Gitiles
Code Review Sign In
gerrit.cesnet.cz / ci / ansible-cesnet / 1c2bb5874875ff8996f2d2d5c891061a9cd0a8f8^! / . / roles / zuul_server / tasks
commit1c2bb5874875ff8996f2d2d5c891061a9cd0a8f8[log] [tgz]
authorJan Kundrát <jan.kundrat@cesnet.cz>Thu Jan 10 19:30:43 2019 +0100
committerJan Kundrát <jan.kundrat@cesnet.cz>Thu Jan 10 19:30:43 2019 +0100
tree62c75cda9bb2161a9941cbf2a946500c626b4599
Install of Zuul & nodepool

Change-Id: Ieded9809c75b42a26793a0e62c363b4414e909cf

diff --git a/roles/zuul_server/tasks/main.yaml b/roles/zuul_server/tasks/main.yaml
new file mode 100644
index 0000000..4c5950a
--- /dev/null
+++ b/roles/zuul_server/tasks/main.yaml

@@ -0,0 +1,57 @@
+- name: Prepeare Python env
+  include_role:
+    name: el7_centos_python_env
+
+- name: Install Zuul
+  include_role:
+    name: openstack.zuul
+  vars:
+    zuul_install_method: git
+    zuul_git_version: 5fbc185236c6d66ab2e4c2a5fd53ea0202070273
+    zuul_pip_executable: /opt/rh/rh-python36/root/bin/pip
+    zuul_pip_extra_args: "--install-option='--install-scripts=/usr/local/bin'"
+    zuul_file_zuul_conf_src: files/zuul/zuul.conf
+
+- name: Provision Zuul SSH directory
+  file:
+    path: /var/lib/zuul/.ssh
+    state: directory
+    owner: zuul
+    group: zuul
+    mode: 0700
+
+- name: Provision Zuul SSH private key
+  copy:
+    src: ../ansible-cesnet-secrets/zuul/id_rsa
+    dest: /var/lib/zuul/.ssh/id_rsa
+    owner: zuul
+    group: zuul
+    mode: 0600
+
+- name: Gerrit's SSH server pubkey
+  file:
+    path: /var/lib/zuul/.ssh/known_hosts
+    state: touch
+    owner: zuul
+    group: zuul
+    mode: 0600
+
+- name: Gerrit's SSH server pubkey content
+  known_hosts:
+    path: /var/lib/zuul/.ssh/known_hosts
+    name: '[gerrit.cesnet.cz]:29418'
+    key: '[gerrit.cesnet.cz]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
+
+- name: Gerrit's SSH server pubkey content (IPv6 address)
+  known_hosts:
+    path: /var/lib/zuul/.ssh/known_hosts
+    name: '[2001:718:1:1f:50:56ff:feee:163]:29418'
+    key: '[2001:718:1:1f:50:56ff:feee:163]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCbNpJXucXZHmjFeAVQwc87AeUtyYDULfW/AVfkXbJ86JSzoMfV19GSfPf2v+lVVaEJKrHN4I4X2p2vuTiibFHHXRFuquxltQeAY1wMUthL+x67EfcvptPEslwR134HtNX+fJOrrBx2K2Qvj2/BT9JXQm62NbBBIpIrIyBiMUaCnw=='
+
+- name: fingergw firewall
+  firewalld:
+    zone: public
+    permanent: yes
+    state: enabled
+    port: 79/tcp
+    immediate: yes