roles/virt_runc_launcher/tasks/main.yaml - ci/ansible-cesnet - Gitiles

 - name: container packages
   package:
     name: '{{ item }}'
     state: present
   loop:
     - runc
     - lsof
     - htop
     - python2-libselinux
     - python3-libselinux

 - name: container filesystems
   file:
     path: /containers
     state: directory
     mode: 0700

 - name: install Fedora 29 image
   command:
   args:
     creates: /containers/f29
     argv:
       - dnf
       - install
       - -y
       - --installroot=/containers/f29
       - --releasever=29
       - "--disablerepo='*'"
       - --enablerepo=fedora
       - --enablerepo=updates
       - bash
       - coreutils
       - procps-ng
       - systemd
       - rsync
       - python2-libselinux
       - python3-libselinux
       - python-unversioned-command
       - openssh-server
       - cmake
       - git
       - gcc-c++
       - make
       - ninja-build
       - tree
       - protobuf-c-devel
       - flex
       - bison
       - pcre-devel
       - libev-devel
       - libcmocka-devel
       - libssh-devel
       - openssl-devel
       - systemd-devel
       - gdb
       - strace
       - swig
       - c-ares-devel
       - autoconf
       - automake
       - libtool
       - net-snmp-devel
       - libasan
       - clang
       - clang-analyzer

 - name: create zuul-worker user
   user:
     name: ci
     uid: 1000

 - name: allow nodepool to access root
   authorized_key:
     user: root
     state: present
     key: "{{ lookup('file', '../ansible-cesnet-secrets/nodepool/id_rsa.pub') }}"

 - name: allow zuul to access the CI user
   authorized_key:
     user: ci
     state: present
     # TODO: extract from $(ssh-keygen -y -f ../ansible-cesnet-secrets/zuul/id_rsa)
     key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ayaYkyMixjdmb7Ym2lJVec5daGlyg5dXjpij9jCdAQwP8uUUVKLegrI5NUh/Gg4g4Yf5cqh6sRnX9xl0L0lvSAYXsYdbwOiBtCHPyIsD/uyRTZ/MO9+FwvrfId3uswNgOXTqiQgHLaA9W4dNoMBEZtXsp7/McWN2GltZ+GvyHUPNHgmY7NTSQMgCa24o72glM0JkD4RMy2FGyqiZXKjD4BHUlLuKXchK3xfdGFC9NefCwBP98908ZQ2giZfTmu7VkR3o2CpmCNNtcnFqFhKutICfufy3D+23MasnGM6Vv+mldJsTWQCX8fCvjzc1g+Xif/r39CUXo3J+wRg4CVKf'

 - name: Container SSH host keys
   command: chroot /containers/f29 /usr/libexec/openssh/sshd-keygen '{{ item }}'
   args:
     creates: '/containers/f29/etc/ssh/ssh_host_{{ item }}_key'
   loop:
     - ed25519

 - name: CI user in the f29 container
   command: chroot /containers/f29 useradd -m ci -u 1000
   args:
     creates: /containers/f29/home/ci

 - name: SSH dir for the CI user in the f29 container
   file:
     path: /containers/f29/home/ci/.ssh/
     state: directory
     owner: ci
     mode: 0700

 - name: allow zuul to access the CI user within the f29 container
   copy:
     remote_src: yes
     src: /home/ci/.ssh/authorized_keys
     dest: /containers/f29/home/ci/.ssh/authorized_keys
     owner: ci
     mode: 0600
	- name: container packages
	package:
	name: '{{ item }}'
	state: present
	loop:
	- runc
	- lsof
	- htop
	- python2-libselinux
	- python3-libselinux

	- name: container filesystems
	file:
	path: /containers
	state: directory
	mode: 0700

	- name: install Fedora 29 image
	command:
	args:
	creates: /containers/f29
	argv:
	- dnf
	- install
	- -y
	- --installroot=/containers/f29
	- --releasever=29
	- "--disablerepo='*'"
	- --enablerepo=fedora
	- --enablerepo=updates
	- bash
	- coreutils
	- procps-ng
	- systemd
	- rsync
	- python2-libselinux
	- python3-libselinux
	- python-unversioned-command
	- openssh-server
	- cmake
	- git
	- gcc-c++
	- make
	- ninja-build
	- tree
	- protobuf-c-devel
	- flex
	- bison
	- pcre-devel
	- libev-devel
	- libcmocka-devel
	- libssh-devel
	- openssl-devel
	- systemd-devel
	- gdb
	- strace
	- swig
	- c-ares-devel
	- autoconf
	- automake
	- libtool
	- net-snmp-devel
	- libasan
	- clang
	- clang-analyzer

	- name: create zuul-worker user
	user:
	name: ci
	uid: 1000

	- name: allow nodepool to access root
	authorized_key:
	user: root
	state: present
	key: "{{ lookup('file', '../ansible-cesnet-secrets/nodepool/id_rsa.pub') }}"

	- name: allow zuul to access the CI user
	authorized_key:
	user: ci
	state: present
	# TODO: extract from $(ssh-keygen -y -f ../ansible-cesnet-secrets/zuul/id_rsa)
	key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ayaYkyMixjdmb7Ym2lJVec5daGlyg5dXjpij9jCdAQwP8uUUVKLegrI5NUh/Gg4g4Yf5cqh6sRnX9xl0L0lvSAYXsYdbwOiBtCHPyIsD/uyRTZ/MO9+FwvrfId3uswNgOXTqiQgHLaA9W4dNoMBEZtXsp7/McWN2GltZ+GvyHUPNHgmY7NTSQMgCa24o72glM0JkD4RMy2FGyqiZXKjD4BHUlLuKXchK3xfdGFC9NefCwBP98908ZQ2giZfTmu7VkR3o2CpmCNNtcnFqFhKutICfufy3D+23MasnGM6Vv+mldJsTWQCX8fCvjzc1g+Xif/r39CUXo3J+wRg4CVKf'

	- name: Container SSH host keys
	command: chroot /containers/f29 /usr/libexec/openssh/sshd-keygen '{{ item }}'
	args:
	creates: '/containers/f29/etc/ssh/ssh_host_{{ item }}_key'
	loop:
	- ed25519

	- name: CI user in the f29 container
	command: chroot /containers/f29 useradd -m ci -u 1000
	args:
	creates: /containers/f29/home/ci

	- name: SSH dir for the CI user in the f29 container
	file:
	path: /containers/f29/home/ci/.ssh/
	state: directory
	owner: ci
	mode: 0700

	- name: allow zuul to access the CI user within the f29 container
	copy:
	remote_src: yes
	src: /home/ci/.ssh/authorized_keys
	dest: /containers/f29/home/ci/.ssh/authorized_keys
	owner: ci
	mode: 0600