blob: c17a971d8c4a41c47f9b4bbe69105c13118b70db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
- hosts: localhost
gather_facts: false
tasks:
- name: Generate ZooKeeper certs
shell: |
/var/zuul-tools/zk-ca.sh /var/certs examples_zk_1.examples_default
chmod -R a+rX /var/certs
- name: Wait for Gerrit to start
wait_for:
host: gerrit
port: 29418
- name: Generate admin SSH key for Gerrit
command: ssh-keygen -f /var/ssh/admin -N ''
args:
creates: /var/ssh/admin.pub
- name: Generate Zuul SSH key for Gerrit
command: ssh-keygen -f /var/ssh/zuul -N '' -t rsa -m PEM
args:
creates: /var/ssh/zuul.pub
- name: Generate Zuul SSH key for Nodepool
command: ssh-keygen -f /var/ssh/nodepool -N '' -t rsa -m PEM
args:
creates: /var/ssh/nodepool.pub
- name: Add Nodepool key to node authorized_keys file
command: cp /var/ssh/nodepool.pub /var/node/authorized_keys
args:
creates: /var/node/authorized_keys
# The Gerrit container puts up a helpful info page the first time
# you hit the web server; get past that.
- name: Get Gerrit first login screen
uri:
url: http://gerrit:8080/a/accounts/self/sshkeys
method: GET
user: admin
password: secret
ignore_errors: true
- name: Add admin SSH key to Gerrit
uri:
url: http://gerrit:8080/a/accounts/self/sshkeys
method: POST
user: admin
password: secret
body: "{{ lookup('file', '/var/ssh/admin.pub') }}"
status_code: 201
HEADER_Content-Type: text/plain
- name: Create temp dir for Gerrit config update
shell: mktemp -d
register: gerrit_tmp
- name: Set All-Project repo location
set_fact:
all_projects_repo: "{{ gerrit_tmp.stdout }}/All-Projects"
- name: Checkout All-Projects config
git:
repo: ssh://gerrit:29418/All-Projects/
ssh_opts: "-o StrictHostKeyChecking=no -i /var/ssh/admin -l admin"
dest: "{{ all_projects_repo }}"
refspec: '+refs/meta/config:refs/meta/config'
version: refs/meta/config
- name: Copy new All-Projects config into place
copy:
src: "/var/playbooks/project.config"
dest: "{{ all_projects_repo }}/project.config"
- name: Update All-Projects config in Gerrit
shell: |
git config user.email 'admin@example.com'
git commit -a -m 'update config'
git push http://admin:secret@gerrit:8080/All-Projects +HEAD:refs/meta/config
args:
chdir: "{{ all_projects_repo }}"
warn: false
- name: Create zuul-config project
include_role:
name: create_project
vars:
project: zuul-config
- name: Create test1 project
include_role:
name: create_project
vars:
project: test1
- name: Create test2 project
include_role:
name: create_project
vars:
project: test2
# The Zuul user is created last because it is an atomic operation
# which signals that Gerrit is ready for use and it is safe for
# the Zuul scheduler to start.
- name: Check if zuul user exists
uri:
url: http://gerrit:8080/accounts/zuul
status_code: 200, 404
register: zuul_user_check
- name: Create zuul Gerrit account
when: zuul_user_check.status==404
uri:
url: http://gerrit:8080/a/accounts/zuul
method: PUT
user: admin
password: secret
status_code: 201
body_format: json
body:
name: Zuul
ssh_key: "{{ lookup('file', '/var/ssh/zuul.pub') }}"
http_password: secret
groups:
- "Non-Interactive Users"
|
