d0ff3e48d1
The stdout progress feed from `git gc` is fairly verbose and targeted at audiences running it interactively. Since our cron for this iterates over thoudands of repositories on our Gitea servers, we don't need to send the progress info to all our sysadmins by E-mail. Instead use the --quiet option to the gc subcommand so that progress output will be suppressed. If this still proves too verbose (as in, continues to result in E-mail to root even when there are no failures), we can try redirecting stdout to /dev/null. Change-Id: Idc06e48cbf85e127a343c2a3cf51a35e6ed09685
160 lines
4.5 KiB
YAML
160 lines
4.5 KiB
YAML
- name: Ensure docker-compose directory exists
|
|
file:
|
|
state: directory
|
|
path: /etc/gitea-docker
|
|
mode: 0700
|
|
- name: Write docker-compose file
|
|
template:
|
|
src: docker-compose.yaml.j2
|
|
dest: /etc/gitea-docker/docker-compose.yaml
|
|
mode: 0600
|
|
- name: Ensure gitea volume directories exists
|
|
file:
|
|
state: directory
|
|
path: "/var/gitea/{{ item }}"
|
|
owner: 1000
|
|
group: 1000
|
|
loop:
|
|
- conf
|
|
- data
|
|
- logs
|
|
- certs
|
|
- db
|
|
- name: Write TLS private key
|
|
copy:
|
|
content: "{{ gitea_tls_key }}"
|
|
dest: /var/gitea/certs/key.pem
|
|
- name: Write TLS certificate
|
|
copy:
|
|
content: "{{ gitea_tls_cert }}"
|
|
dest: /var/gitea/certs/cert.pem
|
|
- name: Write app.ini
|
|
template:
|
|
src: app.ini.j2
|
|
dest: /var/gitea/conf/app.ini
|
|
- name: Install docker-compose
|
|
package:
|
|
name:
|
|
- docker-compose
|
|
state: present
|
|
- name: Run docker-compose pull
|
|
shell:
|
|
cmd: docker-compose pull
|
|
chdir: /etc/gitea-docker/
|
|
- name: Run docker-compose up
|
|
shell:
|
|
cmd: docker-compose up -d --timeout 60
|
|
chdir: /etc/gitea-docker/
|
|
- name: Run docker prune to cleanup unneeded images
|
|
shell:
|
|
cmd: docker image prune -f
|
|
- name: Check if root user exists
|
|
uri:
|
|
url: "https://localhost:3000/api/v1/users/root"
|
|
validate_certs: false
|
|
status_code: 200, 404
|
|
register: root_user_check
|
|
delay: 1
|
|
retries: 300
|
|
until: root_user_check and root_user_check.status in (200, 404)
|
|
- name: Create root user
|
|
when: root_user_check.status==404
|
|
block:
|
|
- name: Create root user
|
|
command: "docker exec -t giteadocker_gitea-web_1 gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
|
|
no_log: "{{ gitea_no_log }}"
|
|
- name: Check if gerrit user exists
|
|
uri:
|
|
url: "https://localhost:3000/api/v1/users/gerrit"
|
|
validate_certs: false
|
|
status_code: 200, 404
|
|
register: gerrit_user_check
|
|
- name: Create gerrit user
|
|
when: gerrit_user_check.status==404
|
|
no_log: true
|
|
uri:
|
|
url: "https://localhost:3000/api/v1/admin/users"
|
|
validate_certs: false
|
|
method: POST
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
status_code: 201
|
|
body_format: json
|
|
body:
|
|
email: "gerrit@review.opendev.org"
|
|
full_name: Gerrit
|
|
login_name: gerrit
|
|
password: "{{ gitea_gerrit_password }}"
|
|
send_notify: false
|
|
source_id: 0
|
|
username: gerrit
|
|
- name: Check if gerrit ssh key exists
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "https://localhost:3000/api/v1/users/gerrit/keys"
|
|
validate_certs: false
|
|
status_code: 200
|
|
register: gerrit_key_check
|
|
no_log: true
|
|
- name: Delete old gerrit ssh key
|
|
when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key
|
|
no_log: true
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "https://localhost:3000/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}"
|
|
validate_certs: false
|
|
method: DELETE
|
|
status_code: 204
|
|
- name: Add gerrit ssh key
|
|
when: gerrit_key_check.json | length == 0
|
|
no_log: true
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "https://localhost:3000/api/v1/admin/users/gerrit/keys"
|
|
validate_certs: false
|
|
method: POST
|
|
status_code: 201
|
|
body_format: json
|
|
body:
|
|
key: "{{ gitea_gerrit_public_key }}"
|
|
read_only: false
|
|
title: "Gerrit replication key"
|
|
- name: Set up cron job to pack git refs
|
|
cron:
|
|
name: pack-git-refs
|
|
state: present
|
|
job: "docker exec -t giteadocker_gitea-web_1 find /data/git/repositories/ -maxdepth 2 -name *.git -type d -execdir git --git-dir={} gc --quiet \\;"
|
|
minute: 37
|
|
hour: 12
|
|
weekday: 0
|
|
- name: Create db backup dest
|
|
file:
|
|
state: directory
|
|
path: /var/backups/gitea-mariadb
|
|
mode: 0700
|
|
owner: root
|
|
group: root
|
|
- name: Set up cron job to backup the database
|
|
cron:
|
|
name: gitea-db-backup
|
|
state: present
|
|
user: root
|
|
job: >
|
|
/usr/bin/docker-compose -f /etc/gitea-docker/docker-compose.yaml exec -T mariadb
|
|
bash -c '/usr/bin/mysqldump --opt --ignore-table mysql.event --all-databases --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"' |
|
|
gzip -9 > /var/backups/gitea-mariadb/gitea-mariadb.sql.gz
|
|
minute: 42
|
|
hour: 4
|
|
- name: Rotate db backups
|
|
include_role:
|
|
name: logrotate
|
|
vars:
|
|
logrotate_file_name: /var/backups/gitea-mariadb/gitea-mariadb.sql.gz
|