From e6bf7b4b32d477352cf45b4b0abb6993d524f78a Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Wed, 18 Jun 2014 10:16:41 +0000 Subject: Add Ansible scripts --- ansible/hosts | 1 + ansible/roles/trove-setup/tasks/backups.yml | 16 ++++ ansible/roles/trove-setup/tasks/cache-setup.yml | 19 +++++ ansible/roles/trove-setup/tasks/check.yml | 73 +++++++++++++++++ ansible/roles/trove-setup/tasks/git.yml | 8 ++ .../roles/trove-setup/tasks/gitano-admin-setup.yml | 39 +++++++++ .../roles/trove-setup/tasks/gitano-lorry-setup.yml | 18 +++++ .../roles/trove-setup/tasks/gitano-mason-setup.yml | 16 ++++ ansible/roles/trove-setup/tasks/gitano-setup.yml | 45 +++++++++++ .../trove-setup/tasks/gitano-worker-setup.yml | 18 +++++ ansible/roles/trove-setup/tasks/hostname.yml | 26 ++++++ .../roles/trove-setup/tasks/known-hosts-setup.yml | 7 ++ ansible/roles/trove-setup/tasks/lighttpd.yml | 42 ++++++++++ .../trove-setup/tasks/lorry-controller-setup.yml | 92 ++++++++++++++++++++++ ansible/roles/trove-setup/tasks/lorry-setup.yml | 20 +++++ ansible/roles/trove-setup/tasks/main.yml | 18 +++++ ansible/roles/trove-setup/tasks/minions.yml | 20 +++++ ansible/roles/trove-setup/tasks/releases.yml | 30 +++++++ ansible/roles/trove-setup/tasks/site-groups.yml | 88 +++++++++++++++++++++ ansible/roles/trove-setup/tasks/users.yml | 38 +++++++++ ansible/trove-setup.yml | 6 ++ 21 files changed, 640 insertions(+) create mode 100644 ansible/hosts create mode 100644 ansible/roles/trove-setup/tasks/backups.yml create mode 100644 ansible/roles/trove-setup/tasks/cache-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/check.yml create mode 100644 ansible/roles/trove-setup/tasks/git.yml create mode 100644 ansible/roles/trove-setup/tasks/gitano-admin-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/gitano-mason-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/gitano-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/gitano-worker-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/hostname.yml create mode 100644 ansible/roles/trove-setup/tasks/known-hosts-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/lighttpd.yml create mode 100644 ansible/roles/trove-setup/tasks/lorry-controller-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/lorry-setup.yml create mode 100644 ansible/roles/trove-setup/tasks/main.yml create mode 100644 ansible/roles/trove-setup/tasks/minions.yml create mode 100644 ansible/roles/trove-setup/tasks/releases.yml create mode 100644 ansible/roles/trove-setup/tasks/site-groups.yml create mode 100644 ansible/roles/trove-setup/tasks/users.yml create mode 100644 ansible/trove-setup.yml diff --git a/ansible/hosts b/ansible/hosts new file mode 100644 index 0000000..5b97818 --- /dev/null +++ b/ansible/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/ansible/roles/trove-setup/tasks/backups.yml b/ansible/roles/trove-setup/tasks/backups.yml new file mode 100644 index 0000000..65a1466 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/backups.yml @@ -0,0 +1,16 @@ +# Depends on: +# - check.yml +--- +- name: Create the backups user if TROVE_BACKUP_KEYS is defined + user: name=backup comment="Backup user" shell=/bin/sh home=/root/backup-user-home group=root uid=0 non_unique=yes + when: TROVE_BACKUP_KEYS is defined + +- name: Creates the .ssh directory to the backups user if TROVE_BACKUP_KEYS is defined + file: path=/root/backup-user-home/.ssh state=directory + when: TROVE_BACKUP_KEYS is defined + +- name: Copy the TROVE_BACKUP_KEYS if defined to authorized_keys of the backup user + shell: | + cat {{ TROVE_BACKUP_KEYS }} >> /root/backup-user-home/.ssh/authorized_keys + creates=/root/backup-user-home/.ssh/authorized_keys + when: TROVE_BACKUP_KEYS is defined diff --git a/ansible/roles/trove-setup/tasks/cache-setup.yml b/ansible/roles/trove-setup/tasks/cache-setup.yml new file mode 100644 index 0000000..162dacc --- /dev/null +++ b/ansible/roles/trove-setup/tasks/cache-setup.yml @@ -0,0 +1,19 @@ +# Depends on: +# - users.yml +--- +- name: Create artifacts and ccache folder for the cache user + file: