opendev/system-config
Code Issues Proposed changes

Merge "Accomodate zuul's new key management system"

Browse Source
This commit is contained in:
Zuul 2021-09-01 15:56:40 +00:00 committed by Gerrit Code Review
commit 300982c6c1
2 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
playbooks/rename_repos.yaml
View File

@ -67,25 +67,14 @@
gather_facts: False gather_facts: False
remote_user: root remote_user: root
tasks: tasks:
- include_vars: "{{ repolist }}" - include_vars: "{{ repolist }}"
- name: Make organization dirs - name: Backup the zuul keys before we modify them
file: command: "docker exec zuul-scheduler_scheduler_1 zuul export-keys /var/lib/zuul/zuul-keys-backup.json"
state: directory
path: "{{ (item[0] + item[1].new) | dirname }}"
group: zuuld
owner: zuuld
mode: 0755
with_nested:
- [ '/var/lib/zuul/keys/secrets/project/gerrit/', '/var/lib/zuul/keys/ssh/project/gerrit/' ]
- "{{ repos }}"
- name: Rename keys on Zuul - name: Copy zuul keys from old to new project
shell: mv {{ item[0] }}{{ item[1].old }} {{ item[0] }}{{ item[1].new }} command: "docker exec zuul-scheduler_scheduler_1 zuul copy-keys gerrit {{ item.old }} gerrit {{ item.new }}"
with_nested: loop: "{{ repos }}"
- [ '/var/lib/zuul/keys/secrets/project/gerrit/', '/var/lib/zuul/keys/ssh/project/gerrit/' ]
- "{{ repos }}"
- hosts: review - hosts: review
gather_facts: False gather_facts: False
@ -149,3 +138,13 @@
- name: Start online reindex of changes - name: Start online reindex of changes
shell: "{{ gerrit_ssh_command }} index start changes --force" shell: "{{ gerrit_ssh_command }} index start changes --force"
- hosts: zuul-scheduler
gather_facts: False
remote_user: root
tasks:
- include_vars: "{{ repolist }}"
- name: Remove old zuul project keys
command: "docker exec zuul-scheduler_scheduler_1 zuul delete-keys gerrit {{ item.old }}"
loop: "{{ repos }}"

9
playbooks/roles/zuul-scheduler/tasks/main.yaml
View File

@ -49,6 +49,15 @@
vars: vars:
tenant: pypa tenant: pypa
- name: Backup zk key data daily
cron:
name: Backup zuul zk key data
minute: 0
hour: 0
# Note we backup to /var/lib/zuul because that is what we have bind
# mounted in the container and we are operating relative to that context
job: docker exec zuul-scheduler_scheduler_1 zuul export-keys /var/lib/zuul/zuul-keys-backup.json
- name: Install logging config - name: Install logging config
copy: copy:
src: logging.conf src: logging.conf