diff options
| author | Lars Wirzenius <liw@liw.fi> | 2018-06-13 15:01:18 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2018-06-13 15:01:18 +0300 |
| commit | 83b3574f3abf2c367a7a687867273e6259975ce6 (patch) | |
| tree | bf963ee59b71a10d0a187b8e1ff8e36ecb1acbe1 /ick-cluster.yml | |
| parent | 363fbccdbe5e9e6774f9a949cc1d8670d6287c48 (diff) | |
| download | ick2-ansible-83b3574f3abf2c367a7a687867273e6259975ce6.tar.gz | |
Change: update stuff for deploying working ick instances
Diffstat (limited to 'ick-cluster.yml')
| -rw-r--r-- | ick-cluster.yml | 130 |
1 files changed, 9 insertions, 121 deletions
diff --git a/ick-cluster.yml b/ick-cluster.yml index f50cc0b..8c59fb2 100644 --- a/ick-cluster.yml +++ b/ick-cluster.yml @@ -7,27 +7,9 @@ - unix_users - ick-worker vars: - unix_users: - - username: _ickwm - sudo: yes - ssh_key: "{{ wm_ssh_key }}" - ssh_key_pub: "{{ wm_ssh_key_pub }}" + verify_tls: yes -- hosts: artifacts - remote_user: root - become: yes - roles: - - sane_debian_system - - comfortable - - letsencrypt - - haproxy - - ick-artifact-store - vars: - hostname: blobs - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ artifact_store_domain }}" - -- hosts: controller +- hosts: ick remote_user: root become: yes roles: @@ -35,109 +17,15 @@ - comfortable - letsencrypt - haproxy + - qvisqve - ick-controller + - ick-artifact-store + - apt_repository - ick-notifier vars: - hostname: controller - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ controller_domain }}" - smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + hostname: ick -- hosts: qvisqve - remote_user: root - become: yes - roles: - - sane_debian_system - - letsencrypt - - haproxy - - qvisqve - vars: + verify_tls: yes + letsencrypt: yes letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ qvisqve_domain }}" - qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" - qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" - qvisqve_client_hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - qvisqve_client_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - qvisqve_clients: - liw: - allowed_scopes: - - uapi_version_get - - uapi_projects_get - - uapi_status_get - - uapi_projects_post - - uapi_projects_id_get - - uapi_projects_id_put - - uapi_projects_id_delete - - uapi_pipelines_get - - uapi_pipelines_id_delete - - uapi_projects_id_status_get - - uapi_projects_id_status_put - - uapi_pipelines_post - - uapi_pipelines_id_put - - uapi_builds_get - - uapi_logs_get - - uapi_logs_id_get - - uapi_workers_get - - uapi_workers_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - worker1: - allowed_scopes: - - uapi_version_get - - uapi_workers_post - - uapi_work_get - - uapi_work_post - - uapi_blobs_id_put - - uapi_blobs_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - worker2: - allowed_scopes: - - uapi_version_get - - uapi_workers_post - - uapi_work_get - - uapi_work_post - - uapi_blobs_id_put - - uapi_blobs_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/worker2_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/worker2_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - -- hosts: apt - remote_user: root - become: yes - roles: - - sane_debian_system - - apt_repository - vars: - apt_distributions: - - codename: stretch - description: Release packages for stretch - - codename: stretch-ci - description: CI builds for stretch - - codename: unstable - description: Release packages for unstable - - codename: unstable-ci - description: CI builds for unstable - - codename: liw-ci - description: CI builds for unstable from liw + letsencrypt_domain: "{{ controller_domain }}" |