opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/zuul/tasks/main.yaml
James E. Blair 09935ff328 Run Zuul as the zuuld user 
This avoids the conflict with the zuul user (1000) on the test
nodes.  The executor will continue to use the default username
of 'zuul' as the ansible_user in the inventory.

This change also touches the zk and nodepool deployment to use
variables for the usernames and uids to make changes like this
easier.  No changes are intended there.

Change-Id: Ib8cef6b7889b23ddc65a07bcba29c21a36e3dcb5
2020-05-20 13:17:28 -07:00

127 lines
2.8 KiB
YAML
Raw Blame History

- name: Create Zuul Group
group:
name: "{{ zuul_group }}"
gid: "{{ zuul_group_id }}"
system: yes
- name: Create Zuul User
user:
name: "{{ zuul_user }}"
group: "{{ zuul_group }}"
uid: "{{ zuul_user_id }}"
home: "/home/{{ zuul_user }}"
create_home: yes
shell: /bin/bash
system: yes
- name: Create Zuul Config dir
file:
state: directory
path: /etc/zuul
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
- name: Create Zuul SSL dir
file:
state: directory
path: /etc/zuul/ssl
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
- name: Write Gearman SSL CA
copy:
content: "{{ gearman_ssl_ca }}"
dest: /etc/zuul/ssl/gearman-ca.pem
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0644
- name: Write Gearman Client SSL Cert
copy:
content: "{{ gearman_client_ssl_cert }}"
dest: /etc/zuul/ssl/gearman-client.pem
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0644
- name: Write Gearman Client SSL Key
when: gearman_client_ssl_key is defined
copy:
content: "{{ gearman_client_ssl_key }}"
dest: /etc/zuul/ssl/gearman-client.key
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0640
- name: Write Gearman Server SSL Cert
when: gearman_server_ssl_cert is defined
copy:
content: "{{ gearman_server_ssl_cert }}"
dest: /etc/zuul/ssl/gearman-server.pem
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0644
- name: Write Gearman Server SSL Key
when: gearman_server_ssl_key is defined
copy:
content: "{{ gearman_server_ssl_key }}"
dest: /etc/zuul/ssl/gearman-server.key
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0640
- name: Write Zuul Conf File
template:
src: zuul.conf.j2
dest: /etc/zuul/zuul.conf
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0600
- name: Create Zuul directories
file:
state: directory
path: '{{ item }}'
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
loop:
- /var/log/zuul
- /var/run/zuul
- /var/lib/zuul
- /var/lib/zuul/ssh
- name: Write Zuul SSH Key
copy:
dest: /var/lib/zuul/ssh/id_rsa
content: '{{ zuul_ssh_private_key_contents }}'
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0400
- name: Create Zuul SSH directory
file:
state: directory
path: "~{{ zuul_user }}/.ssh"
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0700
- name: Write Known Hosts
copy:
dest: "~{{ zuul_user }}/.ssh/known_hosts"
content: '{{ zuul_known_hosts }}'
owner: "{{ zuul_user }}"
group: "{{ zuul_group }}"
mode: 0600
- name: Sync project-config
include_role:
name: sync-project-config
- name: Install docker-compose
package:
name:
- docker-compose
state: present
View Git Blame Copy Permalink