Merge "Run Zuul as the zuuld user"
This commit is contained in:
Zuul
Gerrit Code Review
commit
83a7551670
@ -1,4 +1,4 @@
|
||||
openstacksdk_config_dir: /home/nodepool/.config/openstack
|
||||
openstacksdk_config_owner: nodepool
|
||||
openstacksdk_config_group: nodepool
|
||||
openstacksdk_config_owner: "{{ nodepool_user }}"
|
||||
openstacksdk_config_group: "{{ nodepool_group }}"
|
||||
openstacksdk_config_dir: "~{{ openstacksdk_config_owner }}/.config/openstack"
|
||||
openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
openstacksdk_config_dir: /etc/openstack
|
||||
openstacksdk_config_owner: root
|
||||
openstacksdk_config_group: nodepool
|
||||
openstacksdk_config_group: "{{ nodepool_group }}"
|
||||
openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
openstacksdk_config_dir: /etc/openstack
|
||||
openstacksdk_config_owner: nodepool
|
||||
openstacksdk_config_group: nodepool
|
||||
openstacksdk_config_owner: "{{ nodepool_user }}"
|
||||
openstacksdk_config_group: "{{ nodepool_group }}"
|
||||
openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
openstacksdk_config_dir: /home/nodepool/.config/openstack
|
||||
openstacksdk_config_owner: nodepool
|
||||
openstacksdk_config_group: nodepool
|
||||
openstacksdk_config_owner: "{{ nodepool_user }}"
|
||||
openstacksdk_config_group: "{{ nodepool_group }}"
|
||||
openstacksdk_config_dir: "~{{ openstacksdk_config_owner }}/.config/openstack"
|
||||
openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
|
||||
|
||||
@ -1,4 +1,8 @@
|
||||
kube_config_dir: ~nodepool/.kube
|
||||
kube_config_owner: nodepool
|
||||
kube_config_group: nodepool
|
||||
nodepool_user: nodepool
|
||||
nodepool_group: nodepool
|
||||
nodepool_uid: 10001
|
||||
nodepool_gid: 10001
|
||||
kube_config_dir: ~{{ nodepool_user }}/.kube
|
||||
kube_config_owner: "{{ nodepool_user }}"
|
||||
kube_config_group: "{{ nodepool_group }}"
|
||||
kube_config_template: clouds/nodepool_kube_config.yaml.j2
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
zookeeper_user: zookeeper
|
||||
zookeeper_group: zookeeper
|
||||
zookeeper_uid: 10001
|
||||
zookeeper_gid: 10001
|
||||
iptables_extra_allowed_hosts:
|
||||
- {'protocol': 'tcp', 'port': '2181', 'hostname': 'nb01.opendev.org'}
|
||||
- {'protocol': 'tcp', 'port': '2181', 'hostname': 'nb02.opendev.org'}
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
zuul_user_id: 10001
|
||||
zuul_group_id: 10001
|
||||
zuul_user: zuuld
|
||||
zuul_group: zuuld
|
||||
zuul_known_hosts: |
|
||||
[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 {{ gerrit_ssh_rsa_pubkey_contents }}
