summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2014-06-18 10:16:41 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2014-07-14 15:02:10 +0000
commite6bf7b4b32d477352cf45b4b0abb6993d524f78a (patch)
tree1a640eb2acd18e903e85923bab3fcd7d3e40392e
parent49ddac4e61b6dca7e4b794cf639b0a1b3d86db00 (diff)
downloadtrove-setup-e6bf7b4b32d477352cf45b4b0abb6993d524f78a.tar.gz
Add Ansible scripts
-rw-r--r--ansible/hosts1
-rw-r--r--ansible/roles/trove-setup/tasks/backups.yml16
-rw-r--r--ansible/roles/trove-setup/tasks/cache-setup.yml19
-rw-r--r--ansible/roles/trove-setup/tasks/check.yml73
-rw-r--r--ansible/roles/trove-setup/tasks/git.yml8
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-admin-setup.yml39
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-mason-setup.yml16
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-setup.yml45
-rw-r--r--ansible/roles/trove-setup/tasks/gitano-worker-setup.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/hostname.yml26
-rw-r--r--ansible/roles/trove-setup/tasks/known-hosts-setup.yml7
-rw-r--r--ansible/roles/trove-setup/tasks/lighttpd.yml42
-rw-r--r--ansible/roles/trove-setup/tasks/lorry-controller-setup.yml92
-rw-r--r--ansible/roles/trove-setup/tasks/lorry-setup.yml20
-rw-r--r--ansible/roles/trove-setup/tasks/main.yml18
-rw-r--r--ansible/roles/trove-setup/tasks/minions.yml20
-rw-r--r--ansible/roles/trove-setup/tasks/releases.yml30
-rw-r--r--ansible/roles/trove-setup/tasks/site-groups.yml88
-rw-r--r--ansible/roles/trove-setup/tasks/users.yml38
-rw-r--r--ansible/trove-setup.yml6
21 files changed, 640 insertions, 0 deletions
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000..5b97818
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1 @@
+localhost ansible_connection=local
diff --git a/ansible/roles/trove-setup/tasks/backups.yml b/ansible/roles/trove-setup/tasks/backups.yml
new file mode 100644
index 0000000..65a1466
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/backups.yml
@@ -0,0 +1,16 @@
+# Depends on:
+# - check.yml
+---
+- name: Create the backups user if TROVE_BACKUP_KEYS is defined
+ user: name=backup comment="Backup user" shell=/bin/sh home=/root/backup-user-home group=root uid=0 non_unique=yes
+ when: TROVE_BACKUP_KEYS is defined
+
+- name: Creates the .ssh directory to the backups user if TROVE_BACKUP_KEYS is defined
+ file: path=/root/backup-user-home/.ssh state=directory
+ when: TROVE_BACKUP_KEYS is defined
+
+- name: Copy the TROVE_BACKUP_KEYS if defined to authorized_keys of the backup user
+ shell: |
+ cat {{ TROVE_BACKUP_KEYS }} >> /root/backup-user-home/.ssh/authorized_keys
+ creates=/root/backup-user-home/.ssh/authorized_keys
+ when: TROVE_BACKUP_KEYS is defined
diff --git a/ansible/roles/trove-setup/tasks/cache-setup.yml b/ansible/roles/trove-setup/tasks/cache-setup.yml
new file mode 100644
index 0000000..162dacc
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/cache-setup.yml
@@ -0,0 +1,19 @@
+# Depends on:
+# - users.yml
+---
+- name: Create artifacts and ccache folder for the cache user
+ file: path=/home/cache/{{ item }} state=directory owner=cache group=cache
+ with_items:
+ - artifacts
+ - ccache
+- name: Create /etc/exports.d folder
+ file: path=/etc/exports.d state=directory
+- name: Create /etc/exports.d/cache.exports
+ shell: |
+ echo '/home/cache/ccache *(rw,all_squash,no_subtree_check,anonuid=1002,anongid=1002)' > /etc/exports.d/cache.exports
+ creates=/etc/exports.d/cache.exports
+ register: cache_exports
+
+- name: Update nfs exports
+ shell: exportfs -av
+ when: cache_exports|changed
diff --git a/ansible/roles/trove-setup/tasks/check.yml b/ansible/roles/trove-setup/tasks/check.yml
new file mode 100644
