- hosts: localhost
tasks:
- name: Set up gitea namespace
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/namespace.yaml') | from_yaml }}"
# This is not in a file because that doesn't seem to handle multiline
# strings well.
- name: Set up gitea secrets
k8s:
context: gitea
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: gitea-app
namespace: gitea
type: Opaque
stringData:
secret_key: "{{ gitea_secret_key }}"
internal_token: "{{ gitea_internal_token }}"
lfs_jwt_secret: "{{ gitea_lfs_jwt_secret }}"
db_username: "{{ gitea_db_username }}"
db_password: "{{ gitea_db_password }}"
gitea_tls_cert: "{{ gitea_tls_cert }}"
gitea_tls_key: "{{ gitea_tls_key }}"
- name: Set up gitea configmap
k8s:
context: gitea
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-conf
namespace: gitea
data:
# Note: we are not asking ansible to template this, it
# will be run by jinja-init
app.ini.j2: "{{ lookup('file', 'app.ini.j2') }}"
- name: Set up gitea deployment
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/deployment.yaml') | from_yaml }}"
- name: Set up gitea service
k8s:
context: gitea
state: present
definition: "{{ lookup('template', 'k8s/service.yaml') | from_yaml }}"
- name: Get service IP
k8s:
context: gitea
namespace: gitea
kind: Service
name: gitea-service
register: gitea_service
until: gitea_service.result.status.loadBalancer and gitea_service.result.status.loadBalancer.ingress and gitea_service.result.status.loadBalancer.ingress | length > 0 and gitea_service.result.status.loadBalancer.ingress[0].ip
delay: 1
retries: 300
- name: Set service url fact
set_fact:
gitea_url: "http://{{ gitea_service.result.status.loadBalancer.ingress[0].ip }}"
- name: Check if root user exists
uri:
url: "{{ gitea_url }}/api/v1/users/root"
status_code: 200, 404
register: root_user_check
- name: Create root user
when: root_user_check.status==404
block:
- name: Find gitea pods
k8s_facts:
namespace: gitea
kind: Pod
label_selectors:
- "app = gitea"
register: gitea_pods
- name: Create root user
command: "kubectl --context gitea exec {{ gitea_pods.resources[0].metadata.name }} -n gitea -c gitea -- gitea admin create-user --name root --password {{ gitea_root_password }} --email {{ gitea_root_email }} --admin"
no_log: true
- name: Check if gerrit user exists
uri:
url: "{{ gitea_url }}/api/v1/users/gerrit"
status_code: 200, 404
register: gerrit_user_check
- name: Create gerrit user
when: gerrit_user_check.status==404
no_log: true
uri:
url: "{{ gitea_url }}/api/v1/admin/users"
method: POST
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
status_code: 201
body_format: json
body:
email: "gerrit@review.opendev.org"
full_name: Gerrit
login_name: gerrit
password: "{{ gitea_gerrit_password }}"
send_notify: false
source_id: 0
username: gerrit
- name: Check if gerrit ssh key exists
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "{{ gitea_url }}/api/v1/users/gerrit/keys"
status_code: 200
register: gerrit_key_check
no_log: true
- name: Delete old gerrit ssh key
when: gerrit_key_check.json | length > 0 and gerrit_key_check.json[0].key != gitea_gerrit_public_key
no_log: true
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "{{ gitea_url }}/api/v1/user/keys/{{ gerrit_key_check.json[0].id }}"
method: DELETE
status_code: 204
- name: Add gerrit ssh key
when: gerrit_key_check.json | length == 0
no_log: true
uri:
user: root
password: "{{ gitea_root_password }}"
force_basic_auth: true
url: "{{ gitea_url }}/api/v1/admin/users/gerrit/keys"
method: POST
status_code: 201
body_format: json
body:
key: "{{ gitea_gerrit_public_key }}"
read_only: false
title: "Gerrit replication key"