diff options
author | Lars Wirzenius <lwirzenius@wikimedia.org> | 2019-07-03 19:37:19 +0300 |
---|---|---|
committer | Lars Wirzenius <lwirzenius@wikimedia.org> | 2019-07-03 19:37:19 +0300 |
commit | fd722cca3089a3fe6f7620f57d6e4b84be94e67b (patch) | |
tree | b2865b126331513c189e572326c093f916bf1d2e /roles/vcsworker/tasks/main.yml | |
parent | d726218270738805273deb00c919e6e819ca9798 (diff) | |
download | wmf-gitlab-fd722cca3089a3fe6f7620f57d6e4b84be94e67b.tar.gz |
Add: playbooks etc for deploying VCSWorker
Diffstat (limited to 'roles/vcsworker/tasks/main.yml')
-rw-r--r-- | roles/vcsworker/tasks/main.yml | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/roles/vcsworker/tasks/main.yml b/roles/vcsworker/tasks/main.yml new file mode 100644 index 0000000..955ae55 --- /dev/null +++ b/roles/vcsworker/tasks/main.yml @@ -0,0 +1,73 @@ +- name: "install VCSWorker dependencies and useful tools" + apt: + name: + - screen + - git + - haproxy + - psmisc + - python3 + - python3-bottle + - python3-jwt + - python3-crypto + state: present + +- name: "install VCSWorker source" + git: + repo: git://git.liw.fi/wmf-ci-arch + dest: /srv/wmf-ci-arch + +- name: "create user for VCSWorker" + user: + name: _wmf + comment: "WMF CI" + +- name: "install key for checking incoming access tokens" + copy: + src: token.pub + dest: /etc/wmf_ci_token.pub + owner: root + group: root + mode: '0644' + +- name: "create ~_wmf/.ssh" + file: + state: directory + dest: /home/_wmf/.ssh + owner: _wmf + group: _wmf + mode: '0700' + +- name: "install SSH public key for _wmf" + copy: + content: | + {{ vcsworker_ssh_pub }} + dest: /home/_wmf/.ssh/vcsworker.pub + owner: _wmf + group: _wmf + mode: '0644' + +- name: "install SSH private key for _wmf" + copy: + content: | + {{ vcsworker_ssh }} + dest: /home/_wmf/.ssh/vcsworker + owner: _wmf + group: _wmf + mode: '0600' + +# FIXME: This is clearly not OK for production. +- name: "configure ssh to not check for new host keys" + copy: + src: ssh_config + dest: /home/_wmf/.ssh/config + owner: _wmf + group: _wmf + mode: '0644' + +- name: "install API access token for GitLab" + copy: + content: "{{ gitlab_token }}" + dest: /etc/wmf_gitlab_token + owner: _wmf + group: _wmf + mode: '0600' |