index 0000000..d873030
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/check.yml
@@ -0,0 +1,73 @@
+---
+- fail: msg='TROVE_ID is mandatory'
+ when: TROVE_ID is not defined
+
+- fail: msg='TROVE_COMPANY is mandatory'
+ when: TROVE_COMPANY is not defined
+
+- fail: msg='TROVE_ADMIN_USER is mandatory'
+ when: TROVE_ADMIN_USER is not defined
+
+- fail: msg='TROVE_ADMIN_EMAIL is mandatory'
+ when: TROVE_ADMIN_EMAIL is not defined
+
+- fail: msg='TROVE_ADMIN_NAME is mandatory'
+ when: TROVE_ADMIN_NAME is not defined
+
+- fail: msg='LORRY_SSH_KEY is mandatory'
+ when: LORRY_SSH_KEY is not defined
+
+- fail: msg='LORRY_SSH_PUBKEY is mandatory'
+ when: LORRY_SSH_PUBKEY is not defined
+
+- fail: msg='TROVE_ADMIN_SSH_PUBKEY is mandatory'
+ when: TROVE_ADMIN_SSH_PUBKEY is not defined
+
+- fail: msg='WORKER_SSH_PUBKEY is mandatory'
+ when: WORKER_SSH_PUBKEY is not defined
+
+- fail: msg='UPSTREAM_TROVE is mandatory'
+ when: UPSTREAM_TROVE is not defined
+
+- set_fact: TROVE_HOSTNAME={{ TROVE_ID }}
+ when: TROVE_HOSTNAME is not defined
+
+- set_fact: LORRY_CONTROLLER_MINIONS=4
+ when: LORRY_CONTROLLER_MINIONS is not defined
+
+- set_fact: MASON_ID=''
+ when: MASON_ID is not defined
+
+- set_fact: MASON_PORT='18755'
+ when: MASON_PORT is not defined
+
+- name: Calculate ESC_PREFIX
+ shell: echo -n {{ TROVE_ID|quote }} | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g'
+ register: var_esc_prefix
+ changed_when: False
+
+- set_fact: ESC_PREFIX={{ var_esc_prefix.stdout }}
+
+- set_fact: ESC_PERSONAL_PREFIX='people'
+
+- set_fact: PEOPLE_COMMENT='#'
+
+- name: Check if the ssh keys are valid
+ shell: ssh-keygen -l -f {{ item }}
+ with_items:
+ - '{{ TROVE_ADMIN_SSH_PUBKEY }}'
+ - '{{ LORRY_SSH_PUBKEY }}'
+ - '{{ WORKER_SSH_PUBKEY }}'
+ changed_when: False
+
+- name: Check if the ssh keys are unique
+ shell: |
+ cat {{ TROVE_ADMIN_SSH_PUBKEY|quote}} \
+ {{ LORRY_SSH_PUBKEY|quote }} \
+ {{ WORKER_SSH_PUBKEY|quote }} \
+ | cut -d ' ' -f 1,2 | sort -u | wc -l
+ changed_when: False
+ register: number_ssh_keys
+
+- fail: msg="The ssh keys MUST be different"
+ when: number_ssh_keys.stdout != '3'
diff --git a/ansible/roles/trove-setup/tasks/git.yml b/ansible/roles/trove-setup/tasks/git.yml
new file mode 100644
index 0000000..2e6b1fa
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/git.yml
@@ -0,0 +1,8 @@
+# Depends on:
+# - users.yml
+---
+- name: Configure Git user.name and usr.email
+ shell: |
+ su git -c 'git config --global user.name "Trove Git Controller"'
+ su git -c 'git config --global user.email "git@trove"'
+ creates=/home/git/.gitconfig
diff --git a/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml
new file mode 100644
index 0000000..c4c3eb2
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-admin-setup.yml
@@ -0,0 +1,39 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if the admin user is configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost user' | grep '^'{{ TROVE_ADMIN_USER|regex_replace('(\\W)', '\\\\\\1')|quote}}':'
+ register: gitano_admin_user
+ changed_when: False
+ ignore_errors: True
+# If the admin user doesn't exist
+- name: Create the admin user
+ shell: su git -c 'ssh git@localhost user add '{{ TROVE_ADMIN_USER|quote|quote|quote}}' '{{ TROVE_ADMIN_EMAIL|quote|quote|quote }}' '{{ TROVE_ADMIN_NAME|quote|quote|quote }}
+ when: gitano_admin_user|failed
+
+- name: Check if admin user is in trove-admin group in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' whoami' | grep 'trove-admin. Trove-local administration'
+ register: gitano_admin_group
+ changed_when: False
+ ignore_errors: True
+# If the admin user is not in the trove-admin group
