[couchdb-infra-cm] branch main updated: Update playbooks to set up power and s390x hosts

Mon, 05 Jul 2021 15:42:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-infra-cm.git


The following commit(s) were added to refs/heads/main by this push:
     new 6990057  Update playbooks to set up power and s390x hosts
6990057 is described below

commit 699005772b609d279ee2b638f4981674756371db
Author: Nick Vatamaniuc <[email protected]>
AuthorDate: Mon Jul 5 18:35:21 2021 -0400

    Update playbooks to set up power and s390x hosts
    
    Hosts are Ubuntu 20.04 so to avoid forking all the scripts added `become: 
yes`
    to most commands. In a few cases had to check for Ubuntu vs Debian, but it
    wasn't too bad overall. Perhaps eventually we could just use Ubuntu 
everywhere
    to simplify things since it seems to be the lowest common denominator.
    
    s390x host `couchdb01` seems to come up:
    ```
    Open Blue Ocean
    Build Executor Status
    1   Idle
    2   Idle
    Inbound agent connected from 148.100.113.138/148.100.113.138:52506
    Remoting version: 4.5
    This is a Unix agent
    Agent successfully connected and online
    ```
    
    PowerVS host `couchdb-ci-ubuntu-2` has not come back up after playbook 
install.
    So may need aditional debugging.
---
 host_vars/couchdb-ci-ubuntu-2 | 16 ++++++++--------
 host_vars/couchdb01           | 16 ++++++++--------
 roles/ci_agent/tasks/main.yml | 26 +++++++++++++++++++++-----
 roles/common/tasks/main.yml   | 21 ++++++++++++++++++++-
 4 files changed, 57 insertions(+), 22 deletions(-)

diff --git a/host_vars/couchdb-ci-ubuntu-2 b/host_vars/couchdb-ci-ubuntu-2
index c3a4dc3..60491bb 100644
--- a/host_vars/couchdb-ci-ubuntu-2
+++ b/host_vars/couchdb-ci-ubuntu-2
@@ -1,10 +1,10 @@
 jenkins_secret: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          
36316331626338373866306336303662383361623035353639646438633536633564363130386432
-          
3737313130313732353030633134363061323238303466350a313630636362333039383132393062
-          
65343938626338346430363532396436353538383663656630393863383361653233346634393461
-          
6332393263646461390a653632343330353037663165643832393866303065633939616330303065
-          
63636134373034303264363766623362666637633732313736323135383533363866613964356161
-          
61333339626666623232323662656137366236643335326539613665613533623162353537653732
-          
64396663363138386362316530333635353731616438656631623930373262656431656536393331
-          31333238633432303934
+          
36393835646534306632326632653037356434626635633235616437663837376261646636353230
+          
3561333863366561363833373836636633363761663833350a346434373363653261316338636631
+          
63313536336337303533623861343630313766396363623134636433313236666437633739393031
+          
3830343730313235610a353133623262643962356636643335346462346435333333333539313666
+          
66316161663134316361333562393732613033323164656430356563643766386337666361313065
+          
65386137353234373263326239306235626262363232323162383830323834393766623730303266
+          
65343136396130363133353639636139356632323939646561643563333439336433383165326532
+          33386432346665336233
diff --git a/host_vars/couchdb01 b/host_vars/couchdb01
index da1bdba..665bae3 100644
--- a/host_vars/couchdb01
+++ b/host_vars/couchdb01
@@ -1,11 +1,11 @@
 jenkins_secret: !vault |
           $ANSIBLE_VAULT;1.1;AES256
-          
39373234353565353231633439353766623230656166636166353461613736656532663831373437
-          
3339376564326431336461383139303862393630653464390a383064643932393633633734653835
-          
66363830643061376330323630306634306433306431366238313232333635313231313032633237
-          
3461663238333638650a643235663133343737373936336630316562653832613166663565386663
-          
31646230653363323233663634376330373433326339313837646361356461633337393864636466
-          
39653933313532346339313666666335373830353033646465663138393834306565323136366137
-          
30623132316264663130356338643966313034323439343062376461383165616561386566656536
-          36303536623136386461
+          
39633766303861636339383165643366313930373761306165363863383139396463363830393335
+          
3962396532656339613939383735643833313464363735340a396235323065623734393665363566
+          
32343836336161623461366464666435363364656532643733626338613733303039313238646366
+          
3335383937343563610a383465303933646364326339666363363335383730363865323166396433
+          
62613163643036633931313263363435636662356565633665313332316562633339663230303861
+          
65363834363265386462333134376134626231316462313933643133353031666630386537646662
+          
39303334626363303261643139666331353962383961356432363331623965346466623366393730
+          63663234393531306235
 
diff --git a/roles/ci_agent/tasks/main.yml b/roles/ci_agent/tasks/main.yml
index 6dba9f5..41af0a4 100644
--- a/roles/ci_agent/tasks/main.yml
+++ b/roles/ci_agent/tasks/main.yml
@@ -1,4 +1,5 @@
 - name: Configure TCP Keep-Alive
+  become: yes
   copy:
     src: 50-ci-agent.sysctl.conf
     dest: /etc/sysctl.d/50-ci-agent.conf
@@ -6,10 +7,12 @@
   register: ciagentsysctl
 
