Merge "Accomodate zuul's new key management system"

2021-09-01 15:56:40 +00:00 · 2021-09-01 15:56:40 +00:00 · 300982c6c1
commit 300982c6c1
parent da558e10c3 e5732b6137
2 changed files with 24 additions and 16 deletions
--- a/playbooks/rename_repos.yaml
+++ b/playbooks/rename_repos.yaml
@ -67,25 +67,14 @@
  gather_facts: False
  remote_user: root
  tasks:
-
    - include_vars: "{{ repolist }}"

-    - name: Make organization dirs
-      file:
-        state: directory
-        path: "{{ (item[0] + item[1].new) | dirname }}"
-        group: zuuld
-        owner: zuuld
-        mode: 0755
-      with_nested:
-        - [ '/var/lib/zuul/keys/secrets/project/gerrit/', '/var/lib/zuul/keys/ssh/project/gerrit/' ]
-        - "{{ repos }}"
+    - name: Backup the zuul keys before we modify them
+      command: "docker exec zuul-scheduler_scheduler_1 zuul export-keys /var/lib/zuul/zuul-keys-backup.json"

-    - name: Rename keys on Zuul
-      shell: mv {{ item[0] }}{{ item[1].old }} {{ item[0] }}{{ item[1].new }}
-      with_nested:
-        - [ '/var/lib/zuul/keys/secrets/project/gerrit/', '/var/lib/zuul/keys/ssh/project/gerrit/' ]
-        - "{{ repos }}"
+    - name: Copy zuul keys from old to new project
+      command: "docker exec zuul-scheduler_scheduler_1 zuul copy-keys gerrit {{ item.old }} gerrit {{ item.new }}"
+      loop: "{{ repos }}"

 - hosts: review
  gather_facts: False
@ -149,3 +138,13 @@

    - name: Start online reindex of changes
      shell: "{{ gerrit_ssh_command }} index start changes --force"
+
+- hosts: zuul-scheduler
+  gather_facts: False
+  remote_user: root
+  tasks:
+    - include_vars: "{{ repolist }}"
+
+    - name: Remove old zuul project keys
+      command: "docker exec zuul-scheduler_scheduler_1 zuul delete-keys gerrit {{ item.old }}"
+      loop: "{{ repos }}"
--- a/playbooks/roles/zuul-scheduler/tasks/main.yaml
+++ b/playbooks/roles/zuul-scheduler/tasks/main.yaml
@ -49,6 +49,15 @@
  vars:
    tenant: pypa

+- name: Backup zk key data daily
+  cron:
+    name: Backup zuul zk key data
+    minute: 0
+    hour: 0
+    # Note we backup to /var/lib/zuul because that is what we have bind
+    # mounted in the container and we are operating relative to that context
+    job: docker exec zuul-scheduler_scheduler_1 zuul export-keys /var/lib/zuul/zuul-keys-backup.json
+
 - name: Install logging config
  copy:
    src: logging.conf