HGKeeper

Remove the secrets and add basically everything else

2019-10-31, Gary Kramlich

a532e415c4e3

Parents d83811da1689
Children 0f078ccdedde

Remove the secrets and add basically everything else

10 files changed, 161 insertions(+), 16 deletions(-)

+3 -0

.hgignore

+4 -2

agent.yml

+1 -1

roles/convey/tasks/main.yml

+5 -5

roles/docker/tasks/main.yml

+9 -0

roles/git/tasks/main.yml

+3 -3

roles/mercurial/tasks/main.yml

+9 -0

roles/openjdk/tasks/main.yml

+8 -0

roles/teamcity/defaults/main.yml

+109 -3

roles/teamcity/tasks/main.yml

+10 -2

run

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/.hgignore Thu Oct 31 05:07:51 2019 -0500

@@ -0,0 +1,3 @@

+syntax: glob

+hosts

+

~~--- a/agent.yml Thu Oct 31 02:08:01 2019 -0500~~

+++ b/agent.yml Thu Oct 31 05:07:51 2019 -0500

@@ -1,11 +1,13 @@

---

- hosts: all

~~- vars_files:~~

~~- - vars/secrets.yml~~

roles:

- role: docker

- role: convey

convey_version: 0.13.1

convey_sha256_checksum: c5f1d5c7d5da5ec61d325659e77e74a205f62929f2abca82b949c22164f2e5b6

- role: mercurial

+ - role: git

+ - role: openjdk

+ - role: teamcity

+ teamcity_server: https://ci.imfreedom.org/

~~--- a/roles/convey/tasks/main.yml Thu Oct 31 02:08:01 2019 -0500~~

+++ b/roles/convey/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -18,7 +18,7 @@

convey_install_dir: "/usr/local/bin"

# download the jar

~~-- name: download convey~~

+- name: "download {{convey_url}}"

get_url:

url: "{{convey_url}}"

dest: "{{convey_install_dir}}/convey"

~~--- a/roles/docker/tasks/main.yml Thu Oct 31 02:08:01 2019 -0500~~

+++ b/roles/docker/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -1,5 +1,5 @@

---

~~-- name: Install Dependencies~~

+- name: install dependencies

apt:

name:

- apt-transport-https

@@ -8,14 +8,14 @@

force_apt_get: true

when: ansible_facts['os_family'] == "Debian"

~~-- name: Add Docker apt-key~~

+- name: add apt-key

apt_key:

url: https://download.docker.com/linux/ubuntu/gpg

id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88

state: present

when: ansible_facts['os_family'] == "Debian"

~~-- name: Add Docker repository~~

+- name: add repository

apt_repository:

repo: "deb [arch=amd64] https://download.docker.com/linux/debian buster stable"

state: present

@@ -23,7 +23,7 @@

update_cache: true

when: ansible_facts['os_family'] == "Debian"

~~-- name: Install Docker (Debian)~~

+- name: install (Debian)

apt:

name:

- docker-ce

@@ -31,7 +31,7 @@

force_apt_get: true

when: ansible_facts['os_family'] == "Debian"

~~-- name: Install Docker (Darwin)~~

+- name: install (Darwin)

homebrew_cask:

name: docker

state: present

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/roles/git/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -0,0 +1,9 @@

+---

+- name: install (Debian)

+ apt:

+ name:

+ - git

+ state: present

+ force_apt_get: true

+ when: ansible_facts['os_family'] == "Debian"

+

~~--- a/roles/mercurial/tasks/main.yml Thu Oct 31 02:08:01 2019 -0500~~

+++ b/roles/mercurial/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -1,5 +1,5 @@

---

~~-- name: Install Dependencies~~

+- name: install dependencies

apt:

name:

- python

@@ -11,7 +11,7 @@

force_apt_get: true

when: ansible_facts['os_family'] == "Debian"

~~-- name: remove mercurial package~~

+- name: remove package

apt:

name:

- mercurial

@@ -22,7 +22,7 @@

force_apt_get: true

when: ansible_facts['os_family'] == "Debian"

~~-- name: install mercurial and evolve~~

+- name: install mercurial and evolve from pypi

pip:

name:

- mercurial

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/roles/openjdk/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -0,0 +1,9 @@

+---

+- name: install (Debian)

+ apt:

+ name:

+ - openjdk-11-jre-headless

+ state: present

+ force_apt_get: true

+ when: ansible_facts['os_family'] == "Debian"

+

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/roles/teamcity/defaults/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -0,0 +1,8 @@

+---

+teamcity_user: teamcity

+teamcity_group: teamcity

+teamcity_groups: []

+teamcity_home: /var/lib/teamcity/

+teamcity_properties: ["system.convey=True"]

+teamcity_authorization_token:

+

~~--- a/roles/teamcity/tasks/main.yml Thu Oct 31 02:08:01 2019 -0500~~

+++ b/roles/teamcity/tasks/main.yml Thu Oct 31 05:07:51 2019 -0500

@@ -1,10 +1,116 @@

# vi:et:ts=2 sw=2 sts=2

---

~~-- name: precondition: teamcity server~~

+- name: precondition - teamcity server

fail: msg="ERROR - required variable 'teamcity_server' missing"

when: teamcity_server is not defined

~~-- name: set internal var for buildAgent.zip~~

+- name: set internal var for buildAgent.zip url

+ set_fact:

+ teamcity_build_agent_zip_url: "{{teamcity_server}}update/buildAgent.zip"

+- name: set internal var for teamcity_agent_home

+ set_fact:

+ teamcity_agent_home: "{{teamcity_home}}tc/"

+

+- name: "create group: {{teamcity_group}}"

+ group:

+ name: "{{teamcity_group}}"

+ system: yes

+

+- name: "create user: {{teamcity_user}}"

+ user:

+ name: "{{teamcity_user}}"

+ shell: /bin/false

+ group: "{{teamcity_group}}"

+ groups: "{{teamcity_groups}}"

+ system: yes

+ createhome: yes

+ home: "{{teamcity_home}}"

+

+- name: "create directory {{teamcity_agent_home}}"

+ file:

+ name: "{{teamcity_agent_home}}"

+ state: directory

+ owner: "{{teamcity_user}}"

+ group: "{{teamcity_group}}"

+

+- name: download and extract buildAgent.zip

+ unarchive:

+ remote_src: yes

+ src: "{{teamcity_build_agent_zip_url}}"

+ dest: "{{teamcity_agent_home}}"

+ owner: "{{teamcity_user}}"

+ group: "{{teamcity_group}}"

+

+- name: check for agent configuration

+ stat:

+ path: "{{teamcity_agent_home}}conf/buildAgent.properties"

+ register: build_agent_properties

+

+- name: save authorizationToken

+ shell: "grep authorizationToken= {{teamcity_agent_home}}conf/buildAgent.properties | cut -d= -f2-"

+ register: _build_agent_token

+ when: build_agent_properties.stat.exists

+

+- name: set authorization token

set_fact:

~~- teamcity_build_agent_zip: "{{teamcity_server}}update/buildAgent.zip"~~

+ teamcity_authorization_token: "{{_build_agent_token.stdout}}"

+ when: _build_agent_token.changed

+

+- name: configure agent

+ copy:

+ dest: "{{teamcity_agent_home}}conf/buildAgent.properties"

+ content: |

+ serverUrl={{teamcity_server}}

+ name={{ansible_hostname}}

+ workDir=../work

+ tempDir=../temp

+ systemDir=../system

+ authorizationToken={{teamcity_authorization_token}}

+ {% for item in teamcity_properties %}{{item}}

+ {% endfor %}

+ owner: "{{teamcity_user}}"

+ group: "{{teamcity_group}}"

+

+- name: check for systemd unit

+ stat:

+ path: /etc/systemd/system/teamcity-agent.service

+ register: systemd_unit

+

+- name: stop agent

+ systemd:

+ name: teamcity-agent

+ state: stopped

+ ignore_errors: yes

+ when: systemd_unit.stat.exists

+- name: install systemd unit

+ copy:

+ dest: /etc/systemd/system/teamcity-agent.service

+ content: |

+ [Unit]

+ Description=TeamCity Build Agent

+ After=network.target

+

+ [Service]

+ Type=oneshot

+

+ User={{teamcity_user}}

+ Group={{teamcity_group}}

+

+ ExecStart={{teamcity_agent_home}}bin/agent.sh start

+ ExecStop={{teamcity_agent_home}}bin/agent.sh stop

+

+ RemainAfterExit=yes

+

+ SuccessExitStatus=0 143

+

+ [Install]

+ WantedBy=multi-user.target

+ when: ansible_system == "Linux"

+

+- name: start agent

+ systemd:

+ name: teamcity-agent

+ state: started

+ daemon_reload: yes

+

~~--- a/run Thu Oct 31 02:08:01 2019 -0500~~

+++ b/run Thu Oct 31 05:07:51 2019 -0500

@@ -1,5 +1,13 @@

~~-#!/bin/sh -ex~~

+#!/bin/sh -e

~~-ansible-playbook -b agent.yml -i hosts --vault-password-file=secrets/ansible_vault_password.txt $@~~

+if [ "${#}" -lt 1 ]; then

+ echo "You must specify an inventory file to use"

+ exit 1

+fi

+

+INVENTORY="${1}"

+shift

+

+ansible-playbook -b agent.yml -i "${INVENTORY}" $@

imfreedom/teamcity-ansible