ansible_laminar/playbook.yml

---
- hosts: all
  vars_files:
        - vars.yml
  vars:
        laminar_home: "/var/lib/laminar/"
        registry: "localhost:5000"
        prometheus_pushgateway: "http://localhost:9091"

  pre_tasks:
        - name: Update apt cache if needed
          apt: update_cache=yes cache_valid_time=3600

  handlers:
        - name: restart laminar
          service: name=laminar state=restarted

        - name: restart webhook
          service: name=webhook state=restarted

        - name: restart docker registry
          service: name=docker-registry state=restarted

        - name: restart nginx
          service: name=nginx state=restarted

        - name: delete keyring
          file: dest="{{ laminar_home }}/.gnupg" state=absent
        - name: import openpgp keys
          command: "gpg --homedir .gnupg --import keys.asc"
          args:
                  chdir: "{{ laminar_home }}"
          notify: laminar owns .gnupg
        - name: laminar owns .gnupg
          file:
                  path: "{{ laminar_home }}/.gnupg"
                  owner: laminar
                  group: laminar
                  recurse: yes

  tasks:
        - name: install laminar dependencies
          apt:
                name:
                  - laminar
                  - gnupg
                  - docker.io
                  - docker-registry
                  - nginx
                  - mmdebstrap
                  - jq
                  - prometheus-pushgateway
                state: latest

        - name: config docker registry
          lineinfile:
                  dest: /etc/docker/registry/config.yml
                  regexp: '  addr'
                  line:   '  addr: 127.0.0.1:5000'
          notify: restart docker registry

        - name: enable docker registry
          service: name=docker-registry state=started enabled=yes

        - name: config nginx registry site
          template:
                  src: nginx-registry
                  dest: /etc/nginx/sites-available/registry
          notify: restart nginx

        - name: delete nginx default site
          file: dest="/etc/nginx/sites-enabled/default" state=absent
          notify: restart nginx

        - name: activate nginx regitry site
          file:
                  src: /etc/nginx/sites-available/registry
                  dest: /etc/nginx/sites-enabled/registry
                  state: link
          notify: restart nginx

        - name: enable nginx
          service: name=nginx state=started enabled=yes

        - name: add the registry to the host file
          lineinfile:
                  dest: /etc/hosts
                  regexp: '.*{{ registry_domain }}$'
                  line:   '127.0.0.1 {{ registry_domain }}'

        - name: add laminar to docker group
          user: name=laminar group=docker
          notify: restart laminar

        - name: copy openpgp keys
          copy:
                  src: keys.asc
                  dest: "{{ laminar_home }}"
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rx,o=rx
          notify:
                  - delete keyring
                  - import openpgp keys

        - name: create the repos folder for laminar jobs
          file:
                  path: "{{ laminar_home }}/repos"
                  state: directory
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rx,o=rx

        - name: create the version folder for laminar jobs
          file:
                  path: "{{ laminar_home }}/version"
                  state: directory
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rx,o=rx

        - name: configure laminar scripts
          template:
                  src: "{{ item }}"
                  dest: "{{ laminar_home }}/cfg/scripts/{{ item }}"
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rwx,o=rx
          with_items:
                  - update_images
                  - check_updates
                  - verify_commits

        - name: configure jobs
          template:
                  src: "{{ item }}"
                  dest: "{{ laminar_home }}/cfg/jobs/{{ item }}"
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rwx,o=rx
          with_items:
                  - build_image.run
                  - base_image.run
                  - check_updates.run

        - name: enable laminar
          service: name=laminar state=started enabled=yes

        - name: set nightly check for image updates
          cron:
                  name: "check image updates"
                  hour: "2"
                  minute: "0"
                  job: "/usr/bin/laminarc queue check_updates"

        - name: copy build_image script
          copy:
                  src: build_image
                  dest: /usr/local/bin/build_image
                  owner: root
                  group: root
                  mode: u=rwx,g=rx,o=rx

        - name: set nightly purge docker images
          cron:
                  name: "purge docker images"
                  hour: "4"
                  minute: "0"
                  job: "docker system prune -a -f"

        - name: set nightly registry garbage collector
          cron:
                  name: "purge docker images"
                  hour: "4"
                  minute: "30"
                  job: "docker-registry garbage-collect /etc/docker/registry/config.yml -m"

