Change: put all of ick in one host for ick2.yml

author: Lars Wirzenius <liw@liw.fi> 2018-06-10 19:31:04 +0300
committer: Lars Wirzenius <liw@liw.fi> 2018-06-10 19:31:04 +0300
commit: 363fbccdbe5e9e6774f9a949cc1d8670d6287c48 (patch)
tree: 4b234f43749f92c79a3338fc1d440a895d6523ec /ick2.yml
parent: b123157dd5c08529515edb170d29e8be9accd8e1 (diff)
download: ick2-ansible-363fbccdbe5e9e6774f9a949cc1d8670d6287c48.tar.gz
1 files changed, 44 insertions, 69 deletions
diff --git a/ick2.yml b/ick2.yml
index 6dd662f..3b1bab8 100644
--- a/ick2.yml
+++ b/ick2.yml
@@ -1,66 +1,4 @@
-- hosts: qvisqve
-  remote_user: root
-  become: yes
-  roles:
-    - sane_debian_system
-    - letsencrypt
-    - haproxy
-    - qvisqve
-  vars:
-    letsencrypt_email: liw@liw.fi
-    letsencrypt_domain: "{{ qvisqve_domain }}"
-    qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}"
-    qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}"
-    qvisqve_client_hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}"
-    qvisqve_client_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}"
-    qvisqve_clients:
-      admin:
-        allowed_scopes:
-          - uapi_version_get
-          - uapi_projects_get
-          - uapi_status_get
-          - uapi_projects_post
-          - uapi_projects_id_get
-          - uapi_projects_id_put
-          - uapi_projects_id_delete
-          - uapi_pipelines_get
-          - uapi_pipelines_id_delete
-          - uapi_projects_id_status_get
-          - uapi_projects_id_status_put
-          - uapi_pipelines_post
-          - uapi_pipelines_id_put
-          - uapi_builds_get
-          - uapi_logs_get
-          - uapi_logs_id_get
-          - uapi_workers_get
-          - uapi_workers_id_get
-          - uapi_notify_post
-        client_secret:
-            hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}"
-            salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}"
-            N: 16384
-            key_len: 128
-            p: 1
-            r: 8
-            version: 1
-      ick2:
-        allowed_scopes:
-          - uapi_version_get
-          - uapi_workers_post
-          - uapi_work_get
-          - uapi_work_post
-          - uapi_blobs_id_put
-          - uapi_blobs_id_get
-        client_secret:
-            hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}"
-            salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}"
-            N: 16384
-            key_len: 128
-            p: 1
-            r: 8
-            version: 1
-
-- hosts: ick2
+- hosts: single
   remote_user: root
   become: yes
   roles:
@@ -69,22 +7,48 @@
     - unix_users
     - letsencrypt
     - haproxy
+    - qvisqve
     - ick-controller
     - ick-worker
     - ick-artifact-store
+    - ick-notifier
     - apt_repository
   vars:
-    hostname: ick2
-
+    hostname: ick
     debian_codename: stretch
+    ci_prefix: ""
+
+    letsencrypt: no
+    letsencrypt_email: liw@liw.fi
+    letsencrypt_domain: "{{ qvisqve_domain }}"
+    tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}"
+    verify_tls: no
+
+    token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}"
+    token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}"
+
+    qvisqve_domain: 127.0.0.1
+    qvisqve_port: 10000
+    qvisqve_url: "https://{{ qvisqve_domain }}"
 
     controller_domain: 127.0.0.1
     controller_port: 12765
+    controller_url: "https://{{ controller_domain }}"
 
     artifact_store_domain: 127.0.0.1
     artifact_store_port: 12766
+    artifact_store_url: "https://{{ artifact_store_domain }}"
 
-    controller_url: "https://{{ controller_domain }}"
+    apt_domain: 127.0.0.1
+
+    notify_domain: 127.0.0.1
+    notify_url: "https://{{ notify_domain }}/notify"
+    notify_port: 12767
+
+    smtp_server: pieni.net
+    smtp_port: 587
+    smtp_user: pienirelay
+    smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
 
     unix_users:
       - username: _ickwm
@@ -92,9 +56,13 @@
         ssh_key: "{{ wm_ssh_key }}"
         ssh_key_pub: "{{ wm_ssh_key_pub }}"
 
-    letsencrypt_email: liw@liw.fi
-    letsencrypt_domain: "{{ artifact_store_domain }}"
-
+    apt_uploader_ssh_public_keys:
+      - "{{ wm_ssh_key_pub }}"
+    apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
+    apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}"
+    apt_signing_key_fingerprint: |
+      {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }}
+    apt_admin_email: liw@liw.fi
     apt_distributions:
       - codename: stretch
         description: Release packages for stretch
@@ -106,3 +74,10 @@
         description: CI builds for unstable
       - codename: liw-ci
         description: CI builds for unstable from liw
+
+    sources_lists:
+      - repo: "deb http://code.liw.fi/debian stretch main"
+        keyring_package: code.liw.fi-keyring
+        signing_key: "{{ code_liw_fi_signing_key }}"
+      - repo: "deb http://ci-prod-apt.vm.liw.fi/debian liw-ci main"
+        signing_key: "{{ ci_prod_apt_signing_key }}"
author	Lars Wirzenius <liw@liw.fi>	2018-06-10 19:31:04 +0300
committer	Lars Wirzenius <liw@liw.fi>	2018-06-10 19:31:04 +0300
commit	363fbccdbe5e9e6774f9a949cc1d8670d6287c48 (patch)
tree	4b234f43749f92c79a3338fc1d440a895d6523ec /ick2.yml
parent	b123157dd5c08529515edb170d29e8be9accd8e1 (diff)
download	ick2-ansible-363fbccdbe5e9e6774f9a949cc1d8670d6287c48.tar.gz