summaryrefslogtreecommitdiff
path: root/roles/deployer/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/deployer/tasks/main.yml')
-rw-r--r--roles/deployer/tasks/main.yml85
1 files changed, 85 insertions, 0 deletions
diff --git a/roles/deployer/tasks/main.yml b/roles/deployer/tasks/main.yml
new file mode 100644
index 0000000..79492f3
--- /dev/null
+++ b/roles/deployer/tasks/main.yml
@@ -0,0 +1,85 @@
+- name: "install deployer dependencies and useful tools"
+ apt:
+ name:
+ - screen
+ - git
+ - haproxy
+ - psmisc
+ - python3
+ - python3-bottle
+ - python3-jwt
+ - python3-crypto
+ state: present
+
+- name: "install deployer source"
+ git:
+ repo: git://git.liw.fi/wmf-ci-arch
+ dest: /srv/wmf-ci-arch
+
+- name: "create user for deployer"
+ user:
+ name: _wmf
+ comment: "WMF CI"
+
+- name: "install key for checking incoming access tokens"
+ copy:
+ src: token.pub
+ dest: /etc/wmf_ci_token.pub
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: "create ~_wmf/.ssh"
+ file:
+ state: directory
+ dest: /home/_wmf/.ssh
+ owner: _wmf
+ group: _wmf
+ mode: '0700'
+
+- name: "install SSH public key for _wmf"
+ copy:
+ content: |
+ {{ deployer_ssh_pub }}
+ dest: /home/_wmf/.ssh/deployer.pub
+ owner: _wmf
+ group: _wmf
+ mode: '0644'
+
+- name: "install SSH private key for _wmf"
+ copy:
+ content: |
+ {{ deployer_ssh }}
+ dest: /home/_wmf/.ssh/deployer
+ owner: _wmf
+ group: _wmf
+ mode: '0600'
+
+# FIXME: This is clearly not OK for production.
+- name: "configure ssh to not check for new host keys"
+ copy:
+ src: ssh_config
+ dest: /home/_wmf/.ssh/config
+ owner: _wmf
+ group: _wmf
+ mode: '0644'
+
+- name: "install API access token for artifact store"
+ copy:
+ content: "{{ artifact_download_token }}"
+ dest: /etc/wmf_artifact_download_token
+ owner: _wmf
+ group: _wmf
+ mode: '0600'
+
+- name: "install deployer.service"
+ copy:
+ src: deployer.service
+ dest: /lib/systemd/system/deployer.service
+
+- name: "enable and (re)start deployer"
+ systemd:
+ name: deployer.service
+ daemon_reload: yes
+ enabled: yes
+ state: restarted