From 363fbccdbe5e9e6774f9a949cc1d8670d6287c48 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 10 Jun 2018 19:31:04 +0300 Subject: Change: put all of ick in one host for ick2.yml --- ick2.yml | 113 +++++++++++++++++++++++----------------------------------- run-single.sh | 38 ++++++++++++-------- test-ick | 2 +- 3 files changed, 69 insertions(+), 84 deletions(-) diff --git a/ick2.yml b/ick2.yml index 6dd662f..3b1bab8 100644 --- a/ick2.yml +++ b/ick2.yml @@ -1,66 +1,4 @@ -- hosts: qvisqve - remote_user: root - become: yes - roles: - - sane_debian_system - - letsencrypt - - haproxy - - qvisqve - vars: - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ qvisqve_domain }}" - qvisqve_token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" - qvisqve_token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" - qvisqve_client_hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - qvisqve_client_salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - qvisqve_clients: - admin: - allowed_scopes: - - uapi_version_get - - uapi_projects_get - - uapi_status_get - - uapi_projects_post - - uapi_projects_id_get - - uapi_projects_id_put - - uapi_projects_id_delete - - uapi_pipelines_get - - uapi_pipelines_id_delete - - uapi_projects_id_status_get - - uapi_projects_id_status_put - - uapi_pipelines_post - - uapi_pipelines_id_put - - uapi_builds_get - - uapi_logs_get - - uapi_logs_id_get - - uapi_workers_get - - uapi_workers_id_get - - uapi_notify_post - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/liw_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/liw_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - ick2: - allowed_scopes: - - uapi_version_get - - uapi_workers_post - - uapi_work_get - - uapi_work_post - - uapi_blobs_id_put - - uapi_blobs_id_get - client_secret: - hash: "{{ lookup('pipe', 'pass show ick2/worker1_hash') }}" - salt: "{{ lookup('pipe', 'pass show ick2/worker1_salt') }}" - N: 16384 - key_len: 128 - p: 1 - r: 8 - version: 1 - -- hosts: ick2 +- hosts: single remote_user: root become: yes roles: @@ -69,22 +7,48 @@ - unix_users - letsencrypt - haproxy + - qvisqve - ick-controller - ick-worker - ick-artifact-store + - ick-notifier - apt_repository vars: - hostname: ick2 - + hostname: ick debian_codename: stretch + ci_prefix: "" + + letsencrypt: no + letsencrypt_email: liw@liw.fi + letsencrypt_domain: "{{ qvisqve_domain }}" + tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}" + verify_tls: no + + token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}" + token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}" + + qvisqve_domain: 127.0.0.1 + qvisqve_port: 10000 + qvisqve_url: "https://{{ qvisqve_domain }}" controller_domain: 127.0.0.1 controller_port: 12765 + controller_url: "https://{{ controller_domain }}" artifact_store_domain: 127.0.0.1 artifact_store_port: 12766 + artifact_store_url: "https://{{ artifact_store_domain }}" - controller_url: "https://{{ controller_domain }}" + apt_domain: 127.0.0.1 + + notify_domain: 127.0.0.1 + notify_url: "https://{{ notify_domain }}/notify" + notify_port: 12767 + + smtp_server: pieni.net + smtp_port: 587 + smtp_user: pienirelay + smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" unix_users: - username: _ickwm @@ -92,9 +56,13 @@ ssh_key: "{{ wm_ssh_key }}" ssh_key_pub: "{{ wm_ssh_key_pub }}" - letsencrypt_email: liw@liw.fi - letsencrypt_domain: "{{ artifact_store_domain }}" - + apt_uploader_ssh_public_keys: + - "{{ wm_ssh_key_pub }}" + apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}" + apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}" + apt_signing_key_fingerprint: | + {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }} + apt_admin_email: liw@liw.fi apt_distributions: - codename: stretch description: Release packages for stretch @@ -106,3 +74,10 @@ description: CI builds for unstable - codename: liw-ci description: CI builds for unstable from liw + + sources_lists: + - repo: "deb http://code.liw.fi/debian stretch main" + keyring_package: code.liw.fi-keyring + signing_key: "{{ code_liw_fi_signing_key }}" + - repo: "deb http://ci-prod-apt.vm.liw.fi/debian liw-ci main" + signing_key: "{{ ci_prod_apt_signing_key }}" diff --git a/run-single.sh b/run-single.sh index b36258d..4033b22 100755 --- a/run-single.sh +++ b/run-single.sh @@ -3,29 +3,39 @@ set -eu -hosts_in="$1" -shift 1 - - getip() { - awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" + awk -v "name=$1" '$1 == name { print $2 }' "$hosts_in" | + sed 's/ansible_ssh_host=//' } mkhosts() { cat < hosts.tmp -ansible-playbook -i hosts.tmp ick2.yml \ - -e "qvisqve_domain=$(getip qvisqve)" \ - -e "controller_domain=$(getip ick2)" \ - -e "artifact_store_domain=$(getip ick2)" \ - -e "apt_domain=$(getip ick2)" \ - "$@" +ansible-playbook \ + -i hosts.tmp \ + ick2.yml \ + -e qvisqve_domain="$(getip single)" \ + -e controller_domain="$(getip single)" \ + -e artifact_store_domain="$(getip single)" \ + -e apt_domain="$(getip single)" \ + -e notify_domain="$(getip single)" \ + "$@" diff --git a/test-ick b/test-ick index dd82d84..0a29d69 100755 --- a/test-ick +++ b/test-ick @@ -107,7 +107,7 @@ build() if [ "$run_ansible" = yes ] then cd "$ansible" - ./run-cluster.sh hosts.ickdev -e "ick_prefix=$prefix" -e "ci_dist=$ci_dist" -e @ci-vars.yml + ./run-cluster.sh hosts.ickdev -e "ci_prefix=$prefix" -e "ci_dist=$ci_dist" -e @ci-vars.yml fi tool make-it-so < "${rules}/ickdev.yaml" -- cgit v1.2.1