worker setup in this role due to weird ansible behavior

il y a 4 ans · 00027d8d0b
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -6,7 +6,7 @@ buildbot_db_pass: "{{ ansible_local.buildbot.database_password }}"

 buildbot_server_name: "{{ inventory_hostname }}"

 buildbot_workers: "{ {% for name in _buildbot_worker_names %} \"{{name}}\": {\"password\":\"{{ansible_local['buildbot_worker_'+name].worker_password}}\"} {% endfor %} }"
 buildbot_workers: {}
 buildbot_builders: {}

 buildbot_hello_world_example: true
--- a/files/systemd/buildbot-worker@.service
+++ b/files/systemd/buildbot-worker@.service
@@ -0,0 +1,25 @@
 # This template file assumes the buildbot worker lives in a subdirectory od
 # /var/lib/buildbot
 # Usage:
 #   cd /var/lib/buildbot
 #   buildbot-worker create-worker [directory] [master hostname] [name] [password]
 #   systemctl enable --now buildbot-worker@[directory].service
 [Unit]
 Description=Buildbot Worker
 After=network.target

 [Service]
 User=%i
 Group=%i
 WorkingDirectory=/var/lib/buildbot-worker/%i
 ExecStart=/usr/local/bin/buildbot-worker start --nodaemon worker
 # if using EC2 Latent worker, you want to uncomment following line, and comment out the Restart line
 # ExecStopPost=shutdown now
 Restart=always
 ProtectSystem=full
 ProtectHome=yes
 PrivateDevices=yes
 PrivateTmp=yes

 [Install]
 WantedBy=multi-user.target
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@@ -8,3 +8,8 @@
  systemd:
    state: restarted
    name: buildbot@master.service

 - name: restart buildbot-worker service
  systemd:
    state: restarted
    name: buildbot-worker@{{_restart_buildbot_worker_name}}.service
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -1,29 +1,7 @@
 ---


 - import_tasks: local_facts.yaml

 - name: debian package requirements for buildbot
  apt:
    pkg:
      - python3-pip
      - fish
      - git
      - postgresql
      - python3-psycopg2
      - ssl-cert

      # ansible
      - python-setuptools
      - python-psycopg2

 - name: set correct permissions for /etc/ssl/private
  file:
    path: /etc/ssl/private
    mode: 0750
    owner: root
    group: ssl-cert

 - import_tasks: setup.yaml
 - import_tasks: database.yaml

 - import_tasks: master.yaml
 - import_tasks: workers.yaml
--- a/tasks/master.yaml
+++ b/tasks/master.yaml
@@ -89,3 +89,5 @@
    name: nginx
  vars:
    nginx_vhosts: "{{ buildbot_nginx_vhosts }}"

 - meta: flush_handlers
--- a/tasks/setup.yaml
+++ b/tasks/setup.yaml
@@ -0,0 +1,21 @@
 ---
 - name: debian package requirements for buildbot
  apt:
    pkg:
      - python3-pip
      - fish
      - git
      - postgresql
      - python3-psycopg2
      - ssl-cert

      # ansible
      - python-setuptools
      - python-psycopg2

 - name: set correct permissions for /etc/ssl/private
  file:
    path: /etc/ssl/private
    mode: 0750
    owner: root
    group: ssl-cert
--- a/tasks/worker.yaml
+++ b/tasks/worker.yaml
@@ -0,0 +1,71 @@
 ---

 - name: buildbot-worker group
  group:
    name: "{{ buildbot_worker_group }}"

 - name: buildbot-worker user
  user:
    name: "{{ buildbot_worker_user }}"
    group: "{{ buildbot_worker_group }}"
    home: "{{ buildbot_worker_home_directory }}"
    shell: /usr/bin/fish
    password_lock: true

 - name: buildbot-worker home directory
  file:
    path: "{{ buildbot_worker_home_directory }}"
    owner: "{{ buildbot_worker_user }}"
    group: "{{ buildbot_worker_group }}"
    state: directory
    mode: u=rwx,g=rx,o=

 - name: initiate buildbot-worker
  command: buildbot-worker create-worker worker localhost:9989 "{{buildbot_worker_name}}" "{{buildbot_worker_password}}"
  become: true
  become_user: "{{buildbot_worker_user}}"
  args:
    chdir: "{{buildbot_worker_home_directory}}"
    creates: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker
  notify: restart buildbot-worker service

