Change: ick2.yml to install qvisqve on one host, rest of ick one one

1 files changed, 88 insertions, 0 deletions

diff --git a/ick2.yml b/ick2.yml
index d0146ad..6dd662f 100644
--- a/ick2.yml
+++ b/ick2.yml
@@ -1,14 +1,81 @@
+- hosts: qvisqve
+  remote_user: root
+  become: yes
+  roles:
+    - sane_debian_system
+    - letsencrypt
+    - haproxy
+    - qvisqve
+  vars:
+    letsencrypt_email: liw@liw.fi
+    letsencrypt_domain: "{{ qvisqve_domain }}"
+    qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}"
+    qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}"
+    qvisqve_client_hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}"
+    qvisqve_client_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}"
+    qvisqve_clients:
+      admin:
+        allowed_scopes:
+          - uapi_version_get
+          - uapi_projects_get
+          - uapi_status_get
+          - uapi_projects_post
+          - uapi_projects_id_get
+          - uapi_projects_id_put
+          - uapi_projects_id_delete
+          - uapi_pipelines_get
+          - uapi_pipelines_id_delete
+          - uapi_projects_id_status_get
+          - uapi_projects_id_status_put
+          - uapi_pipelines_post
+          - uapi_pipelines_id_put
+          - uapi_builds_get
+          - uapi_logs_get
+          - uapi_logs_id_get
+          - uapi_workers_get
+          - uapi_workers_id_get
+          - uapi_notify_post
+        client_secret:
+            hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}"
+            salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}"
+            N: 16384
+            key_len: 128
+            p: 1
+            r: 8
+            version: 1
+      ick2:
+        allowed_scopes:
+          - uapi_version_get
+          - uapi_workers_post
+          - uapi_work_get
+          - uapi_work_post
+          - uapi_blobs_id_put
+          - uapi_blobs_id_get
+        client_secret:
+            hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
+            salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
+            N: 16384
+            key_len: 128
+            p: 1
+            r: 8
+            version: 1
+
 - hosts: ick2
   remote_user: root
   become: yes
   roles:
     - sane_debian_system
+    - comfortable
     - unix_users
+    - letsencrypt
     - haproxy
     - ick-controller
     - ick-worker
     - ick-artifact-store
+    - apt_repository
   vars:
+    hostname: ick2
+
     debian_codename: stretch
 
     controller_domain: 127.0.0.1
@@ -18,3 +85,24 @@
     artifact_store_port: 12766
 
     controller_url: "https://{{ controller_domain }}"
+
+    unix_users:
+      - username: _ickwm
+        sudo: yes
+        ssh_key: "{{ wm_ssh_key }}"
+        ssh_key_pub: "{{ wm_ssh_key_pub }}"
+
+    letsencrypt_email: liw@liw.fi
+    letsencrypt_domain: "{{ artifact_store_domain }}"
+
+    apt_distributions:
+      - codename: stretch
+        description: Release packages for stretch
+      - codename: stretch-ci
+        description: CI builds for stretch
+      - codename: unstable
+        description: Release packages for unstable
+      - codename: unstable-ci
+        description: CI builds for unstable
+      - codename: liw-ci
+        description: CI builds for unstable from liw