        - name: install webhook
          apt: name=webhook state=latest

        - name: configure webhook job
          template:
                  src: webhook.conf
                  dest: /etc/webhook.conf
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rwx,o=rx
          notify: restart webhook

        - name: enable webhook
          service: name=webhook state=started enabled=yes

        - name: enable prometheus pushgateway
          service: name=prometheus-pushgateway state=started enabled=yes

        - name: configure after for metrics
          template:
                  src: after
                  dest: "{{ laminar_home }}/cfg/after"
                  owner: laminar
                  group: laminar
                  mode: u=rwx,g=rwx,o=rx
Set up a simple laminar CI server 3 years ago			`---`
			`- hosts: all`
			`vars_files:`
			`- vars.yml`
			`vars:`
			`laminar_home: "/var/lib/laminar/"`
Use nginx to let only pulls from the local registry 3 years ago			`registry: "localhost:5000"`
Add prometheus metrics 5 months ago			`prometheus_pushgateway: "http://localhost:9091"`
Set up a simple laminar CI server 3 years ago
			`pre_tasks:`
			`- name: Update apt cache if needed`
			`apt: update_cache=yes cache_valid_time=3600`

			`handlers:`
			`- name: restart laminar`
			`service: name=laminar state=restarted`

			`- name: restart webhook`
			`service: name=webhook state=restarted`

Use nginx to let only pulls from the local registry 3 years ago			`- name: restart docker registry`
			`service: name=docker-registry state=restarted`

			`- name: restart nginx`
			`service: name=nginx state=restarted`

Set up a simple laminar CI server 3 years ago			`- name: delete keyring`
			`file: dest="{{ laminar_home }}/.gnupg" state=absent`
			`- name: import openpgp keys`
			`command: "gpg --homedir .gnupg --import keys.asc"`
			`args:`
			`chdir: "{{ laminar_home }}"`
			`notify: laminar owns .gnupg`
			`- name: laminar owns .gnupg`
			`file:`
			`path: "{{ laminar_home }}/.gnupg"`
			`owner: laminar`
			`group: laminar`
			`recurse: yes`

			`tasks:`
			`- name: install laminar dependencies`
Make it work 3 years ago			`apt:`
			`name:`
Install laminar from debian 1 year ago			`- laminar`
Set up a simple laminar CI server 3 years ago			`- gnupg`
			`- docker.io`
Use nginx to let only pulls from the local registry 3 years ago			`- docker-registry`
			`- nginx`
Use mmdebstrap instead of debootstrap So we also install security updates. And now we don't need sudo to do the debootstrap. 1 year ago			`- mmdebstrap`
Update images based on the one just built 3 years ago			`- jq`
Add prometheus metrics 5 months ago			`- prometheus-pushgateway`
Make it work 3 years ago			`state: latest`
Set up a simple laminar CI server 3 years ago
Use nginx to let only pulls from the local registry 3 years ago			`- name: config docker registry`
			`lineinfile:`
			`dest: /etc/docker/registry/config.yml`
			`regexp: ' addr'`
			`line: ' addr: 127.0.0.1:5000'`
			`notify: restart docker registry`

			`- name: enable docker registry`
			`service: name=docker-registry state=started enabled=yes`

			`- name: config nginx registry site`
Add authentication for the docker registry 3 years ago			`template:`
Use nginx to let only pulls from the local registry 3 years ago			`src: nginx-registry`
			`dest: /etc/nginx/sites-available/registry`
			`notify: restart nginx`

			`- name: delete nginx default site`
			`file: dest="/etc/nginx/sites-enabled/default" state=absent`
			`notify: restart nginx`

			`- name: activate nginx regitry site`
			`file:`
			`src: /etc/nginx/sites-available/registry`
			`dest: /etc/nginx/sites-enabled/registry`
			`state: link`
			`notify: restart nginx`

			`- name: enable nginx`
			`service: name=nginx state=started enabled=yes`
Add authentication for the docker registry 3 years ago
Build base image 3 years ago			`- name: add the registry to the host file`
			`lineinfile:`
			`dest: /etc/hosts`
			`regexp: '.*{{ registry_domain }}$'`
			`line: '127.0.0.1 {{ registry_domain }}'`

Set up a simple laminar CI server 3 years ago			`- name: add laminar to docker group`
			`user: name=laminar group=docker`
			`notify: restart laminar`

