summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--components.yml14
-rw-r--r--hosts1
-rw-r--r--roles/vcsworker/files/ssh_config5
-rw-r--r--roles/vcsworker/files/token.pub1
-rw-r--r--roles/vcsworker/tasks/main.yml73
5 files changed, 94 insertions, 0 deletions
diff --git a/components.yml b/components.yml
new file mode 100644
index 0000000..3159fdd
--- /dev/null
+++ b/components.yml
@@ -0,0 +1,14 @@
+- hosts: api
+ remote_user: root
+ become: no
+ roles:
+ - vcsworker
+ vars:
+ gitlab_token: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/gitlab_token') }}"
+ vcsworker_ssh_pub: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/vcsworker_ssh.pub') }}"
+ vcsworker_ssh: "{{ lookup('pipe', 'pass wmf/wmf-gitlab.vm.liw.fi/vcsworker_ssh') }}"
+
+ hostname: wmf2-api
+
+ debian_codename: stretch
+ debian_mirror: deb.debian.org
diff --git a/hosts b/hosts
index 4e20e3a..7184d05 100644
--- a/hosts
+++ b/hosts
@@ -1,2 +1,3 @@
gitlab ansible_ssh_host=wmf-gitlab3.vm.liw.fi
runner ansible_ssh_host=wmf-runner3.vm.liw.fi
+api ansible_ssh_host=wmf2-api.vm.liw.fi
diff --git a/roles/vcsworker/files/ssh_config b/roles/vcsworker/files/ssh_config
new file mode 100644
index 0000000..eec015e
--- /dev/null
+++ b/roles/vcsworker/files/ssh_config
@@ -0,0 +1,5 @@
+Host *
+ UserKnownHostsFile /dev/null
+ StrictHostKeyChecking no
+ PasswordAuthentication no
+ IdentityFile ~/.ssh/vcsworker
diff --git a/roles/vcsworker/files/token.pub b/roles/vcsworker/files/token.pub
new file mode 100644
index 0000000..7d2603b
--- /dev/null
+++ b/roles/vcsworker/files/token.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCesmXDo5ZG0/IbwTknMad4mOurX05PSW5cy9fk/KOO/2JbIicV1L5SS5NCXrwyrItXxaeXsYVugKO5z11Ont3Y3AG76NeyJHxqDLs1JjVWlLd9/KSaCI7jdCzC/bV3OOGjhMp4ZRmf6zrQrIZ9nCs2HTZ+3lIq2I03BLL+6KqY929wb7YlmNTsaW/RaKE4l0X5YzyxJfR8CN2exlXKMPCvOjQQtWvLGi68QZVbnkwpEfQbw2DeQJAeOo0QcrxLiA34hsf95SaeRTKY69Cv0wLmnjHQixIMaBvmW7CcKEvQ3D5oOG9XFcY3wbKJ8LyM7aq+FWXfswSAQpaTE8w3uMzdg0hypo+pqsiieftvBSY5IgoETtPaJGey8BIAYhCjP+Rwd6kX2vOiJHSdrf/5uK0OUlqZrSDoQnnUIZZpx63/VBVaQ4pAoqGvVhQr9svN9NojfJJ1zCUWicHOCXUEUxzQ2DFpraidxNnrjapEjTijM/GVbc28rVfZwuX9tdwrWM2UHOjeISiSJCs07P5hyfbWTh9vCbO3ffhQWhYA711budh7ZqxC3C4MaraTOMsp11LHu4eLxUvuw0OcLawX6bWy8SnXv/BdGKE6lO1hI3RZ+inVaRKIy8WagvmSvip3eK88dEHEgIoOsbmnDEytUpoDhoNpAH08lx1MIaYxtTm07w== \ No newline at end of file
diff --git a/roles/vcsworker/tasks/main.yml b/roles/vcsworker/tasks/main.yml
new file mode 100644
index 0000000..955ae55
--- /dev/null
+++ b/roles/vcsworker/tasks/main.yml
@@ -0,0 +1,73 @@
+- name: "install VCSWorker dependencies and useful tools"
+ apt:
+ name:
+ - screen
+ - git
+ - haproxy
+ - psmisc
+ - python3
+ - python3-bottle
+ - python3-jwt
+ - python3-crypto
+ state: present
+
+- name: "install VCSWorker source"
+ git:
+ repo: git://git.liw.fi/wmf-ci-arch
+ dest: /srv/wmf-ci-arch
+
+- name: "create user for VCSWorker"
+ user:
+ name: _wmf
+ comment: "WMF CI"
+
+- name: "install key for checking incoming access tokens"
+ copy:
+ src: token.pub
+ dest: /etc/wmf_ci_token.pub
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: "create ~_wmf/.ssh"
+ file:
+ state: directory
+ dest: /home/_wmf/.ssh
+ owner: _wmf
+ group: _wmf
+ mode: '0700'
+
+- name: "install SSH public key for _wmf"
+ copy:
+ content: |
+ {{ vcsworker_ssh_pub }}
+ dest: /home/_wmf/.ssh/vcsworker.pub
+ owner: _wmf
+ group: _wmf
+ mode: '0644'
+
+- name: "install SSH private key for _wmf"
+ copy:
+ content: |
+ {{ vcsworker_ssh }}
+ dest: /home/_wmf/.ssh/vcsworker
+ owner: _wmf
+ group: _wmf
+ mode: '0600'
+
+# FIXME: This is clearly not OK for production.
+- name: "configure ssh to not check for new host keys"
+ copy:
+ src: ssh_config
+ dest: /home/_wmf/.ssh/config
+ owner: _wmf
+ group: _wmf
+ mode: '0644'
+
+- name: "install API access token for GitLab"
+ copy:
+ content: "{{ gitlab_token }}"
+ dest: /etc/wmf_gitlab_token
+ owner: _wmf
+ group: _wmf
+ mode: '0600'