Update playbooks to set up power and s390x hosts
Hosts are Ubuntu 20.04 so to avoid forking all the scripts added `become: yes`
to most commands. In a few cases had to check for Ubuntu vs Debian, but it
wasn't too bad overall. Perhaps eventually we could just use Ubuntu everywhere
to simplify things since it seems to be the lowest common denominator.
s390x host `couchdb01` seems to come up:
```
Open Blue Ocean
Build Executor Status
1 Idle
2 Idle
Inbound agent connected from 148.100.113.138/148.100.113.138:52506
Remoting version: 4.5
This is a Unix agent
Agent successfully connected and online
```
PowerVS host `couchdb-ci-ubuntu-2` has not come back up after playbook install.
So may need aditional debugging.
diff --git a/host_vars/couchdb-ci-ubuntu-2 b/host_vars/couchdb-ci-ubuntu-2
index c3a4dc3..60491bb 100644
--- a/host_vars/couchdb-ci-ubuntu-2
+++ b/host_vars/couchdb-ci-ubuntu-2
@@ -1,10 +1,10 @@
jenkins_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 36316331626338373866306336303662383361623035353639646438633536633564363130386432
- 3737313130313732353030633134363061323238303466350a313630636362333039383132393062
- 65343938626338346430363532396436353538383663656630393863383361653233346634393461
- 6332393263646461390a653632343330353037663165643832393866303065633939616330303065
- 63636134373034303264363766623362666637633732313736323135383533363866613964356161
- 61333339626666623232323662656137366236643335326539613665613533623162353537653732
- 64396663363138386362316530333635353731616438656631623930373262656431656536393331
- 31333238633432303934
+ 36393835646534306632326632653037356434626635633235616437663837376261646636353230
+ 3561333863366561363833373836636633363761663833350a346434373363653261316338636631
+ 63313536336337303533623861343630313766396363623134636433313236666437633739393031
+ 3830343730313235610a353133623262643962356636643335346462346435333333333539313666
+ 66316161663134316361333562393732613033323164656430356563643766386337666361313065
+ 65386137353234373263326239306235626262363232323162383830323834393766623730303266
+ 65343136396130363133353639636139356632323939646561643563333439336433383165326532
+ 33386432346665336233
diff --git a/host_vars/couchdb01 b/host_vars/couchdb01
index da1bdba..665bae3 100644
--- a/host_vars/couchdb01
+++ b/host_vars/couchdb01
@@ -1,11 +1,11 @@
jenkins_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
- 39373234353565353231633439353766623230656166636166353461613736656532663831373437
- 3339376564326431336461383139303862393630653464390a383064643932393633633734653835
- 66363830643061376330323630306634306433306431366238313232333635313231313032633237
- 3461663238333638650a643235663133343737373936336630316562653832613166663565386663
- 31646230653363323233663634376330373433326339313837646361356461633337393864636466
- 39653933313532346339313666666335373830353033646465663138393834306565323136366137
- 30623132316264663130356338643966313034323439343062376461383165616561386566656536
- 36303536623136386461
+ 39633766303861636339383165643366313930373761306165363863383139396463363830393335
+ 3962396532656339613939383735643833313464363735340a396235323065623734393665363566
+ 32343836336161623461366464666435363364656532643733626338613733303039313238646366
+ 3335383937343563610a383465303933646364326339666363363335383730363865323166396433
+ 62613163643036633931313263363435636662356565633665313332316562633339663230303861
+ 65363834363265386462333134376134626231316462313933643133353031666630386537646662
+ 39303334626363303261643139666331353962383961356432363331623965346466623366393730
+ 63663234393531306235
diff --git a/roles/ci_agent/tasks/main.yml b/roles/ci_agent/tasks/main.yml
index 6dba9f5..d2f3ca2 100644
--- a/roles/ci_agent/tasks/main.yml
+++ b/roles/ci_agent/tasks/main.yml
@@ -1,4 +1,5 @@
- name: Configure TCP Keep-Alive
+ become: yes
copy:
src: 50-ci-agent.sysctl.conf
