From nobody Mon Apr 29 05:36:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) client-ip=63.128.21.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585229661; cv=none; d=zohomail.com; s=zohoarc; b=A5U7Tex77wmKZl8roWgdfqyODCil4XrwmQ9HL896EvIL/cUuV3lxqvlA9lf50oo4IzZIuj+hFkE/L7j/CYQaPuxnHt2QvT6oAR2XfewL5KD/L6qTGrqvNJHS0fer/zwHl99qh2asw0Wz75nk4VrvJMLJhsEr5kG1d7ReAei/6Dc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585229661; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=70JQwFF2fviQ23gXD2YW/olpivM6rGfWYX/GCszDDtA=; b=dZvAukDYlGhM9W8dVkpCFsX9zeGOXk6sjZpDxrX39OgCaIcgoihGnz9WBSUvzgtsuVKfsKb11mxDCcVslznksEoXGNZ57OU19+Uj+9evZtBKdtzYxuT7D7wp3U4CXXj3K7BHXjdlXrt2XcQbcZ0IAj8EdM3gT53d2bip8YU22fQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [63.128.21.74]) by mx.zohomail.com with SMTPS id 1585229661716951.0104664745954; Thu, 26 Mar 2020 06:34:21 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-402-_Pmw74VbOYafTDDc3EFmUw-1; Thu, 26 Mar 2020 09:34:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D47C51084433; Thu, 26 Mar 2020 13:34:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 991D85DA75; Thu, 26 Mar 2020 13:34:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 292488A025; Thu, 26 Mar 2020 13:34:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02QDY948024904 for ; Thu, 26 Mar 2020 09:34:09 -0400 Received: by smtp.corp.redhat.com (Postfix) id B63837E311; Thu, 26 Mar 2020 13:34:09 +0000 (UTC) Received: from sturgeon.redhat.com (unknown [10.40.194.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id EEBB596FBA; Thu, 26 Mar 2020 13:34:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585229660; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=70JQwFF2fviQ23gXD2YW/olpivM6rGfWYX/GCszDDtA=; b=QWTqT4v7HDagFBczhoWm39xYHZv5HL7yGCfX1xn0z6Uvh31ngPYgkbTkSn9xNR/gOju3fO 9sWyAfVoq7Oos+Vjg0kVBDtQz/tF/lEiOKk4kMGwQHOr2FrCObOhp6MoX4lZmf1RFm7T4C VcTyeHuDdIBUytxLC+y6Xb25JVD/LjY= X-MC-Unique: _Pmw74VbOYafTDDc3EFmUw-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt-jenkins-ci PATCH 1/5] guests: templates: Introduce a gitlab-runner systemd service template Date: Thu, 26 Mar 2020 14:33:50 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Erik Skultety --- .../update/templates/gitlab-runner.service.j2 | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 guests/playbooks/update/templates/gitlab-runner.service= .j2 diff --git a/guests/playbooks/update/templates/gitlab-runner.service.j2 b/g= uests/playbooks/update/templates/gitlab-runner.service.j2 new file mode 100644 index 0000000..f7a70dc --- /dev/null +++ b/guests/playbooks/update/templates/gitlab-runner.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=3DGitLab Runner +After=3Dnetwork.target +ConditionFileIsExecutable=3D/usr/local/bin/gitlab-runner + +[Service] +ExecStart=3D/usr/local/bin/gitlab-runner run --user gitlab --working-direc= tory /home/gitlab --config /home/gitlab/.gitlab-runner/config.toml +Restart=3Dalways + +[Install] +WantedBy=3Dmulti-user.target + --=20 2.25.1 From nobody Mon Apr 29 05:36:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) client-ip=63.128.21.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585229666; cv=none; d=zohomail.com; s=zohoarc; b=N482HxkWtZq5NBdQFx8kibeHr77IWEoX1/U9bet4pWx/BMycnp/vPHeXoGHf6ymUhDeAzTyaqeZMLS0CtTmTBrvee6RTiC4mGLBnQowgK7qOZmGPQFiyUIBzdMBtW5If27S6JYl3qf9Rck0EWWXjnZgCvsJuzs2zvtPPUiQxAZw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585229666; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kJt/1LcLaXP+32K/grsL9pfOCcW+pNVftd3xt38K1fU=; b=kL62n8CJm6POBjV6oTsZ34Ndsi04SBdwu/x/ECCCCoSdm90a2PcN+hnnGX4uRbjdXHdn6DANENCZN0n5NepsfgWz+NQfLVqzZfZ1t5VmJHE1HR1L2H4MB+b43mOltbsdExaLGUAjSbg5tFCmDTT8GSLhbMDUnuyHkurO7NZNwJw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [63.128.21.74]) by mx.zohomail.com with SMTPS id 15852296662351006.666682325763; Thu, 26 Mar 2020 06:34:26 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-308-O0BizWC4OEuOZg-d8MEQEA-1; Thu, 26 Mar 2020 09:34:22 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D2320801E5C; Thu, 26 Mar 2020 13:34:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A3EE4100EBCC; Thu, 26 Mar 2020 13:34:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 58FE01803C38; Thu, 26 Mar 2020 13:34:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02QDYDRA024916 for ; Thu, 26 Mar 2020 09:34:13 -0400 Received: by smtp.corp.redhat.com (Postfix) id B386496FB7; Thu, 26 Mar 2020 13:34:13 +0000 (UTC) Received: from sturgeon.redhat.com (unknown [10.40.194.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id A98D596FB1; Thu, 26 Mar 2020 13:34:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585229665; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=kJt/1LcLaXP+32K/grsL9pfOCcW+pNVftd3xt38K1fU=; b=fpLtJ6evVQTUOKZCYq/90qaoba+d52+2zruRsV4fzEwKCtuLX8Ev83CDjWsuHTOWFM5vxs TSJyaHTWYwCblERyhQDDkqSqPLyJpjIbsaEo7UZzfm9acTFj13d1nizodkcs8C+Cla0vaX hK+qS55NaQp4uB0qXbW03JxVqFknEr8= X-MC-Unique: O0BizWC4OEuOZg-d8MEQEA-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt-jenkins-ci PATCH 2/5] guests: templates: Introduce a gitlab-runner RC init service template Date: Thu, 26 Mar 2020 14:33:51 +0100 Message-Id: <85a8f4db0fd0af27b9d5a3bef32c78ce7a08deed.1585229621.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Erik Skultety --- .../update/templates/gitlab-runner.j2 | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 guests/playbooks/update/templates/gitlab-runner.j2 diff --git a/guests/playbooks/update/templates/gitlab-runner.j2 b/guests/pl= aybooks/update/templates/gitlab-runner.j2 new file mode 100644 index 0000000..5063a53 --- /dev/null +++ b/guests/playbooks/update/templates/gitlab-runner.j2 @@ -0,0 +1,32 @@ +#!/bin/sh +# PROVIDE: gitlab_runner +# REQUIRE: DAEMON NETWORKING +# BEFORE: +# KEYWORD: + +. /etc/rc.subr + +name=3D"gitlab_runner" +rcvar=3D"gitlab_runner_enable" + +user=3D"{{ flavor }}" +user_home=3D"/home/{{ flavor }}" +command=3D"/usr/local/bin/gitlab-runner" +command_args=3D"run --user ${user} --working-directory ${user_home} --conf= ig ${user_home}/.gitlab-runner/config.toml" +pidfile=3D"/var/run/${name}.pid" + +start_cmd=3D"gitlab_runner_start" + +gitlab_runner_start() +{ + export USER=3D${user} + export HOME=3D${user_home} + export PATH=3D${PATH}:/usr/local/bin/:/usr/local/sbin/ + if checkyesno ${rcvar}; then + cd ${user_home} + /usr/sbin/daemon -p ${pidfile} ${command} ${command_args} > /var/log/g= itlab-runner.log 2>&1 + fi +} + +load_rc_config $name +run_rc_command $1 --=20 2.25.1 From nobody Mon Apr 29 05:36:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) client-ip=63.128.21.