diff --git a/playbooks/group_vars/nodepool-builder.yaml b/playbooks/group_vars/nodepool-builder.yaml index 81cac6a1aa..16e82208ba 100644 --- a/playbooks/group_vars/nodepool-builder.yaml +++ b/playbooks/group_vars/nodepool-builder.yaml @@ -1,4 +1,4 @@ -openstacksdk_config_dir: /home/nodepool/.config/openstack -openstacksdk_config_owner: nodepool -openstacksdk_config_group: nodepool +openstacksdk_config_owner: "{{ nodepool_user }}" +openstacksdk_config_group: "{{ nodepool_group }}" +openstacksdk_config_dir: "~{{ openstacksdk_config_owner }}/.config/openstack" openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2 diff --git a/playbooks/group_vars/nodepool-builder_opendev.yaml b/playbooks/group_vars/nodepool-builder_opendev.yaml index 11b5eac6ed..6b987b9ae1 100644 --- a/playbooks/group_vars/nodepool-builder_opendev.yaml +++ b/playbooks/group_vars/nodepool-builder_opendev.yaml @@ -1,4 +1,4 @@ openstacksdk_config_dir: /etc/openstack openstacksdk_config_owner: root -openstacksdk_config_group: nodepool +openstacksdk_config_group: "{{ nodepool_group }}" openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2 diff --git a/playbooks/group_vars/nodepool-launcher.yaml b/playbooks/group_vars/nodepool-launcher.yaml index 4174245222..dd46629203 100644 --- a/playbooks/group_vars/nodepool-launcher.yaml +++ b/playbooks/group_vars/nodepool-launcher.yaml @@ -1,4 +1,4 @@ openstacksdk_config_dir: /etc/openstack -openstacksdk_config_owner: nodepool -openstacksdk_config_group: nodepool +openstacksdk_config_owner: "{{ nodepool_user }}" +openstacksdk_config_group: "{{ nodepool_group }}" openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2 diff --git a/playbooks/group_vars/nodepool-launcher_opendev.yaml b/playbooks/group_vars/nodepool-launcher_opendev.yaml index 81cac6a1aa..16e82208ba 100644 --- a/playbooks/group_vars/nodepool-launcher_opendev.yaml +++ b/playbooks/group_vars/nodepool-launcher_opendev.yaml @@ -1,4 +1,4 @@ -openstacksdk_config_dir: /home/nodepool/.config/openstack -openstacksdk_config_owner: nodepool -openstacksdk_config_group: nodepool +openstacksdk_config_owner: "{{ nodepool_user }}" +openstacksdk_config_group: "{{ nodepool_group }}" +openstacksdk_config_dir: "~{{ openstacksdk_config_owner }}/.config/openstack" openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2 diff --git a/playbooks/group_vars/nodepool.yaml b/playbooks/group_vars/nodepool.yaml index 91e605d531..2c1347a893 100644 --- a/playbooks/group_vars/nodepool.yaml +++ b/playbooks/group_vars/nodepool.yaml @@ -1,4 +1,8 @@ -kube_config_dir: ~nodepool/.kube -kube_config_owner: nodepool -kube_config_group: nodepool +nodepool_user: nodepool +nodepool_group: nodepool +nodepool_uid: 10001 +nodepool_gid: 10001 +kube_config_dir: ~{{ nodepool_user }}/.kube +kube_config_owner: "{{ nodepool_user }}" +kube_config_group: "{{ nodepool_group }}" kube_config_template: clouds/nodepool_kube_config.yaml.j2 diff --git a/playbooks/group_vars/zookeeper.yaml b/playbooks/group_vars/zookeeper.yaml index e03be16ec0..f62df8548a 100644 --- a/playbooks/group_vars/zookeeper.yaml +++ b/playbooks/group_vars/zookeeper.yaml @@ -1,3 +1,7 @@ +zookeeper_user: zookeeper +zookeeper_group: zookeeper +zookeeper_uid: 10001 +zookeeper_gid: 10001 iptables_extra_allowed_hosts: - {'protocol': 'tcp', 'port': '2181', 'hostname': 'nb01.opendev.org'} - {'protocol': 'tcp', 'port': '2181', 'hostname': 'nb02.opendev.org'} diff --git a/playbooks/group_vars/zuul.yaml b/playbooks/group_vars/zuul.yaml index e3f2dd3e3a..604fbc21cb 100644 --- a/playbooks/group_vars/zuul.yaml +++ b/playbooks/group_vars/zuul.yaml @@ -1,5 +1,7 @@ zuul_user_id: 10001 zuul_group_id: 10001 +zuul_user: zuuld +zuul_group: zuuld zuul_known_hosts: | [review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 {{ gerrit_ssh_rsa_pubkey_contents }} [git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw== diff --git a/playbooks/roles/nodepool-base/defaults/main.yaml b/playbooks/roles/nodepool-base/defaults/main.yaml index f6c7e9a391..38bb8e9166 100644 --- a/playbooks/roles/nodepool-base/defaults/main.yaml +++ b/playbooks/roles/nodepool-base/defaults/main.yaml @@ -1,6 +1 @@ nodepool_base_install_zookeeper: False - -# Keep these in sync with the container uid's so containers can write -# to local bits and pieces. -nodepool_base_nodepool_uid: 10001 -nodepool_base_nodepool_gid: 10001 \ No newline at end of file diff --git a/playbooks/roles/nodepool-base/tasks/main.yaml b/playbooks/roles/nodepool-base/tasks/main.yaml index 48e0660dbe..956a702ee5 100644 --- a/playbooks/roles/nodepool-base/tasks/main.yaml +++ b/playbooks/roles/nodepool-base/tasks/main.yaml @@ -1,17 +1,18 @@ - name: Add the nodepool group group: - name: nodepool + name: '{{ nodepool_group }}' state: present - gid: '{{ nodepool_base_nodepool_gid }}' + gid: '{{ nodepool_gid }}' - name: Add the nodepool user user: - name: nodepool - group: nodepool - home: /home/nodepool + name: '{{ nodepool_user }}' + group: '{{ nodepool_group }}' + uid: '{{ nodepool_uid }}' + home: '/home/{{ nodepool_user }}' create_home: yes shell: /bin/bash - uid: '{{ nodepool_base_nodepool_uid }}' + system: yes - name: Sync project-config include_role: @@ -21,16 +22,16 @@ file: name: /etc/nodepool state: directory - owner: nodepool - group: nodepool + owner: '{{ nodepool_user }}' + group: '{{ nodepool_group }}' mode: 0755 - name: Create nodepool log dir file: name: /var/log/nodepool state: directory - owner: nodepool - group: nodepool + owner: '{{ nodepool_user }}' + group: '{{ nodepool_group }}' mode: 0755 - name: Look for a host specific config file diff --git a/playbooks/roles/nodepool-builder/tasks/main.yaml b/playbooks/roles/nodepool-builder/tasks/main.yaml index 7c33fffc86..c4fe1b9adf 100644 --- a/playbooks/roles/nodepool-builder/tasks/main.yaml +++ b/playbooks/roles/nodepool-builder/tasks/main.yaml @@ -8,8 +8,8 @@ state: directory path: '{{ item }}' mode: 0755 - owner: nodepool - group: nodepool + owner: "{{ nodepool_user }}" + group: "{{ nodepool_group }}" loop: - '/opt/dib_tmp' - '/opt/dib_cache' diff --git a/playbooks/roles/zookeeper/tasks/main.yaml b/playbooks/roles/zookeeper/tasks/main.yaml index 8752ffe66f..10ceaa2dba 100644 --- a/playbooks/roles/zookeeper/tasks/main.yaml +++ b/playbooks/roles/zookeeper/tasks/main.yaml @@ -1,17 +1,16 @@ - name: Create Zookeeper group group: - name: "zookeeper" - gid: 10001 + name: "{{ zookeeper_group }}" + gid: "{{ zookeeper_gid }}" system: yes - name: Create Zookeeper User user: - name: "zookeeper" - uid: 10001 - comment: Zookeeper - shell: /bin/false - group: "zookeeper" - home: "/var/zookeeper" - create_home: no + name: "{{ zookeeper_user }}" + group: "{{ zookeeper_group }}" + uid: "{{ zookeeper_uid }}" + home: "/home/{{ zookeeper_user }}" + create_home: yes + shell: /bin/bash system: yes - name: Synchronize compose directory synchronize: @@ -21,8 +20,8 @@ file: state: directory path: "/var/zookeeper/{{ item }}" - owner: zookeeper - group: zookeeper + owner: "{{ zookeeper_user }}" + group: "{{ zookeeper_group }}" loop: - conf - data diff --git a/playbooks/roles/zuul-executor/files/docker-compose.yaml b/playbooks/roles/zuul-executor/files/docker-compose.yaml index 2bfaff3ad3..15df22da8c 100644 --- a/playbooks/roles/zuul-executor/files/docker-compose.yaml +++ b/playbooks/roles/zuul-executor/files/docker-compose.yaml @@ -12,7 +12,7 @@ services: - /etc/zuul:/etc/zuul - /opt/project-config:/opt/project-config - /afs:/afs - - /home/zuul:/home/zuul + - /home/zuuld:/home/zuul - /var/lib/zuul:/var/lib/zuul - /var/log/zuul:/var/log/zuul - /etc/openafs:/etc/openafs diff --git a/playbooks/roles/zuul-merger/files/docker-compose.yaml b/playbooks/roles/zuul-merger/files/docker-compose.yaml index 994593f1ff..db62d16c11 100644 --- a/playbooks/roles/zuul-merger/files/docker-compose.yaml +++ b/playbooks/roles/zuul-merger/files/docker-compose.yaml @@ -11,6 +11,6 @@ services: volumes: - /etc/zuul:/etc/zuul - /opt/project-config:/opt/project-config - - /home/zuul:/home/zuul + - /home/zuuld:/home/zuul - /var/lib/zuul:/var/lib/zuul - /var/log/zuul:/var/log/zuul diff --git