opendev/system-config
Code Issues Proposed changes

Merge "Run matrix-gerritbot on eavesdrop"

Browse Source
This commit is contained in:
Zuul 2021-08-02 17:00:12 +00:00 committed by Gerrit Code Review
commit 04fac27ea8
8 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
playbooks/roles/matrix-gerritbot/README.rst Normal file
View File

@ -0,0 +1,24 @@
Run the gerritbot-matrix bot.
Create the *gerritbot_matrix_access_token* with this command:
.. code-block::
HOMESERVER_URL="https://opendev.ems.host"
USER="@gerritbot:opendev.org"
PASS="supersecret"
export MATRIX_TOKEN=$(curl -XPOST ${HOMESERVER_URL}/_matrix/client/r0/login -d '{"user": "'${USER}'", "password": "'${PASS}'", "type": "m.login.password"}' | jq -r ".access_token")
echo "gerritbot_matrix_access_token: ${MATRIX_TOKEN}"
Verify the token:
.. code-block::
curl -H "Authorization: Bearer ${MATRIX_TOKEN}" ${HOMESERVER_URL}/_matrix/client/r0/account/whoami
Delete the token:
.. code-block::
curl -H "Authorization: Bearer ${MATRIX_TOKEN}" -X POST ${HOMESERVER_URL}/_matrix/client/r0/logout -d{}

15
playbooks/roles/matrix-gerritbot/defaults/main.yaml Normal file
View File

@ -0,0 +1,15 @@
gerritbot_matrix_version: 0.1.0.0
gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
# gerrit ssh configuration
gerritbot_ssh_key: ""
gerritbot_ssh_key_format: "rsa"
gerritbot_known_hosts: |
[review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH
gerritbot_gerrit_host: "review.opendev.org"
gerritbot_gerrit_user: "gerritbot"
# matrix configuration
gerritbot_matrix_homeserver: "https://opendev.ems.host"
gerritbot_matrix_access_token: ""

9
playbooks/roles/matrix-gerritbot/files/gerritbot.yaml Normal file
View File

@ -0,0 +1,9 @@
- room: "#test:opendev.org"
projects:
- "opendev/ci-sandbox"
events:
- "PatchsetCreated"
branches:
- "master"
servers:
- "review.opendev.org"

64
playbooks/roles/matrix-gerritbot/tasks/main.yaml Normal file
View File

@ -0,0 +1,64 @@
- name: Ensure bot directories
file:
state: directory
path: '/var/lib/matrix-gerritbot/{{ item }}'
mode: 0700
loop:
- config
- ssh
- name: Install gerritbot config
copy:
src: gerritbot.yaml
dest: /var/lib/matrix-gerritbot/config/gerritbot.yaml
register: _gerritbot_config
- name: Lookup the configuration schema
command: docker run --rm "{{ gerritbot_matrix_image }}" print-config-schema
register: _gerritbot_schema
- name: Validate and create the configuration
when: _gerritbot_config.changed
shell: >-
cat {{ config }}/gerritbot.yaml | {{ yaml_to_dhall }} "{{ schema }}"
--output {{ config }}/gerritbot.dhall
vars:
config: /var/lib/matrix-gerritbot/config
yaml_to_dhall: >-
docker run -i -v {{ config }}:{{ config }}
--rm docker.io/dhallhaskell/dhall-yaml yaml-to-dhall
schema: "List {{ _gerritbot_schema.stdout }}"
- name: Install gerritbot ssh key
copy:
content: "{{ gerritbot_ssh_key }}"
dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}"
mode: 0400
no_log: true
- name: Install gerritbot known host
copy:
content: "{{ gerritbot_known_hosts }}"
dest: "/var/lib/matrix-gerritbot/ssh/known_hosts"
- name: Ensure /etc/matrix-gerritbot-docker directory
file:
state: directory
path: /etc/matrix-gerritbot-docker
mode: 0755
- name: Put docker-compose file in place
template:
src: docker-compose.yaml.j2
dest: /etc/matrix-gerritbot-docker/docker-compose.yaml
# The token is written into the file
mode: 0600
- name: Run docker-compose up
shell:
cmd: "docker-compose up -d"
chdir: /etc/matrix-gerritbot-docker/
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f

23
playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 Normal file
View File

@ -0,0 +1,23 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
gerritbot-matrix:
image: {{ gerritbot_matrix_image }}
network_mode: host
restart: always
logging:
driver: syslog
options:
tag: "docker-matrix-gerritbot"
environment:
MATRIX_TOKEN: {{ gerritbot_matrix_access_token }}
volumes:
- /var/lib/matrix-gerritbot/config:/config
- /var/lib/matrix-gerritbot/ssh:/root/.ssh
command: >-
--gerrit-host {{ gerritbot_gerrit_host }}
--gerrit-user {{ gerritbot_gerrit_user }}
--homeserver-url {{ gerritbot_matrix_homeserver }}
--config-file /config/gerritbot.dhall

1
playbooks/service-eavesdrop.yaml
View File

@ -10,3 +10,4 @@
- statusbot - statusbot
- limnoria - limnoria
- matrix-eavesdrop - matrix-eavesdrop
- matrix-gerritbot

1
zuul.d/infra-prod.yaml
View File

@ -490,6 +490,7 @@
- playbooks/roles/statusbot - playbooks/roles/statusbot
- playbooks/roles/logrotate - playbooks/roles/logrotate
- playbooks/roles/matrix-eavesdrop - playbooks/roles/matrix-eavesdrop
- playbooks/roles/matrix-gerritbot
- playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2 - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
- docker/accessbot/ - docker/accessbot/
- docker/ircbot - docker/ircbot

1
zuul.d/system-config-run.yaml
View File

@ -165,6 +165,7 @@
- docker/accessbot/ - docker/accessbot/
- docker/ircbot - docker/ircbot
- docker/matrix-eavesdrop - docker/matrix-eavesdrop
- docker/matrix-gerritbot
- testinfra/test_eavesdrop.py - testinfra/test_eavesdrop.py
- job: - job: