This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/couchdb-infra-cm.git
commit 358cf71811d22856450cb9dd22b24335dfc4ddd5 Author: Nick Vatamaniuc <[email protected]> AuthorDate: Mon Jul 5 18:35:21 2021 -0400 Update playbooks to set up power and s390x hosts Hosts are Ubuntu 20.04 so to avoid forking all the scripts added `become: yes` to most commands. In a few cases had to check for Ubuntu vs Debian, but it wasn't too bad overall. Perhaps eventually we could just use Ubuntu everywhere to simplify things since it seems to be the lowest common denominator. s390x host `couchdb01` seems to come up: ``` Open Blue Ocean Build Executor Status 1 Idle 2 Idle Inbound agent connected from 148.100.113.138/148.100.113.138:52506 Remoting version: 4.5 This is a Unix agent Agent successfully connected and online ``` PowerVS host `couchdb-ci-ubuntu-2` has not come back up after playbook install. So may need aditional debugging. --- host_vars/couchdb-ci-ubuntu-2 | 16 ++++++++-------- host_vars/couchdb01 | 16 ++++++++-------- roles/ci_agent/tasks/main.yml | 24 ++++++++++++++++++++---- roles/common/tasks/main.yml | 21 ++++++++++++++++++++- 4 files changed, 56 insertions(+), 21 deletions(-) diff --git a/host_vars/couchdb-ci-ubuntu-2 b/host_vars/couchdb-ci-ubuntu-2 index c3a4dc3..60491bb 100644 --- a/host_vars/couchdb-ci-ubuntu-2 +++ b/host_vars/couchdb-ci-ubuntu-2 @@ -1,10 +1,10 @@ jenkins_secret: !vault | $ANSIBLE_VAULT;1.1;AES256 - 36316331626338373866306336303662383361623035353639646438633536633564363130386432 - 3737313130313732353030633134363061323238303466350a313630636362333039383132393062 - 65343938626338346430363532396436353538383663656630393863383361653233346634393461 - 6332393263646461390a653632343330353037663165643832393866303065633939616330303065 - 63636134373034303264363766623362666637633732313736323135383533363866613964356161 - 61333339626666623232323662656137366236643335326539613665613533623162353537653732 - 64396663363138386362316530333635353731616438656631623930373262656431656536393331 - 31333238633432303934 + 36393835646534306632326632653037356434626635633235616437663837376261646636353230 + 3561333863366561363833373836636633363761663833350a346434373363653261316338636631 + 63313536336337303533623861343630313766396363623134636433313236666437633739393031 + 3830343730313235610a353133623262643962356636643335346462346435333333333539313666 + 66316161663134316361333562393732613033323164656430356563643766386337666361313065 + 65386137353234373263326239306235626262363232323162383830323834393766623730303266 + 65343136396130363133353639636139356632323939646561643563333439336433383165326532 + 33386432346665336233 diff --git a/host_vars/couchdb01 b/host_vars/couchdb01 index da1bdba..665bae3 100644 --- a/host_vars/couchdb01 +++ b/host_vars/couchdb01 @@ -1,11 +1,11 @@ jenkins_secret: !vault | $ANSIBLE_VAULT;1.1;AES256 - 39373234353565353231633439353766623230656166636166353461613736656532663831373437 - 3339376564326431336461383139303862393630653464390a383064643932393633633734653835 - 66363830643061376330323630306634306433306431366238313232333635313231313032633237 - 3461663238333638650a643235663133343737373936336630316562653832613166663565386663 - 31646230653363323233663634376330373433326339313837646361356461633337393864636466 - 39653933313532346339313666666335373830353033646465663138393834306565323136366137 - 30623132316264663130356338643966313034323439343062376461383165616561386566656536 - 36303536623136386461 + 39633766303861636339383165643366313930373761306165363863383139396463363830393335 + 3962396532656339613939383735643833313464363735340a396235323065623734393665363566 + 32343836336161623461366464666435363364656532643733626338613733303039313238646366 + 3335383937343563610a383465303933646364326339666363363335383730363865323166396433 + 62613163643036633931313263363435636662356565633665313332316562633339663230303861 + 65363834363265386462333134376134626231316462313933643133353031666630386537646662 + 39303334626363303261643139666331353962383961356432363331623965346466623366393730 + 63663234393531306235 diff --git a/roles/ci_agent/tasks/main.yml