worker setup in this role due to weird ansible behavior

defaults/main.yaml

@@ -6,7 +6,7 @@ buildbot_db_pass: "{{ ansible_local.buildbot.database_password }}"
 
 buildbot_server_name: "{{ inventory_hostname }}"
 
-buildbot_workers: "{ {% for name in _buildbot_worker_names %} \"{{name}}\": {\"password\":\"{{ansible_local['buildbot_worker_'+name].worker_password}}\"} {% endfor %} }"
+buildbot_workers: {}
 buildbot_builders: {}
 
 buildbot_hello_world_example: true

files/systemd/buildbot-worker@.service

@@ -0,0 +1,25 @@
+# This template file assumes the buildbot worker lives in a subdirectory od
+# /var/lib/buildbot
+# Usage:
+#   cd /var/lib/buildbot
+#   buildbot-worker create-worker [directory] [master hostname] [name] [password]
+#   systemctl enable --now buildbot-worker@[directory].service
+[Unit]
+Description=Buildbot Worker
+After=network.target
+
+[Service]
+User=%i
+Group=%i
+WorkingDirectory=/var/lib/buildbot-worker/%i
+ExecStart=/usr/local/bin/buildbot-worker start --nodaemon worker
+# if using EC2 Latent worker, you want to uncomment following line, and comment out the Restart line
+# ExecStopPost=shutdown now
+Restart=always
+ProtectSystem=full
+ProtectHome=yes
+PrivateDevices=yes
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target

handlers/main.yaml

@@ -8,3 +8,8 @@
   systemd:
     state: restarted
     name: buildbot@master.service
+
+- name: restart buildbot-worker service
+  systemd:
+    state: restarted
+    name: buildbot-worker@{{_restart_buildbot_worker_name}}.service

tasks/main.yaml

@@ -1,29 +1,7 @@
 ---
 
-
 - import_tasks: local_facts.yaml
-
-- name: debian package requirements for buildbot
-  apt:
-    pkg:
-      - python3-pip
-      - fish
-      - git
-      - postgresql
-      - python3-psycopg2
-      - ssl-cert
-
-      # ansible
-      - python-setuptools
-      - python-psycopg2
-
-- name: set correct permissions for /etc/ssl/private
-  file:
-    path: /etc/ssl/private
-    mode: 0750
-    owner: root
-    group: ssl-cert
-
+- import_tasks: setup.yaml
 - import_tasks: database.yaml
-
 - import_tasks: master.yaml
+- import_tasks: workers.yaml

tasks/master.yaml

@@ -89,3 +89,5 @@
     name: nginx
   vars:
     nginx_vhosts: "{{ buildbot_nginx_vhosts }}"
+
+- meta: flush_handlers

tasks/setup.yaml

@@ -0,0 +1,21 @@
+---
+- name: debian package requirements for buildbot
+  apt:
+    pkg:
+      - python3-pip
+      - fish
+      - git
+      - postgresql
+      - python3-psycopg2
+      - ssl-cert
+
+      # ansible
+      - python-setuptools
+      - python-psycopg2
+
+- name: set correct permissions for /etc/ssl/private
+  file:
+    path: /etc/ssl/private
+    mode: 0750
+    owner: root
+    group: ssl-cert

tasks/worker.yaml

@@ -0,0 +1,71 @@
+---
+
+- name: buildbot-worker group
+  group:
+    name: "{{ buildbot_worker_group }}"
+
+- name: buildbot-worker user
+  user:
+    name: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+    home: "{{ buildbot_worker_home_directory }}"
+    shell: /usr/bin/fish
+    password_lock: true
+
+- name: buildbot-worker home directory
+  file:
+    path: "{{ buildbot_worker_home_directory }}"
+    owner: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+    state: directory
+    mode: u=rwx,g=rx,o=
+
+- name: initiate buildbot-worker
+  command: buildbot-worker create-worker worker localhost:9989 "{{buildbot_worker_name}}" "{{buildbot_worker_password}}"
+  become: true
+  become_user: "{{buildbot_worker_user}}"
+  args:
+    chdir: "{{buildbot_worker_home_directory}}"
+    creates: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker
+  notify: restart buildbot-worker service
+
+- name: buildbot-worker name
+  lineinfile:
+    path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
+    regexp: '^workername *='
+    line: workername = '{{buildbot_worker_name}}'
+  notify: restart buildbot-worker service
+
+- name: buildbot-worker password
+  lineinfile:
+    path: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/buildbot.tac
+    regexp: '^passwd *='
+    line: passwd = '{{buildbot_worker_password}}'
+  notify: restart buildbot-worker service
+
+- name: buildbot-worker host info
+  copy:
+    content: "{{buildbot_worker_host_info}}"
+    dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/host
+    owner: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+  notify: restart buildbot-worker service
+
+- name: buildbot-worker admin info
+  copy:
+    content: "{{buildbot_worker_admin_info}}"
+    dest: /var/lib/buildbot-worker/{{buildbot_worker_name}}/worker/info/admin
+    owner: "{{ buildbot_worker_user }}"
+    group: "{{ buildbot_worker_group }}"
+  notify: restart buildbot-worker service
+
+- name: remember buildbot worker name for restart handler
+  set_fact:
+    _restart_buildbot_worker_name: "{{ buildbot_worker_name }}"
+
+- meta: flush_handlers
+
+- name: ensure buildbot-worker service is running
+  systemd:
+    state: started
+    name: buildbot-worker@{{buildbot_worker_name}}.service