+- name: Add the admin user to the trove-admin group in gitano
+ shell: su git -c 'ssh git@localhost group adduser trove-admin '{{ TROVE_ADMIN_USER|quote|quote|quote }}
+ when: gitano_admin_group|failed
+
+- name: Check if admin user has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote }}' sshkey' 2>&1 | grep WARNING
+ register: gitano_admin_key
+ changed_when: False
+ ignore_errors: True
+# If admin user doesn't have an sshkey configured
+- name: Create /home/git/keys/ to store sshkeys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_admin_key|success
+- name: Copy the TROVE_ADMIN_SSH_PUBKEY to /home/git/keys/admin.key.pub
+ copy: src={{ TROVE_ADMIN_SSH_PUBKEY }} dest=/home/git/keys/admin.key.pub mode=0644
+ when: gitano_admin_key|success
+
+- name: Add /home/git/keys/admin.key.pub ssh key to the admin user in gitano.
+ shell: su git -c 'ssh git@localhost as '{{ TROVE_ADMIN_USER|quote|quote|quote}}' sshkey add default < /home/git/keys/admin.key.pub'
+ when: gitano_admin_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml
new file mode 100644
index 0000000..d52927a
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-lorry-setup.yml
@@ -0,0 +1,18 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if lorry has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as lorry sshkey' 2>&1 | grep WARNING
+ register: gitano_lorry_key
+ changed_when: False
+ ignore_errors: True
+# If lorry user doesn't have an sshkey configured
+- name: Create /home/git/keys folder to store ssh keys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_lorry_key|success
+- name: Copy LORRY_SSH_PUBKEY to /home/git/keys/lorry.key.pub
+ copy: src={{ LORRY_SSH_PUBKEY }} dest=/home/git/keys/lorry.key.pub mode=0644
+ when: gitano_lorry_key|success
+- name: Add to the gitano lorry user the /home/git/keys/lorry.key.pub
+ shell: su git -c 'ssh git@localhost as lorry sshkey add trove < /home/git/keys/lorry.key.pub'
+ when: gitano_lorry_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml
new file mode 100644
index 0000000..8439078
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-mason-setup.yml
@@ -0,0 +1,16 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if mason has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as mason sshkey' 2>&1 | grep WARNING
+ register: gitano_mason_key
+ changed_when: False
+ ignore_errors: True
+
+# If distbuild user doesn't have an sshkey configured
+- file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_mason_key|success
+- copy: src={{ MASON_SSH_PUBKEY }} dest=/home/git/keys/mason.key.pub mode=0644
+ when: gitano_mason_key|success
+- shell: su git -c 'ssh git@localhost as mason sshkey add trove < /home/git/keys/mason.key.pub'
+ when: gitano_mason_key|success
diff --git a/ansible/roles/trove-setup/tasks/gitano-setup.yml b/ansible/roles/trove-setup/tasks/gitano-setup.yml
new file mode 100644
index 0000000..0fd3ba5
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-setup.yml
@@ -0,0 +1,45 @@
+# Depends on:
+# - git.yml
+---
+# Before configuring Gitano, it's necessary to modify the placeholders
+# of the skeleton template of Gitano with the values of /etc/trove/trove.conf.
+# Ansible does not provide an efficient way to do this. Its template module
+# is not able to run recursively over directories, and is not able to create
+# the directories needed.
+#
+# The solution implemented consists in create the directories first and then
+# using the template module in all the files. This could be possible to
+# implement using the 'with_lines' option combinated with the 'find' command.
+#
+# Create the directories
+- name: Create the directories needed for the Gitano skeleton.