			`- name: copy openpgp keys`
			`copy:`
			`src: keys.asc`
			`dest: "{{ laminar_home }}"`
			`owner: laminar`
			`group: laminar`
			`mode: u=rwx,g=rx,o=rx`
			`notify:`
			`- delete keyring`
			`- import openpgp keys`

Keep the repos of the images 3 years ago			`- name: create the repos folder for laminar jobs`
			`file:`
			`path: "{{ laminar_home }}/repos"`
			`state: directory`
			`owner: laminar`
			`group: laminar`
Check versions of upstream software 1 year ago			`mode: u=rwx,g=rx,o=rx`

			`- name: create the version folder for laminar jobs`
			`file:`
			`path: "{{ laminar_home }}/version"`
			`state: directory`
			`owner: laminar`
			`group: laminar`
Keep the repos of the images 3 years ago			`mode: u=rwx,g=rx,o=rx`

Update images based on the one just built 3 years ago			`- name: configure laminar scripts`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ laminar_home }}/cfg/scripts/{{ item }}"`
			`owner: laminar`
			`group: laminar`
			`mode: u=rwx,g=rwx,o=rx`
			`with_items:`
			`- update_images`
Keep the repos of the images 3 years ago			`- check_updates`
Improve commit verification 3 months ago			`- verify_commits`
Update images based on the one just built 3 years ago
Build base image 3 years ago			`- name: configure jobs`
Set up a simple laminar CI server 3 years ago			`template:`
Build base image 3 years ago			`src: "{{ item }}"`
			`dest: "{{ laminar_home }}/cfg/jobs/{{ item }}"`
Set up a simple laminar CI server 3 years ago			`owner: laminar`
			`group: laminar`
			`mode: u=rwx,g=rwx,o=rx`
Build base image 3 years ago			`with_items:`
			`- build_image.run`
			`- base_image.run`
Do a nightly check for updates on all images 3 years ago			`- check_updates.run`
Set up a simple laminar CI server 3 years ago
			`- name: enable laminar`
			`service: name=laminar state=started enabled=yes`

Do a nightly check for updates on all images 3 years ago			`- name: set nightly check for image updates`
			`cron:`
			`name: "check image updates"`
Keep the repos of the images 3 years ago			`hour: "2"`
Run the cron jobs only once per night The jobs were run for every minute of the hour. 3 years ago			`minute: "0"`
Do a nightly check for updates on all images 3 years ago			`job: "/usr/bin/laminarc queue check_updates"`

Set up a simple laminar CI server 3 years ago			`- name: copy build_image script`
			`copy:`
			`src: build_image`
			`dest: /usr/local/bin/build_image`
			`owner: root`
			`group: root`
			`mode: u=rwx,g=rx,o=rx`

Add collaborator keys and vaulted secret 2 years ago			`- name: set nightly purge docker images`
			`cron:`
			`name: "purge docker images"`
Do a proper image clean up in docker 2 years ago			`hour: "4"`
Add collaborator keys and vaulted secret 2 years ago			`minute: "0"`
Do a proper image clean up in docker 2 years ago			`job: "docker system prune -a -f"`
Add collaborator keys and vaulted secret 2 years ago
Cron garbage-collect registry 10 months ago			`- name: set nightly registry garbage collector`
			`cron:`
			`name: "purge docker images"`
			`hour: "4"`
			`minute: "30"`
			`job: "docker-registry garbage-collect /etc/docker/registry/config.yml -m"`

Set up a simple laminar CI server 3 years ago			`- name: install webhook`
			`apt: name=webhook state=latest`

			`- name: configure webhook job`
			`template:`
			`src: webhook.conf`
			`dest: /etc/webhook.conf`
			`owner: laminar`
			`group: laminar`
			`mode: u=rwx,g=rwx,o=rx`
			`notify: restart webhook`

			`- name: enable webhook`
			`service: name=webhook state=started enabled=yes`
Add prometheus metrics 5 months ago
			`- name: enable prometheus pushgateway`
			`service: name=prometheus-pushgateway state=started enabled=yes`

			`- name: configure after for metrics`
			`template:`
			`src: after`
			`dest: "{{ laminar_home }}/cfg/after"`
			`owner: laminar`
			`group: laminar`
			`mode: u=rwx,g=rwx,o=rx`