diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-06-13 15:01:18 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-06-13 15:01:18 +0300 |
commit | 83b3574f3abf2c367a7a687867273e6259975ce6 (patch) | |
tree | bf963ee59b71a10d0a187b8e1ff8e36ecb1acbe1 | |
parent | 363fbccdbe5e9e6774f9a949cc1d8670d6287c48 (diff) | |
download | ick2-ansible-83b3574f3abf2c367a7a687867273e6259975ce6.tar.gz |
Change: update stuff for deploying working ick instances
-rw-r--r-- | group_vars/apt.yml | 18 | ||||
-rw-r--r-- | group_vars/ickhost.yml (renamed from group_vars/ick.yml) | 13 | ||||
-rw-r--r-- | group_vars/notify.yml | 5 | ||||
-rw-r--r-- | group_vars/workers.yml | 7 | ||||
-rw-r--r-- | host_vars/ick2.yml | 23 | ||||
-rw-r--r-- | ick-cluster.yml | 130 | ||||
-rw-r--r-- | ick2.yml | 70 | ||||
-rwxr-xr-x | run-cluster.sh | 47 | ||||
-rwxr-xr-x | run-playbook | 5 | ||||
-rwxr-xr-x | run-single.sh | 31 |
10 files changed, 96 insertions, 253 deletions
diff --git a/group_vars/apt.yml b/group_vars/apt.yml new file mode 100644 index 0000000..70fa580 --- /dev/null +++ b/group_vars/apt.yml @@ -0,0 +1,18 @@ +apt_uploader_ssh_public_keys: + - "{{ wm_ssh_key_pub }}" +apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}" +apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}" +apt_signing_key_fingerprint: | + {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }} +apt_admin_email: liw@liw.fi +apt_distributions: + - codename: stretch + description: Release packages for stretch + - codename: stretch-ci + description: CI builds for stretch + - codename: unstable + description: Release packages for unstable + - codename: unstable-ci + description: CI builds for unstable + - codename: liw-ci + description: CI builds for unstable from liw diff --git a/group_vars/ick.yml b/group_vars/ickhost.yml index d349d4f..ec545e4 100644 --- a/group_vars/ick.yml +++ b/group_vars/ickhost.yml @@ -2,8 +2,7 @@ debian_codename: stretch debian_mirror: deb.debian.org debian_mirror_src: deb.debian.org -wm_ssh_key: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key') }}" -wm_ssh_key_pub: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key_pub') }}" +ci_prefix: "" sources_lists: - repo: "deb http://code.liw.fi/debian stretch main" @@ -14,18 +13,15 @@ token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}" -controller_domain: 127.0.0.1 controller_port: 12765 - -artifact_store_domain: 127.0.0.1 artifact_store_port: 12766 - qvisqve_port: 10000 -notification_service_port: 12767 +notify_port: 12767 controller_url: "https://{{ controller_domain }}" artifact_store_url: "https://{{ artifact_store_domain }}" qvisqve_url: "https://{{ qvisqve_domain }}" +notify_url: "https://{{ notify_domain }}/notify" apt_uploader_ssh_public_keys: - "{{ wm_ssh_key_pub }}" @@ -35,4 +31,5 @@ apt_signing_key_fingerprint: | {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }} apt_admin_email: liw@liw.fi -ci_prefix: "" +wm_ssh_key: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key') }}" +wm_ssh_key_pub: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key_pub') }}" diff --git a/group_vars/notify.yml b/group_vars/notify.yml new file mode 100644 index 0000000..c620183 --- /dev/null +++ b/group_vars/notify.yml @@ -0,0 +1,5 @@ +smtp_server: pieni.net +smtp_port: 587 +smtp_user: pienirelay +smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + diff --git a/group_vars/workers.yml b/group_vars/workers.yml index c5046dc..6501d88 100644 --- a/group_vars/workers.yml +++ b/group_vars/workers.yml @@ -1,2 +1,5 @@ -wm_ssh_key: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key') }}" -wm_ssh_key_pub: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key_pub') }}" +unix_users: + - username: _ickwm + sudo: yes + ssh_key: "{{ wm_ssh_key }}" + ssh_key_pub: "{{ wm_ssh_key_pub }}" diff --git a/host_vars/ick2.yml b/host_vars/ick2.yml deleted file mode 100644 index 468d365..0000000 --- a/host_vars/ick2.yml +++ /dev/null @@ -1,23 +0,0 @@ -# FIXME: change the hostname if you prefer -hostname: ick2 - -debian_codename: stretch -debian_mirror: deb.debian.org -debian_mirror_src: deb.debian.org - -sources_lists: - - repo: "deb http://code.liw.fi/debian stretch main" - keyring_package: code.liw.fi-keyring - signing_key: "{{ code_liw_fi_signing_key }}" - -wm_ssh_key: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key') }}" -wm_ssh_key_pub: "{{ lookup('pipe', 'pass show ick2/wm_ssh_key_pub') }}" -token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" -token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" -tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}" - -unix_users: - - username: _ickwm - sudo: yes - ssh_key: "{{ wm_ssh_key }}" - ssh_key_pub: "{{ wm_ssh_key_pub }}" diff --git a/ick-cluster.yml b/ick-cluster.yml index f50cc0b..8c59fb2 100644 --- a/ick-cluster.yml +++ b/ick-cluster.yml @@ -7,27 +7,9 @@ - unix_users - ick-worker vars: - unix_users: - - username: _ickwm - sudo: yes - ssh_key: "{{ wm_ssh_key }}" - ssh_key_pub: "{{ wm_ssh_key_pub }}" + verify_tls: yes -- hosts: artifacts - remote_user: root - become: yes - roles: - - sane_debian_system - - comfortable - - letsencrypt - - haproxy - - ick-artifact-store - vars: - hostname: blobs - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ artifact_store_domain }}" - -- hosts: controller +- hosts: ick remote_user: root become: yes roles: @@ -35,109 +17,15 @@ - comfortable - letsencrypt - haproxy + - qvisqve - ick-controller + - ick-artifact-store + - apt_repository - ick-notifier vars: - hostname: controller - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ controller_domain }}" - smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + hostname: ick -- hosts: qvisqve - remote_user: root - become: yes - roles: - - sane_debian_system - - letsencrypt - - haproxy - - qvisqve - vars: + verify_tls: yes + letsencrypt: yes letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ qvisqve_domain }}" - qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" - qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" - qvisqve_client_hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - qvisqve_client_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - qvisqve_clients: - liw: - allowed_scopes: - - uapi_version_get - - uapi_projects_get - - uapi_status_get - - uapi_projects_post - - uapi_projects_id_get - - uapi_projects_id_put - - uapi_projects_id_delete - - uapi_pipelines_get - - uapi_pipelines_id_delete - - uapi_projects_id_status_get - - uapi_projects_id_status_put - - uapi_pipelines_post - - uapi_pipelines_id_put - - uapi_builds_get - - uapi_logs_get - - uapi_logs_id_get - - uapi_workers_get - - uapi_workers_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - worker1: - allowed_scopes: - - uapi_version_get - - uapi_workers_post - - uapi_work_get - - uapi_work_post - - uapi_blobs_id_put - - uapi_blobs_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - worker2: - allowed_scopes: - - uapi_version_get - - uapi_workers_post - - uapi_work_get - - uapi_work_post - - uapi_blobs_id_put - - uapi_blobs_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/worker2_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/worker2_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - -- hosts: apt - remote_user: root - become: yes - roles: - - sane_debian_system - - apt_repository - vars: - apt_distributions: - - codename: stretch - description: Release packages for stretch - - codename: stretch-ci - description: CI builds for stretch - - codename: unstable - description: Release packages for unstable - - codename: unstable-ci - description: CI builds for unstable - - codename: liw-ci - description: CI builds for unstable from liw + letsencrypt_domain: "{{ controller_domain }}" @@ -1,4 +1,4 @@ -- hosts: single +- hosts: ick remote_user: root become: yes roles: @@ -9,75 +9,13 @@ - haproxy - qvisqve - ick-controller - - ick-worker - ick-artifact-store - - ick-notifier - apt_repository + - ick-notifier + - ick-worker vars: hostname: ick - debian_codename: stretch - ci_prefix: "" + verify_tls: no letsencrypt: no - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ qvisqve_domain }}" tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}" - verify_tls: no - - token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" - token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" - - qvisqve_domain: 127.0.0.1 - qvisqve_port: 10000 - qvisqve_url: "https://{{ qvisqve_domain }}" - - controller_domain: 127.0.0.1 - controller_port: 12765 - controller_url: "https://{{ controller_domain }}" - - artifact_store_domain: 127.0.0.1 - artifact_store_port: 12766 - artifact_store_url: "https://{{ artifact_store_domain }}" - - apt_domain: 127.0.0.1 - - notify_domain: 127.0.0.1 - notify_url: "https://{{ notify_domain }}/notify" - notify_port: 12767 - - smtp_server: pieni.net - smtp_port: 587 - smtp_user: pienirelay - smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" - - unix_users: - - username: _ickwm - sudo: yes - ssh_key: "{{ wm_ssh_key }}" - ssh_key_pub: "{{ wm_ssh_key_pub }}" - - apt_uploader_ssh_public_keys: - - "{{ wm_ssh_key_pub }}" - apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}" - apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}" - apt_signing_key_fingerprint: | - {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }} - apt_admin_email: liw@liw.fi - apt_distributions: - - codename: stretch - description: Release packages for stretch - - codename: stretch-ci - description: CI builds for stretch - - codename: unstable - description: Release packages for unstable - - codename: unstable-ci - description: CI builds for unstable - - codename: liw-ci - description: CI builds for unstable from liw - - sources_lists: - - repo: "deb http://code.liw.fi/debian stretch main" - keyring_package: code.liw.fi-keyring - signing_key: "{{ code_liw_fi_signing_key }}" - - repo: "deb http://ci-prod-apt.vm.liw.fi/debian liw-ci main" - signing_key: "{{ ci_prod_apt_signing_key }}" diff --git a/run-cluster.sh b/run-cluster.sh index 8311fb7..4c987ab 100755 --- a/run-cluster.sh +++ b/run-cluster.sh @@ -3,26 +3,36 @@ set -eu -hosts_in="$1" -shift 1 - - -getip() +getaddr() { - awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" + awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" | + sed 's/ansible_ssh_host=//' } mkhosts() { cat <<EOF -[ick] -qvisqve hostname=controller ansible_ssh_host=$(getip qvisqve) -controller hostname=controller ansible_ssh_host=$(getip controller) -artifacts hostname=blob_service ansible_ssh_host=$(getip artifacts) -apt hostname=apt ansible_ssh_host=$(getip apt) -worker1 hostname=worker1 ansible_ssh_host=$(getip worker1) -worker2 hostname=worker2 ansible_ssh_host=$(getip worker2) +ick ansible_ssh_host=$(getaddr controller) +worker1 hostname=worker1 ansible_ssh_host=$(getaddr worker1) +worker2 hostname=worker2 ansible_ssh_host=$(getaddr worker2) + +[ickhost] +ick +worker1 +worker2 + +[controller] +ick + +[qvisqve] +ick + +[apt] +ick + +[notify] +ick [workers] worker1 @@ -30,10 +40,13 @@ worker2 EOF } +hosts_in="$1" +shift 1 mkhosts > hosts.tmp ansible-playbook -i hosts.tmp ick-cluster.yml \ - -e "qvisqve_domain=$(getip qvisqve)" \ - -e "controller_domain=$(getip controller)" \ - -e "artifact_store_domain=$(getip artifacts)" \ - -e "apt_domain=$(getip apt)" \ + -e "qvisqve_domain=$(getaddr controller)" \ + -e "controller_domain=$(getaddr controller)" \ + -e "artifact_store_domain=$(getaddr controller)" \ + -e "apt_domain=$(getaddr controller)" \ + -e "notify_domain=$(getaddr controller)" \ "$@" diff --git a/run-playbook b/run-playbook deleted file mode 100755 index 46716ef..0000000 --- a/run-playbook +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -set -eu - -ansible-playbook -i hosts "$@" diff --git a/run-single.sh b/run-single.sh index 4033b22..4b9ad06 100755 --- a/run-single.sh +++ b/run-single.sh @@ -3,7 +3,7 @@ set -eu -getip() +getaddr() { awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" | sed 's/ansible_ssh_host=//' @@ -13,16 +13,25 @@ getip() mkhosts() { cat <<EOF -single ansible_ssh_host=$(getip single) +ick ansible_ssh_host=$(getaddr ick) -[qvisqve] -single +[ickhost] +ick [controller] -single +ick + +[qvisqve] +ick + +[apt] +ick + +[notify] +ick [workers] -single +ick EOF } @@ -33,9 +42,9 @@ mkhosts > hosts.tmp ansible-playbook \ -i hosts.tmp \ ick2.yml \ - -e qvisqve_domain="$(getip single)" \ - -e controller_domain="$(getip single)" \ - -e artifact_store_domain="$(getip single)" \ - -e apt_domain="$(getip single)" \ - -e notify_domain="$(getip single)" \ + -e qvisqve_domain="$(getaddr ick)" \ + -e controller_domain="$(getaddr ick)" \ + -e artifact_store_domain="$(getaddr ick)" \ + -e apt_domain="$(getaddr ick)" \ + -e notify_domain="$(getaddr ick)" \ "$@" |