39f10b5fe5
This fixes the zuul debug log's logrotate filename. We also increase the rotation count to 30 daily logs for all zuul scheduler zuul processes (this matches the old server). We also create a /var/lib/zuul/backup dir so that status.json backups have a location they can write to. We do this in the base zuul role which means all zuul servers will get this dir. It doesn't currently conflict with any of the cluster members' /var/lib/zuul contents so should be fine. Change-Id: I4709e3c7e542781a65ae24c1f05a32444026fd26
135 lines
3.0 KiB
YAML
135 lines
3.0 KiB
YAML
- name: Create Zuul Group
|
|
group:
|
|
name: "{{ zuul_group }}"
|
|
gid: "{{ zuul_group_id }}"
|
|
system: yes
|
|
|
|
- name: Create Zuul User
|
|
user:
|
|
name: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
uid: "{{ zuul_user_id }}"
|
|
home: "/home/{{ zuul_user }}"
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
system: yes
|
|
|
|
- name: Create Zuul Config dir
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
|
|
- name: Generate ZooKeeper TLS cert
|
|
include_role:
|
|
name: zk-ca
|
|
vars:
|
|
zk_ca_cert_dir_owner: "{{ zuul_user_id }}"
|
|
zk_ca_cert_dir_group: "{{ zuul_group_id }}"
|
|
|
|
- name: Create Zuul SSL dir
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul/ssl
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
|
|
- name: Write Gearman SSL CA
|
|
copy:
|
|
content: "{{ gearman_ssl_ca }}"
|
|
dest: /etc/zuul/ssl/gearman-ca.pem
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0644
|
|
|
|
- name: Write Gearman Client SSL Cert
|
|
copy:
|
|
content: "{{ gearman_client_ssl_cert }}"
|
|
dest: /etc/zuul/ssl/gearman-client.pem
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0644
|
|
|
|
- name: Write Gearman Client SSL Key
|
|
when: gearman_client_ssl_key is defined
|
|
copy:
|
|
content: "{{ gearman_client_ssl_key }}"
|
|
dest: /etc/zuul/ssl/gearman-client.key
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0640
|
|
|
|
- name: Write Gearman Server SSL Cert
|
|
when: gearman_server_ssl_cert is defined
|
|
copy:
|
|
content: "{{ gearman_server_ssl_cert }}"
|
|
dest: /etc/zuul/ssl/gearman-server.pem
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0644
|
|
|
|
- name: Write Gearman Server SSL Key
|
|
when: gearman_server_ssl_key is defined
|
|
copy:
|
|
content: "{{ gearman_server_ssl_key }}"
|
|
dest: /etc/zuul/ssl/gearman-server.key
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0640
|
|
|
|
- name: Write Zuul Conf File
|
|
template:
|
|
src: zuul.conf.j2
|
|
dest: /etc/zuul/zuul.conf
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Create Zuul directories
|
|
file:
|
|
state: directory
|
|
path: '{{ item }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
loop:
|
|
- /var/log/zuul
|
|
- /var/run/zuul
|
|
- /var/lib/zuul
|
|
- /var/lib/zuul/ssh
|
|
- /var/lib/zuul/backup
|
|
|
|
- name: Write Zuul SSH Key
|
|
copy:
|
|
dest: /var/lib/zuul/ssh/id_rsa
|
|
content: '{{ zuul_ssh_private_key_contents }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0400
|
|
|
|
- name: Create Zuul SSH directory
|
|
file:
|
|
state: directory
|
|
path: "~{{ zuul_user }}/.ssh"
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0700
|
|
|
|
- name: Write Known Hosts
|
|
copy:
|
|
dest: "~{{ zuul_user }}/.ssh/known_hosts"
|
|
content: '{{ zuul_known_hosts }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Sync project-config
|
|
include_role:
|
|
name: sync-project-config
|
|
|
|
- name: Install docker-compose
|
|
package:
|
|
name:
|
|
- docker-compose
|
|
state: present
|