+ file: path=/etc/{{ item }} state=directory
+ with_lines:
+ - (cd /usr/share/trove-setup && find gitano -type d)
+# Copy all the files to the right place and fill the templates whenever possible
+- name: Create the Gitano skeleton using the templates
+ template: src=/usr/share/trove-setup/{{ item }} dest=/etc/{{ item }}
+ with_lines:
+ - (cd /usr/share/trove-setup && find gitano -type f)
+
+# Configure gitano
+- name: Configure Gitano with /etc/gitano-setup.clod
+ shell: |
+ su git -c 'gitano-setup /etc/gitano-setup.clod'
+ creates=/home/git/repos/gitano-admin.git
+
+- name: Unlock the password of the git user (This task can fail)
+ shell: busybox passwd -u git
+ register: passwd_result
+ changed_when: passwd_result|success
+ ignore_errors: True
+
+# Now that /home/git/repos exists, we can enable the git-daemon service
+- name: Enable the git-daemon.service
+ service: name=git-daemon.service enabled=yes
+ register: git_daemon_service
+
+# Now we can start the service without rebooting the system
+- name: Restart git-daemon.service
+ service: name=git-daemon state=restarted
+ when: git_daemon_service|changed
diff --git a/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml
new file mode 100644
index 0000000..e0510e4
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/gitano-worker-setup.yml
@@ -0,0 +1,18 @@
+# Depends on:
+# - gitano-setup.yml
+---
+- name: Check if worker has a sshkey configured in gitano (This task can fail)
+ shell: su git -c 'ssh git@localhost as distbuild sshkey' 2>&1 | grep WARNING
+ register: gitano_worker_key
+ changed_when: False
+ ignore_errors: True
+# If distbuild user doesn't have an sshkey configured
+- name: Create /home/git/keys/ to store ssh keys
+ file: path=/home/git/keys state=directory owner=git group=git
+ when: gitano_worker_key|success
+- name: Copy WORKER_SSH_PUBKEY to /home/git/keys/worker.key.pub
+ copy: src={{ WORKER_SSH_PUBKEY }} dest=/home/git/keys/worker.key.pub mode=0644
+ when: gitano_worker_key|success
+- name: Add /home/git/keys/worker.key.pub to the distbuild user in Gitano
+ shell: su git -c 'ssh git@localhost as distbuild sshkey add trove < /home/git/keys/worker.key.pub'
+ when: gitano_worker_key|success
diff --git a/ansible/roles/trove-setup/tasks/hostname.yml b/ansible/roles/trove-setup/tasks/hostname.yml
new file mode 100644
index 0000000..f4a11e2
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/hostname.yml
@@ -0,0 +1,26 @@
+# Depends on:
+# - check.yml
+---
+- name: Check the /etc/hostname and compare it with HOSTNAME (This task can fail)
+ shell: su -c '[ "$(cat /etc/hostname)" == '{{ HOSTNAME|quote|quote }}' ]'
+ register: hostname_file
+ ignore_errors: True
+ changed_when: False
+ when: HOSTNAME is defined
+
+# If /etc/hostname doesn't match with HOSTNAME
+- name: Rewrite /etc/hostname with HOSTNAME
+ shell: echo {{ HOSTNAME|quote }} > /etc/hostname
+ when: hostname_file|failed
+
+- name: Check the actual hostname with `hostname` and compare it with HOSTNAME (This task can fail)
+ shell: sh -c '[ "$(hostname)" == '{{ HOSTNAME|quote|quote }}' ]'
+ register: actual_hostname
+ ignore_errors: True
+ changed_when: False
+ when: HOSTNAME is defined
+
+# If `hostname` doesn't match with HOSTNAME
+- name: Change the hostname to HOSTNAME
+ shell: hostname {{ HOSTNAME|quote }}
+ when: actual_hostname|failed
diff --git a/ansible/roles/trove-setup/tasks/known-hosts-setup.yml b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml
new file mode 100644
index 0000000..6e988e0
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/known-hosts-setup.yml
@@ -0,0 +1,7 @@
+# Depends on:
+# - check.yml
+---
+- name: Add localhost and UPSTREAM_TROVE to /etc/ssh/ssh_known_hosts
+ shell: |
+ ssh-keyscan localhost {{ UPSTREAM_TROVE|quote }} > /etc/ssh/ssh_known_hosts
+ creates=/etc/ssh/ssh_known_hosts
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml
new file mode 100644
index 0000000..7a530e7
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lighttpd.yml
@@ -0,0 +1,42 @@
+---
+- name: Create /etc/lighttpd/certs directory
+ file: path=/etc/lighttpd/certs state=directory
+- name: Create certificates for lighttpd in /etc/lighttpd/certs/lighttpd.pem
+ shell: |
+ yes '' | openssl req -new -x509 \
+ -keyout /etc/lighttpd/certs/lighttpd.pem \
+ -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
