opendev/system-config
Code Issues Proposed changes

Merge "Stop ansipuppeting the old cgit farm"

Browse Source
This commit is contained in:
Zuul 2019-04-22 18:16:47 +00:00 committed by Gerrit Code Review
commit 02463a1ecd
8 changed files with 1 additions and 666 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.zuul.yaml
View File

@ -4,24 +4,12 @@
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-infra-centos-7-system-config
parent: puppet-beaker-rspec-centos-7-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-puppet-4-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
# Image building jobs
- secret:
name: system-config-dockerhub
@ -274,20 +262,6 @@
files:
- roles/.*
- job:
name: system-config-zuul-role-integration-centos-7
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: centos-7
- name: puppet4
label: centos-7
groups:
- name: puppet3
nodes:
- base
- job:
name: system-config-zuul-role-integration-trusty
parent: system-config-zuul-role-integration
@ -340,14 +314,12 @@
name: system-config-zuul-role-integration
check:
jobs:
- system-config-zuul-role-integration-centos-7
- system-config-zuul-role-integration-trusty
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
gate:
jobs:
- system-config-zuul-role-integration-centos-7
- system-config-zuul-role-integration-trusty
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
@ -392,13 +364,9 @@
label: ubuntu-xenial
- name: bionic
label: ubuntu-bionic
- name: centos7
label: centos-7
host-vars:
trusty:
ansible_python_interpreter: python2
centos7:
ansible_python_interpreter: python2
files:
- .zuul.yaml
- playbooks/.*
@ -659,9 +627,7 @@
- tox-linters
- legacy-system-config-puppet-syntax-3
- puppet-beaker-rspec-infra-system-config
- puppet-beaker-rspec-infra-centos-7-system-config
- puppet-beaker-rspec-puppet-4-infra-system-config
- puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
- system-config-run-base
- system-config-run-base-ansible-devel:
voting: false
@ -688,9 +654,7 @@
- tox-linters
- legacy-system-config-puppet-syntax-3
- puppet-beaker-rspec-infra-system-config
- puppet-beaker-rspec-infra-centos-7-system-config
- puppet-beaker-rspec-puppet-4-infra-system-config
- puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
- system-config-run-base
- system-config-run-dns
- system-config-run-eavesdrop

8
inventory/groups.yaml
View File

@ -36,8 +36,6 @@ groups:
firehose: firehose[0-9]*.open*.org
futureparser:
- ask*.open*.org
- git.openstack.org
- git[0-9]*.openstack.org
- lists*.open*.org
- ze[0-9]*.open*.org
- zk[0-9]*.open*.org
@ -46,10 +44,6 @@ groups:
gerrit:
- review-dev[0-9]*.open*.org
- review[0-9]*.open*.org
git-loadbalancer:
- git.openstack.org
git-server:
- git[0-9]*.openstack.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
@ -110,8 +104,6 @@ groups:
- etherpad[0-9]*.open*.org
- files[0-9]*.open*.org
- firehose[0-9]*.open*.org
- git[0-9]*.openstack.org
- git.openstack.org
- grafana[0-9]*.open*.org
- graphite*.open*.org
- groups-dev*.open*.org

63
inventory/openstack.yaml
View File

@ -236,69 +236,6 @@ all:
cloud: openstackci-vexxhost
region_name: sjc1
public_v4: 38.108.68.22
git.openstack.org:
ansible_host: 2001:4800:7819:103:be76:4eff:fe04:77e6
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.246.85
public_v6: 2001:4800:7819:103:be76:4eff:fe04:77e6
git01.openstack.org:
ansible_host: 2001:4800:7819:105:be76:4eff:fe05:e834
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.243.237
public_v6: 2001:4800:7819:105:be76:4eff:fe05:e834
git02.openstack.org:
ansible_host: 2001:4800:7819:105:be76:4eff:fe05:df62
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.130.243.109
public_v6: 2001:4800:7819:105:be76:4eff:fe05:df62
git03.openstack.org:
ansible_host: 2001:4800:7817:101:be76:4eff:fe05:f6f1
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 67.192.247.197
public_v6: 2001:4800:7817:101:be76:4eff:fe05:f6f1
git04.openstack.org:
ansible_host: 2001:4800:7817:101:be76:4eff:fe05:f6eb
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 67.192.247.180
public_v6: 2001:4800:7817:101:be76:4eff:fe05:f6eb
git05.openstack.org:
ansible_host: 2001:4800:7815:105:be76:4eff:fe04:8cab
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 23.253.69.135
public_v6: 2001:4800:7815:105:be76:4eff:fe04:8cab
git06.openstack.org:
ansible_host: 2001:4800:7818:104:be76:4eff:fe05:17ef
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.239.132.223
public_v6: 2001:4800:7818:104:be76:4eff:fe05:17ef
git07.openstack.org:
ansible_host: 2001:4800:7815:102:be76:4eff:fe04:dba8
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 23.253.94.84
public_v6: 2001:4800:7815:102:be76:4eff:fe04:dba8
git08.openstack.org:
ansible_host: 2001:4800:7819:104:be76:4eff:fe04:374d
location:
cloud: openstackci-rax
region_name: DFW
public_v4: 104.239.146.131
public_v6: 2001:4800:7819:104:be76:4eff:fe04:374d
grafana01.openstack.org:
ansible_host: 2001:4800:7817:104:be76:4eff:fe04:7e4e
location:

57
manifests/site.pp
View File

@ -414,63 +414,6 @@ node /^firehose\d+\.open.*\.org$/ {
}
}
# CentOS machines to load balance git access.
# Node-OS: centos7
node /^git(-fe\d+)?\.open.*\.org$/ {
$group = "git-loadbalancer"
class { 'openstack_project::git':
balancer_member_names => [
'git01.openstack.org',
'git02.openstack.org',
'git03.openstack.org',
'git04.openstack.org',
'git05.openstack.org',
'git06.openstack.org',
'git07.openstack.org',
'git08.openstack.org',
],
balancer_member_ips => [
'104.130.243.237',
'104.130.243.109',
'67.192.247.197',
'67.192.247.180',
'23.253.69.135',
'104.239.132.223',
'23.253.94.84',
'104.239.146.131',
],
}
}
# CentOS machines to run cgit and git daemon. Will be
# load balanced by git.openstack.org.
# Node-OS: centos7
node /^git\d+\.open.*\.org$/ {
$group = "git-server"
include openstack_project
class { 'openstack_project::server': }
class { 'openstack_project::git_backend':
project_config_repo => 'https://opendev.org/openstack/project-config',
vhost_name => 'git.openstack.org',
git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('git_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
git_zuul_ci_org_ssl_cert_file_contents => hiera('git_zuul_ci_org_ssl_cert_file_contents'),
git_zuul_ci_org_ssl_key_file_contents => hiera('git_zuul_ci_org_ssl_key_file_contents'),
git_zuul_ci_org_ssl_chain_file_contents => hiera('git_zuul_ci_org_ssl_chain_file_contents'),
git_airshipit_org_ssl_cert_file_contents => hiera('git_airshipit_org_ssl_cert_file_contents'),
git_airshipit_org_ssl_key_file_contents => hiera('git_airshipit_org_ssl_key_file_contents'),
git_airshipit_org_ssl_chain_file_contents => hiera('git_airshipit_org_ssl_chain_file_contents'),
git_starlingx_io_ssl_cert_file_contents => hiera('git_starlingx_io_ssl_cert_file_contents'),
git_starlingx_io_ssl_key_file_contents => hiera('git_starlingx_io_ssl_key_file_contents'),
git_starlingx_io_ssl_chain_file_contents => hiera('git_starlingx_io_ssl_chain_file_contents'),
behind_proxy => true,
selinux_mode => 'enforcing'
}
}
# A machine to drive AFS mirror updates.
# Node-OS: xenial
node /^mirror-update\d*\.open.*\.org$/ {

