zuul
/
zuul
Code Issues Proposed changes

Fixes for quick-start playbooks 

* Tell folks to run 'sudo docker-compose up' in case their user
  is not in the docker group.

* Turn off fact gathering in playbooks because we've seen some
  leakage of device information from the host into the container
  which causes ansible to query device info that doesn't exist.
  We don't use facts anyway so this is faster too.

* Use register instead of rescue to figure out if users/projects
  need to be created.  It makes the ansible output tidier since
  there won't be any (expected) failure tasks.

* Use the alpine image instead of centos for the gerritconfig
  container.  We're more likely to be able to re-use this layer
  between this and the Zuul images than we would with centos
  (because the gerrit container over-specifies the centos version).

* Capitalize the task names in playbooks.  It looks better.

Change-Id: I428a2aea4e7544e04771d89e8d5627431cfaf1de
This commit is contained in:
James E. Blair 2018-10-10 14:33:11 -07:00
parent 011d765915
commit 1bd3fe9075
6 changed files with 59 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/admin/examples/ansible-Dockerfile
View File

@ -1,5 +1,3 @@
FROM centos:7
FROM python:alpine
RUN yum install -y openssh git
RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py && python get-pip.py
RUN pip install ansible
RUN apk add --no-cache openssh git build-base openssl-dev libffi-dev bash && pip install ansible

7
doc/source/admin/examples/playbooks/executor.yaml
View File

@ -2,14 +2,15 @@
# Gerrit's SSH host keys to the known hosts_file before starting.
- hosts: localhost
gather_facts: false
tasks:
- name: wait for gerrit to start
- name: Wait for gerrit to start
wait_for:
host: gerrit
port: 29418
- name: make ssh dir
- name: Ensure SSH directory exists
file:
state: directory
path: /root/.ssh
- name: fetch ssh host keys from gerrit
- name: Fetch SSH host keys from Gerrit
shell: ssh-keyscan -p 29418 gerrit > /root/.ssh/known_hosts

19
doc/source/admin/examples/playbooks/roles/create_project/tasks/main.yaml
View File

@ -1,19 +1,22 @@
- block:
- name: check if {{ project }} project exists
uri:
url: http://gerrit:8080/projects/{{ project }}
rescue:
- name: create temp dir for {{ project }} creation
- name: Check if {{ project }} project exists
uri:
url: http://gerrit:8080/projects/{{ project }}
status_code: 200, 404
register: project_check
- name: Create {{ project }}
when: project_check.status==404
block:
- name: Create temp dir for {{ project }} creation
shell: mktemp -d
register: project_tmp
- name: create {{ project }} project
- name: Create {{ project }} project in Gerrit
uri:
url: http://gerrit:8080/a/projects/{{ project }}
method: PUT
user: admin
password: secret
status_code: 201
- name: create initial commit
- name: Create initial commit in {{ project }}
shell:
executable: /bin/bash
chdir: "{{ project_tmp.stdout }}"

5
doc/source/admin/examples/playbooks/scheduler.yaml
View File

@ -2,12 +2,13 @@
# in order to start.
- hosts: localhost
gather_facts: false
tasks:
- name: wait for gerrit to start
- name: Wait for Gerrit to start
wait_for:
host: gerrit
port: 29418
- name: wait for zuul user to be created
- name: Wait for zuul user to be created
uri:
url: http://gerrit:8080/a/accounts/zuul/sshkeys
method: GET