+ creates=/etc/lighttpd/certs/lighttpd.pem
+ register: lighttpd_certs
+- name: Create /var/run/lighttpd for cache user
+ file: path=/var/run/lighttpd state=directory owner=cache group=cache
+ register: lighttpd_folder
+
+# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can
+# enable the lighttpd-git service
+- name: Enable lighttpd-git service
+ service: name=lighttpd-git.service enabled=yes
+ register: lighttpd_git_service
+
+# Now we can start the service without rebooting the system
+- name: Restart the lighttpd-git service
+ service: name=lighttpd-git state=restarted
+ when: lighttpd_git_service|changed
+
+# Once the service lighttpd-git is running it's possible to do the same
+# with the following services:
+# - lighttpd-morph-cache
+# - lighttpd-lorry-controller-webapp
+- name: Enable lighttpd-morph-cache service
+ service: name=lighttpd-morph-cache.service enabled=yes
+ register: lighttpd_morph_cache_service
+- name: Restart the lighttpd-morph-cache service
+ service: name=lighttpd-morph-cache state=restarted
+ when: lighttpd_morph_cache_service|changed
+
+- name: Enable the lighttpd-lorry-controller-webapp service
+ service: name=lighttpd-lorry-controller-webapp.service enabled=yes
+ register: lighttpd_lorry_controller_webapp_service
+- name: Restart the lighttpd-lorry-controller-webapp service
+ service: name=lighttpd-lorry-controller-webapp state=restarted
+ when: lighttpd_lorry_controller_webapp_service|changed
diff --git a/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml
new file mode 100644
index 0000000..06fab96
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lorry-controller-setup.yml
@@ -0,0 +1,92 @@
+# Depends on:
+# - gitano-setup.yml
+# - lighttpd.yml
+---
+- name: Create the TROVE_ID/local-config/lorries repository
+ shell: |
+ su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/local-config/lorries'
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git
+- name: Create a temporary folder to copy templates
+ shell: su git -c 'mktemp -d'
+ register: lorry_controller_templates
+
+- name: Create the configuration files of lorry-controller using templates
+ template: src=/usr/share/trove-setup/{{ item }} dest={{ lorry_controller_templates.stdout }}/{{ item }} owner=git group=git mode=0644
+ with_items:
+ - lorry-controller.conf
+ - README.lorry-controller
+- name: Create a temporary folder to copy the lorry-controller repository
+ shell: su git -c 'mktemp -d'
+ register: lorry_controller_repository
+
+- name: Configure the lorry-controller
+ shell: |
+ su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/local-config/lorries.git '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries'
+ su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/lorry-controller.conf '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/lorry-controller.conf'
+ su git -c 'cp '{{ lorry_controller_templates.stdout|quote|quote }}'/README.lorry-controller '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/README'
+ su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries'
+ su git -c 'cp /usr/share/trove-setup/open-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/open-source-lorries/README'
+ su git -c 'mkdir '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries'
+ su git -c 'cp /usr/share/trove-setup/closed-source-lorries/README '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries/closed-source-lorries/README'
+ su git -c 'cd '{{ lorry_controller_repository.stdout|quote|quote }}'/lorries; git add README lorry-controller.conf open-source-lorries/README closed-source-lorries/README; git commit -m "Initial configuration"; git push origin master'
+ su git -c 'rm -rf '{{ lorry_controller_repository.stdout|quote|quote }}
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/local-config/lorries.git/refs/heads/master
+
+# Migration: Remove the old lorry-controller cronjob if exists
+- name: Look for lorry-controller old cronjob (This task can fail)
+ shell: su lorry -c 'crontab -l | grep -e "-c lorry-controller"'
+ register: lorry_controller_cronjob
+ changed_when: False
+ ignore_errors: True
+
+- name: Remove the old lorry-controller cronjob
+ shell: su lorry -c '/usr/libexec/remove-lorry-controller-from-lorry-crontab'
+ when: lorry_controller_cronjob|success