189
modules/openstack_project/manifests/git.pp
View File

@ -1,189 +0,0 @@
# Copyright 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class to configure haproxy to serve git on a CentOS node.
#
# == Class: openstack_project::git
class openstack_project::git (
$balancer_member_names = [],
$balancer_member_ips = [],
$selinux_mode = 'enforcing'
) {
class { 'openstack_project::server': }
if ($::osfamily == 'RedHat') {
class { 'selinux':
mode => $selinux_mode
}
}
package { 'socat':
ensure => present,
}
package { 'lsof':
ensure => present,
}
class { 'haproxy':
enable => true,
global_options => {
'log' => '127.0.0.1 local0',
'chroot' => '/var/lib/haproxy',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => '4000',
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats user root group root mode 0600 level admin'
},
defaults_options => {
'log' => 'global',
'stats' => 'enable',
'option' => 'redispatch',
'retries' => '3',
'timeout' => [
'http-request 10s',
'queue 1m',
'connect 10s',
'client 2m',
'server 2m',
'check 10s',
],
'maxconn' => '8000',
},
}
# The three listen defines here are what the world will hit.
haproxy::listen { 'balance_git_http':
ipaddress => [$::ipaddress, $::ipaddress6],
ports => ['80'],
mode => 'tcp',
collect_exported => false,
options => {
'balance' => 'leastconn',
'option' => [
'tcplog',
],
},
}
haproxy::listen { 'balance_git_https':
ipaddress => [$::ipaddress, $::ipaddress6],
ports => ['443'],
mode => 'tcp',
collect_exported => false,
options => {
'balance' => 'leastconn',
'option' => [
'tcplog',
],
},
}
haproxy::listen { 'balance_git_daemon':
ipaddress => [$::ipaddress, $::ipaddress6],
ports => ['9418'],
mode => 'tcp',
collect_exported => false,
options => {
'maxconn' => '256',
'backlog' => '256',
'balance' => 'leastconn',
'option' => [
'tcplog',
],
'timeout' => [
'client 15m',
'server 15m',
],
},
}
haproxy::balancermember { 'balance_git_http_member':
listening_service => 'balance_git_http',
server_names => $balancer_member_names,
ipaddresses => $balancer_member_ips,
ports => '8080',
}
haproxy::balancermember { 'balance_git_https_member':
listening_service => 'balance_git_https',
server_names => $balancer_member_names,
ipaddresses => $balancer_member_ips,
ports => '4443',
}
haproxy::balancermember { 'balance_git_daemon_member':
listening_service => 'balance_git_daemon',
server_names => $balancer_member_names,
ipaddresses => $balancer_member_ips,
ports => '29418',
options => 'maxqueue 512',
}
exec { 'haproxy_allow_bind_ports':
# If bool is already set don't set it again
onlyif => 'bash -c \'getsebool haproxy_connect_any | grep -q off\'',
command => 'setsebool -P haproxy_connect_any 1',
path => '/bin:/usr/sbin',
before => Service['haproxy'],
}
# TODO(mordred) We should get this haproxy stuff ported to ansible ASAP.
# Ansible is the one installing rsyslog.
file { '/etc/rsyslog.d/haproxy.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/git/rsyslog.haproxy.conf',
}
# haproxy statsd
package { 'python2-statsd':
ensure => present,
}
file { '/usr/local/bin/haproxy-statsd.py':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/git/haproxy-statsd.py',
notify => Service['haproxy-statsd'],
require => Package['python2-statsd'],
}
file { '/etc/default/haproxy-statsd':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/git/haproxy-statsd.default',
require => File['/usr/local/bin/haproxy-statsd.py'],
notify => Service['haproxy-statsd'],
}
file { '/etc/systemd/system/haproxy-statsd.service':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/git/haproxy-statsd.service',
require => File['/etc/default/haproxy-statsd'],
notify => Service['haproxy-statsd'],
}
service { 'haproxy-statsd':
provider => systemd,
enable => true,
require => File['/etc/systemd/system/haproxy-statsd.service'],
}
}

