "mason@##TROVE_HOSTNAME##"
+email_address "mason@{{ TROVE_HOSTNAME }}"
real_name "Baserock Continuous Integration Service"
diff --git a/share/lorry-controller.conf b/share/lorry-controller.conf
index bdbbbd5..0c90cc4 100644
--- a/share/lorry-controller.conf
+++ b/share/lorry-controller.conf
@@ -1,9 +1,9 @@
[
{
"type": "trove",
- "uuid": "##PREFIX##/initial",
+ "uuid": "{{ TROVE_ID }}/initial",
"serial": 1,
- "trovehost": "##UPSTREAM_TROVE##",
+ "trovehost": "{{ UPSTREAM_TROVE }}",
"protocol": "ssh",
"ls-interval": "4H",
"interval": "2H",
@@ -21,7 +21,7 @@
},
{
"type": "lorries",
- "uuid": "##PREFIX##/open-source-lorries",
+ "uuid": "{{ TROVE_ID }}/open-source-lorries",
"serial": 1,
"interval": "6H",
"create": "always",
@@ -35,7 +35,7 @@
},
{
"type": "lorries",
- "uuid": "##PREFIX##/closed-source-lorries",
+ "uuid": "{{ TROVE_ID }}/closed-source-lorries",
"serial": 1,
"interval": "6H",
"create": "always",
diff --git a/share/releases-repo-README b/share/releases-repo-README
index d3f872b..69ee875 100644
--- a/share/releases-repo-README
+++ b/share/releases-repo-README
@@ -2,10 +2,10 @@ site/releases repository
------------------------
This is a special repository for distributing release binaries over HTTP.
-Visit http://##PREFIX##/releases/ to browse content.
+Visit http://{{ TROVE_ID }}/releases/ to browse content.
To add a release to this repository, you need to be a member of the
Gitano group site-writers. With the correct permissions, you can push
releases to the repository by doing:
- rsync $RELEASE git@##PREFIX##:##PREFIX##/site/releases
+ rsync $RELEASE git@{{ TROVE_HOSTNAME }}:{{ TROVE_ID }}/site/releases
diff --git a/share/releases-repo-migration.sh b/share/releases-repo-migration.sh
deleted file mode 100755
index 654da0c..0000000
--- a/share/releases-repo-migration.sh
+++ /dev/null
@@ -1,132 +0,0 @@
-#!/bin/bash
-
-function create_readers_group()
-{
- set +e
- (
- set -e
- ssh localhost group add site-readers \
- 'Users with read access to the site project'
- )
- local ret="$?"
- if [ "$ret" != 0 ]; then
- token=$(ssh localhost group del site-readers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-readers $token
- fi
- return $ret
-}
-
-function create_writers_group()
-{
- set +e
- (
- set -e
- ssh localhost group add site-writers \
- 'Users with write access to the site project'
- create_readers_group
- )
- local ret="$?"
- if [ "$ret" != 0 ]; then
- token=$(ssh localhost group del site-writers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-writers $token
- fi
- return $ret
-}
-
-function create_admins_group()
-{
- set +e
- (
- set -e
- ssh localhost group add site-admins \
- 'Users with admin access to the site project'
- create_writers_group
- )
- local ret="$?"
- if [ "$ret" != 0 ]; then
- token=$(ssh localhost group del site-admins 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-admins $token
- fi
- return $ret
-}
-
-function create_managers_group()
-{
- set +e
- (
- set -e
- ssh localhost group add site-managers \
- 'Users with manager access to the site project'
- create_admins_group
- )
- local ret="$?"
- if [ "$ret" != 0 ]; then
- token=$(ssh localhost group del site-managers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-managers $token
- fi
- return $ret
-}
-
-function link_groups()
-{
- set -e
- ssh localhost group addgroup site-admins site-managers
- ssh localhost group addgroup site-writers site-admins
- ssh localhost group addgroup site-readers site-writers
-}
-
-function delete_groups()
-{
- token=$(ssh localhost group del site-managers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-managers $token
- token=$(ssh localhost group del site-admins 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-admins $token
- token=$(ssh localhost group del site-writers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-writers $token
- token=$(ssh localhost group del site-readers 2>&1 | tail -1 | \
- cut -d' ' -f 2)
- ssh localhost group del site-readers $token
-}
-
-function create_groups()
-{
- # call managers_group which calls admin_group and so on...
