-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge sa2ajj/buildbot-infra:bootstrap (PR #12)
- Loading branch information
Showing
12 changed files
with
119 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#! /bin/sh | ||
# | ||
# This script invokes bootstrap.yml while settings special parameters | ||
# | ||
# Usage: ./bootstrap <host-pattern> [-i <inventory>] [<ansible-playbook-options>] | ||
# | ||
# host-pattern specifies the host to bootstrap; in most cases this should be a single | ||
# hostname, but for bootstrapping a set of hosts this can be any Ansible pattern. | ||
# | ||
# -i <inventory> is needed when you deploy on hosts other than listed in 'dev-hosts' | ||
# | ||
# The `ControlPersist` parameter below is set to 10m, so ssh would keep the | ||
# connection after the first authentication. | ||
|
||
set -e | ||
|
||
hostpattern=$1 | ||
shift | ||
if [ -z "$hostpattern" ]; then | ||
echo "hostpattern is required" | ||
exit 1 | ||
fi | ||
|
||
export ANSIBLE_HOST_KEY_CHECKING=False | ||
export ANSIBLE_SSH_ARGS="-o PreferredAuthentications=password,keyboard-interactive -o ControlPersist=10m" | ||
|
||
ansible-playbook bootstrap.yml -l $hostpattern $* | ||
ansible-playbook site.yml -u root -l $hostpattern $* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Playbook to bootstrap new service hosts | ||
# | ||
# Prerequisites: | ||
# * basic system is installed (FreeBSD 10.0+) on the target machines | ||
# * there's only root account that allows to connect to those machines | ||
# * root passwords are known for all target machines so we can connect as root | ||
# * ssh access for 'root' is enabled (`PermitRootLogin yes`) | ||
# | ||
# Outcome: | ||
# * machine has basic infrastructure so it can be managed by Ansible: | ||
# * user "{{ service_account }}" is created | ||
# * this user is granted passwordless sudo right (added to wheel group) | ||
# * a crontab entry for running ansible-pull is added | ||
--- | ||
- name: perform initial bootstrap of service hosts | ||
hosts: servicehosts | ||
gather_facts: no | ||
# we do not have admin users on the target hosts yet, hence using root | ||
# directly | ||
remote_user: root | ||
|
||
tasks: | ||
# This is the only task that requires 'raw' module | ||
- name: install ansible | ||
raw: "env ASSUME_ALWAYS_YES=YES pkg install ansible" | ||
|
||
# vim:ft=yaml:nosi:noai:ts=2:sw=2 |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
Things to implement for cron task | ||
--------------------------------- | ||
|
||
(based on discussion in https://github.com/buildbot/buildbot-infra/pull/12) | ||
|
||
* run under service account | ||
* ensure path does not depend on external configuration | ||
* run daily | ||
* document a way to "force" a run | ||
* collect logs and send a notification in case of errors |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
[servicehosts] | ||
service[1:3].buildbot.net ansible_python_interpreter=python2 | ||
service[1:3].buildbot.net |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
--- | ||
- include: secrets.yml | ||
- include: python.yml | ||
- include: packages.yml | ||
- include: sudo.yml | ||
- include: admin_users.yml | ||
- include: users.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
- name: install mandatory packages | ||
pkgng: | ||
name: "{{item}}" | ||
state: present | ||
with_items: mandatory_packages | ||
|
||
- name: install utility packages | ||
pkgng: | ||
name: "{{item}}" | ||
state: present | ||
with_items: utility_packages |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,12 @@ | ||
--- | ||
- name: install sudo | ||
pkgng: name=sudo state=present | ||
- name: enable sudo modular configuration | ||
lineinfile: | ||
dest: "/usr/local/etc/sudoers" | ||
line: "#includedir /usr/local/etc/sudoers.d" | ||
state: present | ||
validate: "visudo -cf %s" | ||
|
||
- name: configure sudo | ||
template: src=sudoers-wheel.j2 dest=/usr/local/etc/sudoers.d/sudoers-wheel validate='visudo -cf %s' | ||
- name: enable passwordless sudo for members of the wheel group | ||
copy: | ||
src: "files/sudoers-wheel" | ||
dest: "/usr/local/etc/sudoers.d/sudoers-wheel" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters