zuul/zuul-operator
Code Issues Proposed changes
zuul-operator/ansible/roles/create_config/tasks/main.yaml
Tristan Cacqueray 08344df2ed Generate ssh key
2019-04-05 09:58:04 +00:00

173 lines
4.9 KiB
YAML
Raw Blame History

---
- name: Create Postgresql Credential
when: not zuul_pg_user
block:
- name: Create k8s secret
k8s:
state: "{{ state }}"
definition:
apiVersion: v1
kind: Secret
metadata:
labels:
pg-database: "{{ pg_cluster_name }}"
app: "{{ zuul_app_name }}"
zuul_cluster: "{{ zuul_cluster_name }}"
name: "{{ pg_cluster_name }}-zuul-secret"
namespace: "{{ namespace }}"
type: Opaque
data:
password: UE5xOEVFVTBxTQ==
username: dGVzdHVzZXI=
- name: Set fact
set_fact:
zuul_pg_user:
- username: dGVzdHVzZXI=
password: UE5xOEVFVTBxTQ==
- name: Create ssh key
when: not zuul_ssh_key
block:
- name: Create ssh key
command: "ssh-keygen -f /opt/ansible/ssh-{{ zuul_cluster_name }} -t rsa -N '' -C zuul"
args:
creates: "/opt/ansible/ssh-{{ zuul_cluster_name }}"
- name: Create ssh secret
k8s:
state: "{{ state }}"
definition:
apiVersion: v1
kind: Secret
metadata:
labels:
app: "{{ zuul_app_name }}"
zuul_cluster: "{{ zuul_cluster_name }}"
name: "{{ sshsecretname }}"
namespace: "{{ namespace }}"
type: Opaque
stringData:
id_rsa: |-
{{lookup('file', '/opt/ansible/ssh-' + zuul_cluster_name) }}
- name: Create ssh pub secret
k8s:
state: "{{ state }}"
definition:
apiVersion: v1
kind: Secret
metadata:
labels:
app: "{{ zuul_app_name }}"
zuul_cluster: "{{ zuul_cluster_name }}"
name: "{{ sshsecretname }}-pub"
namespace: "{{ namespace }}"
type: Opaque
stringData:
id_rsa.pub: |-
{{lookup('file', '/opt/ansible/ssh-' + zuul_cluster_name + '.pub') }}
# TODO: cleanup key file from operator pod
- name: Create the scheduler configmap
k8s:
state: "{{ state }}"
definition:
kind: ConfigMap
apiVersion: v1
metadata:
name: "{{ zuul_configmap_name }}-scheduler"
namespace: "{{ namespace }}"
labels:
app: "{{ zuul_app_name }}"
zuul_cluster: "{{ zuul_cluster_name }}"
data:
"zuul.conf": |
[gearman]
server=localhost
port=4730
[zookeeper]
hosts={{ zk_cluster_name }}-client:2181
[gearman_server]
start=true
[scheduler]
tenant_config=/etc/zuul/main.yaml
[connection sqlreporter]
driver=sql
dburi=postgresql://{{ zuul_pg_user[0]["username"] | b64decode }}:{{ zuul_pg_user[0]["password"] | b64decode }}@{{ pg_cluster_name }}/zuul
{% for connection in connections %}
[connection {{ connection["name"] }}]
{% if connection["driver"] == "gerrit" %}
sshkey=/var/lib/zuul/ssh-secret/id_rsa
{% endif %}
{% for k, v in connection.items() %}{% if k != "name" %}
{{ k }}={{ v }}
{% endif %}{% endfor %}
{% endfor %}
"main.yaml": |
{{ tenants|to_yaml }}
register: scheduler_config
- name: Register if tenant config changed
set_fact:
tenant_config_updated: >-
{% if (scheduler_config is changed and
scheduler_config.diff and
'main.yaml' in scheduler_config.diff[-1][1]) %}True
{% endif %}
- debug:
msg: "Tenant config is updated"
when: tenant_config_updated
- name: Create the zuul service configmap
k8s:
state: "{{ state }}"
definition:
kind: ConfigMap
apiVersion: v1
metadata:
name: "{{ zuul_configmap_name }}"
namespace: "{{ namespace }}"
labels:
app: "{{ zuul_app_name }}"
zuul_cluster: "{{ zuul_cluster_name }}"
data:
"zuul.conf": |
[gearman]
server={{ zuul_cluster_name }}-scheduler
port=4730
[zookeeper]
hosts={{ zk_cluster_name }}-client:2181
[web]
listen_address=0.0.0.0
port=9000
[executor]
# TODO: add secret map for executor ssh key
private_key_file=/var/lib/zuul/ssh-secret/id_rsa
[connection sqlreporter]
driver=sql
dburi=postgresql://{{ zuul_pg_user[0]["username"] | b64decode }}:{{ zuul_pg_user[0]["password"] | b64decode }}@{{ pg_cluster_name }}/zuul
{% for connection in connections %}
[connection {{ connection["name"] }}]
{% if connection["driver"] == "gerrit" %}
sshkey=/var/lib/zuul/ssh-secret/id_rsa
{% endif %}
{% for k, v in connection.items() %}{% if k != "name" %}
{{ k }}={{ v }}
{% endif %}{% endfor %}
{% endfor %}
View Git Blame Copy Permalink