+
+
+# Now that the lorry-controller is configured we can enable the following
+# services and timers, and also start them
+# - lorry-controller-status
+# - lorry-controller-readconf
+# - lorry-controller-ls-troves
+- name: Enable lorry-controller-status service
+ service: name=lorry-controller-status.service enabled=yes
+ register: lorry_controller_status_service
+- name: Start lorry-controller-status service
+ service: name=lorry-controller-status.service state=restarted
+ when: lorry_controller_status_service|changed
+
+- name: Enable lorry-controller-readconf service
+ service: name=lorry-controller-readconf.service enabled=yes
+ register: lorry_controller_readconf_service
+- name: Start lorry-controller-readconf service
+ service: name=lorry-controller-readconf.service state=restarted
+ when: lorry_controller_readconf_service|changed
+
+- name: Enable lorry-controller-ls-troves service
+ service: name=lorry-controller-ls-troves.service enabled=yes
+ register: lorry_controller_ls_troves_service
+- name: Start lorry-controller-ls-troves service
+ service: name=lorry-controller-ls-troves.service state=restarted
+ when: lorry_controller_ls_troves_service|changed
+
+- name: Enable lorry-controller-status timer
+ service: name=lorry-controller-status.timer enabled=yes
+ register: lorry_controller_status_timer
+- name: Start lorry-controller-status timer
+ service: name=lorry-controller-status.timer state=restarted
+ when: lorry_controller_status_timer|changed
+
+- name: Enable lorry-controller-readconf timer
+ service: name=lorry-controller-readconf.timer enabled=yes
+ register: lorry_controller_readconf_timer
+- name: Start lorry-controller-readconf timer
+ service: name=lorry-controller-readconf.timer state=restarted
+ when: lorry_controller_readconf_timer|changed
+
+- name: Enable lorry-controller-ls-troves timer
+ service: name=lorry-controller-ls-troves.timer enabled=yes
+ register: lorry_controller_ls_troves_timer
+- name: Start lorry-controller-ls-troves timer
+ service: name=lorry-controller-ls-troves.timer state=restarted
+ when: lorry_controller_ls_troves_timer|changed
diff --git a/ansible/roles/trove-setup/tasks/lorry-setup.yml b/ansible/roles/trove-setup/tasks/lorry-setup.yml
new file mode 100644
index 0000000..c50b49d
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/lorry-setup.yml
@@ -0,0 +1,20 @@
+# Depends on:
+# - users.yml
+---
+- name: Create bundles and tarballs folder for the lorry user
+ file: path=/home/lorry/{{ item }} state=directory owner=lorry group=lorry
+ with_items:
+ - bundles
+ - tarballs
+# Following the same strategy as explained in gitano-setup.yml, use
+# templates recursively over directories.
+# Create the directories needed to copy the files
+- name: Create directories needed in /etc for the lorry configuration
+ file: path=/etc/{{ item }} state=directory
+ with_lines:
+ - (cd /usr/share/trove-setup/etc && find -type d)
+# Copy all the files to the right place and fill the templates whenever possible
+- name: Add the configuration needed for lorry in /etc using templates
+ template: src=/usr/share/trove-setup/etc/{{ item }} dest=/etc/{{ item }}
+ with_lines:
+ - (cd /usr/share/trove-setup/etc && find -type f)
diff --git a/ansible/roles/trove-setup/tasks/main.yml b/ansible/roles/trove-setup/tasks/main.yml
new file mode 100644
index 0000000..35fd807
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- include: check.yml
+- include: hostname.yml
+- include: known-hosts-setup.yml
+- include: users.yml
+- include: cache-setup.yml
+- include: lighttpd.yml
+- include: lorry-setup.yml
+- include: git.yml
+- include: gitano-setup.yml
+- include: lorry-controller-setup.yml
+- include: minions.yml
+- include: site-groups.yml
+- include: releases.yml
+- include: gitano-worker-setup.yml
+- include: gitano-lorry-setup.yml
+- include: gitano-admin-setup.yml
+- include: backups.yml
diff --git a/ansible/roles/trove-setup/tasks/minions.yml b/ansible/roles/trove-setup/tasks/minions.yml
new file mode 100644
index 0000000..a5b3d8d
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/minions.yml
@@ -0,0 +1,20 @@
+# Depends on:
+# - lorry-controller-setup.yml
+---
+# This is a workaround because the service module and the current
+# systemd version doesn't work well enough with template units.