dest: /etc/sysctl.d/50-ci-agent.conf
@@ -6,10 +7,12 @@
register: ciagentsysctl
- name: Load TCP Keep-Alive configuration
+ become: yes
shell: /sbin/sysctl --load /etc/sysctl.d/50-ci-agent.conf
when: ciagentsysctl.changed
- name: Install Java 8
+ become: yes
apt:
name: "{{ packages }}"
state: latest
@@ -18,17 +21,20 @@
- openjdk-8-jre-headless
- name: Install Docker gpg key for Apt
+ become: yes
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
- name: Setup Docker Apt repository
+ become: yes
apt_repository:
repo: deb https://download.docker.com/linux/{{ansible_distribution | lower}} {{ ansible_distribution_release }} stable
filename: docker
state: present
- name: Install Docker Packages
+ become: yes
apt:
name: "{{ packages }}"
vars:
@@ -36,12 +42,14 @@
- containerd.io
- docker-ce
-- name: Install Docker CLI Package on Debian
+- name: Install Docker CLI Package on Debian or Ubuntu
+ become: yes
apt:
name: docker-ce-cli
- when: ansible_distribution == 'Debian'
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: Install multi-architecture support for Docker
+ become: yes
apt:
name: "{{ packages }}"
state: latest
@@ -52,29 +60,34 @@
- qemu-user-static
- name: Install kill-old-docker.sh
+ become: yes
copy:
src: kill-old-docker.sh
dest: /usr/local/bin/kill-old-docker.sh
mode: 0755
- name: Add kill-old-docker.sh cron entry
+ become: yes
cron:
name: Kill old docker containers
hour: '19'
job: /usr/local/bin/kill-old-docker.sh
- name: Add docker prune cron entry
+ become: yes
cron:
name: Docker prune
hour: '19'
job: /usr/bin/docker system prune -a -f --filter "until=72h"
- name: Add group jenkins
+ become: yes
group:
name: jenkins
gid: 910
- name: Add user jenkins
+ become: yes
user:
name: jenkins
uid: 910
@@ -85,31 +98,34 @@
shell: /bin/bash
- name: Create Jenkins runit service directory
+ become: yes
file:
path: /etc/sv/jenkins
state: directory
- name: Create Jenkins runit log directory
+ become: yes
file:
path: /etc/sv/jenkins/log/main
state: directory
- name : Create Jenkins runit run script
+ become: yes
template:
src: runit-main.j2
dest: /etc/sv/jenkins/run
mode: 0755
- name: Create Jenkins runit logs run script
+ become: yes
copy:
src: runit-logs
dest: /etc/sv/jenkins/log/run
mode: 0755
- name: Enable Jenkins runit service
+ become: yes
file:
src: /etc/sv/jenkins
dest: /etc/service/jenkins
state: link
-
-
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 6333339..34b25d8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,4 +1,16 @@
-- name: Allow CouchDB Infra access
+- name: Allow CouchDB Infra access on Ubuntu
+ authorized_key:
+ user: ubuntu
+ state: present
+ key: "{{ item }}"
+ with_items:
+ - https://github.com/davisp.keys
+ - https://github.com/kocolosk.keys
+ - https://github.com/nickva.keys
+ - https://github.com/wohali.keys
+ when: ansible_distribution == "Ubuntu"
+
+- name: Allow CouchDB Infra access on Debian
authorized_key:
user: root
state: present
@@ -8,13 +20,16 @@
- https://github.com/kocolosk.keys
- https://github.com/nickva.keys
- https://github.com/wohali.keys
+ when: ansible_distribution == "Debian"
- name: Lock root account
+ become: yes
user:
name: root
password_lock: true
- name: Disable password authentication
+ become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^(#\s*)?PasswordAuthentication'
@@ -23,6 +38,7 @@
notify: restart sshd
- name: Disable empty password login
+ become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^(#\s*)?PermitEmptyPasswords'
@@ -30,6 +46,7 @@
notify: restart sshd
- name: Disable challenge response authentication
+ become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^(#\s*)?ChallengeResponseAuthentication'
@@ -37,6 +54,7 @@
notify: restart sshd
- name: Install basic ubiquitous packages
+ become: yes
apt:
name: "{{ packages }}"
state: latest
@@ -65,4 +83,5 @@
- tcpdump
- tmux
- vim
+ - emacs-nox
- wget