|
||||
[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==
|
||||
|
||||
@ -1,6 +1 @@
|
||||
nodepool_base_install_zookeeper: False
|
||||
|
||||
# Keep these in sync with the container uid's so containers can write
|
||||
# to local bits and pieces.
|
||||
nodepool_base_nodepool_uid: 10001
|
||||
nodepool_base_nodepool_gid: 10001
|
||||
@ -1,17 +1,18 @@
|
||||
- name: Add the nodepool group
|
||||
group:
|
||||
name: nodepool
|
||||
name: '{{ nodepool_group }}'
|
||||
state: present
|
||||
gid: '{{ nodepool_base_nodepool_gid }}'
|
||||
gid: '{{ nodepool_gid }}'
|
||||
|
||||
- name: Add the nodepool user
|
||||
user:
|
||||
name: nodepool
|
||||
group: nodepool
|
||||
home: /home/nodepool
|
||||
name: '{{ nodepool_user }}'
|
||||
group: '{{ nodepool_group }}'
|
||||
uid: '{{ nodepool_uid }}'
|
||||
home: '/home/{{ nodepool_user }}'
|
||||
create_home: yes
|
||||
shell: /bin/bash
|
||||
uid: '{{ nodepool_base_nodepool_uid }}'
|
||||
system: yes
|
||||
|
||||
- name: Sync project-config
|
||||
include_role:
|
||||
@ -21,16 +22,16 @@
|
||||
file:
|
||||
name: /etc/nodepool
|
||||
state: directory
|
||||
owner: nodepool
|
||||
group: nodepool
|
||||
owner: '{{ nodepool_user }}'
|
||||
group: '{{ nodepool_group }}'
|
||||
mode: 0755
|
||||
|
||||
- name: Create nodepool log dir
|
||||
file:
|
||||
name: /var/log/nodepool
|
||||
state: directory
|
||||
owner: nodepool
|
||||
group: nodepool
|
||||
owner: '{{ nodepool_user }}'
|
||||
group: '{{ nodepool_group }}'
|
||||
mode: 0755
|
||||
|
||||
- name: Look for a host specific config file
|
||||
|
||||
@ -8,8 +8,8 @@
|
||||
state: directory
|
||||
path: '{{ item }}'
|
||||
mode: 0755
|
||||
owner: nodepool
|
||||
group: nodepool
|
||||
owner: "{{ nodepool_user }}"
|
||||
group: "{{ nodepool_group }}"
|
||||
loop:
|
||||
- '/opt/dib_tmp'
|
||||
- '/opt/dib_cache'
|
||||
|
||||
@ -1,17 +1,16 @@
|
||||
- name: Create Zookeeper group
|
||||
group:
|
||||
name: "zookeeper"
|
||||
gid: 10001
|
||||
name: "{{ zookeeper_group }}"
|
||||
gid: "{{ zookeeper_gid }}"
|
||||
system: yes
|
||||
- name: Create Zookeeper User
|
||||
user:
|
||||
name: "zookeeper"
|
||||
uid: 10001
|
||||
comment: Zookeeper
|
||||
shell: /bin/false
|
||||
group: "zookeeper"
|
||||
home: "/var/zookeeper"
|
||||
create_home: no
|
||||
name: "{{ zookeeper_user }}"
|
||||
group: "{{ zookeeper_group }}"
|
||||
uid: "{{ zookeeper_uid }}"
|
||||
home: "/home/{{ zookeeper_user }}"
|
||||
create_home: yes
|
||||
shell: /bin/bash
|
||||
system: yes
|
||||
- name: Synchronize compose directory
|
||||
synchronize:
|
||||
@ -21,8 +20,8 @@
|
||||
file:
|
||||
state: directory
|
||||
path: "/var/zookeeper/{{ item }}"
|
||||
owner: zookeeper
|
||||
group: zookeeper
|
||||
owner: "{{ zookeeper_user }}"
|
||||
group: "{{ zookeeper_group }}"
|
||||
loop:
|
||||
- conf
|
||||
- data
|
||||
|
||||
@ -12,7 +12,7 @@ services:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /afs:/afs
|
||||
- /home/zuul:/home/zuul
|
||||
- /home/zuuld:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
- /etc/openafs:/etc/openafs
|
||||
|
||||
@ -11,6 +11,6 @@ services:
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /home/zuul:/home/zuul
|
||||
- /home/zuuld:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
|
||||
@ -11,6 +11,6 @@ services:
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /home/zuul:/home/zuul
|
||||
- /home/zuuld:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
|
||||
@ -10,7 +10,7 @@ services:
|
||||
user: zuul
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /home/zuul:/home/zuul
|
||||
- /home/zuuld:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
fingergw:
|
||||
@ -21,6 +21,6 @@ services:
|
||||
# grab the finger port and then drop privs
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /home/zuul:/home/zuul
|
||||
- /home/zuuld:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
|
||||
@ -1,51 +1,47 @@
|
||||
- name: Create Zuul Group
|
||||
group:
|
||||
name: zuul
|
||||
name: "{{ zuul_group }}"
|
||||
gid: "{{ zuul_group_id }}"
|
||||
system: yes
|
||||
|
||||
- name: Create Zuul User
|
||||
user:
|
||||
name: zuul
|
||||
name: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
uid: "{{ zuul_user_id }}"
|
||||
comment: Zuul User
|
||||
shell: /bin/bash
|
||||
home: /home/zuul
|
||||
group: zuul
|
||||
home: "/home/{{ zuul_user }}"
