diff --git a/defaults/main.yaml b/defaults/main.yaml index 42a992a..73a43cd 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -6,7 +6,7 @@ buildbot_db_pass: "{{ ansible_local.buildbot.database_password }}" buildbot_server_name: "{{ inventory_hostname }}" -buildbot_workers: "{ {% for name in _buildbot_worker_names %} \"{{name}}\": {\"password\":\"{{ansible_local['buildbot_worker_'+name].worker_password}}\"} {% endfor %} }" +buildbot_workers: {} buildbot_builders: {} buildbot_hello_world_example: true diff --git a/files/systemd/buildbot-worker@.service b/files/systemd/buildbot-worker@.service new file mode 100644 index 0000000..d460d87 --- /dev/null +++ b/files/systemd/buildbot-worker@.service @@ -0,0 +1,25 @@ +# This template file assumes the buildbot worker lives in a subdirectory od +# /var/lib/buildbot +# Usage: +# cd /var/lib/buildbot +# buildbot-worker create-worker [directory] [master hostname] [name] [password] +# systemctl enable --now buildbot-worker@[directory].service +[Unit] +Description=Buildbot Worker +After=network.target + +[Service] +User=%i +Group=%i +WorkingDirectory=/var/lib/buildbot-worker/%i +ExecStart=/usr/local/bin/buildbot-worker start --nodaemon worker +# if using EC2 Latent worker, you want to uncomment following line, and comment out the Restart line +# ExecStopPost=shutdown now +Restart=always +ProtectSystem=full +ProtectHome=yes +PrivateDevices=yes +PrivateTmp=yes + +[Install] +WantedBy=multi-user.target diff --git a/handlers/main.yaml b/handlers/main.yaml index 1768188..d23926e 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -8,3 +8,8 @@ systemd: state: restarted name: buildbot@master.service + +- name: restart buildbot-worker service + systemd: + state: restarted + name: buildbot-worker@{{_restart_buildbot_worker_name}}.service diff --git a/tasks/main.yaml b/tasks/main.yaml index bf0f713..9ffe749 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,29 +1,7 @@ --- - - import_tasks: local_facts.yaml - -- name: debian package requirements for buildbot - apt: - pkg: - - python3-pip - - fish - - git - - postgresql - - python3-psycopg2 - - ssl-cert - - # ansible - - python-setuptools - - python-psycopg2 - -- name: set correct permissions for /etc/ssl/private - file: - path: /etc/ssl/private - mode: 0750 - owner: root - group: ssl-cert - +- import_tasks: setup.yaml - import_tasks: database.yaml - - import_tasks: master.yaml +- import_tasks: workers.yaml diff --git a/tasks/master.yaml b/tasks/master.yaml index 863e430..d7f2c5b 100644 --- a/tasks/master.yaml +++ b/tasks/master.yaml @@ -89,3 +89,5 @@ name: nginx vars: nginx_vhosts: "{{ buildbot_nginx_vhosts }}" + +- meta: flush_handlers diff --git a/tasks/setup.yaml b/tasks/setup.yaml new file mode 100644 index 0000000..03aa43a --- /dev/null +++ b/tasks/setup.yaml @@ -0,0 +1,21 @@ +--- +- name: debian package requirements for buildbot + apt: + pkg: + - python3-pip + - fish + - git + - postgresql + - python3-psycopg2 + - ssl-cert + + # ansible + - python-setuptools + - python-psycopg2 + +- name: set correct permissions for /etc/ssl/private + file: + path: /etc/ssl/private + mode: 0750 + owner: root + group: ssl-cert diff --git a/tasks/worker.yaml b/tasks/worker.yaml new file mode 100644 index 0000000..a5c386e --- /dev/null +++ b/tasks/worker.yaml @@ -0,0 +1,71 @@ +--- + +- name: buildbot-worker group + group: + name: "{{ buildbot_worker_group }}" + +- name: buildbot-worker user + user: + name: "{{ buildbot_worker_user }}" + group: "{{ buildbot_worker_group }}" + home: "{{ buildbot_worker_home_directory }}" + shell: /usr/bin/fish + password_lock: true + +- name: buildbot-worker home directory + file: + path: "{{ buildbot_worker_home_directory }}" + owner: "{{ buildbot_worker_user }}" + group: "{{ buildbot_worker_group }}" + state: directory + mode: u=rwx,g=rx,o= + +- name: initiate buildbot-worker + command: buildbot-worker create-worker worker localhost:9989 "{{buildbot_worker_name}}" "{{buildbot_worker_password}}" + become: true + become_user: "{{buildbot_worker_user}}" + args: + chdir: "{{buildbot_worker_home_directory}}" + creates: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker + notify: restart buildbot-worker service + +- name: buildbot-worker name + lineinfile: + path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac + regexp: '^workername *=' + line: workername = '{{buildbot_worker_name}}' + notify: restart buildbot-worker service + +- name: buildbot-worker password + lineinfile: + path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac + regexp: '^passwd *=' + line: passwd = '{{buildbot_worker_password}}' + notify: restart buildbot-worker service + +- name: buildbot-worker host info + copy: + content: "{{buildbot_worker_host_info}}" + dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/host + owner: "{{ buildbot_worker_user }}" + group: "{{ buildbot_worker_group }}" + notify: restart buildbot-worker service + +- name: buildbot-worker admin info + copy: + content: "{{buildbot_worker_admin_info}}" + dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/admin + owner: "{{ buildbot_worker_user }}" + group: "{{ buildbot_worker_group }}" + notify: restart buildbot-worker service + +- name: remember buildbot worker name for restart handler + set_fact: + _restart_buildbot_worker_name: "{{ buildbot_worker_name }}" + +- meta: flush_handlers + +- name: ensure buildbot-worker service is running + systemd: + state: started + name: buildbot-worker@{{buildbot_worker_name}}.service diff --git a/tasks/workers.yaml b/tasks/workers.yaml new file mode 100644 index 0000000..1feff3d --- /dev/null +++ b/tasks/workers.yaml @@ -0,0 +1,34 @@ +--- + +- name: pip3 packages for buildbot-worker + pip: + name: + - buildbot-worker + executable: pip3 + +# source of unit file from https://github.com/buildbot/buildbot-contrib/blob/master/worker/contrib/systemd/buildbot-worker%40.service +- name: buildbot-worker systemd service unit + copy: + src: systemd/buildbot-worker@.service + dest: /etc/systemd/system/buildbot-worker@.service + notify: + - systemd daemon reload + - restart buildbot-worker service + +- name: buildbot-worker var directory + file: + path: /var/lib/buildbot-worker + state: directory + +- name: configure buildbot-workers + include_tasks: worker.yaml + loop: "{{ buildbot_workers.keys() }}" + loop_control: + loop_var: buildbot_worker_name + vars: + buildbot_worker_user: "{{ buildbot_worker_name }}" + buildbot_worker_group: "{{ buildbot_worker_name }}" + buildbot_worker_home_directory: "/var/lib/buildbot-worker/{{ buildbot_worker_name }}" + buildbot_worker_password: "{{ buildbot_workers[buildbot_worker_name].password | default(ansible_local.buildbot.workers[buildbot_worker_name].password) }}" + buildbot_worker_admin_info: "" + buildbot_worker_host_info: "" diff --git a/templates/buildbot/master.cfg.j2 b/templates/buildbot/master.cfg.j2 index 87654f2..4b38d94 100644 --- a/templates/buildbot/master.cfg.j2 +++ b/templates/buildbot/master.cfg.j2 @@ -47,7 +47,7 @@ c['workers'].append(worker.LocalWorker("local-worker")) # Ansible Defined Workers {% for worker_name in buildbot_workers.keys() %} {% set worker = buildbot_workers[worker_name] %} -c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password}}')) +c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password|default(ansible_local.buildbot.workers[worker_name].password)}}')) {% endfor %} # Hello World Example diff --git a/vars/main.yaml b/vars/main.yaml index c03c93e..09b5554 100644 --- a/vars/main.yaml +++ b/vars/main.yaml @@ -1,8 +1,21 @@ --- _local_facts: database_password: "{% if not ansible_local.buildbot.database_password is defined %}{{ lookup('password', '/dev/null length=16 chars=ascii_letters') }}{% else %}{{ ansible_local.buildbot.database_password }}{% endif %}" - -_buildbot_worker_names: "{{ ansible_local.keys() | map('regex_search', '^buildbot_worker_(.*)$') | select('string') | map('regex_replace', '^buildbot_worker_(.*)$', '\\1') | list }}" + workers: |- + { + {% for name in buildbot_workers.keys() %} + {{name|to_json}}: + {% if not buildbot_workers[name].password is defined %} + {% if (not ansible_local.buildbot.workers[name] is defined) or (not ansible_local.buildbot.workers[name].password is defined) %} + {{ {'password':lookup('password', '/dev/null length=16 chars=ascii_letters')} | to_json }} + {% else %} + {{ {'password':ansible_local.buildbot.workers[name].password} | to_json }} + {% endif %} + {% else %} + {} + {% endif %}, + {% endfor %} + } buildbot_database_url: "postgresql://{{buildbot_db_user}}:{{buildbot_db_pass}}@localhost:5432/{{buildbot_db_name}}"