path=/home/cache/{{ item }} state=directory owner=cache group=cache + with_items: + - artifacts + - ccache +- name: Create /etc/exports.d folder + file: path=/etc/exports.d state=directory +- name: Create /etc/exports.d/cache.exports + shell: | + echo '/home/cache/ccache *(rw,all_squash,no_subtree_check,anonuid=1002,anongid=1002)' > /etc/exports.d/cache.exports + creates=/etc/exports.d/cache.exports + register: cache_exports + +- name: Update nfs exports + shell: exportfs -av + when: cache_exports|changed diff --git a/ansible/roles/trove-setup/tasks/check.yml b/ansible/roles/trove-setup/tasks/check.yml new file mode 100644 index 0000000..d873030 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/check.yml @@ -0,0 +1,73 @@ +--- +- fail: msg='TROVE_ID is mandatory' + when: TROVE_ID is not defined + +- fail: msg='TROVE_COMPANY is mandatory' + when: TROVE_COMPANY is not defined + +- fail: msg='TROVE_ADMIN_USER is mandatory' + when: TROVE_ADMIN_USER is not defined + +- fail: msg='TROVE_ADMIN_EMAIL is mandatory' + when: TROVE_ADMIN_EMAIL is not defined + +- fail: msg='TROVE_ADMIN_NAME is mandatory' + when: TROVE_ADMIN_NAME is not defined + +- fail: msg='LORRY_SSH_KEY is mandatory' + when: LORRY_SSH_KEY is not defined + +- fail: msg='LORRY_SSH_PUBKEY is mandatory' + when: LORRY_SSH_PUBKEY is not defined + +- fail: msg='TROVE_ADMIN_SSH_PUBKEY is mandatory' + when: TROVE_ADMIN_SSH_PUBKEY is not defined + +- fail: msg='WORKER_SSH_PUBKEY is mandatory' + when: WORKER_SSH_PUBKEY is not defined + +- fail: msg='UPSTREAM_TROVE is mandatory' + when: UPSTREAM_TROVE is not defined + +- set_fact: TROVE_HOSTNAME={{ TROVE_ID }} + when: TROVE_HOSTNAME is not defined + +- set_fact: LORRY_CONTROLLER_MINIONS=4 + when: LORRY_CONTROLLER_MINIONS is not defined + +- set_fact: MASON_ID='' + when: MASON_ID is not defined + +- set_fact: MASON_PORT='18755' + when: MASON_PORT is not defined + +- name: Calculate ESC_PREFIX + shell: echo -n {{ TROVE_ID|quote }} | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g' + register: var_esc_prefix + changed_when: False + +- set_fact: ESC_PREFIX={{ var_esc_prefix.stdout }} + +- set_fact: ESC_PERSONAL_PREFIX='people' + +- set_fact: PEOPLE_COMMENT='#' + +- name: Check if the ssh keys are valid + shell: ssh-keygen -l -f {{ item }} + with_items: + - '{{ TROVE_ADMIN_SSH_PUBKEY }}' + - '{{ LORRY_SSH_PUBKEY }}' + - '{{ WORKER_SSH_PUBKEY }}' + changed_when: False + +- name: Check if the ssh keys are unique + shell: | + cat {{ TROVE_ADMIN_SSH_PUBKEY|quote}} \ + {{ LORRY_SSH_PUBKEY|quote }} \ + {{ WORKER_SSH_PUBKEY|quote }} \ + | cut -d ' ' -f 1,2 | sort -u | wc -l + changed_when: False + register: number_ssh_keys + +- fail: msg="The ssh keys MUST be different" + when: number_ssh_keys.stdout != '3' diff --git a/ansible/roles/trove-setup/tasks/git.yml b/ansible/roles/trove-setup/tasks/git.yml new file mode 100644 index 0000000..2e6b1fa --- /dev/null +++ b/ansible/roles/trove-setup/tasks/git.yml @@ -0,0 +1,8 @@ +# Depends on: +# - users.yml +--- +- name: Configure Git user.name and usr.email + shell: | + su git -c 'git config --global user.name "Trove Git Controller"' + su git -c 'git config --global user.email "git@trove"' + creates=/home/git/.gitconfig diff --git a/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml new file mode 100644 index 0000000..c4c3eb2 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml @@ -0,0 +1,39 @@ +# Depends on: +# - gitano-setup.yml +--- +- name: Check if the admin user is configured in gitano (This task can fail) + shell: su git -c 'ssh git@localhost user' | grep '^'{{ TROVE_ADMIN_USER|regex_replace('(\\W)', '\\\\\\1')|quote}}':' + register: gitano_admin_user + changed_when: False + ignore_errors: True +# If the admin user doesn't exist +- name: Create the admin user + shell: su git -c 'ssh git@localhost user add '{{ TROVE_ADMIN_USER|quote|quote|quote}}' '{{ TROVE_ADMIN_EMAIL|quote|quote|quote }}' '{{ TROVE_ADMIN_NAME|quote|quote|quote }} + when: gitano_admin_user|failed + +- name: Check if admin user is in trove-admin group in gitano (This task can fail) + shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' whoami' | grep 'trove-admin. Trove-local administration' + register: gitano_admin_group + changed_when: False + ignore_errors: True +# If the admin user is not in the trove-admin group +- name: Add the admin user to the trove-admin group in gitano + shell: su git -c 'ssh git@localhost group adduser trove-admin '{{ TROVE_ADMIN_USER|quote|quote|quote }} + when: gitano_admin_group|failed + +- name: Check if admin user has a sshkey configured in gitano (This task can fail) + shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' sshkey' 2>&1 | grep WARNING + register: gitano_admin_key + changed_when: False + ignore_errors: True +# If admin user doesn't have an sshkey configured +- name: Create /home/git/keys/ to store sshkeys + file: path=/home/git/keys state=directory owner=git group=git + when: gitano_admin_key|success +- name: Copy the TROVE_ADMIN_SSH_PUBKEY to /home/git/keys/admin.key.pub + copy: src={{ TROVE_ADMIN_SSH_PUBKEY }} dest=/home/git/keys/admin.key.pub mode=0644 + when: gitano_admin_key|success + +- name: Add /home/git/keys/admin.key.pub ssh key to the admin user in gitano. + shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote}}' sshkey add default < /home/git/keys/admin.key.pub' + when: gitano_admin_key|success diff --git a/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml new file mode 100644 index 0000000..d52927a --- /dev/null +++ b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml @@ -0,0 +1,18 @@ +# Depends on: +# - gitano-setup.yml +--- +- name: Check if lorry has a sshkey configured in gitano (This task can fail) + shell: su git -c 'ssh git@localhost as lorry sshkey' 2>&1 | grep WARNING + register: gitano_lorry_key + changed_when: False + ignore_errors: True +# If lorry user doesn't have an sshkey configured +- name: Create /home/git/keys folder to store ssh keys + file: path=/home/git/keys state=directory owner=git group=git + when: gitano_lorry_key|success +- name: Copy LORRY_SSH_PUBKEY to /home/git/keys/lorry.key.pub + copy: src={{ LORRY_SSH_PUBKEY }} dest=/home/git/keys/lorry.key.pub mode=0644 + when: gitano_lorry_key|success +- name: Add to the gitano lorry user the /home/git/keys/lorry.key.pub + shell: su git -c 'ssh git@localhost as lorry sshkey add trove < /home/git/keys/lorry.key.pub' + when: gitano_lorry_key|success diff --git a/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml new file mode 100644 index 0000000..8439078 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml @@ -0,0 +1,16 @@ +# Depends on: +# - gitano-setup.yml +--- +- name: Check if mason has a sshkey configured in gitano (This task can fail) + shell: su git -c 'ssh git@localhost as mason sshkey' 2>&1 | grep WARNING + register: gitano_mason_key + changed_when: False + ignore_errors: True + +# If distbuild user doesn't have an sshkey configured +- file: path=/home/git/keys state=directory owner=git group=git + when: gitano_mason_key|success +- copy: src={{ MASON_SSH_PUBKEY }} dest=/home/git/keys/mason.key.pub mode=0644 + when: gitano_mason_key|success +- shell: su git -c 'ssh git@localhost as mason sshkey add trove < /home/git/keys/mason.key.pub' + when: gitano_mason_key|success diff --git a/ansible/roles/trove-setup/tasks/gitano-setup.yml b/ansible/roles/trove-setup/tasks/gitano-setup.yml new file mode 100644 index 0000000..0fd3ba5 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/gitano-setup.yml @@ -0,0 +1,45 @@ +# Depends on: +# - git.yml +--- +# Before configuring Gitano, it's necessary to modify the placeholders +# of the skeleton template of Gitano with the values of /etc/trove/trove.conf. +# Ansible does not provide an efficient way to do this. Its template module +# is not able to run recursively over directories, and is not able to create +# the directories needed. +# +# The solution implemented consists in create the directories first and then +# using the template module in all the files. This could be possible to +# implement using the 'with_lines' option combinated