ka
/
ansible-role-buildbot-worker
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

stateless secret management

master
Markus Katharina Brechtel 4 years ago
parent
2f4ae3fd70
commit
59217d0bab
4 changed files with 38 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      defaults/main.yaml
  2. +17
    -0
      tasks/local_facts.yaml
  3. +16
    -0
      tasks/main.yaml
  4. +4
    -0
      vars/main.yaml

+ 1
- 0
defaults/main.yaml View File

@@ -1,4 +1,5 @@
---
buildbot_worker_name: buildbot-worker
buildbot_worker_password: "{{ ansible_local[_local_facts_id].worker_password }}"
buildbot_worker_admin_info: ""
buildbot_worker_host_info: ""

+ 17
- 0
tasks/local_facts.yaml View File

@@ -0,0 +1,17 @@
---

- name: ansible local facts directory
file:
path: /etc/ansible/facts.d
state: directory

- name: set ansible local fact
copy:
content: "{{_local_facts|to_json}}"
dest: /etc/ansible/facts.d/{{_local_facts_id}}.fact
mode: 0600
register: _local_facts_set

- name: Gathering Facts
setup:
when: _local_facts_set.changed

+ 16
- 0
tasks/main.yaml View File

@@ -1,5 +1,7 @@
---

- import_tasks: local_facts.yaml

- name: pip3 packages for buildbot-worker
pip:
name:
@@ -49,6 +51,20 @@
creates: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker
notify: restart buildbot-worker service

- name: buildbot-worker name
lineinfile:
path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
regexp: '^workername *='
line: workername = '{{buildbot_worker_name}}'
notify: restart buildbot-worker service

- name: buildbot-worker password
lineinfile:
path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
regexp: '^passwd *='
line: passwd = '{{buildbot_worker_password}}'
notify: restart buildbot-worker service

- name: buildbot-worker host info
copy:
content: "{{buildbot_worker_host_info}}"


+ 4
- 0
vars/main.yaml View File

@@ -1,4 +1,8 @@
---
_local_facts_id: buildbot_worker_{{buildbot_worker_name}}
_local_facts:
worker_password: "{% if not ansible_local[_local_facts_id].worker_password is defined %}{{ lookup('password', '/dev/null length=16 chars=ascii_letters') }}{% else %}{{ ansible_local[_local_facts_id].worker_password }}{% endif %}"

buildbot_worker_user: "{{ buildbot_worker_name }}"
buildbot_worker_group: "{{ buildbot_worker_name }}"
buildbot_worker_home_directory: "/var/lib/buildbot-worker/{{ buildbot_worker_name }}"

Write Preview
Loading…
Cancel
Save