4f9720e76e
This runs gerrit in a container on review-dev01 using podman. Remove an unused web_server.py file that we found from copying it from puppet to ansible. Change-Id: I399d3cf8471bc8063022b0db0ff81718b2ee2941
171 lines
4.9 KiB
YAML
171 lines
4.9 KiB
YAML
# TODO(mordred) We should do *something* where this could use a zuul cloned
|
|
# copy of project-config instead. This is needed not just for things like
|
|
# manage-projects (which could be run completely differently and non-locally)
|
|
# but also for things like notify-impact, which is currently run by a gerrit
|
|
# hook inside of the container via jeepyb.
|
|
- name: Clone project-config repo
|
|
git:
|
|
repo: https://opendev.org/openstack/project-config
|
|
dest: /opt/project-config
|
|
force: yes
|
|
|
|
- name: Synchronize podman-compose directory
|
|
synchronize:
|
|
src: gerrit-podman/
|
|
dest: /etc/gerrit-podman/
|
|
|
|
- name: Create Gerrit Group
|
|
group:
|
|
name: "{{ gerrit_user_name }}"
|
|
gid: "{{ gerrit_id }}"
|
|
system: yes
|
|
|
|
- name: Create Gerrit User
|
|
user:
|
|
name: "{{ gerrit_user_name }}"
|
|
uid: "{{ gerrit_id }}"
|
|
comment: Gerit User
|
|
shell: /bin/bash
|
|
home: "{{ gerrit_home_dir }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
create_home: yes
|
|
system: yes
|
|
|
|
- name: Ensure review_site directory exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_site_dir }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0755
|
|
|
|
- name: Ensure Gerrit volume directories exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_site_dir }}/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0755
|
|
loop:
|
|
- etc
|
|
- git
|
|
- index
|
|
- cache
|
|
- static
|
|
- hooks
|
|
- tmp
|
|
- logs
|
|
|
|
- name: Write Gerrit config file
|
|
template:
|
|
src: gerrit.config
|
|
dest: "{{ gerrit_site_dir }}/etc/gerrit.config"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
- name: Write Gerrit SSH private key
|
|
copy:
|
|
content: "{{ gerrit_ssh_rsa_key_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
- name: Write Gerrit SSH public key
|
|
copy:
|
|
content: "{{ gerrit_ssh_rsa_pubkey_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
- name: Write Welcome SSH private key
|
|
copy:
|
|
content: "{{ welcome_message_gerrit_ssh_private_key }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
when: welcome_message_gerrit_ssh_private_key is defined
|
|
|
|
- name: Write Welcome SSH public key
|
|
copy:
|
|
content: "{{ welcome_message_gerrit_ssh_public_key }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
when: welcome_message_gerrit_ssh_public_key is defined
|
|
|
|
- name: Copy static hooks
|
|
copy:
|
|
src: "hooks/{{ item }}"
|
|
dest: "{{ gerrit_site_dir }}/hooks/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0555
|
|
loop:
|
|
- change-merged
|
|
- change-abandoned
|
|
|
|
- name: Copy notify-impact yaml file
|
|
copy:
|
|
src: "/opt/project-config/gerrit/notify_impact.yaml"
|
|
dest: "{{ gerrit_site_dir }}/hooks/notify_impact.yaml"
|
|
remote_src: yes
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0444
|
|
|
|
- name: Install patchset-created hook
|
|
template:
|
|
src: patchset-created.j2
|
|
dest: "{{ gerrit_site_dir }}/hooks/patchset-created"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0555
|
|
|
|
# TODO(mordred) These things should really go into the image instead.
|
|
- name: Copy static and etc
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ gerrit_site_dir }}/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: preserve
|
|
loop:
|
|
- static
|
|
- etc
|
|
|
|
- name: Install podman-compose
|
|
pip:
|
|
name: podman-compose
|
|
state: latest
|
|
# NOTE(mordred) Cannot use full path to pip3 here because it is
|
|
# different on zuul test nodes and in production. This is, of
|
|
# course, not stellar.
|
|
executable: pip3
|
|
|
|
# TODO(mordred) Make this suck less, like if we could do an init container
|
|
# or something just generally less gross.
|
|
- name: Run gerrit init
|
|
when: gerrit_run_init | bool
|
|
command: >
|
|
podman run -it --rm --net=host -u gerrit
|
|
-v /home/gerrit2/review_site/cache:/var/gerrit/cache
|
|
-v /home/gerrit2/review_site/etc:/var/gerrit/etc
|
|
-v /home/gerrit2/review_site/git:/var/gerrit/git
|
|
-v /home/gerrit2/review_site/tmp:/var/gerrit/tmp
|
|
-v /home/gerrit2/review_site/hooks:/var/gerrit/hooks
|
|
-v /home/gerrit2/review_site/index:/var/gerrit/index
|
|
-v /home/gerrit2/review_site/logs:/var/log/gerrit
|
|
-v /home/gerrit2/review_site/static:/var/gerrit/static
|
|
docker.io/opendevorg/gerrit:2.13
|
|
/usr/local/openjdk-8/bin/java -jar /var/gerrit/bin/gerrit.war init -d /var/gerrit -b --no-auto-start --install-all-plugins
|
|
|
|
- name: Run podman-compose up
|
|
shell:
|
|
cmd: podman-compose up -d
|
|
chdir: /etc/gerrit-podman/
|