|
||||
create_home: yes
|
||||
shell: /bin/bash
|
||||
system: yes
|
||||
# In order to run this in Zuul, we have to ignore errors.
|
||||
# That's because in Zuul, the test nodes have a Zuul user.
|
||||
failed_when: false
|
||||
|
||||
- name: Create Zuul Config dir
|
||||
file:
|
||||
state: directory
|
||||
path: /etc/zuul
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
|
||||
- name: Create Zuul SSL dir
|
||||
file:
|
||||
state: directory
|
||||
path: /etc/zuul/ssl
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
|
||||
- name: Write Gearman SSL CA
|
||||
copy:
|
||||
content: "{{ gearman_ssl_ca }}"
|
||||
dest: /etc/zuul/ssl/gearman-ca.pem
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Write Gearman Client SSL Cert
|
||||
copy:
|
||||
content: "{{ gearman_client_ssl_cert }}"
|
||||
dest: /etc/zuul/ssl/gearman-client.pem
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Write Gearman Client SSL Key
|
||||
@ -53,8 +49,8 @@
|
||||
copy:
|
||||
content: "{{ gearman_client_ssl_key }}"
|
||||
dest: /etc/zuul/ssl/gearman-client.key
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0640
|
||||
|
||||
- name: Write Gearman Server SSL Cert
|
||||
@ -62,8 +58,8 @@
|
||||
copy:
|
||||
content: "{{ gearman_server_ssl_cert }}"
|
||||
dest: /etc/zuul/ssl/gearman-server.pem
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0644
|
||||
|
||||
- name: Write Gearman Server SSL Key
|
||||
@ -71,24 +67,24 @@
|
||||
copy:
|
||||
content: "{{ gearman_server_ssl_key }}"
|
||||
dest: /etc/zuul/ssl/gearman-server.key
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0640
|
||||
|
||||
- name: Write Zuul Conf File
|
||||
template:
|
||||
src: zuul.conf.j2
|
||||
dest: /etc/zuul/zuul.conf
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0600
|
||||
|
||||
- name: Create Zuul directories
|
||||
file:
|
||||
state: directory
|
||||
path: '{{ item }}'
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
loop:
|
||||
- /var/log/zuul
|
||||
- /var/run/zuul
|
||||
@ -99,24 +95,24 @@
|
||||
copy:
|
||||
dest: /var/lib/zuul/ssh/id_rsa
|
||||
content: '{{ zuul_ssh_private_key_contents }}'
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0400
|
||||
|
||||
- name: Create Zuul SSH directory
|
||||
file:
|
||||
state: directory
|
||||
path: /home/zuul/.ssh
|
||||
owner: zuul
|
||||
group: zuul
|
||||
path: "~{{ zuul_user }}/.ssh"
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0700
|
||||
|
||||
- name: Write Known Hosts
|
||||
copy:
|
||||
dest: /home/zuul/.ssh/known_hosts
|
||||
dest: "~{{ zuul_user }}/.ssh/known_hosts"
|
||||
content: '{{ zuul_known_hosts }}'
|
||||
owner: zuul
|
||||
group: zuul
|
||||
owner: "{{ zuul_user }}"
|
||||
group: "{{ zuul_group }}"
|
||||
mode: 0600
|
||||
|
||||
- name: Sync project-config
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user