So, the idea is to pass our YAML config to the Ansible playbooks as
extra vars. However, not all variables we need to pass on to Ansible
are exposed in the config (and they shouldn't be). Update the config
values dictionary with these variables before passing on to Ansible.
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
guests/lcitool | 10 ++----
guests/playbooks/build/main.yml | 2 +-
guests/playbooks/update/main.yml | 6 ++--
guests/playbooks/update/tasks/gitlab.yml | 4 +--
guests/playbooks/update/tasks/kludges.yml | 2 +-
guests/playbooks/update/tasks/users.yml | 42 +++++++++++------------
6 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/guests/lcitool b/guests/lcitool
index 07d0b3c..818ae82 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -567,20 +567,16 @@ class Application:
playbook_base = os.path.join(base, "playbooks", playbook)
playbook_path = os.path.join(playbook_base, "main.yml")
extra_vars_path = os.path.join(tempdir.name, "extra_vars.json")
- extra_vars = {
+ self._config.values.update({
"base": base,
"playbook_base": playbook_base,
- "root_password_file": root_pass_file,
- "flavor": flavor,
"selected_projects": selected_projects,
"git_remote": git_remote,
"git_branch": git_branch,
- "gitlab_url_file": gitlab_url_file,
- "gitlab_runner_token_file": gitlab_runner_token_file,
- }
+ })
with open(extra_vars_path, "w") as fp:
- json.dump(extra_vars, fp)
+ json.dump(self._config.values, fp)
ansible_playbook = distutils.spawn.find_executable("ansible-playbook")
if ansible_playbook is None:
diff --git a/guests/playbooks/build/main.yml b/guests/playbooks/build/main.yml
index 8abda67..462764b 100644
--- a/guests/playbooks/build/main.yml
+++ b/guests/playbooks/build/main.yml
@@ -1,6 +1,6 @@
---
- hosts: all
- remote_user: '{{ flavor }}'
+ remote_user: '{{ install.flavor }}'
vars_files:
- '{{ playbook_base }}/jobs/defaults.yml'
diff --git a/guests/playbooks/update/main.yml b/guests/playbooks/update/main.yml
index 371e53d..1b97027 100644
--- a/guests/playbooks/update/main.yml
+++ b/guests/playbooks/update/main.yml
@@ -45,7 +45,7 @@
vars:
project: jenkins
when:
- - flavor == "jenkins"
+ - install.flavor == "jenkins"
# Configure environment. Needs to happen after installing packages
- include: '{{ playbook_base }}/tasks/kludges.yml'
@@ -57,9 +57,9 @@
# Configure the Jenkins agent
- include: '{{ playbook_base }}/tasks/jenkins.yml'
when:
- - flavor == 'jenkins'
+ - install.flavor == 'jenkins'
# Install the Gitlab runner agent
- include: '{{ playbook_base }}/tasks/gitlab.yml'
when:
- - flavor == 'gitlab'
+ - install.flavor == 'gitlab'
diff --git a/guests/playbooks/update/tasks/gitlab.yml
b/guests/playbooks/update/tasks/gitlab.yml
index f07279c..07a376c 100644
--- a/guests/playbooks/update/tasks/gitlab.yml
+++ b/guests/playbooks/update/tasks/gitlab.yml
@@ -1,8 +1,6 @@
---
- name: Define gitlab-related facts
set_fact:
- gitlab_url: '{{ lookup("file", gitlab_url_file) }}'
- gitlab_runner_secret: '{{ lookup("file", gitlab_runner_token_file)
}}'
gitlab_runner_download_url:
https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-r...