+#
+# It ALWAYS runs `systemctl enable` for all the minions to be
+# created, but it only reports that the status of the task has changed
+# when in the stderr output is the string "ln -s" (which means the
+# unit has been enabled).
+- name: Enable as many MINIONS as specified in LORRY_CONTROLLER_MINIONS
+ shell: systemctl enable lorry-controller-minion@{{ item }}.service
+ with_sequence: count={{ LORRY_CONTROLLER_MINIONS }}
+ changed_when: "'ln -s' in minions_creation.stderr"
+ register: minions_creation
+
+- name: Start the all the MINIONS created (if any)
+ service: name=lorry-controller-minion@{{ item.item }} state=restarted
+ with_items: minions_creation.results
+ when: item|changed
diff --git a/ansible/roles/trove-setup/tasks/releases.yml b/ansible/roles/trove-setup/tasks/releases.yml
new file mode 100644
index 0000000..bcb031e
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/releases.yml
@@ -0,0 +1,30 @@
+# Depends on:
+# - site-groups.yml
+---
+- name: Create the releases repository
+ shell: |
+ su git -c 'ssh localhost create '{{ TROVE_ID|quote|quote|quote }}'/site/releases'
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git
+
+- name: Create temporary folder to copy templates
+ shell: su git -c 'mktemp -d'
+ register: releases_templates
+- name: Create the files needed for the releases repository
+ template: src=/usr/share/trove-setup/releases-repo-README dest={{ releases_templates.stdout }}/releases-repo-README owner=git group=git mode=0644
+
+- name: Create temporary folder to clone the releases repository
+ shell: su git -c 'mktemp -d'
+ register: releases_repository
+- name: Configure the releases repository
+ shell: |
+ su git -c 'git clone ssh://localhost/'{{ TROVE_ID|quote|quote }}'/site/releases.git '{{ releases_repository.stdout|quote|quote }}'/releases'
+ su git -c 'cp '{{ releases_templates.stdout|quote|quote }}'/releases-repo-README '{{ releases_repository.stdout|quote|quote }}'/releases/README'
+ su git -c 'cd '{{ releases_repository.stdout|quote|quote }}'/releases; git add README; git commit -m "Add README"; git push origin master'
+ su -c "rm -Rf {{ releases_repository.stdout|quote|quote }}"
+ creates=/home/git/repos/{{ TROVE_ID|regex_replace('(\\W)', '\\\\\\1')}}/site/releases.git/refs/heads/master
+
+- name: Link the releases repository to enable the access throught browser
+ file: |
+ src=/home/git/repos/{{ TROVE_ID }}/site/releases.git/rsync
+ dest=/var/www/htdocs/releases state=link
+ force=yes
diff --git a/ansible/roles/trove-setup/tasks/site-groups.yml b/ansible/roles/trove-setup/tasks/site-groups.yml
new file mode 100644
index 0000000..e4aff14
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/site-groups.yml
@@ -0,0 +1,88 @@
+# Depends on:
+# - gitano-setup.yml
+---
+# First of all check if the site groups are created.
+- name: Check for site groups (This task can fail)
+ shell: su git -c 'ssh git@localhost group list' | grep '^'{{ item.name|quote }}':'
+ changed_when: False
+ ignore_errors: True
+ with_items:
+ - { name: 'site-readers', description: 'Users with read access to the site project' }
+ - { name: 'site-writers', description: 'Users with write access to the site project' }
+ - { name: 'site-admins', description: 'Users with admin access to the site project' }
+ - { name: 'site-managers', description: 'Users with manager access to the site project' }
+ register: gitano_groups
+# Iterate over the results of the previous check, and create the sites needed.
+# In this task we are using the list of results of the previous task
+# - item is the result of the execution of one of the elements of
+# the list of the previous task.
+# - item.item is the item of the previous task being executed when
+# the result (stored in item) was taken.