- create_managers_group
- set +e
- (
- set -e
- link_groups
- )
- local ret="$?"
- if [ "$ret" != 0 ]; then
- delete_groups
- fi
-}
-
-site_groups=$(ssh localhost group list | grep -cE "site-[[:alnum:]]+")
-if [ "$site_groups" == 0 ]; then
- create_groups
-fi
-ssh localhost create "##PREFIX##/site/releases"
-description="This is a special repository for distributing release binaries
-over HTTP. Visit http://##PREFIX##/releases/ to browse content."
-ssh localhost config "##PREFIX##/site/releases" \
- set project.description "$description"
-
-# add a readme to the repository
-repo=$(mktemp -d)
-git clone ssh://localhost/##PREFIX##/site/releases $repo
-cp /usr/share/trove-setup/releases-repo-README $repo/README
-cd $repo
-git add $repo/README
-git commit -m 'Add README'
-git push origin master
-cd -
-rm -Rf $repo
diff --git a/units/drop-lorry-controller-cronjob.service b/units/drop-lorry-controller-cronjob.service
deleted file mode 100644
index 8cad21f..0000000
--- a/units/drop-lorry-controller-cronjob.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Drop lorry-controller from lorry's crontab
-After=basic.target
-ConditionPathExists=!/etc/lorry-controller/lorry-controller-removed-from-crontab
-
-[Service]
-Type=oneshot
-Restart=no
-ExecStart=/usr/libexec/remove-lorry-controller-from-lorry-crontab
-ExecStartPost=/bin/touch /etc/lorry-controller/lorry-controller-removed-from-crontab
-User=lorry
-Group=lorry
-PermissionsStartOnly=true
diff --git a/units/git-daemon.service b/units/git-daemon.service
index f6869c3..330169c 100644
--- a/units/git-daemon.service
+++ b/units/git-daemon.service
@@ -1,3 +1,6 @@
+[Install]
+WantedBy=multi-user.target
+
[Unit]
Description=Git Daemon for Trove
After=network.target
diff --git a/units/lighttpd-git.service b/units/lighttpd-git.service
index b2f6315..94c67a4 100644
--- a/units/lighttpd-git.service
+++ b/units/lighttpd-git.service
@@ -1,3 +1,6 @@
+[Install]
+WantedBy=multi-user.target
+
[Unit]
Description=Lighttpd Web Server
After=network.target
diff --git a/units/lighttpd-morph-cache.service b/units/lighttpd-morph-cache.service
index cedd071..c7f76e9 100644
--- a/units/lighttpd-morph-cache.service
+++ b/units/lighttpd-morph-cache.service
@@ -1,3 +1,6 @@
+[Install]
+WantedBy=multi-user.target
+
[Unit]
Description=Lighttpd Web Server
After=network.target
diff --git a/units/releases-repo-migration.service b/units/releases-repo-migration.service
deleted file mode 100644
index 1e161fb..0000000
--- a/units/releases-repo-migration.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Create the ##PREFIX##/site/releases repository
-ConditionPathExists=!/home/git/repos/##PREFIX##/site/releases.git
-Requires=network.target
-After=network.target
-Requires=opensshd.service
-After=opensshd.service
-Requires=trove-early-setup.service
-After=trove-early-setup.service
-
-[Service]
-User=git
-ExecStart=/usr/share/trove-setup/releases-repo-migration.sh
-Restart=no
diff --git a/units/trove-setup.service b/units/trove-setup.service
new file mode 100644
index 0000000..3b923a2
--- /dev/null
+++ b/units/trove-setup.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Run trove-setup Ansible scripts
+Requires=network.target
+After=network.target
+Requires=opensshd.service
+After=opensshd.service
+
+# If there's a shared /var subvolume, it must be mounted before this
+# unit runs.
+Requires=local-fs.target
+After=local-fs.target
+
+ConditionPathExists=/etc/trove/trove.conf
+
+[Service]
+ExecStart=/usr/bin/ansible-playbook -v -i /usr/lib/trove-setup/ansible/hosts /usr/lib/trove-setup/ansible/trove-setup.yml