 - name: Load TCP Keep-Alive configuration
+  become: yes
   shell: /sbin/sysctl --load /etc/sysctl.d/50-ci-agent.conf
   when: ciagentsysctl.changed
 
 - name: Install Java 8
+  become: yes
   apt:
     name: "{{ packages }}"
     state: latest
@@ -18,17 +21,20 @@
       - openjdk-8-jre-headless
 
 - name: Install Docker gpg key for Apt
+  become: yes
   apt_key:
     url: https://download.docker.com/linux/{{ ansible_distribution | lower 
}}/gpg
     state: present
 
 - name: Setup Docker Apt repository
+  become: yes
   apt_repository:
     repo: deb https://download.docker.com/linux/{{ansible_distribution | 
lower}} {{ ansible_distribution_release }} stable
     filename: docker
     state: present
 
 - name: Install Docker Packages
+  become: yes
   apt:
     name: "{{ packages }}"
   vars:
@@ -36,12 +42,14 @@
       - containerd.io
       - docker-ce
 
-- name: Install Docker CLI Package on Debian
+- name: Install Docker CLI Package on Debian or Ubuntu
+  become: yes
   apt:
     name: docker-ce-cli
-  when: ansible_distribution == 'Debian'
+  when: ansible_distribution == 'Debian' or  ansible_distribution == 'Ubuntu'
 
 - name: Install multi-architecture support for Docker
+  become: yes
   apt:
     name: "{{ packages }}"
     state: latest
@@ -52,29 +60,34 @@
       - qemu-user-static
 
 - name: Install kill-old-docker.sh
+  become: yes
   copy:
     src: kill-old-docker.sh
-    dest: /usr/local/bin/kill-old-docker.sh
+    dest: /usr/local/bin/kill-old-docker.sh2
     mode: 0755
 
 - name: Add kill-old-docker.sh cron entry
+  become: yes
   cron:
     name: Kill old docker containers
     hour: '19'
     job: /usr/local/bin/kill-old-docker.sh
 
 - name: Add docker prune cron entry
+  become: yes
   cron:
     name: Docker prune
     hour: '19'
     job: /usr/bin/docker system prune -a -f --filter "until=72h"
 
 - name: Add group jenkins
+  become: yes
   group:
     name: jenkins
     gid: 910
 
 - name: Add user jenkins
+  become: yes
   user:
     name: jenkins
     uid: 910
@@ -85,31 +98,34 @@
     shell: /bin/bash
 
 - name: Create Jenkins runit service directory
+  become: yes
   file:
     path: /etc/sv/jenkins
     state: directory
 
 - name: Create Jenkins runit log directory
+  become: yes
   file:
     path: /etc/sv/jenkins/log/main
     state: directory
 
 - name : Create Jenkins runit run script
+  become: yes
   template:
     src: runit-main.j2
     dest: /etc/sv/jenkins/run
     mode: 0755
 
 - name: Create Jenkins runit logs run script
+  become: yes
   copy:
     src: runit-logs
     dest: /etc/sv/jenkins/log/run
     mode: 0755
 
 - name: Enable Jenkins runit service
+  become: yes
   file:
     src: /etc/sv/jenkins
     dest: /etc/service/jenkins
     state: link
-
-
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 6333339..34b25d8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,4 +1,16 @@
-- name: Allow CouchDB Infra access
+- name: Allow CouchDB Infra access on Ubuntu
+  authorized_key:
+    user: ubuntu
+    state: present
+    key: "{{ item }}"
+  with_items:
+    - https://github.com/davisp.keys
+    - https://github.com/kocolosk.keys
+    - https://github.com/nickva.keys
+    - https://github.com/wohali.keys
+  when: ansible_distribution == "Ubuntu"
+
+- name: Allow CouchDB Infra access on Debian
   authorized_key:
     user: root
     state: present
@@ -8,13 +20,16 @@
     - https://github.com/kocolosk.keys
     - https://github.com/nickva.keys
     - https://github.com/wohali.keys
+  when: ansible_distribution == "Debian"
 
 - name: Lock root account
+  become: yes
   user:
     name: root
     password_lock: true
 
 - name: Disable password authentication
+  become: yes
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: '^(#\s*)?PasswordAuthentication'
@@ -23,6 +38,7 @@
   notify: restart sshd
 
 - name: Disable empty password login
+  become: yes
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: '^(#\s*)?PermitEmptyPasswords'
@@ -30,6 +46,7 @@
   notify: restart sshd
 
 - name: Disable challenge response authentication
+  become: yes
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: '^(#\s*)?ChallengeResponseAuthentication'
@@ -37,6 +54,7 @@
   notify: restart sshd
 
 - name: Install basic ubiquitous packages
+  become: yes
   apt:
     name: "{{ packages }}"
     state: latest
@@ -65,4 +83,5 @@
       - tcpdump
       - tmux
       - vim
+      - emacs-nox
       - wget

Reply via email to