+#
+# For example, the task: (From http://docs.ansible.com/playbooks_loops.html#using-register-with-a-loop)
+#
+# - shell: echo "{{ item }}"
+# with_items:
+# - one
+# - two
+# register: echo
+#
+# Would register in the variable "echo":
+#
+# {
+# "changed": true,
+# "msg": "All items completed",
+# "results": [
+# {
+# "changed": true,
+# "cmd": "echo \"one\" ",
+# "delta": "0:00:00.003110",
+# "end": "2013-12-19 12:00:05.187153",
+# "invocation": {
+# "module_args": "echo \"one\"",
+# "module_name": "shell"
+# },
+# "item": "one",
+# "rc": 0,
+# "start": "2013-12-19 12:00:05.184043",
+# "stderr": "",
+# "stdout": "one"
+# },
+# {
+# "changed": true,
+# "cmd": "echo \"two\" ",
+# "delta": "0:00:00.002920",
+# "end": "2013-12-19 12:00:05.245502",
+# "invocation": {
+# "module_args": "echo \"two\"",
+# "module_name": "shell"
+# },
+# "item": "two",
+# "rc": 0,
+# "start": "2013-12-19 12:00:05.242582",
+# "stderr": "",
+# "stdout": "two"
+# }
+# ]
+# }
+
+- name: Create the site groups needed.
+ shell: su git -c 'ssh git@localhost group add '{{ item.item.name|quote|quote|quote }}' '{{ item.item.description|quote|quote|quote }}
+ when: item|failed
+ with_items: gitano_groups.results
+
+# When the groups are created, check if they are linked.
+- name: Check for linked groups (This task can fail)
+ shell: su git -c 'ssh git@localhost group show '{{ item.name|quote|quote|quote }} | grep '^ \[] '{{ item.super_group|quote }}
+ changed_when: False
+ ignore_errors: True
+ with_items:
+ - { name: 'site-readers', super_group: 'site-writers' }
+ - { name: 'site-writers', super_group: 'site-admins' }
+ - { name: 'site-admins', super_group: 'site-managers' }
+ register: gitano_linked_groups
+
+# Link the groups that weren't linked following the same strategy as for the groups
+- shell: su git -c 'ssh git@localhost group addgroup '{{ item.item.name|quote|quote|quote }}' '{{ item.item.super_group|quote|quote|quote }}
+ when: item|failed
+ with_items: gitano_linked_groups.results
diff --git a/ansible/roles/trove-setup/tasks/users.yml b/ansible/roles/trove-setup/tasks/users.yml
new file mode 100644
index 0000000..c1ab866
--- /dev/null
+++ b/ansible/roles/trove-setup/tasks/users.yml
@@ -0,0 +1,38 @@
+# Depends on:
+# - check.yml
+---
+- name: Create the lorry user without generating sshkeys.
+ user: name=lorry comment="Trove lorry service" shell=/bin/bash
+- name: Create the /home/lorry/.ssh folder
+ file: path=/home/lorry/.ssh state=directory owner=lorry group=lorry mode=0700
+
+- name: Create users (git, cache, mason) and ssh keys for them.
+ user: name={{ item }} comment="Trove {{ item }} service" shell=/bin/bash generate_ssh_key=yes
+ with_items:
+ - git
+ - cache
+ - mason
+- name: Create known_hosts for all the users
+ shell: |
+ cat /etc/ssh/ssh_host_*_key.pub | cut -d\ -f1,2 | \
+ sed -e's/^/'{{ TROVE_HOSTNAME|regex_replace('(\\W)', '\\\\\\1')|quote }}',localhost /' > \
+ /home/{{ item }}/.ssh/known_hosts
+ chown {{ item }}:{{ item }} /home/{{ item }}/.ssh/known_hosts
+ chmod 600 /home/{{ item }}/.ssh/known_hosts
+ creates=/home/{{ item }}/.ssh/known_hosts
+ with_items:
+ - git
+ - cache
+ - mason
+ - lorry
+
+- name: Copy the lorry ssh private key
+ copy: |
+ src={{ LORRY_SSH_KEY }}
+ dest=/home/lorry/.ssh/id_rsa
+ owner=lorry group=lorry mode=600
+- name: Copy the lorry ssh public key
+ copy: |
+ src={{ LORRY_SSH_PUBKEY }}
+ dest=/home/lorry/.ssh/id_rsa.pub
+ owner=lorry group=lorry mode=644
diff --git a/ansible/trove-setup.yml b/ansible/trove-setup.yml
new file mode 100644
index 0000000..0ab7f0e
--- /dev/null
+++ b/ansible/trove-setup.yml
@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/trove/trove.conf"
+ roles:
+ - trove-setup