303
modules/openstack_project/manifests/git_backend.pp
View File

@ -1,303 +0,0 @@
# Copyright 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class to configure cgit on a CentOS node.
#
# == Class: openstack_project::git_backend
class openstack_project::git_backend (
$vhost_name = $::fqdn,
$git_gerrit_ssh_key = '',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$git_zuul_ci_org_ssl_cert_file_contents = '',
$git_zuul_ci_org_ssl_key_file_contents = '',
$git_zuul_ci_org_ssl_chain_file_contents = '',
$git_airshipit_org_ssl_cert_file_contents = '',
$git_airshipit_org_ssl_key_file_contents = '',
$git_airshipit_org_ssl_chain_file_contents = '',
$git_starlingx_io_ssl_cert_file_contents = '',
$git_starlingx_io_ssl_key_file_contents = '',
$git_starlingx_io_ssl_chain_file_contents = '',
$behind_proxy = false,
$project_config_repo = '',
$selinux_mode = 'enforcing',
) {
package { 'lsof':
ensure => present,
}
class { 'project_config':
url => $project_config_repo,
}
include jeepyb
include pip
if ($::osfamily == 'RedHat') {
class { 'selinux':
mode => $selinux_mode
}
}
class { '::cgit':
vhost_name => $vhost_name,
ssl_cert_file => "/etc/pki/tls/certs/${vhost_name}.pem",
ssl_key_file => "/etc/pki/tls/private/${vhost_name}.key",
ssl_chain_file => '/etc/pki/tls/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
behind_proxy => $behind_proxy,
cgitrc_settings => {
'clone-prefix' => 'https://git.openstack.org',
'commit-filter' => '/usr/local/bin/commit-filter.sh',
'css' => '/static/openstack.css',
'favicon' => '/static/favicon.ico',
'logo' => '/static/openstack.svg',
'root-title' => 'OpenStack git repository browser',
'max-repo-count' => 2500,
'robots' => 'index',
},
manage_cgitrc => true,
selinux_mode => $selinux_mode
}
::cgit::site { 'git.zuul-ci.org':
cgit_vhost_name => 'git.zuul-ci.org',
ssl_cert_file => "/etc/pki/tls/certs/git.zuul-ci.org.pem",
ssl_key_file => "/etc/pki/tls/private/git.zuul-ci.org.key",
ssl_chain_file => '/etc/pki/tls/certs/git.zuul-ci.org.intermediate.pem',
ssl_cert_file_contents => $git_zuul_ci_org_ssl_cert_file_contents,
ssl_key_file_contents => $git_zuul_ci_org_ssl_key_file_contents,
ssl_chain_file_contents => $git_zuul_ci_org_ssl_chain_file_contents,
behind_proxy => $behind_proxy,
cgitrc_settings => {
'clone-prefix' => 'https://git.zuul-ci.org',
'commit-filter' => '/usr/local/bin/commit-filter.sh',
'css' => '/cgit-data/cgit.css',
'favicon' => '/cgit-data/favicon.ico',
'logo' => '/cgit-data/cgit.png',
'root-title' => 'Zuul git repository browser',
'max-repo-count' => 2500,
'robots' => 'index',
'include' => '/etc/cgitrepos_git.zuul-ci.org',
},
manage_cgitrc => true,
cgitrc_path => '/etc/cgitrc_git.zuul-ci.org',
local_git_dir => '/var/lib/git-alias/git.zuul-ci.org',
cgitdir => '/var/www/cgit_git.zuul-ci.org',
staticfiles => '/var/www/cgit_git.zuul-ci.org/static',
selinux_mode => $selinux_mode
}
::cgit::site { 'git.airshipit.org':
cgit_vhost_name => 'git.airshipit.org',
ssl_cert_file => "/etc/pki/tls/certs/git.airshipit.org.pem",
ssl_key_file => "/etc/pki/tls/private/git.airshipit.org.key",
ssl_chain_file => '/etc/pki/tls/certs/git.airshipit.org.intermediate.pem',
ssl_cert_file_contents => $git_airshipit_org_ssl_cert_file_contents,
ssl_key_file_contents => $git_airshipit_org_ssl_key_file_contents,
ssl_chain_file_contents => $git_airshipit_org_ssl_chain_file_contents,
behind_proxy => $behind_proxy,
cgitrc_settings => {
'clone-prefix' => 'https://git.airshipit.org',
'commit-filter' => '/usr/local/bin/commit-filter.sh',
'css' => '/cgit-data/cgit.css',
'favicon' => '/cgit-data/favicon.ico',
'logo' => '/cgit-data/cgit.png',
'root-title' => 'Airship git repository browser',
'max-repo-count' => 2500,
'robots' => 'index',
'include' => '/etc/cgitrepos_git.airshipit.org',
},
manage_cgitrc => true,
cgitrc_path => '/etc/cgitrc_git.airshipit.org',
local_git_dir => '/var/lib/git-alias/git.airshipit.org',
cgitdir => '/var/www/cgit_git.airshipit.org',
staticfiles => '/var/www/cgit_git.airshipit.org/static',
selinux_mode => $selinux_mode
}
::cgit::site { 'git.starlingx.io':
cgit_vhost_name => 'git.starlingx.io',
ssl_cert_file => "/etc/pki/tls/certs/git.starlingx.io.pem",
ssl_key_file => "/etc/pki/tls/private/git.starlingx.io.key",
ssl_chain_file => '/etc/pki/tls/certs/git.starlingx.io.intermediate.pem',