ansible_system|lower }}-amd64
gitlab_runner_config_dir: '/etc/gitlab-runner'
@@ -14,7 +12,7 @@
force: yes
- name: Register the gitlab-runner agent
- shell: 'gitlab-runner register --non-interactive --config "{{
gitlab_runner_config_dir }}/config.toml" --registration-token "{{
gitlab_runner_secret }}" --url "{{ gitlab_url }}" --executor shell
--tag-list "{{ os.name|lower }}-{{ os.version }}"'
+ shell: 'gitlab-runner register --non-interactive --config "{{
gitlab_runner_config_dir }}/config.toml" --registration-token "{{
gitlab.runner_secret }}" --url "{{ gitlab.url }}" --executor shell
--tag-list "{{ os.name|lower }}-{{ os.version }}"'
args:
creates: '{{ gitlab_runner_config_dir }}/config.toml'
diff --git a/guests/playbooks/update/tasks/kludges.yml
b/guests/playbooks/update/tasks/kludges.yml
index 96fe1a5..33c6532 100644
--- a/guests/playbooks/update/tasks/kludges.yml
+++ b/guests/playbooks/update/tasks/kludges.yml
@@ -12,7 +12,7 @@
group: wheel
when:
- os.name == 'FreeBSD'
- - flavor == "jenkins"
+ - install.flavor == "jenkins"
# FreeBSD compiles bash without defining SSH_SOURCE_BASHRC, which means
# it won't try to detect when it's spawned by ssh and source ~/.bashrc
diff --git a/guests/playbooks/update/tasks/users.yml
b/guests/playbooks/update/tasks/users.yml
index 5c6ce8f..bc3cc11 100644
--- a/guests/playbooks/update/tasks/users.yml
+++ b/guests/playbooks/update/tasks/users.yml
@@ -2,7 +2,7 @@
- name: 'root: Set password'
user:
name: root
- password: '{{ lookup("file",
root_password_file)|password_hash("sha512") }}'
+ password: '{{ install.root_password|password_hash("sha512") }}'
- name: 'root: Configure ssh access'
authorized_key:
@@ -17,54 +17,54 @@
line: 'PermitRootLogin without-password'
state: present
-- name: '{{ flavor }}: Create group'
+- name: '{{ install.flavor }}: Create group'
group:
- name: '{{ flavor }}'
+ name: '{{ install.flavor }}'
state: present
-- name: '{{ flavor }}: Create user account'
+- name: '{{ install.flavor }}: Create user account'
user:
- name: '{{ flavor }}'
- group: '{{ flavor }}'
- comment: '{{ flavor }}'
+ name: '{{ install.flavor }}'
+ group: '{{ install.flavor }}'
+ comment: '{{ install.flavor }}'
password: '*'
shell: '{{ paths.bash }}'
-- name: '{{ flavor }}: Set password'
+- name: '{{ install.flavor }}: Set password'
user:
- name: '{{ flavor }}'
+ name: '{{ install.flavor }}'
password: '{{ "test"|password_hash("sha512") }}'
when:
- - flavor == 'test'
+ - install.flavor == 'test'
-- name: '{{ flavor }}: Configure ssh access'
+- name: '{{ install.flavor }}: Configure ssh access'
authorized_key:
- user: '{{ flavor }}'
+ user: '{{ install.flavor }}'
key: '{{ lookup("file", lookup("env", "HOME") +
"/.ssh/id_rsa.pub") }}'
state: present
-- name: '{{ flavor }}: Grant passwordless sudo access'
+- name: '{{ install.flavor }}: Grant passwordless sudo access'
lineinfile:
path: '{{ paths.sudoers }}'
- line: '{{ flavor }} ALL=(ALL) NOPASSWD: ALL'
+ line: '{{ install.flavor }} ALL=(ALL) NOPASSWD: ALL'
state: present
validate: 'visudo -cf %s'
when:
- - flavor == 'test'
+ - install.flavor == 'test'
-- name: '{{ flavor }}: Create shell profile'
+- name: '{{ install.flavor }}: Create shell profile'
template:
src: '{{ playbook_base }}/templates/{{ item }}.j2'
- dest: /home/{{ flavor }}/.{{ item }}
- owner: '{{ flavor }}'
- group: '{{ flavor }}'
+ dest: /home/{{ install.flavor }}/.{{ item }}
+ owner: '{{ install.flavor }}'
+ group: '{{ install.flavor }}'
with_items:
- bash_profile
- bashrc
-- name: '{{ flavor }}: Remove unnecessary home skeleton files'
+- name: '{{ install.flavor }}: Remove unnecessary home skeleton files'
file:
- path: /home/{{ flavor }}/.{{ item }}
+ path: /home/{{ install.flavor }}/.{{ item }}
state: absent
with_items:
- profile
--
2.25.3