 - name: buildbot-worker name
  lineinfile:
    path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
    regexp: '^workername *='
    line: workername = '{{buildbot_worker_name}}'
  notify: restart buildbot-worker service

 - name: buildbot-worker password
  lineinfile:
    path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
    regexp: '^passwd *='
    line: passwd = '{{buildbot_worker_password}}'
  notify: restart buildbot-worker service

 - name: buildbot-worker host info
  copy:
    content: "{{buildbot_worker_host_info}}"
    dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/host
    owner: "{{ buildbot_worker_user }}"
    group: "{{ buildbot_worker_group }}"
  notify: restart buildbot-worker service

 - name: buildbot-worker admin info
  copy:
    content: "{{buildbot_worker_admin_info}}"
    dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/admin
    owner: "{{ buildbot_worker_user }}"
    group: "{{ buildbot_worker_group }}"
  notify: restart buildbot-worker service

 - name: remember buildbot worker name for restart handler
  set_fact:
    _restart_buildbot_worker_name: "{{ buildbot_worker_name }}"

 - meta: flush_handlers

 - name: ensure buildbot-worker service is running
  systemd:
    state: started
    name: buildbot-worker@{{buildbot_worker_name}}.service
--- a/tasks/workers.yaml
+++ b/tasks/workers.yaml
@@ -0,0 +1,34 @@
 ---

 - name: pip3 packages for buildbot-worker
  pip:
    name:
      - buildbot-worker
    executable: pip3

 # source of unit file from https://github.com/buildbot/buildbot-contrib/blob/master/worker/contrib/systemd/buildbot-worker%40.service
 - name: buildbot-worker systemd service unit
  copy:
    src: systemd/buildbot-worker@.service
    dest: /etc/systemd/system/buildbot-worker@.service
  notify:
    - systemd daemon reload
    - restart buildbot-worker service

 - name: buildbot-worker var directory
  file:
    path: /var/lib/buildbot-worker
    state: directory

 - name: configure buildbot-workers
  include_tasks: worker.yaml
  loop: "{{ buildbot_workers.keys() }}"
  loop_control:
    loop_var: buildbot_worker_name
  vars:
    buildbot_worker_user: "{{ buildbot_worker_name }}"
    buildbot_worker_group: "{{ buildbot_worker_name }}"
    buildbot_worker_home_directory: "/var/lib/buildbot-worker/{{ buildbot_worker_name }}"
    buildbot_worker_password: "{{ buildbot_workers[buildbot_worker_name].password | default(ansible_local.buildbot.workers[buildbot_worker_name].password) }}"
    buildbot_worker_admin_info: ""
    buildbot_worker_host_info: ""
--- a/templates/buildbot/master.cfg.j2
+++ b/templates/buildbot/master.cfg.j2
@@ -47,7 +47,7 @@ c['workers'].append(worker.LocalWorker("local-worker"))
 # Ansible Defined Workers
 {% for worker_name in buildbot_workers.keys() %}
 {% set worker = buildbot_workers[worker_name] %}
 c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password}}'))
 c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password|default(ansible_local.buildbot.workers[worker_name].password)}}'))
 {% endfor %}

 # Hello World Example
--- a/vars/main.yaml
+++ b/vars/main.yaml
@@ -1,8 +1,21 @@
 ---
 _local_facts:
  database_password: "{% if not ansible_local.buildbot.database_password is defined %}{{ lookup('password', '/dev/null length=16 chars=ascii_letters') }}{% else %}{{ ansible_local.buildbot.database_password }}{% endif %}"

 _buildbot_worker_names: "{{ ansible_local.keys() | map('regex_search', '^buildbot_worker_(.*)$') | select('string') | map('regex_replace', '^buildbot_worker_(.*)$', '\\1') | list }}"
  workers: |-
    {
      {% for name in buildbot_workers.keys() %}
      {{name|to_json}}:
        {% if not buildbot_workers[name].password is defined %}
          {% if (not ansible_local.buildbot.workers[name] is defined) or (not ansible_local.buildbot.workers[name].password is defined) %}
            {{ {'password':lookup('password', '/dev/null length=16 chars=ascii_letters')} | to_json }}
          {% else %}
            {{ {'password':ansible_local.buildbot.workers[name].password} | to_json }}
          {% endif %}
        {% else %}
          {}
        {% endif %},
      {% endfor %}
    }

 buildbot_database_url: "postgresql://{{buildbot_db_user}}:{{buildbot_db_pass}}@localhost:5432/{{buildbot_db_name}}"