75e0cf106a
We are now using the mariadb jdbc connector in production and no longer need to include the mysql legacy connector in our images. We also don't need support for h2 or mysql as testing and prod are all using the mariadb connector and local database. Note this is a separate change to ensure everything is happy with the mariadb connector before we remove the fallback mysql connector from our images. Change-Id: I982d3c3c026a5351bff567ce7fbb32798718ec1b
323 lines
8.1 KiB
YAML
323 lines
8.1 KiB
YAML
- name: Sync project-config
|
|
include_role:
|
|
name: sync-project-config
|
|
|
|
- name: Ensure /etc/gerrit-compose directory
|
|
file:
|
|
state: directory
|
|
path: /etc/gerrit-compose
|
|
mode: 0755
|
|
|
|
- name: Put docker-compose file in place
|
|
template:
|
|
src: docker-compose.yaml.j2
|
|
dest: /etc/gerrit-compose/docker-compose.yaml
|
|
mode: 0644
|
|
|
|
- name: Clean up old directory
|
|
file:
|
|
state: absent
|
|
path: /etc/gerrit-podman
|
|
|
|
- name: Create Gerrit Group
|
|
group:
|
|
name: "{{ gerrit_user_name }}"
|
|
gid: "{{ gerrit_id }}"
|
|
system: yes
|
|
|
|
- name: Create Gerrit User
|
|
user:
|
|
name: "{{ gerrit_user_name }}"
|
|
uid: "{{ gerrit_id }}"
|
|
comment: Gerrit User
|
|
shell: /bin/bash
|
|
home: "{{ gerrit_home_dir }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
create_home: yes
|
|
system: yes
|
|
|
|
- name: Ensure review_site directory exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_site_dir }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0755
|
|
|
|
- name: Ensure Gerrit volume directories exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_site_dir }}/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0755
|
|
loop:
|
|
- cache
|
|
- db
|
|
- etc
|
|
- git
|
|
- hooks
|
|
- index
|
|
- logs
|
|
- static
|
|
- tmp
|
|
|
|
- name: Write Gerrit config file
|
|
template:
|
|
src: gerrit.config.j2
|
|
dest: "{{ gerrit_site_dir }}/etc/gerrit.config"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
- name: Write Gerrit secure config file
|
|
template:
|
|
src: secure.config.j2
|
|
dest: "{{ gerrit_site_dir }}/etc/secure.config"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
- name: Write Gerrit replication config
|
|
template:
|
|
src: replication.config.j2
|
|
dest: "{{ gerrit_site_dir }}/etc/replication.config"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
when: gerrit_replication is defined
|
|
|
|
- name: Write Gerrit JGit config
|
|
template:
|
|
src: jgit.config.j2
|
|
dest: "{{ gerrit_site_dir }}/etc/jgit.config"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
# Server host key for SSH service on port 29418
|
|
- name: Write Gerrit SSH host private key
|
|
copy:
|
|
content: "{{ gerrit_ssh_rsa_key_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
- name: Write Gerrit SSH host public key
|
|
copy:
|
|
content: "{{ gerrit_ssh_rsa_pubkey_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_host_rsa_key.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
# Private key for openstack-project-creator user
|
|
- name: Write Gerrit SSH project private key
|
|
copy:
|
|
content: "{{ gerrit_project_ssh_rsa_key_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_project_rsa_key"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
# Public key for openstack-project-creator user
|
|
- name: Write Gerrit SSH project public key
|
|
copy:
|
|
content: "{{ gerrit_project_ssh_rsa_pubkey_contents }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_project_rsa_key.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
# Private key for welcome message user
|
|
- name: Write Welcome SSH private key
|
|
copy:
|
|
content: "{{ welcome_message_gerrit_ssh_private_key }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
when: welcome_message_gerrit_ssh_private_key is defined
|
|
|
|
- name: Write Welcome SSH public key
|
|
copy:
|
|
content: "{{ welcome_message_gerrit_ssh_public_key }}"
|
|
dest: "{{ gerrit_site_dir }}/etc/ssh_welcome_rsa_key.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
when: welcome_message_gerrit_ssh_public_key is defined
|
|
|
|
- name: Ensure .ssh directory exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_home_dir }}/.ssh"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0700
|
|
|
|
# Private key for gerrit user to connect to other systems,
|
|
# such as for replication.
|
|
- name: Write Gerrit SSH private key
|
|
copy:
|
|
content: "{{ gerrit_replication_ssh_rsa_key_contents }}"
|
|
dest: "{{ gerrit_home_dir }}/.ssh/id_rsa"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
- name: Write Gerrit SSH public key
|
|
copy:
|
|
content: "{{ gerrit_replication_ssh_rsa_pubkey_contents }}"
|
|
dest: "{{ gerrit_home_dir }}/.ssh/id_rsa.pub"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0644
|
|
|
|
# Make the directory even if we don't have creds to make
|
|
# bind mounting in the docker-compose file simple.
|
|
- name: Ensure launchpadlib directory exists
|
|
file:
|
|
state: directory
|
|
path: "{{ gerrit_home_dir }}/.launchpadlib"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0775
|
|
|
|
# The hook scripts below use update-bug (provided by jeepyb) and this
|
|
# authentication file.
|
|
- name: Write Launchpad creds file
|
|
template:
|
|
src: infra_lp_creds.j2
|
|
dest: "{{ gerrit_home_dir }}/.launchpadlib/creds"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0600
|
|
|
|
- name: Copy static hooks
|
|
copy:
|
|
src: "hooks/{{ item }}"
|
|
dest: "{{ gerrit_site_dir }}/hooks/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: 0555
|
|
loop:
|
|
- change-merged
|
|
- change-abandoned
|
|
- patchset-created
|
|
|
|
# TODO(mordred) These things should really go into the image instead.
|
|
- name: Copy static and etc
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ gerrit_site_dir }}/{{ item }}"
|
|
owner: "{{ gerrit_user_name }}"
|
|
group: "{{ gerrit_user_name }}"
|
|
mode: preserve
|
|
loop:
|
|
- static/cla.html
|
|
- static/robots.txt
|
|
- static/system-cla.html
|
|
- static/usg-cla.html
|
|
|
|
- name: Write manage-projects script
|
|
template:
|
|
src: "manage-projects.j2"
|
|
dest: "/usr/local/bin/manage-projects"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Write projects.ini
|
|
template:
|
|
src: projects.ini.j2
|
|
dest: /home/gerrit2/projects.ini
|
|
owner: gerrit2
|
|
group: gerrit2
|
|
mode: 0600
|
|
|
|
- name: Accept own own hostkey
|
|
known_hosts:
|
|
state: present
|
|
key: '{{ gerrit_self_hostkey }}'
|
|
name: '[{{ gerrit_vhost_name }}]:29418'
|
|
when: gerrit_self_hostkey is defined
|
|
|
|
- name: Install apache2
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- apache2-utils
|
|
state: present
|
|
|
|
- name: Apache modules
|
|
apache2_module:
|
|
state: present
|
|
name: "{{ item }}"
|
|
loop:
|
|
- rewrite
|
|
- proxy
|
|
- proxy_http
|
|
- ssl
|
|
- headers
|
|
|
|
- name: Copy apache config
|
|
template:
|
|
src: gerrit.vhost.j2
|
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: gerrit Reload apache2
|
|
|
|
- name: Copy redirect config
|
|
template:
|
|
src: redirect.vhost.j2
|
|
dest: "/etc/apache2/sites-enabled/010-{{ gerrit_redirect_vhost }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: gerrit_redirect_vhost is defined
|
|
notify: gerrit Reload apache2
|
|
|
|
- name: Start gerrit
|
|
include_tasks: start.yaml
|
|
|
|
- name: Setup reviewdb directory for mariadb
|
|
file:
|
|
state: directory
|
|
path: /home/gerrit2/reviewdb
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
|
|
- name: Set up root mariadb conf file
|
|
template:
|
|
src: root.my.cnf.mariadb_container.j2
|
|
dest: /root/.gerrit_db.cnf
|
|
mode: 0400
|
|
|
|
- name: Set up cron job to optmize git repos
|
|
cron:
|
|
name: optmize-git-repos
|
|
state: present
|
|
user: gerrit2
|
|
job: 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" gc \;'
|
|
minute: 17
|
|
hour: 4
|
|
|
|
# Gerrit rotates their own logs, but doesn't clean them out
|
|
# Delete logs older than a month
|
|
- name: Set up cron job to clean old gerrit logs
|
|
cron:
|
|
name: clear-gerrit-logs
|
|
state: present
|
|
user: gerrit2
|
|
job: 'find /home/gerrit2/review_site/logs/*.gz -mtime +30 -exec rm -f {} \;'
|
|
minute: 1
|
|
hour: 6
|
|
|
|
- name: Setup db backups
|
|
include_tasks: backup.yaml
|