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585229701; cv=none; d=zohomail.com; s=zohoarc; b=Kq9wLf+Xom7oP22SY/6SvcEUOUv6GyfXGRwccj1T/FJadC37P3Ek7femqPxyrDM7WWWr5gxHI3rocOeE6v1KXJW9RXV+DlPC597RQGHdIzqHS3kdAQ/x3mjIBeM92Ne1hSgZu6LBKtQGptFgbkI0Qr7vN43IJNpSW6MhwKq/V8Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585229701; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=1XcxQXvW6UF2EONL6uN6zzc6cJ9/LjG4+TwcNxeA3K8=; b=bl5K1rDdAMG/V1XB7gg4VlscfthT7E4fHxIC+CNM7P9BrWQn3Zt1+VhiQT222WSUr8PlZTWrWCWOYc99Oi2oHDjJHCInikuEH7xtpvgkOfT41dpcuxQ3kyu/Xa7cb/ZiscbfpmFV7GPjalv6aU0cQkCZG0KJJEavENUtGzrAkOE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [63.128.21.74]) by mx.zohomail.com with SMTPS id 1585229701672891.8054722945677; Thu, 26 Mar 2020 06:35:01 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-422-uted2CvkOWy8WmvVychuWA-1; Thu, 26 Mar 2020 09:34:58 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3F5551088396; Thu, 26 Mar 2020 13:34:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7D6C8B19D9; Thu, 26 Mar 2020 13:34:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 92B1F8A03A; Thu, 26 Mar 2020 13:34:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02QDYjlw024944 for ; Thu, 26 Mar 2020 09:34:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id E1A6290538; Thu, 26 Mar 2020 13:34:45 +0000 (UTC) Received: from sturgeon.redhat.com (unknown [10.40.194.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9839096FB8; Thu, 26 Mar 2020 13:34:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585229700; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=1XcxQXvW6UF2EONL6uN6zzc6cJ9/LjG4+TwcNxeA3K8=; b=N0ESwpzz+Io6KKvaKGBwwY+vhyeHVccdbDW9sYVj8OrtjOknKZXMru/ukBzRnjZmqikyVU ykUACj1CS3miZNCXmBCxEwlSzZBbqxiCVjaQMnCCY8F3rCAuhkp/pL9iaij/k5x3FJXsK4 bVLB3JkUfVBZsYX3SHzqibo+QqxoKKU= X-MC-Unique: uted2CvkOWy8WmvVychuWA-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt-jenkins-ci PATCH 3/5] guests: Introduce the new 'gitlab' flavor Date: Thu, 26 Mar 2020 14:33:52 +0100 Message-Id: <84ecf65f88c629b8eecbf7fe02cfc7303c303389.1585229621.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" With the recent efforts in upstream libvirt to centralize our CI on gitlab, let's add a new gitlab-specific flavor along with related playbook tasks. This flavour revolves around installing and configuring the gitlab-runner agent binary which requires the per-project registration token to be specified in order for the runner to be successfully registered with the gitlab server. Note that as part of the registration process each runner acquires a new unique access token. This means that we must ensure that the registration is run only on the first update, otherwise a new runner with a new access token is registered with the gitlab project. Signed-off-by: Erik Skultety --- guests/group_vars/all/main.yml | 3 ++ guests/playbooks/update/main.yml | 5 ++ guests/playbooks/update/tasks/gitlab.yml | 64 ++++++++++++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 guests/playbooks/update/tasks/gitlab.yml diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml index b73795e..9d9a413 100644 --- a/guests/group_vars/all/main.yml +++ b/guests/group_vars/all/main.yml @@ -5,3 +5,6 @@ ansible_ssh_pass: root =20 jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave= -agent.jnlp + +# In our case, ansible_system is either Linux or FreeBSD +gitlab_runner_url: https://gitlab-runner-downloads.s3.amazonaws.com/latest= /binaries/gitlab-runner-{{ ansible_system|lower }}-amd64 diff --git a/guests/playbooks/update/main.yml b/guests/playbooks/update/mai= n.yml index e82055b..9e63391 100644 --- a/guests/playbooks/update/main.yml +++ b/guests/playbooks/update/main.yml @@ -58,3 +58,8 @@ - include: '{{ playbook_base }}/tasks/jenkins.yml' when: - flavor =3D=3D 'jenkins' + + # Install the Gitlab runner agent + - include: '{{ playbook_base }}/tasks/gitlab.yml' + when: + - flavor =3D=3D 'gitlab' diff --git a/guests/playbooks/update/tasks/gitlab.yml b/guests/playbooks/up= date/tasks/gitlab.yml new file mode 100644 index 0000000..9a30140 --- /dev/null +++ b/guests/playbooks/update/tasks/gitlab.yml @@ -0,0 +1,64 @@ +--- +- name: Look up Gitlab runner secret + set_fact: + gitlab_runner_secret: '{{ lookup("file", gitlab_runner_token_file) }}' + gitlab_runner_config_path: '/home/gitlab/.gitlab-runner/config.toml' + +- name: Download gitlab-runner agent + get_url: + url: '{{ gitlab_runner_url }}' + dest: /usr/local/bin/gitlab-runner + mode: '0755' + force: yes + +- name: Make sure the gitlab-runner config dir exists exists + file: + path: '{{ gitlab_runner_config_path | dirname }}' + owner: gitlab + group: gitlab + state: directory + register: rc_gitlab_runner_config_dir + +- name: Create and empty gitlab-runner config + file: + path: '{{ gitlab_runner_config_path }}' + owner: gitlab + group: gitlab + state: touch + when: rc_gitlab_runner_config_dir.changed + +# To ensure idempotency, we must run the registration only when we first +# created the config dir, otherwise we'll register a new runner on every +# update +- name: Register the gitlab-runner agent + shell: 'gitlab-runner register --non-interactive --config /home/gitlab/.= gitlab-runner/config.toml --registration-token {{ gitlab_runner_secret }} -= -url https://gitlab.com --executor shell --tag-list {{ inventory_hostname }= }' + when: rc_gitlab_runner_config_dir.changed + +- block: + - name: Install the gitlab-runner service unit + template: + src: '{{ playbook_base }}/templates/gitlab-runner.service.j2' + dest: /etc/systemd/system/gitlab-runner.service + + - name: Enable the gitlab-runner service + systemd: + name: gitlab-runner + state: started + enabled: yes + daemon_reload: yes + when: ansible_service_mgr =3D=3D 'systemd' + +- block: + - name: Install the gitlab_runner rc service script + template: + src: '{{ playbook_base }}/templates/gitlab-runner.j2' + dest: '/usr/local/etc/rc.d/gitlab_runner' + mode: '0755' + + - name: Enable the gitlab-runner rc service + service: + name: gitlab_runner + state: started + enabled: yes + when: ansible_service_mgr !=3D 'systemd' + --=20 2.25.1 From nobody Mon Apr 29 05:36:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.74 as permitted sender) client-ip=216.205.24.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585229715; cv=none; d=zohomail.com; s=zohoarc; b=RxlxzVVmCTGm55iNTvbCtojWmJm0BSVYpdJ4OzT55jGl7y53JcvHomHke/pIrp9teKCPo6j5HVDYlJKuiJ3jHikDPnJA/cZhldu5rce7RI/CM+sck7eYWNv0BNODq/plpT8tuvqNVFJIzsSpRj0a40FCEourZl/U0uS5IzkqAQ4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585229715; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pGErHmZk2rglxIOqGAM3MzZo5mowJxx4UPBhetmlVys=; b=PYJDFwMRcc5fbvlc6yJJW9E8CpnstUrMTztncfXGKAmCaPF/z2VIbRmWCWI9kPgcxGGWSRFieB6NNjJtlRJ7S2QW5nbN+XpPLtsOlOq45Xegl6csdVSisay89M8rg1bAhQyJW8Eh8V0h0AWdgqAvbdiBJSa0ZODvWgDtj/y6ktA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [216.205.24.74]) by mx.zohomail.com with SMTPS id 1585229715143833.88985871054; Thu, 26 Mar 2020 06:35:15 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-295-aBRL5iUMNl6jpNFumSt0iw-1; Thu, 26 Mar 2020 09:35:10 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 07F3E8048FD; Thu, 26 Mar 2020 13:34:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C11C85E001; Thu, 26 Mar 2020 13:34:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 71DE91803C37; Thu, 26 Mar 2020 13:34:53 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02QDYq6J024957 for ; Thu, 26 Mar 2020 09:34:52 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5C64C90538; Thu, 26 Mar 2020 13:34:52 +0000 (UTC) Received: from sturgeon.redhat.com (unknown [10.40.194.