/
promoter-setup.yml
209 lines (184 loc) · 6.42 KB
/
promoter-setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
- name: Set up the promoter-server on rdocloud
hosts: localhost
tasks:
- name: Create the promoter-server instance
os_server:
state: present
name: promoter-server
auto_ip: yes
flavor: m1.medium
image: 8f41e8ce-cacc-4354-a481-9b9dba4f6de7
key_name: tripleo-cd-admins-and-adarazs-trown
network: private
security_groups: default
timeout: 300
register: 'os_host'
- name: add hosts to inventory
add_host:
name: '{{ os_host.openstack.name }}'
ansible_user: centos
ansible_host: '{{ os_host.openstack.accessIPv4 }}'
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
- name: Set up the promoter-server
hosts: promoter-server
tasks:
- name: Create persistent journal
file:
path: /var/log/journal/
state: directory
become: true
- name: Enable journald persistence
ini_file:
dest: "/etc/systemd/journald.conf"
section: Journal
option: Storage
value: "Persistent"
no_extra_spaces: yes
register: journal_config
become: true
- name: Restart journald
systemd:
name: systemd-journald
state: restarted
when: journal_config|changed
become: true
- name: Update packages on the server
become: true
yum:
name: '*'
state: latest
- name: Install required packages
become: true
yum:
name: 'ansible,docker,docker-python,git,httpd,python-virtualenv,vim'
state: latest
- name: Create a directory for the promoter logs
file:
path: '~/promoter_logs'
state: directory
setype: httpd_sys_content_t
- name: copy logrotate selinux policy
copy:
src: logrotate-promoter.te
dest: /tmp/logrotate-promoter.te
register: policy
- name: compile and permanently install policy
shell: |
checkmodule -M -m -o /tmp/logrotate-promoter.mod /tmp/logrotate-promoter.te
semodule_package -m /tmp/logrotate-promoter.mod -o /tmp/logrotate-promoter.pp
semodule -i /tmp/logrotate-promoter.pp
rm -f /tmp/logrotate-promoter.pp /tmp/logrotate-promoter.mod
become: true
when: policy|changed
- name: Fix home directory permission
file:
path: '~'
mode: 0755
- name: Disable the default welcome page
become: true
copy:
content: ''
dest: '/etc/httpd/conf.d/welcome.conf'
backup: yes
- name: Add config file for Apache to expose the logs
become: true
blockinfile:
path: '/etc/httpd/conf.d/promoter_logs.conf'
create: yes
block: |
<VirtualHost *:80>
ServerAdmin rdo-ci-admins@redhat.com
DocumentRoot "{{ ansible_env.HOME }}/promoter_logs"
<Directory {{ ansible_env.HOME }}/promoter_logs>
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
register: apache_config
- name: Start and enable Apache
become: true
service:
name: httpd
state: restarted
enabled: yes
when: apache_config|changed
- name: Start and enable Docker
become: true
service:
name: docker
state: started
enabled: yes
- name: Clone to the ci-config repo
git:
repo: 'https://review.rdoproject.org/r/p/rdo-infra/ci-config.git'
dest: '~/ci-config'
- name: Add secret for DLRNAPI_PASSWORD
blockinfile:
path: '~/dlrnapi_secret'
create: yes
mode: 0600
block: |
export DLRNAPI_PASSWORD='{{ dlrnapi_password }}'
- name: Add secrets for the registries
blockinfile:
path: '~/registry_secret'
create: yes
mode: 0600
block: |
export DOCKERHUB_USERNAME='{{ dockerhub_username }}'
export DOCKERHUB_PASSWORD='{{ dockerhub_password }}'
export RDOPROJECT_USERNAME='{{ rdoproject_username }}'
export RDOPROJECT_PASSWORD='{{ rdoproject_password }}'
- name: Add keypair for the images server
copy:
content: '{{ uploader_ssh_priv_key }}'
dest: '{{ ansible_env.HOME }}/.ssh/id_rsa'
mode: 0600
register: priv_key
- name: Generate public key from private key for uploader user
shell: >
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
when: priv_key|changed
- name: Create a virtualenv for the promoter script
pip:
requirements: ~/ci-config/ci-scripts/dlrnapi_promoter/requirements.txt
virtualenv: ~/promoter_venv
- name: Add a cron jobs to periodically fetch the new version of the promoter script
cron:
name: 'fetch the latest dlrnapi_client and dependencies'
minute: '5,15,25,35,45,55'
job: 'source ~/promoter_venv/bin/activate; pip install -U -r ~/ci-config/ci-scripts/dlrnapi_promoter/requirements.txt'
- name: Add a cron jobs to periodically fetch the new version of the promoter script
cron:
name: 'fetch the latest ci-config'
minute: '0,10,20,30,40,50'
job: 'cd ~/ci-config; git pull >/dev/null'
- name: Add a cron jobs to run the promotion script
cron:
name: 'promoter script for the {{ item.release }} branch'
minute: '{{ item.minute }}'
# TODO(gcerami) I think the job command deserves a script on its own
job: 'source ~/registry_secret; source ~/dlrnapi_secret; source ~/promoter_venv/bin/activate; /usr/bin/timeout --preserve-status -k 120m 115m python ~/ci-config/ci-scripts/dlrnapi_promoter/dlrnapi_promoter.py ~/ci-config/ci-scripts/dlrnapi_promoter/config/{{ item.release }}.ini'
with_items:
- { release: 'master', minute: '1,11,21,31,41,51' }
- { release: 'pike', minute: '2,12,22,32,42,52' }
- { release: 'ocata', minute: '3,13,23,33,43,53' }
- name: add configuration for the log rotation
copy:
content: |
/home/centos/promoter_logs/*.log {
daily
missingok
su centos centos
dateext
dateyesterday
notifempty
delaycompress
rotate 60
}
dest: /etc/logrotate.d/promoter
owner: root
group: root
mode: 0644
become: true