summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--components.yml11
-rw-r--r--group_vars/all.yml2
-rw-r--r--roles/artifacts/tasks/main.yml123
-rw-r--r--roles/artifacts/templates/artifact_store.yaml.j26
-rw-r--r--roles/haproxy/files/haproxy.cfg6
5 files changed, 148 insertions, 0 deletions
diff --git a/components.yml b/components.yml
index e12ccf9..011828d 100644
--- a/components.yml
+++ b/components.yml
@@ -1,3 +1,14 @@
+- hosts: artifacts
+ remote_user: root
+ become: no
+ roles:
+ - haproxy
+ - artifacts
+ vars:
+ hostname: artifacts
+ haproxy_domain: wmf2-artifacts.vm.liw.fi
+ letsencrypt_email: liw@liw.fi
+
- hosts: vcsworker
remote_user: root
become: no
diff --git a/group_vars/all.yml b/group_vars/all.yml
new file mode 100644
index 0000000..7147120
--- /dev/null
+++ b/group_vars/all.yml
@@ -0,0 +1,2 @@
+token_pub: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCesmXDo5ZG0/IbwTknMad4mOurX05PSW5cy9fk/KOO/2JbIicV1L5SS5NCXrwyrItXxaeXsYVugKO5z11Ont3Y3AG76NeyJHxqDLs1JjVWlLd9/KSaCI7jdCzC/bV3OOGjhMp4ZRmf6zrQrIZ9nCs2HTZ+3lIq2I03BLL+6KqY929wb7YlmNTsaW/RaKE4l0X5YzyxJfR8CN2exlXKMPCvOjQQtWvLGi68QZVbnkwpEfQbw2DeQJAeOo0QcrxLiA34hsf95SaeRTKY69Cv0wLmnjHQixIMaBvmW7CcKEvQ3D5oOG9XFcY3wbKJ8LyM7aq+FWXfswSAQpaTE8w3uMzdg0hypo+pqsiieftvBSY5IgoETtPaJGey8BIAYhCjP+Rwd6kX2vOiJHSdrf/5uK0OUlqZrSDoQnnUIZZpx63/VBVaQ4pAoqGvVhQr9svN9NojfJJ1zCUWicHOCXUEUxzQ2DFpraidxNnrjapEjTijM/GVbc28rVfZwuX9tdwrWM2UHOjeISiSJCs07P5hyfbWTh9vCbO3ffhQWhYA711budh7ZqxC3C4MaraTOMsp11LHu4eLxUvuw0OcLawX6bWy8SnXv/BdGKE6lO1hI3RZ+inVaRKIy8WagvmSvip3eK88dEHEgIoOsbmnDEytUpoDhoNpAH08lx1MIaYxtTm07w==
diff --git a/roles/artifacts/tasks/main.yml b/roles/artifacts/tasks/main.yml
new file mode 100644
index 0000000..942705b
--- /dev/null
+++ b/roles/artifacts/tasks/main.yml
@@ -0,0 +1,123 @@
+- name: "install ci-prep-ick.vm.liw.fi APT signing key"
+ apt_key:
+ data: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFshHKIBEACyvcvvhCEJPS1WSV9aSVQ+Rj7GesEuNIZ1z9XUgfQ8OKYM2aS8
+ C0e8FsfBi6YezKqz9ZBuAbQ5dJ03HD+U3kApLLkteeVehIgkGtRa12XDC++RYU7p
+ UuE2RVOqKMVnL6GCcqY7TjagHfGFXE1LtYFzMZMjLqlvqcR3ACOB8SilSSZ4DYMM
+ Q8h3Dg8oC0kYnfYrOandA/XK+ecm2RAQ7g8yRw42GjFRAJlnlxYK4ZJ0HxMk1T+g
+ nESiGcVKT84nFvaU/Uxfz8jJsCoDaNV17c/Vk7BfDCvELavWpw6+aImPrlUS3UOu
+ 6Znv3zLzlGQBzdoZf8D0hGXdxLPu9J8ywxjCxWasjjXJJ0x/Izh/IH1ssT5V3Erx
+ Emlw8bqumMub41Iib2BVB2ysJ5bqGb6Q9OBvYXAVqvuWajJnkOBP4Z1/t+r2/JUm
+ fSeH0Pgqf9juzlBGHCgjqsvzjDyZziusnHuVN2M5gFHQ2abyLX1l9YDDkwfStt2+
+ jXwJ6i09IJSy7MiWgKRTXiI/KFCMF1ajzizg8PgTFlr39iIMwae2GlG/RKaRB6/4
+ h9vWazMan5Qw0LmM5lcZquly7MUfOkbBXOug1dib2DndwbTSBdsefx8jEoONz/2Q
+ e4L+Vvkyze26IwPcNCtpgg+iPzhMAAITGixW/p3ATKHW6MFO25HzzlOBrQARAQAB
+ tDljaS1wcmVwLnZtLmxpdy5maSBBUFQgcmVwb3NpdG9yeSBzaWduaW5nIGtleSA8
+ bGl3QGxpdy5maT6JAk4EEwEKADgWIQQzxyeUNzWcU5u/64QL1UrLeCNqdQUCWyEc
+ ogIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAL1UrLeCNqdd2LD/9Oz7JB
+ cvhS98VIt+v9Ob55tXATLUbz/Qe+wjLKr8pk0qbopF5maUhbeahQ/Y+BO0w1FjC+
+ 0Rgywzs2Rpo9l06+t3zhfZa+QctPbCgaVJ6SiA3sGC0ciUm6O+8qsUSGxaA3s0KV
+ Zn7bBz3cfx1IKVowVVRaKWuUatt0vNCk/AJOSqNuSonp6iDAGlpoUwNnrhSW5K54
+ mnSDE0PLQBPD2CGUet5nBuo0KrROsGbMhT4mzjKtqqXiOgitLL2STKo8IAjz46Kz
+ xi9/cdizN/FE2Q1uXWLyA/vXxKstxDQ2Ggs8u/siHWu2Ie0AnI6UZbElpvrjV5mV
+ swv+p5ZNng57jSlWNZvmng+fsF2kjVcNmonTmg5nUhKS5rmGBJyFTlWyKtpExOAb
+ DcYloBJqgf4QKzp5XIVd1NrzfQDLmlmxnQtQ2MYfq4PZ9GImDEirsBJ5dE1L+LDz
+ G7Ldyi22t4EoSSEzxeXoiE9m6/bnpamfOy6Lk0XXQcHAc3BXADO8FfvZLcyTE52s
+ H32k75M+ft+9CJhBkAfhBfvOXBuZolOFhs2FirlS0b3BDz0I357K7K98rjNiKvj/
+ XfLYfMqrWih3RD4xyUW6T8QSSM/Vqn3Klvl4MdroeSGR2gy+WMUy26+ZFVljdo40
+ HcOM0ZLArtQC+G6LdEaSLsJmB9HwvlJgXNQl0rkCDQRbIRyiARAA+7v9lLIbDzDv
+ UN+w/O07bT4GveLFcAREA7kmMrgrEi2WL5IZQfjezvW7Eee0hey6X26uWB8SRStQ
+ UOiDmVPovtf9yZgvZvejOXrCqHFgCpptVkI15I1htPRSmzUpJKkwfkoXcpmXfSgy
+ plFzQu/cAfsYRW/22mbd5IZ5kTRXqq/fNQCHSk7icTOzVygqT1Z+H5J20QTUVE6A
+ M/zvmu+VCsuVCiCl4QUZOwksZb7I80f/kFOUAVNRbgrsj2dNtP1GuNWvi9oL9yhW
+ z7Jm/4bMcboUBPnQqldoh3Ybi0pKa8q2/cHsE1vzIGF99sjylT70TaDOrZdvOipr
+ gxd5fxIprxSiSnQGb1/hD+PDiLw+nUn6anHy6Q7+FGEbvTTeAAA5TqbUGbga5Lxl
+ m5sfU7FIzFYyqt25H+S9Bj5F4SS4/MlZMH0KxsymSOPLVl41cn/ors6S9z/sAQZs
+ Hmoj+/QVd2d3dC2IuSNK08v+0jOQ+5CO4SG9te4//RUTiyQ9TW6MFwsl0gZiU9A0
+ CQ/GkmG3zIGSdQyCU+GIlMDI4SUc/ojzMJYVbsQ8WiKsjlnWu/7eQpGuQIe1dg7c
+ MCFgV5rBRKYyZyNxIdJkmKKt3IJL6d+FsQfNkvWvdsdXW9K1O7YnTwQavEIXrRkY
+ UoZ7JlTK1Ce2Iw78Ro00R3AEzLpg4OkAEQEAAYkCNgQYAQoAIBYhBDPHJ5Q3NZxT
+ m7/rhAvVSst4I2p1BQJbIRyiAhsMAAoJEAvVSst4I2p1N8oP/2WWQ5XVvySTBBQx
+ ob7SzKDgD2V/GLY2tv0vDv/dW5ChNuwFtCgr2kDNZV1ifKsTwpeLqONGps3f0AzV
+ Vuo2ErBKzGBk6lbjFMw7HKLeE0C0N9DsVN3yAHeGzy8dkezXE+eGDvN0aEVXypQc
+ p/5P0Al9rl4Y/EMVGSo4X5qYxXYzu1A4NrmtcqF0qlXzD1pzmQ0W1BdwF+hRsMB+
+ 2SFYH/ij45kiLr0PRb99ojmQqWtqPGKHw+8uI9HyiwwzgRR2qS7YC7kDt0cy4Y/t
+ bKDyuTbWsau9FAiln8kghbQXI1XM2R62cmC/wymo0Vl/kGj4p4PPoN/bVlkty6qd
+ ee1/WrwBHertJnhQfCe2yCM4pNEznKnyQaJ2weDuBTw3YgyrYb6iOJ6VpCVFf7uM
+ 0K8DE9BBeztwiU80v6UYh5Sz2nfvc2KjInF8f+weFGWKFdx9VOOdwxP6bmRVGfV0
+ AYRhTlPc8XjNYwRLAhZciqB1Hyd6ZxcLUUV8f9YruGOp0srdZ4QmCkT95PuWJeVo
+ up6NujqA32VHa+qNWx3jNZaNgRuH8RzL4s4ZZ4q/3vPU5ndkFvEvSpjyYoC1ewxs
+ n8ut9fiKU6GaUnDxvfVE1cXdnj4yHMkn91bor5ne+DtyAG1yHItA+hNzLllbgk0F
+ bMfuB4umuQx6SYFpP1FF0yc+Xwzn
+ =SvUJ
+ -----END PGP PUBLIC KEY BLOCK-----
+
+- name: "install ci-prod-controller.vm.liw.fi APT signing key"
+ apt_key:
+ data: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
+ 5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+ +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
+ HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
+ JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
+ jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
+ 3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
+ 6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
+ UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
+ TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
+ kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
+ tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
+ LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
+ CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
+ dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
+ LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
+ 31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
+ P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
+ 2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
+ cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
+ SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
+ 6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
+ Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
+ GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
+ GSJSdir7NkZidgwoCPA7BTqsb5LN
+ =dXB0
+ -----END PGP PUBLIC KEY BLOCK-----
+
+- name: "add ci-prep-ick APT repo to sources.lists"
+ apt_repository:
+ repo: "deb http://ci-prep-ick.vm.liw.fi/debian stretch-ci main"
+ update_cache: yes
+ state: present
+
+- name: "add ci-prod-controller APT repo to sources.lists"
+ apt_repository:
+ repo: "deb http://ci-prod-controller.vm.liw.fi/debian stretch-ci main"
+ update_cache: yes
+ state: present
+
+- name: "create /etc/ick"
+ file:
+ state: directory
+ path: /etc/ick
+
+- name: "install artifact store config"
+ template:
+ src: artifact_store.yaml.j2
+ dest: /etc/ick/artifact_store.yaml
+
+- name: "install ick2 for its artifact store"
+ apt:
+ name: ick2
+ state: present
+
+- name: "enable and (re)start the artifact store"
+ systemd:
+ name: artifact_store
+ daemon_reload: yes
+ enabled: yes
+ state: restarted
+
diff --git a/roles/artifacts/templates/artifact_store.yaml.j2 b/roles/artifacts/templates/artifact_store.yaml.j2
new file mode 100644
index 0000000..ba3dbde
--- /dev/null
+++ b/roles/artifacts/templates/artifact_store.yaml.j2
@@ -0,0 +1,6 @@
+token-issuer: iss
+token-audience: aud
+token-public-key: "{{ token_pub }}"
+log:
+ - filename: /var/log/ickas/artifact_store.log
+blobdir: /var/lib/ick/blobs
diff --git a/roles/haproxy/files/haproxy.cfg b/roles/haproxy/files/haproxy.cfg
index 4bb9ebf..5c450c4 100644
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@@ -36,8 +36,14 @@ frontend http-in
rspadd Strict-Transport-Security:\ max-age=15768000
+ acl as path_beg /blobs/
+ use_backend as if as
+
acl api path_beg /
use_backend api if api
backend api
server api_1 127.0.0.1:2222
+
+backend as
+ server api_1 127.0.0.1:12766