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id 765B196FB4; Thu, 26 Mar 2020 13:34:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585229713; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=pGErHmZk2rglxIOqGAM3MzZo5mowJxx4UPBhetmlVys=; b=QijvpJjdFfHLDwMgZcE3gVWL7wfFx/cP6lHsQARJXnjA2WvwkNIj1fM4alKzbO0SZCSSFb m1LH0aBdflGMaleXavjKpaIZhXmvz6XHLbW+1+4lb/OBOeOzOZXGvwkVFCn4/sxTHZHZWi bXJIGxwIZzfiFRHzR469/RaDetNpzhw= X-MC-Unique: aBRL5iUMNl6jpNFumSt0iw-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt-jenkins-ci PATCH 4/5] playbooks: gitlab: Force a random password for the root account Date: Thu, 26 Mar 2020 14:33:53 +0100 Message-Id: <62520cab5a66bd5948aebe063d6e7f22546349f6.1585229621.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Unlike with the 'test' flavour, where the 'test' user has sudo permissions on the system, with machines set up with the 'gitlab' flavour which are intended to contact the outside world which, we don't want that. More importantly though, we must not use the default root password which is set by the install script on such machines. Therefore, set the root password to a random one as part of the gitlab flavour task, thus only allowing SSH pubkey authentication for the root account. Signed-off-by: Erik Skultety --- guests/playbooks/update/tasks/gitlab.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/guests/playbooks/update/tasks/gitlab.yml b/guests/playbooks/up= date/tasks/gitlab.yml index 9a30140..db27966 100644 --- a/guests/playbooks/update/tasks/gitlab.yml +++ b/guests/playbooks/update/tasks/gitlab.yml @@ -62,3 +62,7 @@ enabled: yes when: ansible_service_mgr !=3D 'systemd' =20 +- name: Set random root password for security reasons + user: + name: root + password: '{{ lookup("password","/dev/null encrypt=3Dsha512_crypt") }}' --=20 2.25.1 From nobody Mon Apr 29 05:36:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) client-ip=63.128.21.74; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-74.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1585229764; cv=none; d=zohomail.com; s=zohoarc; b=IZt+xWP8bsOk5PrPZ5xv5+Dnc1CKi/6vOY8A4UspXtiGvwYGpK0CEgvVfvUKARdu3xD0i6Vdgw4ewbMWkNiGET/kFqbpAEnYEo9Cm75dl7CpwCwU0bl3aLrPDuo/bSTF0ZGRJIAgNBccVGI++jwSYvkJ+FlXRmzLljBkycND8E0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585229764; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=JjHEQoPH2EFeRuZSq7iLK1Qyrx4nfsxuczayal/5bBM=; b=UN/R5gMQcGvObso7x0Req7wbEm2hrkSsqcj5OkRnp7Nhnpu5LotM/y0IOJXA9fWru8l0tgShRGP9Upv7/Rpyo4ACGJXszLTy2qs9T3JTzqgyxvdb78/sDnTDEIbgYI25TW6xEMHY/LKFhQwUr/u12GenKR94L1QIEJOalhB9P5Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.74 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-74.mimecast.com (us-smtp-delivery-74.mimecast.com [63.128.21.74]) by mx.zohomail.com with SMTPS id 1585229764560549.8194758122169; Thu, 26 Mar 2020 06:36:04 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-48-vqJyfCOVMo2if8RG8tVU8g-1; Thu, 26 Mar 2020 09:35:07 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B029A801E72; Thu, 26 Mar 2020 13:34:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 827F55E000; Thu, 26 Mar 2020 13:34:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3774A8A039; Thu, 26 Mar 2020 