From 7eb18f29bdd6787d017ea2a417eb0ec46d8b8f8c Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lwirzenius@wikimedia.org>
Date: Mon, 22 Jul 2019 21:47:11 +0300
Subject: Add: deployer role

---
 roles/deployer/tasks/main.yml | 85 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 roles/deployer/tasks/main.yml

(limited to 'roles/deployer/tasks/main.yml')

diff --git a/roles/deployer/tasks/main.yml b/roles/deployer/tasks/main.yml
new file mode 100644
index 0000000..79492f3
--- /dev/null
+++ b/roles/deployer/tasks/main.yml
@@ -0,0 +1,85 @@
+- name: "install deployer dependencies and useful tools"
+  apt:
+    name:
+      - screen
+      - git
+      - haproxy
+      - psmisc
+      - python3
+      - python3-bottle
+      - python3-jwt
+      - python3-crypto
+    state: present
+
+- name: "install deployer source"
+  git:
+    repo: git://git.liw.fi/wmf-ci-arch
+    dest: /srv/wmf-ci-arch
+
+- name: "create user for deployer"
+  user:
+    name: _wmf
+    comment: "WMF CI"
+
+- name: "install key for checking incoming access tokens"
+  copy:
+    src: token.pub
+    dest: /etc/wmf_ci_token.pub
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: "create ~_wmf/.ssh"
+  file:
+    state: directory
+    dest: /home/_wmf/.ssh
+    owner: _wmf
+    group: _wmf
+    mode: '0700'
+
+- name: "install SSH public key for _wmf"
+  copy:
+    content: |
+      {{ deployer_ssh_pub }}
+    dest: /home/_wmf/.ssh/deployer.pub
+    owner: _wmf
+    group: _wmf
+    mode: '0644'
+
+- name: "install SSH private key for _wmf"
+  copy:
+    content: |
+      {{ deployer_ssh }}
+    dest: /home/_wmf/.ssh/deployer
+    owner: _wmf
+    group: _wmf
+    mode: '0600'
+
+# FIXME: This is clearly not OK for production.
+- name: "configure ssh to not check for new host keys"
+  copy:
+    src: ssh_config
+    dest: /home/_wmf/.ssh/config
+    owner: _wmf
+    group: _wmf
+    mode: '0644'
+
+- name: "install API access token for artifact store"
+  copy:
+    content: "{{ artifact_download_token }}"
+    dest: /etc/wmf_artifact_download_token
+    owner: _wmf
+    group: _wmf
+    mode: '0600'
+
+- name: "install deployer.service"
+  copy:
+    src: deployer.service
+    dest: /lib/systemd/system/deployer.service
+
+- name: "enable and (re)start deployer"
+  systemd:
+    name: deployer.service
+    daemon_reload: yes
+    enabled: yes
+    state: restarted
-- 
cgit v1.2.1