72
doc/source/admin/examples/playbooks/setup.yaml
View File

@ -1,33 +1,36 @@
- hosts: localhost
gather_facts: false
tasks:
- name: wait for gerrit to start
- name: Wait for Gerrit to start
wait_for:
host: gerrit
port: 29418
- name: generate admin ssh key
- name: Generate admin SSH key for Gerrit
command: ssh-keygen -f /var/ssh/admin -N ''
args:
creates: /var/ssh/admin.pub
- name: generate zuul ssh key for gerrit
- name: Generate Zuul SSH key for Gerrit
command: ssh-keygen -f /var/ssh/zuul -N ''
args:
creates: /var/ssh/zuul.pub
- name: generate zuul ssh key for nodepool
- name: Generate Zuul SSH key for Nodepool
command: ssh-keygen -f /var/ssh/nodepool -N ''
args:
creates: /var/ssh/nodepool.pub
- name: add nodepool key to node authorized_keys file
- name: Add Nodepool key to node authorized_keys file
command: cp /var/ssh/nodepool.pub /var/node/authorized_keys
args:
creates: /var/node/authorized_keys
- name: get first login screen
# The Gerrit container puts up a helpful info page the first time
# you hit the web server; get past that.
- name: Get Gerrit first login screen
uri:
url: http://gerrit:8080/a/accounts/self/sshkeys
method: GET
user: admin
password: secret
ignore_errors: true
- name: add admin ssh key to gerrit
- name: Add admin SSH key to Gerrit
uri:
url: http://gerrit:8080/a/accounts/self/sshkeys
method: POST
@ -36,24 +39,24 @@
body: "{{ lookup('file', '/var/ssh/admin.pub') }}"
status_code: 201
- name: create temp dir for config update
- name: Create temp dir for Gerrit config update
shell: mktemp -d
register: gerrit_tmp
- name: set fact
- name: Set All-Project repo location
set_fact:
all_projects_repo: "{{ gerrit_tmp.stdout }}/All-Projects"
- name: checkout all-projects config
- name: Checkout All-Projects config
git:
repo: ssh://gerrit:29418/All-Projects/
ssh_opts: "-o StrictHostKeyChecking=no -i /var/ssh/admin -l admin"
dest: "{{ all_projects_repo }}"
refspec: '+refs/meta/config:refs/meta/config'
version: refs/meta/config
- name: copy all-projects config
- name: Copy new All-Projects config into place
copy:
src: "/var/playbooks/project.config"
dest: "{{ all_projects_repo }}/project.config"
- name: update all-projects config
- name: Update All-Projects config in Gerrit
shell: |
git config user.email 'admin@example.com'
git commit -a -m 'update config'
@ -62,17 +65,17 @@
chdir: "{{ all_projects_repo }}"
warn: false
- name: create zuul-config project
- name: Create zuul-config project
include_role:
name: create_project
vars:
project: zuul-config
- name: create test1 project
- name: Create test1 project
include_role:
name: create_project
vars:
project: test1
- name: create test2 project
- name: Create test2 project
include_role:
name: create_project
vars:
@ -81,22 +84,23 @@
# The Zuul user is created last because it is an atomic operation
# which signals that Gerrit is ready for use and it is safe for
# the Zuul scheduler to start.
- block:
- name: check if zuul user exists
uri:
url: http://gerrit:8080/accounts/zuul
rescue:
- name: create zuul gerrit account
uri:
url: http://gerrit:8080/a/accounts/zuul
method: PUT
user: admin
password: secret
status_code: 201
body_format: json
body:
name: Zuul
ssh_key: "{{ lookup('file', '/var/ssh/zuul.pub') }}"
http_password: secret
groups:
- "Non-Interactive Users"
- name: Check if zuul user exists
uri:
url: http://gerrit:8080/accounts/zuul
status_code: 200, 404
register: zuul_user_check
- name: Create zuul Gerrit account
when: zuul_user_check.status==404
uri:
url: http://gerrit:8080/a/accounts/zuul
method: PUT
user: admin
password: secret
status_code: 201
body_format: json
body:
name: Zuul
ssh_key: "{{ lookup('file', '/var/ssh/zuul.pub') }}"
http_password: secret
groups:
- "Non-Interactive Users"

2
doc/source/admin/quick-start.rst
View File

@ -46,7 +46,7 @@ docker-compose in order to start Zuul, Nodepool and Gerrit.
.. code-block:: shell
cd zuul/doc/source/admin/examples
docker-compose up
sudo docker-compose up
All of the services will be started with debug-level logging sent to
the standard output of the terminal where docker-compose is running.