13:34:56 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02QDYtB4024967 for ; Thu, 26 Mar 2020 09:34:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 56CC492FBB; Thu, 26 Mar 2020 13:34:55 +0000 (UTC) Received: from sturgeon.redhat.com (unknown [10.40.194.199]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8121F90538; Thu, 26 Mar 2020 13:34:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585229763; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=JjHEQoPH2EFeRuZSq7iLK1Qyrx4nfsxuczayal/5bBM=; b=UFL3J3Az/XF09rIurCsAXrzm9MBMnDj/ZRj/KlBzhRQaUs3UZ2YjnTtjB++lpwJKB6AaYO ZJcKJQ0/3bi45yFFgzd8rAjJmJmQcZTGKkUEOnMaEFBhUkCEGA6jkguG5GZNfjGZlzM2t+ tkabTor9I57tov5f2rD66rs0geakMOw= X-MC-Unique: vqJyfCOVMo2if8RG8tVU8g-1 From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt-jenkins-ci PATCH 5/5] guests: lcitool: Enable the new 'gitlab' flavor in the lcitool script Date: Thu, 26 Mar 2020 14:33:54 +0100 Message-Id: <4d7e8f3f5cd23bff0072693b8d6c44146b190cb6.1585229621.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Erik Skultety --- guests/lcitool | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 209380a..dfb1010 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -175,7 +175,7 @@ class Config: ) ) =20 - if flavor not in ["test", "jenkins"]: + if flavor not in ["test", "jenkins", "gitlab"]: raise Exception("Invalid flavor '{}'".format(flavor)) =20 return flavor @@ -185,7 +185,7 @@ class Config: =20 # The vault password is only needed for the jenkins flavor, but in # that case we want to make sure there's *something* in there - if self.get_flavor() !=3D "test": + if self.get_flavor() =3D=3D "jenkins": vault_pass_file =3D self._get_config_file("vault-password") =20 try: @@ -217,6 +217,21 @@ class Config: =20 return root_pass_file =20 + def get_gitlab_runner_token_file(self): + gitlab_runner_token_file =3D self._get_config_file("gitlab-runner-= token") + + try: + with open(gitlab_runner_token_file, "r") as infile: + if not infile.readline().strip(): + raise ValueError + except Exception as ex: + raise Exception( + "Missing or invalid gitlab runner token file ({}): {}".for= mat( + gitlab_runner_token_file, ex + ) + ) + + return gitlab_runner_token_file =20 class Inventory: =20 @@ -449,6 +464,7 @@ class Application: flavor =3D self._config.get_flavor() vault_pass_file =3D self._config.get_vault_password_file() root_pass_file =3D self._config.get_root_password_file() + gitlab_runner_token_file =3D self._config.get_gitlab_runner_token_= file() =20 ansible_hosts =3D ",".join(self._inventory.expand_pattern(hosts)) selected_projects =3D self._projects.expand_pattern(projects) @@ -469,7 +485,7 @@ class Application: playbook_base =3D os.path.join(base, "playbooks", playbook) playbook_path =3D os.path.join(playbook_base, "main.yml") =20 - extra_vars =3D json.dumps({ + extra_vars_d =3D { "base": base, "playbook_base": playbook_base, "root_password_file": root_pass_file, @@ -477,7 +493,10 @@ class Application: "selected_projects": selected_projects, "git_remote": git_remote, "git_branch": git_branch, - }) + } + + if flavor =3D=3D "gitlab": + extra_vars_d["gitlab_runner_token_file"] =3D gitlab_runner_tok= en_file =20 ansible_playbook =3D distutils.spawn.find_executable("ansible-play= book") if ansible_playbook is None: @@ -486,7 +505,7 @@ class Application: cmd =3D [ ansible_playbook, "--limit", ansible_hosts, - "--extra-vars", extra_vars, + "--extra-vars", json.dumps(extra_vars_d), ] =20 # Provide the vault password if available --=20 2.25.1