a/playbooks/roles/zuul-scheduler/files/docker-compose.yaml b/playbooks/roles/zuul-scheduler/files/docker-compose.yaml index 2d98d627fb..6659d61274 100644 --- a/playbooks/roles/zuul-scheduler/files/docker-compose.yaml +++ b/playbooks/roles/zuul-scheduler/files/docker-compose.yaml @@ -11,6 +11,6 @@ services: volumes: - /etc/zuul:/etc/zuul - /opt/project-config:/opt/project-config - - /home/zuul:/home/zuul + - /home/zuuld:/home/zuul - /var/lib/zuul:/var/lib/zuul - /var/log/zuul:/var/log/zuul diff --git a/playbooks/roles/zuul-web/files/docker-compose.yaml b/playbooks/roles/zuul-web/files/docker-compose.yaml index 7930b35820..d43a40415f 100644 --- a/playbooks/roles/zuul-web/files/docker-compose.yaml +++ b/playbooks/roles/zuul-web/files/docker-compose.yaml @@ -10,7 +10,7 @@ services: user: zuul volumes: - /etc/zuul:/etc/zuul - - /home/zuul:/home/zuul + - /home/zuuld:/home/zuul - /var/lib/zuul:/var/lib/zuul - /var/log/zuul:/var/log/zuul fingergw: @@ -21,6 +21,6 @@ services: # grab the finger port and then drop privs volumes: - /etc/zuul:/etc/zuul - - /home/zuul:/home/zuul + - /home/zuuld:/home/zuul - /var/lib/zuul:/var/lib/zuul - /var/log/zuul:/var/log/zuul diff --git a/playbooks/roles/zuul/tasks/main.yaml b/playbooks/roles/zuul/tasks/main.yaml index 7c2894b452..4c1738a18c 100644 --- a/playbooks/roles/zuul/tasks/main.yaml +++ b/playbooks/roles/zuul/tasks/main.yaml @@ -1,51 +1,47 @@ - name: Create Zuul Group group: - name: zuul + name: "{{ zuul_group }}" gid: "{{ zuul_group_id }}" system: yes - name: Create Zuul User user: - name: zuul + name: "{{ zuul_user }}" + group: "{{ zuul_group }}" uid: "{{ zuul_user_id }}" - comment: Zuul User - shell: /bin/bash - home: /home/zuul - group: zuul + home: "/home/{{ zuul_user }}" create_home: yes + shell: /bin/bash system: yes - # In order to run this in Zuul, we have to ignore errors. - # That's because in Zuul, the test nodes have a Zuul user. - failed_when: false - name: Create Zuul Config dir file: state: directory path: /etc/zuul - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" - name: Create Zuul SSL dir file: state: directory path: /etc/zuul/ssl - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" - name: Write Gearman SSL CA copy: content: "{{ gearman_ssl_ca }}" dest: /etc/zuul/ssl/gearman-ca.pem - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0644 - name: Write Gearman Client SSL Cert copy: content: "{{ gearman_client_ssl_cert }}" dest: /etc/zuul/ssl/gearman-client.pem - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0644 - name: Write Gearman Client SSL Key @@ -53,8 +49,8 @@ copy: content: "{{ gearman_client_ssl_key }}" dest: /etc/zuul/ssl/gearman-client.key - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0640 - name: Write Gearman Server SSL Cert @@ -62,8 +58,8 @@ copy: content: "{{ gearman_server_ssl_cert }}" dest: /etc/zuul/ssl/gearman-server.pem - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0644 - name: Write Gearman Server SSL Key @@ -71,24 +67,24 @@ copy: content: "{{ gearman_server_ssl_key }}" dest: /etc/zuul/ssl/gearman-server.key - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0640 - name: Write Zuul Conf File template: src: zuul.conf.j2 dest: /etc/zuul/zuul.conf - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0600 - name: Create Zuul directories file: state: directory path: '{{ item }}' - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" loop: - /var/log/zuul - /var/run/zuul @@ -99,24 +95,24 @@ copy: dest: /var/lib/zuul/ssh/id_rsa content: '{{ zuul_ssh_private_key_contents }}' - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0400 - name: Create Zuul SSH directory file: state: directory - path: /home/zuul/.ssh - owner: zuul - group: zuul + path: "~{{ zuul_user }}/.ssh" + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0700 - name: Write Known Hosts copy: - dest: /home/zuul/.ssh/known_hosts + dest: "~{{ zuul_user }}/.ssh/known_hosts" content: '{{ zuul_known_hosts }}' - owner: zuul - group: zuul + owner: "{{ zuul_user }}" + group: "{{ zuul_group }}" mode: 0600 - name: Sync project-config