ansible playbook to set up a laminar container Ci build. moved to: https://git.sindominio.net/sindominio/ansible_laminar
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible_laminar/playbook.yml

183 lines
5.7 KiB

---
- hosts: all
vars_files:
- vars.yml
vars:
laminar_home: "/var/lib/laminar/"
registry: "localhost:5000"
become: yes
pre_tasks:
- name: Update apt cache if needed
apt: update_cache=yes cache_valid_time=3600
handlers:
- name: restart laminar
service: name=laminar state=restarted
- name: restart webhook
service: name=webhook state=restarted
- name: restart docker registry
service: name=docker-registry state=restarted
- name: restart nginx
service: name=nginx state=restarted
- name: delete keyring
file: dest="{{ laminar_home }}/.gnupg" state=absent
- name: import openpgp keys
command: "gpg --homedir .gnupg --import keys.asc"
args:
chdir: "{{ laminar_home }}"
notify: laminar owns .gnupg
- name: laminar owns .gnupg
file:
path: "{{ laminar_home }}/.gnupg"
owner: laminar
group: laminar
recurse: yes
tasks:
- name: install laminar dependencies
# TODO: docker.io is in buster, but lib* are from stretch
4 years ago
apt:
name:
- gnupg
- libsqlite3-0
- libboost-filesystem1.62.0
- zlib1g
- docker.io
- docker-registry
- nginx
- sudo
- debuerreotype
- jq
4 years ago
state: latest
- name: config docker registry
lineinfile:
dest: /etc/docker/registry/config.yml
regexp: ' addr'
line: ' addr: 127.0.0.1:5000'
notify: restart docker registry
- name: enable docker registry
service: name=docker-registry state=started enabled=yes
- name: config nginx registry site
template:
src: nginx-registry
dest: /etc/nginx/sites-available/registry
notify: restart nginx
- name: delete nginx default site
file: dest="/etc/nginx/sites-enabled/default" state=absent
notify: restart nginx
- name: activate nginx regitry site
file:
src: /etc/nginx/sites-available/registry
dest: /etc/nginx/sites-enabled/registry
state: link
notify: restart nginx
- name: enable nginx
service: name=nginx state=started enabled=yes
3 years ago
- name: add the registry to the host file
lineinfile:
dest: /etc/hosts
regexp: '.*{{ registry_domain }}$'
line: '127.0.0.1 {{ registry_domain }}'
- name: install laminar
apt:
# laminar is in it's way to get included in debian:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919181
deb: https://github.com/ohwgiles/laminar/releases/download/0.7/laminar-0.7-1-amd64.deb
- name: add laminar to docker group
user: name=laminar group=docker
notify: restart laminar
- name: copy openpgp keys
copy:
src: keys.asc
dest: "{{ laminar_home }}"
owner: laminar
group: laminar
mode: u=rwx,g=rx,o=rx
notify:
- delete keyring
- import openpgp keys
- name: give laminar sudo rights
# FIXME: will be nice to give more granular access
lineinfile:
dest: /etc/sudoers
regexp: '^laminar '
line: 'laminar ALL=(ALL) NOPASSWD: ALL'
- name: configure laminar scripts
template:
src: "{{ item }}"
dest: "{{ laminar_home }}/cfg/scripts/{{ item }}"
owner: laminar
group: laminar
mode: u=rwx,g=rwx,o=rx
with_items:
- update_images
3 years ago
- name: configure jobs
template:
3 years ago
src: "{{ item }}"
dest: "{{ laminar_home }}/cfg/jobs/{{ item }}"
owner: laminar
group: laminar
mode: u=rwx,g=rwx,o=rx
3 years ago
with_items:
- build_image.run
- base_image.run
- check_updates.run
- name: enable laminar
service: name=laminar state=started enabled=yes
3 years ago
- name: set nightly base image rebuild
cron:
name: "rebuild base image"
hour: "2"
minute: "0"
3 years ago
job: "/usr/bin/laminarc queue base_image"
- name: set nightly check for image updates
cron:
name: "check image updates"
hour: "5"
minute: "0"
job: "/usr/bin/laminarc queue check_updates"
- name: copy build_image script
copy:
src: build_image
dest: /usr/local/bin/build_image
owner: root
group: root
mode: u=rwx,g=rx,o=rx
- name: install webhook
apt: name=webhook state=latest
- name: configure webhook job
template:
src: webhook.conf
dest: /etc/webhook.conf
owner: laminar
group: laminar
mode: u=rwx,g=rwx,o=rx
notify: restart webhook
- name: enable webhook
service: name=webhook state=started enabled=yes