tasks/workers.yaml

@@ -0,0 +1,34 @@
+---
+
+- name: pip3 packages for buildbot-worker
+  pip:
+    name:
+      - buildbot-worker
+    executable: pip3
+
+# source of unit file from https://github.com/buildbot/buildbot-contrib/blob/master/worker/contrib/systemd/buildbot-worker%40.service
+- name: buildbot-worker systemd service unit
+  copy:
+    src: systemd/buildbot-worker@.service
+    dest: /etc/systemd/system/buildbot-worker@.service
+  notify:
+    - systemd daemon reload
+    - restart buildbot-worker service
+
+- name: buildbot-worker var directory
+  file:
+    path: /var/lib/buildbot-worker
+    state: directory
+
+- name: configure buildbot-workers
+  include_tasks: worker.yaml
+  loop: "{{ buildbot_workers.keys() }}"
+  loop_control:
+    loop_var: buildbot_worker_name
+  vars:
+    buildbot_worker_user: "{{ buildbot_worker_name }}"
+    buildbot_worker_group: "{{ buildbot_worker_name }}"
+    buildbot_worker_home_directory: "/var/lib/buildbot-worker/{{ buildbot_worker_name }}"
+    buildbot_worker_password: "{{ buildbot_workers[buildbot_worker_name].password | default(ansible_local.buildbot.workers[buildbot_worker_name].password) }}"
+    buildbot_worker_admin_info: ""
+    buildbot_worker_host_info: ""

templates/buildbot/master.cfg.j2

@@ -47,7 +47,7 @@ c['workers'].append(worker.LocalWorker("local-worker"))
 # Ansible Defined Workers
 {% for worker_name in buildbot_workers.keys() %}
 {% set worker = buildbot_workers[worker_name] %}
-c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password}}'))
+c['workers'].append(worker.Worker('{{worker_name}}', '{{worker.password|default(ansible_local.buildbot.workers[worker_name].password)}}'))
 {% endfor %}
 
 # Hello World Example

vars/main.yaml

@@ -1,8 +1,21 @@
 ---
 _local_facts:
   database_password: "{% if not ansible_local.buildbot.database_password is defined %}{{ lookup('password', '/dev/null length=16 chars=ascii_letters') }}{% else %}{{ ansible_local.buildbot.database_password }}{% endif %}"
-
-_buildbot_worker_names: "{{ ansible_local.keys() | map('regex_search', '^buildbot_worker_(.*)$') | select('string') | map('regex_replace', '^buildbot_worker_(.*)$', '\\1') | list }}"
+  workers: |-
+    {
+      {% for name in buildbot_workers.keys() %}
+      {{name|to_json}}:
+        {% if not buildbot_workers[name].password is defined %}
+          {% if (not ansible_local.buildbot.workers[name] is defined) or (not ansible_local.buildbot.workers[name].password is defined) %}
+            {{ {'password':lookup('password', '/dev/null length=16 chars=ascii_letters')} | to_json }}
+          {% else %}
+            {{ {'password':ansible_local.buildbot.workers[name].password} | to_json }}
+          {% endif %}
+        {% else %}
+          {}
+        {% endif %},
+      {% endfor %}
+    }
 
 buildbot_database_url: "postgresql://{{buildbot_db_user}}:{{buildbot_db_pass}}@localhost:5432/{{buildbot_db_name}}"