ssl_cert_file_contents => $git_starlingx_io_ssl_cert_file_contents,
ssl_key_file_contents => $git_starlingx_io_ssl_key_file_contents,
ssl_chain_file_contents => $git_starlingx_io_ssl_chain_file_contents,
behind_proxy => $behind_proxy,
cgitrc_settings => {
'clone-prefix' => 'https://git.starlingx.io',
'commit-filter' => '/usr/local/bin/commit-filter.sh',
'css' => '/cgit-data/cgit.css',
'favicon' => '/cgit-data/favicon.ico',
'logo' => '/cgit-data/cgit.png',
'root-title' => 'StarlingX git repository browser',
'max-repo-count' => 2500,
'robots' => 'index',
'include' => '/etc/cgitrepos_git.starlingx.io',
},
manage_cgitrc => true,
cgitrc_path => '/etc/cgitrc_git.starlingx.io',
local_git_dir => '/var/lib/git-alias/git.starlingx.io',
cgitdir => '/var/www/cgit_git.starlingx.io',
staticfiles => '/var/www/cgit_git.starlingx.io/static',
selinux_mode => $selinux_mode
}
# We don't actually use these variables in this manifest, but jeepyb
# requires them to exist.
$local_git_dir = '/var/lib/git'
$ssh_project_key = ''
file { '/home/cgit/.ssh/':
ensure => directory,
owner => 'cgit',
group => 'cgit',
mode => '0700',
require => User['cgit'],
}
ssh_authorized_key { 'gerrit-replication-2014-04-25':
ensure => present,
user => 'cgit',
type => 'ssh-rsa',
key => $git_gerrit_ssh_key,
require => File['/home/cgit/.ssh/']
}
ssh_authorized_key { '/home/cgit/.ssh/authorized_keys':
ensure => absent,
user => 'cgit',
}
file { '/home/cgit/projects.yaml':
ensure => present,
owner => 'cgit',
group => 'cgit',
mode => '0444',
source => $::project_config::jeepyb_project_file,
require => $::project_config::config_dir,
replace => true,
}
exec { 'create_cgitrepos':
command => 'create-cgitrepos',
path => '/bin:/usr/bin:/usr/local/bin',
require => [
File['/home/cgit/projects.yaml'],
User['zuul'],
Class['jeepyb'],
],
subscribe => File['/home/cgit/projects.yaml'],
refreshonly => true,
}
cron { 'mirror_repack':
ensure => absent,
user => 'cgit',
}
cron { 'mirror_gitgc':
user => 'cgit',
hour => '4',
minute => '7',
command => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" gc \;',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
require => User['cgit'],
}
file { '/var/www/cgit/static/openstack.svg':
ensure => present,
source => 'puppet:///modules/openstack_project/openstack.svg',
require => File['/var/www/cgit/static'],
}
file { '/var/www/cgit/static/favicon.ico':
ensure => present,
source => 'puppet:///modules/openstack_project/status/favicon.ico',
require => File['/var/www/cgit/static'],
}
file { '/var/www/cgit/static/openstack.css':
ensure => present,
source => 'puppet:///modules/openstack_project/git/openstack.css',
require => File['/var/www/cgit/static'],
}
file { '/usr/local/bin/commit-filter.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/openstack_project/git/commit-filter.sh',
}
user { 'zuul':
ensure => present,
home => '/home/zuul',
shell => '/bin/bash',
gid => 'zuul',
managehome => true,
require => Group['zuul'],
}
group { 'zuul':
ensure => present,
}
file {'/home/zuul':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0755',
require => User['zuul'],
}
file { '/var/lib/git/zuul':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0755',
require => [
User['zuul'],
File['/var/lib/git'],
]
}
file { '/home/zuul/.ssh':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0700',
require => User['zuul'],
}
file { '/home/zuul/.ssh/authorized_keys':
ensure => absent,
}
cron { 'mirror_gitgc_zuul':
user => 'zuul',
weekday => '0',
hour => '4',
minute => '7',
command => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" git gc \;',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
require => User['zuul'],
}
}

2
playbooks/remote_puppet_else.yaml
View File

@ -1,4 +1,4 @@
- hosts: 'puppet:!review:!git-server:!zuul-scheduler:!afs:!afsdb:!puppetmaster*:!disabled'
- hosts: 'puppet:!review:!zuul-scheduler:!afs:!afsdb:!puppetmaster*:!disabled'
name: "Puppet-else: run puppet on all other servers"
strategy: free
roles:

9
playbooks/remote_puppet_git.yaml
View File

@ -10,15 +10,6 @@
force: yes
register: gitinfo
- hosts: "git-server:!disabled"
name: "Puppet-git: Run puppet on the git servers"
strategy: free
max_fail_percentage: 1
roles:
- role: puppet
facts:
project_config_ref: "{{ hostvars.localhost.gitinfo.after }}"
- hosts: "gitea:!disabled"
name: "Create repos on gitea servers"
strategy: free