b/roles/ci_agent/tasks/main.yml index 6dba9f5..d2f3ca2 100644 --- a/roles/ci_agent/tasks/main.yml +++ b/roles/ci_agent/tasks/main.yml @@ -1,4 +1,5 @@ - name: Configure TCP Keep-Alive + become: yes copy: src: 50-ci-agent.sysctl.conf dest: /etc/sysctl.d/50-ci-agent.conf @@ -6,10 +7,12 @@ register: ciagentsysctl - name: Load TCP Keep-Alive configuration + become: yes shell: /sbin/sysctl --load /etc/sysctl.d/50-ci-agent.conf when: ciagentsysctl.changed - name: Install Java 8 + become: yes apt: name: "{{ packages }}" state: latest @@ -18,17 +21,20 @@ - openjdk-8-jre-headless - name: Install Docker gpg key for Apt + become: yes apt_key: url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg state: present - name: Setup Docker Apt repository + become: yes apt_repository: repo: deb https://download.docker.com/linux/{{ansible_distribution | lower}} {{ ansible_distribution_release }} stable filename: docker state: present - name: Install Docker Packages + become: yes apt: name: "{{ packages }}" vars: @@ -36,12 +42,14 @@ - containerd.io - docker-ce -- name: Install Docker CLI Package on Debian +- name: Install Docker CLI Package on Debian or Ubuntu + become: yes apt: name: docker-ce-cli - when: ansible_distribution == 'Debian' + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: Install multi-architecture support for Docker + become: yes apt: name: "{{ packages }}" state: latest @@ -52,29 +60,34 @@ - qemu-user-static - name: Install kill-old-docker.sh + become: yes copy: src: kill-old-docker.sh dest: /usr/local/bin/kill-old-docker.sh mode: 0755 - name: Add kill-old-docker.sh cron entry + become: yes cron: name: Kill old docker containers hour: '19' job: /usr/local/bin/kill-old-docker.sh - name: Add docker prune cron entry + become: yes cron: name: Docker prune hour: '19' job: /usr/bin/docker system prune -a -f --filter "until=72h" - name: Add group jenkins + become: yes group: name: jenkins gid: 910 - name: Add user jenkins + become: yes user: name: jenkins uid: 910 @@ -85,31 +98,34 @@ shell: /bin/bash - name: Create Jenkins runit service directory + become: yes file: path: /etc/sv/jenkins state: directory - name: Create Jenkins runit log directory + become: yes file: path: /etc/sv/jenkins/log/main state: directory - name : Create Jenkins runit run script + become: yes template: src: runit-main.j2 dest: /etc/sv/jenkins/run mode: 0755 - name: Create Jenkins runit logs run script + become: yes copy: src: runit-logs dest: /etc/sv/jenkins/log/run mode: 0755 - name: Enable Jenkins runit service + become: yes file: src: /etc/sv/jenkins dest: /etc/service/jenkins state: link - - diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 6333339..34b25d8 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,4 +1,16 @@ -- name: Allow CouchDB Infra access +- name: Allow CouchDB Infra access on Ubuntu + authorized_key: + user: ubuntu + state: present + key: "{{ item }}" + with_items: + - https://github.com/davisp.keys + - https://github.com/kocolosk.keys + - https://github.com/nickva.keys + - https://github.com/wohali.keys + when: ansible_distribution == "Ubuntu" + +- name: Allow CouchDB Infra access on Debian authorized_key: user: root state: present @@ -8,13 +20,16 @@ - https://github.com/kocolosk.keys - https://github.com/nickva.keys - https://github.com/wohali.keys + when: ansible_distribution == "Debian" - name: Lock root account + become: yes user: name: root password_lock: true - name: Disable password authentication + become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?PasswordAuthentication' @@ -23,6 +38,7 @@ notify: restart sshd - name: Disable empty password login + become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?PermitEmptyPasswords' @@ -30,6 +46,7 @@ notify: restart sshd - name: Disable challenge response authentication + become: yes lineinfile: dest: /etc/ssh/sshd_config regexp: '^(#\s*)?ChallengeResponseAuthentication' @@ -37,6 +54,7 @@ notify: restart sshd - name: Install basic ubiquitous packages + become: yes apt: name: "{{ packages }}" state: latest @@ -65,4 +83,5 @@ - tcpdump - tmux - vim + - emacs-nox - wget