with the 'find' command. +# +# Create the directories +- name: Create the directories needed for the Gitano skeleton. + file: path=/etc/{{ item }} state=directory + with_lines: + - (cd /usr/share/trove-setup && find gitano -type d) +# Copy all the files to the right place and fill the templates whenever possible +- name: Create the Gitano skeleton using the templates + template: src=/usr/share/trove-setup/{{ item }} dest=/etc/{{ item }} + with_lines: + - (cd /usr/share/trove-setup && find gitano -type f) + +# Configure gitano +- name: Configure Gitano with /etc/gitano-setup.clod + shell: | + su git -c 'gitano-setup /etc/gitano-setup.clod' + creates=/home/git/repos/gitano-admin.git + +- name: Unlock the password of the git user (This task can fail) + shell: busybox passwd -u git + register: passwd_result + changed_when: passwd_result|success + ignore_errors: True + +# Now that /home/git/repos exists, we can enable the git-daemon service +- name: Enable the git-daemon.service + service: name=git-daemon.service enabled=yes + register: git_daemon_service + +# Now we can start the service without rebooting the system +- name: Restart git-daemon.service + service: name=git-daemon state=restarted + when: git_daemon_service|changed diff --git a/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml new file mode 100644 index 0000000..e0510e4 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml @@ -0,0 +1,18 @@ +# Depends on: +# - gitano-setup.yml +--- +- name: Check if worker has a sshkey configured in gitano (This task can fail) + shell: su git -c 'ssh git@localhost as distbuild sshkey' 2>&1 | grep WARNING + register: gitano_worker_key + changed_when: False + ignore_errors: True +# If distbuild user doesn't have an sshkey configured +- name: Create /home/git/keys/ to store ssh keys + file: path=/home/git/keys state=directory owner=git group=git + when: gitano_worker_key|success +- name: Copy WORKER_SSH_PUBKEY to /home/git/keys/worker.key.pub + copy: src={{ WORKER_SSH_PUBKEY }} dest=/home/git/keys/worker.key.pub mode=0644 + when: gitano_worker_key|success +- name: Add /home/git/keys/worker.key.pub to the distbuild user in Gitano + shell: su git -c 'ssh git@localhost as distbuild sshkey add trove < /home/git/keys/worker.key.pub' + when: gitano_worker_key|success diff --git a/ansible/roles/trove-setup/tasks/hostname.yml b/ansible/roles/trove-setup/tasks/hostname.yml new file mode 100644 index 0000000..f4a11e2 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/hostname.yml @@ -0,0 +1,26 @@ +# Depends on: +# - check.yml +--- +- name: Check the /etc/hostname and compare it with HOSTNAME (This task can fail) + shell: su -c '[ "$(cat /etc/hostname)" == '{{ HOSTNAME|quote|quote }}' ]' + register: hostname_file + ignore_errors: True + changed_when: False + when: HOSTNAME is defined + +# If /etc/hostname doesn't match with HOSTNAME +- name: Rewrite /etc/hostname with HOSTNAME + shell: echo {{ HOSTNAME|quote }} > /etc/hostname + when: hostname_file|failed + +- name: Check the actual hostname with `hostname` and compare it with HOSTNAME (This task can fail) + shell: sh -c '[ "$(hostname)" == '{{ HOSTNAME|quote|quote }}' ]' + register: actual_hostname + ignore_errors: True + changed_when: False + when: HOSTNAME is defined + +# If `hostname` doesn't match with HOSTNAME +- name: Change the hostname to HOSTNAME + shell: hostname {{ HOSTNAME|quote }} + when: actual_hostname|failed diff --git a/ansible/roles/trove-setup/tasks/known-hosts-setup.yml b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml new file mode 100644 index 0000000..6e988e0 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml @@ -0,0 +1,7 @@ +# Depends on: +# - check.yml +--- +- name: Add localhost and UPSTREAM_TROVE to /etc/ssh/ssh_known_hosts + shell: | + ssh-keyscan localhost {{ UPSTREAM_TROVE|quote }} > /etc/ssh/ssh_known_hosts + creates=/etc/ssh/ssh_known_hosts diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml new file mode 100644 index 0000000..7a530e7 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/lighttpd.yml @@ -0,0 +1,42 @@ +--- +- name: Create /etc/lighttpd/certs directory + file: path=/etc/lighttpd/certs state=directory +- name: Create certificates for lighttpd in /etc/lighttpd/certs/lighttpd.pem + shell: | + yes '' | openssl req -new -x509 \ + -keyout /etc/lighttpd/certs/lighttpd.pem \ + -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes + creates=/etc/lighttpd/certs/lighttpd.pem + register: lighttpd_certs +- name: Create /var/run/lighttpd for cache user + file: path=/var/run/lighttpd state=directory owner=cache group=cache + register: lighttpd_folder + +# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can +# enable the lighttpd-git service +- name: Enable lighttpd-git service + service: name=lighttpd-git.service enabled=yes + register: lighttpd_git_service + +# Now we can start the service without rebooting the system +- name: Restart the lighttpd-git service + service: name=lighttpd-git state=restarted + when: lighttpd_git_service|changed + +# Once the service lighttpd-git is running it's possible to do the same +# with the following services: +# - lighttpd-morph-cache +# - lighttpd-lorry-controller-webapp +- name: Enable lighttpd-morph-cache service + service: name=lighttpd-morph-cache.service enabled=yes + register: lighttpd_morph_cache_service +- name: Restart the lighttpd-morph-cache service + service: name=lighttpd-morph-cache state=restarted + when: lighttpd_morph_cache_service|changed + +- name: Enable the lighttpd-lorry-controller-webapp service + service: name=lighttpd-lorry-controller-webapp.service enabled=yes + register: lighttpd_lorry_controller_webapp_service +- name: Restart the lighttpd-lorry-controller-webapp service + service: name=lighttpd-lorry-controller-webapp state=restarted + when: lighttpd_lorry_controller_webapp_service|changed diff --git a/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml new file mode 100644 index 0000000..06fab96 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml @@ -0,0 +1,92 @@ +# Depends on: +# - gitano-setup.yml +# - lighttpd.yml +--- +- name: Create the TROVE_ID/local-config/lorries repository + shell: | + su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/local-config/lorries' + creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git +- name: Create a temporary folder to copy templates + shell: su git -c 'mktemp -d' + register: lorry_controller_templates + +- name: Create the configuration files of lorry-controller using templates + template: src=/usr/share/trove-setup/{{ item }} dest={{ lorry_controller_templates.stdout }}/{{ item }} owner=git group=git mode=0644 + with_items: + - lorry-controller.conf + - README.lorry-controller +- name: Create a temporary folder to copy the lorry-controller repository + shell: su git -c 'mktemp -d' + register: lorry_controller_repository + +- name: Configure the lorry-controller + shell: | + su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/local-config/lorries.git '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries' + su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/lorry-controller.conf '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/lorry-controller.conf' + su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/README.lorry-controller '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/README' + su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries' + su git -c 'cp /usr/share/trove-setup/open-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries/README' + su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries' + su git -c 'cp /usr/share/trove-setup/closed-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries/README' + su git -c 'cd '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries; git add README lorry-controller.conf open-source-lorries/README closed-source-lorries/README; git commit -m "Initial configuration"; git push origin master' + su git -c 'rm -rf '{{ lorry_controller_repository.stdout|quote|quote }} + creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git/refs/heads/master + +# Migration: Remove the old lorry-controller cronjob if exists +- name: Look for lorry-controller old cronjob (This task can fail) + shell: su lorry -c 'crontab -l | grep -e "-c lorry-controller"' + register: lorry_controller_cronjob + changed_when: False + ignore_errors: True + +- name: Remove the old lorry-controller cronjob + shell: su lorry -c '/usr/libexec/remove-lorry-controller-from-lorry-crontab' + when: lorry_controller_cronjob|success + + +# Now that the lorry-controller is configured we can enable the following +# services and timers, and also start them +# - lorry-controller-status +# - lorry-controller-readconf +# - lorry-controller-ls-troves +- name: Enable lorry-controller-status service + service: name=lorry-controller-status.service enabled=yes + register: lorry_controller_status_service +- name: Start lorry-controller-status service + service: name=lorry-controller-status.service state=restarted + when: lorry_controller_status_service|changed + +- name: Enable lorry-controller-readconf service + service: name=lorry-controller-readconf.service enabled=yes + register: lorry_controller_readconf_service +- name: Start lorry-controller-readconf service + service: name=lorry-controller-readconf.service state=restarted + when: lorry_controller_readconf_service|changed + +- name: Enable lorry-controller-ls-troves service + service: name=lorry-controller-ls-troves.service enabled=yes + register: lorry_controller_ls_troves_service +- name: Start lorry-controller-ls-troves service + service: name=lorry-controller-ls-troves.service state=restarted + when: lorry_controller_ls_troves_service|changed + +- name: Enable lorry-controller-status timer + service: name=lorry-controller-status.timer enabled=yes + register: lorry_controller_status_timer +- name: Start lorry-controller-status timer + service: name=lorry-controller-status.timer state=restarted + when: lorry_controller_status_timer|changed + +- name: Enable lorry-controller-readconf timer + service: name=lorry-controller-readconf.timer enabled=yes + register: lorry_controller_readconf_timer +- name: Start lorry-controller-readconf timer + service: name=lorry-controller-readconf.timer state=restarted + when: lorry_controller_readconf_timer|changed + +- name: Enable lorry-controller-ls-troves timer + service: name=lorry-controller-ls-troves.timer enabled=yes + register: lorry_controller_ls_troves_timer +- name: Start lorry-controller-ls-troves timer + service: name=lorry-controller-ls-troves.timer state=restarted + when: lorry_controller_ls_troves_timer|changed diff --git a/ansible/roles/trove-setup/tasks/lorry-setup.yml b/ansible/roles/trove-setup/tasks/lorry-setup.yml new file mode 100644 index 0000000..c50b49d --- /dev/null +++ b/ansible/roles/trove-setup/tasks/lorry-setup.yml @@ -0,0 +1,20 @@ +# Depends on: +# - users.yml +--- +- name: Create bundles and tarballs folder for the lorry user + file: path=/home/lorry/{{ item }} state=directory owner=lorry group=lorry + with_items: + - bundles + - tarballs +# Following the same strategy as explained in gitano-setup.yml, use +# templates recursively over directories. +# Create the directories needed to copy the files +- name: Create directories needed in /etc for the lorry configuration + file: path=/etc/{{ item }} state=directory + with_lines: + - (cd /usr/share/trove-setup/etc && find -type d) +# Copy all the files to the right place and fill the templates whenever possible +- name: Add the configuration needed for lorry in /etc using templates + template: src=/usr/share/trove-setup/etc/{{ item }} dest=/etc/{{ item }} + with_lines: + - (cd /usr/share/trove-setup/etc && find -type f) diff --git a/ansible/roles/trove-setup/tasks/main.yml b/ansible/roles/trove-setup/tasks/main.yml new file mode 100644 index 0000000..35fd807 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- include: check.yml +- include: hostname.yml +- include: known-hosts-setup.yml +- include: users.yml +- include: cache-setup.yml +- include: lighttpd.yml +- include: lorry-setup.yml +- include: git.yml +- include: gitano-setup.yml +- include: lorry-controller-setup.yml +- include: minions.yml +- include: site-groups.yml +- include: releases.yml +- include: gitano-worker-setup.yml +- include: gitano-lorry-setup.yml +- include: gitano-admin-setup.yml +- include: backups.yml diff --git a/ansible/roles/trove-setup/tasks/minions.yml b/ansible/roles/trove-setup/tasks/minions.yml new file mode 100644 index 0000000..a5b3d8d --- /dev/null +++ b/ansible/roles/trove-setup/tasks/minions.yml @@ -0,0 +1,20 @@ +# Depends on: +# - lorry-controller-setup.yml +--- +# This is a workaround because the service module and the current +# systemd version doesn't work well enough with template units. +# +# It ALWAYS runs `systemctl enable` for all the minions to be +# created, but it only reports that the status of the task has changed +# when in the stderr output is the string "ln -s" (which means the +# unit has been enabled). +- name: Enable as many MINIONS as specified in LORRY_CONTROLLER_MINIONS + shell: systemctl enable lorry-controller-minion@{{ item }}.service + with_sequence: count={{ LORRY_CONTROLLER_MINIONS }} + changed_when: "'ln -s' in minions_creation.stderr" + register: minions_creation + +- name: Start the all the MINIONS created (if any) + service: name=lorry-controller-minion@{{ item.item }} state=restarted + with_items: minions_creation.results + when: item|changed diff --git a/ansible/roles/trove-setup/tasks/releases.yml b/ansible/roles/trove-setup/tasks/releases.yml new file mode 100644 index 0000000..bcb031e --- /dev/null +++ b/ansible/roles/trove-setup/tasks/releases.yml @@ -0,0 +1,30 @@ +# Depends on: +# - site-groups.yml +--- +- name: Create the releases repository + shell: | + su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/site/releases' + creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git + +- name: Create temporary folder to copy templates + shell: su git -c 'mktemp -d' + register: releases_templates +- name: Create the files needed for the releases repository + template: src=/usr/share/trove-setup/releases-repo-README dest={{ releases_templates.stdout }}/releases-repo-README owner=git group=git mode=0644 + +- name: Create temporary folder to clone the releases repository + shell: su git -c 'mktemp -d' + register: releases_repository +- name: Configure the releases repository + shell: | + su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/site/releases.git '{{ releases_repository.stdout|quote|quote }}'/releases' + su git -c 'cp '{{ releases_templates.stdout|quote|quote }}'/releases-repo-README '{{ releases_repository.stdout|quote|quote }}'/releases/README' + su git -c 'cd '{{ releases_repository.stdout|quote|quote }}'/releases; git add README; git commit -m "Add README"; git push origin master' + su -c "rm -Rf {{ releases_repository.stdout|quote|quote }}" + creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git/refs/heads/master + +- name: Link the releases repository to enable the access throught browser + file: | + src=/home/git/repos/{{ TROVE_ID }}/site/releases.git/rsync + dest=/var/www/htdocs/releases state=link + force=yes diff --git a/ansible/roles/trove-setup/tasks/site-groups.yml b/ansible/roles/trove-setup/tasks/site-groups.yml new file mode 100644 index 0000000..e4aff14 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/site-groups.yml @@ -0,0 +1,88 @@ +# Depends on: +# - gitano-setup.yml +--- +# First of all check if the site groups are created. +- name: Check for site groups (This task can fail) + shell: su git -c 'ssh git@localhost group list' | grep '^'{{ item.name|quote }}':' + changed_when: False + ignore_errors: True + with_items: + - { name: 'site-readers', description: 'Users with read access to the site project' } + - { name: 'site-writers', description: 'Users with write access to the site project' } + - { name: 'site-admins', description: 'Users with admin access to the site project' } + - { name: 'site-managers', description: 'Users with manager access to the site project' } + register: gitano_groups +# Iterate over the results of