11516e0e4b
This renames zk-ca to opendev-ca and allows us to operate more than one ca on bridge. This way we can keep the CAs for ZooKeeper and Jaeger distinct (so that a compromise of the jaeger server could not be used to access the ZooKeeper cluster). This also starts a new jaeger-ca and uses it on the Jaeger server. Change-Id: I4e5bc4e3ccd78284ce785c971f7e6ad6e721f887
87 lines
1.8 KiB
YAML
87 lines
1.8 KiB
YAML
- name: Create Zuul Group
|
|
group:
|
|
name: "{{ zuul_group }}"
|
|
gid: "{{ zuul_group_id }}"
|
|
system: yes
|
|
|
|
- name: Create Zuul User
|
|
user:
|
|
name: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
uid: "{{ zuul_user_id }}"
|
|
home: "/home/{{ zuul_user }}"
|
|
create_home: yes
|
|
shell: /bin/bash
|
|
system: yes
|
|
|
|
- name: Create Zuul Config dir
|
|
file:
|
|
state: directory
|
|
path: /etc/zuul
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
|
|
- name: Generate ZooKeeper TLS cert
|
|
include_role:
|
|
name: opendev-ca
|
|
vars:
|
|
opendev_ca_name: zk
|
|
opendev_ca_cert_dir: /etc/zuul
|
|
opendev_ca_cert_dir_owner: "{{ zuul_user_id }}"
|
|
opendev_ca_cert_dir_group: "{{ zuul_group_id }}"
|
|
|
|
- name: Write Zuul Conf File
|
|
template:
|
|
src: zuul.conf.j2
|
|
dest: /etc/zuul/zuul.conf
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Create Zuul directories
|
|
file:
|
|
state: directory
|
|
path: '{{ item }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
loop:
|
|
- /var/log/zuul
|
|
- /var/run/zuul
|
|
- /var/lib/zuul
|
|
- /var/lib/zuul/ssh
|
|
- /var/lib/zuul/backup
|
|
|
|
- name: Write Zuul SSH Key
|
|
copy:
|
|
dest: /var/lib/zuul/ssh/id_rsa
|
|
content: '{{ zuul_ssh_private_key_contents }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0400
|
|
|
|
- name: Create Zuul SSH directory
|
|
file:
|
|
state: directory
|
|
path: "~{{ zuul_user }}/.ssh"
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0700
|
|
|
|
- name: Write Known Hosts
|
|
copy:
|
|
dest: "~{{ zuul_user }}/.ssh/known_hosts"
|
|
content: '{{ zuul_known_hosts }}'
|
|
owner: "{{ zuul_user }}"
|
|
group: "{{ zuul_group }}"
|
|
mode: 0600
|
|
|
|
- name: Sync project-config
|
|
include_role:
|
|
name: sync-project-config
|
|
|
|
- name: Install docker-compose
|
|
package:
|
|
name:
|
|
- docker-compose
|
|
state: present
|