- name: Deploy Zuul | |
hosts: localhost | |
vars: | |
root: "{{ (zuul.executor.work_root + '/' + zuul.project.src_dir) }}" | |
tasks: | |
- name: Make kube directory | |
file: | |
path: "{{ ansible_user_dir }}/.kube" | |
state: directory | |
- name: Write kube config | |
template: | |
src: kubecfg.yaml.j2 | |
dest: "{{ ansible_user_dir }}/.kube/config" | |
# Set no_log because we are templating in the token | |
no_log: true | |
- name: Update cert-manager configuration | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/certmanager.yaml" | |
- name: Update Zookeeper certs | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/zookeeper/certs.yaml" | |
- name: Update Zookeeper deployment | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/zookeeper/zookeeper.yaml" | |
- name: Update Letsencrypt configuration | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/letsencrypt.yaml" | |
- name: Update authdaemon configuration | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/authdaemon.yaml" | |
- name: Update Nodepool config | |
k8s: | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
namespace: zuul | |
name: nodepool-gcs | |
labels: | |
app.kubernetes.io/name: nodepool | |
app.kubernetes.io/instance: nodepool | |
app.kubernetes.io/part-of: nodepool | |
stringData: | |
clouds.yaml: "" | |
nodepool.yaml: "{{ lookup('file', root + '/nodepool/nodepool.yaml') }}" | |
- name: Update Zuul/Nodepool private key | |
k8s: | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
namespace: zuul | |
name: nodepool-private-key | |
labels: | |
app.kubernetes.io/name: zuul | |
app.kubernetes.io/instance: zuul | |
app.kubernetes.io/part-of: zuul | |
stringData: | |
nodepool_id_rsa: "{{ zuul_deploy.nodepool_private_key }}" | |
register: zuul_config | |
# Set no_log because we are templating in the private key | |
no_log: true | |
- name: Update Zuul service config | |
k8s: | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
namespace: zuul | |
name: zuul-config | |
labels: | |
app.kubernetes.io/name: zuul | |
app.kubernetes.io/instance: zuul | |
app.kubernetes.io/part-of: zuul | |
stringData: | |
zuul.conf: "{{ lookup('template', root + '/zuul/zuul.conf') }}" | |
register: zuul_config | |
# Set no_log because we are templating passwords into the config | |
no_log: true | |
- name: Update Zuul tenant config | |
k8s: | |
state: present | |
definition: | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
namespace: zuul | |
name: zuul-tenant-config | |
labels: | |
app.kubernetes.io/name: zuul | |
app.kubernetes.io/instance: zuul | |
app.kubernetes.io/part-of: zuul | |
stringData: | |
main.yaml: "{{ lookup('file', root + '/zuul/main.yaml') }}" | |
register: tenant_config | |
- name: Update Nodepool deployment | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/nodepool.yaml" | |
- name: Update Zuul deployment | |
k8s: | |
state: present | |
src: "{{ root }}/k8s/zuul.yaml" | |
- name: Reconfigure Zuul | |
when: tenant_config.changed or zuul_config.changed | |
block: | |
- name: Add scheduler to inventory | |
add_host: | |
name: 'zuul-scheduler-0' | |
ansible_kubectl_namespace: zuul | |
ansible_connection: kubectl | |
- name: Wait until remote Zuul config is updated | |
delegate_to: 'zuul-scheduler-0' | |
stat: | |
path: /etc/zuul/zuul.conf | |
follow: true | |
register: remote_zuul_st | |
until: "remote_zuul_st.stat.checksum == (zuul_config.result.data['zuul.conf'] | b64decode | hash('sha1'))" | |
delay: 10 | |
retries: 30 | |
- name: Wait until remote tenant config is updated | |
delegate_to: 'zuul-scheduler-0' | |
stat: | |
path: /etc/zuul/tenant/main.yaml | |
follow: true | |
register: remote_tenant_st | |
until: "remote_tenant_st.stat.checksum == (tenant_config.result.data['main.yaml'] | b64decode | hash('sha1'))" | |
delay: 10 | |
retries: 30 | |
- name: Send reconfiguration notice to scheduler | |
delegate_to: 'zuul-scheduler-0' | |
command: zuul-scheduler full-reconfigure |