the previous check, and create the sites needed. +# In this task we are using the list of results of the previous task +# - item is the result of the execution of one of the elements of +# the list of the previous task. +# - item.item is the item of the previous task being executed when +# the result (stored in item) was taken. +# +# For example, the task: (From http://docs.ansible.com/playbooks_loops.html#using-register-with-a-loop) +# +# - shell: echo "{{ item }}" +# with_items: +# - one +# - two +# register: echo +# +# Would register in the variable "echo": +# +# { +# "changed": true, +# "msg": "All items completed", +# "results": [ +# { +# "changed": true, +# "cmd": "echo \"one\" ", +# "delta": "0:00:00.003110", +# "end": "2013-12-19 12:00:05.187153", +# "invocation": { +# "module_args": "echo \"one\"", +# "module_name": "shell" +# }, +# "item": "one", +# "rc": 0, +# "start": "2013-12-19 12:00:05.184043", +# "stderr": "", +# "stdout": "one" +# }, +# { +# "changed": true, +# "cmd": "echo \"two\" ", +# "delta": "0:00:00.002920", +# "end": "2013-12-19 12:00:05.245502", +# "invocation": { +# "module_args": "echo \"two\"", +# "module_name": "shell" +# }, +# "item": "two", +# "rc": 0, +# "start": "2013-12-19 12:00:05.242582", +# "stderr": "", +# "stdout": "two" +# } +# ] +# } + +- name: Create the site groups needed. + shell: su git -c 'ssh git@localhost group add '{{ item.item.name|quote|quote|quote }}' '{{ item.item.description|quote|quote|quote }} + when: item|failed + with_items: gitano_groups.results + +# When the groups are created, check if they are linked. +- name: Check for linked groups (This task can fail) + shell: su git -c 'ssh git@localhost group show '{{ item.name|quote|quote|quote }} | grep '^ \[] '{{ item.super_group|quote }} + changed_when: False + ignore_errors: True + with_items: + - { name: 'site-readers', super_group: 'site-writers' } + - { name: 'site-writers', super_group: 'site-admins' } + - { name: 'site-admins', super_group: 'site-managers' } + register: gitano_linked_groups + +# Link the groups that weren't linked following the same strategy as for the groups +- shell: su git -c 'ssh git@localhost group addgroup '{{ item.item.name|quote|quote|quote }}' '{{ item.item.super_group|quote|quote|quote }} + when: item|failed + with_items: gitano_linked_groups.results diff --git a/ansible/roles/trove-setup/tasks/users.yml b/ansible/roles/trove-setup/tasks/users.yml new file mode 100644 index 0000000..c1ab866 --- /dev/null +++ b/ansible/roles/trove-setup/tasks/users.yml @@ -0,0 +1,38 @@ +# Depends on: +# - check.yml +--- +- name: Create the lorry user without generating sshkeys. + user: name=lorry comment="Trove lorry service" shell=/bin/bash +- name: Create the /home/lorry/.ssh folder + file: path=/home/lorry/.ssh state=directory owner=lorry group=lorry mode=0700 + +- name: Create users (git, cache, mason) and ssh keys for them. + user: name={{ item }} comment="Trove {{ item }} service" shell=/bin/bash generate_ssh_key=yes + with_items: + - git + - cache + - mason +- name: Create known_hosts for all the users + shell: | + cat /etc/ssh/ssh_host_*_key.pub | cut -d\ -f1,2 | \ + sed -e's/^/'{{ TROVE_HOSTNAME|regex_replace('(\\W)', '\\\\\\1')|quote }}',localhost /' > \ + /home/{{ item }}/.ssh/known_hosts + chown {{ item }}:{{ item }} /home/{{ item }}/.ssh/known_hosts + chmod 600 /home/{{ item }}/.ssh/known_hosts + creates=/home/{{ item }}/.ssh/known_hosts + with_items: + - git + - cache + - mason + - lorry + +- name: Copy the lorry ssh private key + copy: | + src={{ LORRY_SSH_KEY }} + dest=/home/lorry/.ssh/id_rsa + owner=lorry group=lorry mode=600 +- name: Copy the lorry ssh public key + copy: | + src={{ LORRY_SSH_PUBKEY }} + dest=/home/lorry/.ssh/id_rsa.pub + owner=lorry group=lorry mode=644 diff --git a/ansible/trove-setup.yml b/ansible/trove-setup.yml new file mode 100644 index 0000000..0ab7f0e --- /dev/null +++ b/ansible/trove-setup.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + vars_files: + - "/etc/trove/trove.conf" + roles: + - trove-setup -- cgit v1.2.1