a6328eee0c
This adds k8s resource definitions for running gitea, and an ansible playbook to create them. It also includes ansible playbooks to create orgs and repos. Change-Id: Ib64597512c6a85d7e1495d18ae42b242f9af5a67
121 lines
3.9 KiB
YAML
121 lines
3.9 KiB
YAML
- hosts: localhost
|
|
tasks:
|
|
# Deploy the service
|
|
- name: Set up gitea namespace
|
|
k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}"
|
|
- name: Set up gitea secrets
|
|
k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', 'k8s/secret.yaml') | from_yaml }}"
|
|
- name: Set up gitea configmap
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: gitea-conf
|
|
namespace: gitea
|
|
data:
|
|
# Note: we are not asking ansible to template this, it
|
|
# will be run by jinja-init
|
|
app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}"
|
|
- name: Set up gitea deployment
|
|
k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}"
|
|
- name: Set up gitea service
|
|
k8s:
|
|
state: present
|
|
definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}"
|
|
|
|
# Bootstrap
|
|
# TODO: wait until service is up
|
|
- name: Get service IP
|
|
k8s:
|
|
namespace: gitea
|
|
kind: Service
|
|
name: gitea-service
|
|
register: gitea_service
|
|
- name: Set service url fact
|
|
set_fact:
|
|
gitea_url: "http://{{ gitea_service.result.status.loadBalancer.ingress[0].ip }}"
|
|
- name: Check if root user exists
|
|
uri:
|
|
url: "{{ gitea_url }}/api/v1/users/root"
|
|
status_code: 200, 404
|
|
register: root_user_check
|
|
- name: Create root user
|
|
when: root_user_check.status==404
|
|
block:
|
|
- name: Find gitea pods
|
|
k8s_facts:
|
|
namespace: gitea
|
|
kind: Pod
|
|
label_selectors:
|
|
- "app = gitea"
|
|
register: gitea_pods
|
|
- name: Create root user
|
|
command: "kubectl exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
|
|
no_log: true
|
|
- name: Check if gerrit user exists
|
|
uri:
|
|
url: "{{ gitea_url }}/api/v1/users/gerrit"
|
|
status_code: 200, 404
|
|
register: gerrit_user_check
|
|
- name: Create gerrit user
|
|
when: gerrit_user_check.status==404
|
|
no_log: true
|
|
uri:
|
|
url: "{{ gitea_url }}/api/v1/admin/users"
|
|
method: POST
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
status_code: 201
|
|
body_format: json
|
|
body:
|
|
email: "gerrit@review.opendev.org"
|
|
full_name: Gerrit
|
|
login_name: gerrit
|
|
password: "{{ gitea_gerrit_password }}"
|
|
send_notify: false
|
|
source_id: 0
|
|
username: gerrit
|
|
- name: Check if gerrit ssh key exists
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "{{ gitea_url }}/api/v1/users/gerrit/keys"
|
|
status_code: 200
|
|
register: gerrit_key_check
|
|
no_log: true
|
|
- name: Delete old gerrit ssh key
|
|
when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key
|
|
no_log: true
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "{{ gitea_url }}/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}"
|
|
method: DELETE
|
|
status_code: 204
|
|
- name: Add gerrit ssh key
|
|
when: gerrit_key_check.json | length == 0
|
|
no_log: true
|
|
uri:
|
|
user: root
|
|
password: "{{ gitea_root_password }}"
|
|
force_basic_auth: true
|
|
url: "{{ gitea_url }}/api/v1/admin/users/gerrit/keys"
|
|
method: POST
|
|
status_code: 201
|
|
body_format: json
|
|
body:
|
|
key: "{{ gitea_gerrit_public_key }}"
|
|
read_only: false
|
|
title: "Gerrit replication key"
|