Gitiles
Code Review Sign In
gerrit.cesnet.cz / ci / ansible-cesnet / 9c96ce2e88cc332e3938ed5f85862e4e41c3203d / . / roles / virt_runc_launcher / tasks / main.yaml
blob: 99fda49e72c8f6f4789e5fd41a289c6259493657 [file] [log] [blame]
Jan Kundráta4e50b62019-02-12 19:27:08 +0100[diff] [blame]1- name: container packages
2 package:
3 name: '{{ item }}'
4 state: present
5 loop:
6 - runc
7 - lsof
8 - htop
Jan Kundrátd4f10042019-02-13 17:27:54 +0100[diff] [blame]9 - python2-libselinux
10 - python3-libselinux
Jan Kundrát5fa477e2019-02-12 20:23:14 +0100[diff] [blame]11
12- name: container filesystems
13 file:
14 path: /containers
15 state: directory
16 mode: 0700
17
18- name: install Fedora 29 image
19 command:
20 args:
21 creates: /containers/f29
22 argv:
23 - dnf
24 - install
25 - -y
26 - --installroot=/containers/f29
27 - --releasever=29
28 - "--disablerepo='*'"
29 - --enablerepo=fedora
30 - --enablerepo=updates
31 - bash
32 - coreutils
33 - procps-ng
34 - systemd
Jan Kundrátd4f10042019-02-13 17:27:54 +0100[diff] [blame]35 - rsync
36 - python2-libselinux
37 - python3-libselinux
38 - python-unversioned-command
39 - openssh-server
Jan Kundrát5fa477e2019-02-12 20:23:14 +0100[diff] [blame]40 - cmake
41 - git
42 - gcc-c++
43 - make
44 - ninja-build
45 - tree
46 - protobuf-c-devel
47 - flex
48 - bison
49 - pcre-devel
50 - libev-devel
51 - libcmocka-devel
52 - libssh-devel
53 - openssl-devel
54 - systemd-devel
55 - gdb
56 - strace
57 - swig
58 - c-ares-devel
59 - autoconf
60 - automake
61 - libtool
62 - net-snmp-devel
63 - libasan
64 - clang
65 - clang-analyzer
Jan Kundrátd4f10042019-02-13 17:27:54 +0100[diff] [blame]66
67- name: create zuul-worker user
68 user:
69 name: ci
70 uid: 1000
71
72- name: allow nodepool to access root
73 authorized_key:
74 user: root
75 state: present
76 key: "{{ lookup('file', '../ansible-cesnet-secrets/nodepool/id_rsa.pub') }}"
77
78- name: allow zuul to access the CI user
79 authorized_key:
80 user: ci
81 state: present
82 # TODO: extract from $(ssh-keygen -y -f ../ansible-cesnet-secrets/zuul/id_rsa)
83 key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ayaYkyMixjdmb7Ym2lJVec5daGlyg5dXjpij9jCdAQwP8uUUVKLegrI5NUh/Gg4g4Yf5cqh6sRnX9xl0L0lvSAYXsYdbwOiBtCHPyIsD/uyRTZ/MO9+FwvrfId3uswNgOXTqiQgHLaA9W4dNoMBEZtXsp7/McWN2GltZ+GvyHUPNHgmY7NTSQMgCa24o72glM0JkD4RMy2FGyqiZXKjD4BHUlLuKXchK3xfdGFC9NefCwBP98908ZQ2giZfTmu7VkR3o2CpmCNNtcnFqFhKutICfufy3D+23MasnGM6Vv+mldJsTWQCX8fCvjzc1g+Xif/r39CUXo3J+wRg4CVKf'
84
85- name: Container SSH host keys
86 command: chroot /containers/f29 /usr/libexec/openssh/sshd-keygen '{{ item }}'
87 args:
88 creates: '/containers/f29/etc/ssh/ssh_host_{{ item }}_key'
89 loop:
90 - ed25519
91
92- name: CI user in the f29 container
93 command: chroot /containers/f29 useradd -m ci -u 1000
94 args:
95 creates: /containers/f29/home/ci
96
97- name: SSH dir for the CI user in the f29 container
98 file:
99 path: /containers/f29/home/ci/.ssh/
100 state: directory
101 owner: ci
102 mode: 0700
103
104- name: allow zuul to access the CI user within the f29 container
105 copy:
106 remote_src: yes
107 src: /home/ci/.ssh/authorized_keys
108 dest: /containers/f29/home/ci/.ssh/authorized_keys
109 owner: ci
110 mode: 0600