Marty Oehme
1e0643352d
Added healthcheck to gitea database contaier. Fixed initial admin setup checks - uses correct in-container user and fixed fail checks.
119 lines
3.6 KiB
YAML
119 lines
3.6 KiB
YAML
---
|
|
## Prepare woodpecker ci
|
|
- name: "Select tasks for {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
|
|
include_tasks: "{{ distribution }}"
|
|
with_first_found:
|
|
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
|
|
- "{{ ansible_distribution }}.yml"
|
|
- "{{ ansible_os_family }}.yml"
|
|
loop_control:
|
|
loop_var: distribution
|
|
when: gitea_use_ci == True
|
|
|
|
# TODO only generate when no existing (check with docker inspect?)
|
|
- name: Generate agent key
|
|
ansible.builtin.shell: openssl rand -hex 32
|
|
register: gitea_woodpecker_agent_secret
|
|
when: gitea_use_ci == True
|
|
|
|
- name: Set agent key
|
|
ansible.builtin.set_fact:
|
|
gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}"
|
|
when: gitea_woodpecker_agent_secret.stdout is not undefined and not None
|
|
|
|
## Prepare gitea
|
|
- name: Ensure git user exists with ssh key
|
|
ansible.builtin.user:
|
|
name: "{{ gitea_git_username }}"
|
|
generate_ssh_key: yes
|
|
ssh_key_type: rsa
|
|
ssh_key_bits: 4096
|
|
ssh_key_comment: "Gitea Host Key"
|
|
become: yes
|
|
register: git_user
|
|
|
|
- name: Ensure git passthrough command directory exists
|
|
ansible.builtin.file:
|
|
path: "/app/gitea/"
|
|
state: directory
|
|
mode: '0770'
|
|
owner: "{{ git_user['uid'] }}"
|
|
group: "{{ git_user['group'] }}"
|
|
become: yes
|
|
|
|
- name: Save git passthrough command in right location
|
|
ansible.builtin.copy:
|
|
src: gitea
|
|
dest: "/app/gitea/gitea"
|
|
owner: "{{ git_user['uid'] }}"
|
|
group: "{{ git_user['group'] }}"
|
|
mode: '0750'
|
|
become: yes
|
|
|
|
- name: Fetch keyfile
|
|
fetch:
|
|
src: "{{ git_user['home'] }}/.ssh/id_rsa.pub"
|
|
dest: "buffer/{{ansible_hostname}}-id_rsa.pub"
|
|
flat: yes
|
|
become: yes
|
|
|
|
- name: Ensure git user has its own key authorized for access
|
|
ansible.posix.authorized_key:
|
|
user: "{{ git_user['name'] }}"
|
|
state: present
|
|
key: "{{ lookup('file', 'buffer/{{ ansible_hostname }}-id_rsa.pub') }}"
|
|
become: yes
|
|
|
|
- name: Clean up buffer dir
|
|
ansible.builtin.file:
|
|
path: buffer
|
|
state: absent
|
|
delegate_to: localhost
|
|
|
|
## install gitea container
|
|
- name: Check upstream status
|
|
community.docker.docker_container_exec:
|
|
container: "{{ caddy_container_id }}"
|
|
command: >
|
|
curl localhost:2019/id/{{ stack_name }}_upstream/
|
|
register: result
|
|
changed_when: (result.stdout | from_json) != (lookup('template', 'upstream.json.j2') | from_yaml)
|
|
become: yes
|
|
notify: "update gitea upstream"
|
|
|
|
- name: Deploy gitea to swarm
|
|
community.general.docker_stack:
|
|
name: "{{ stack_name }}"
|
|
state: present
|
|
prune: yes
|
|
compose:
|
|
- "{{ stack_compose }}"
|
|
become: yes
|
|
tags:
|
|
- docker-swarm
|
|
notify: "update gitea upstream"
|
|
|
|
- name: Get app container info
|
|
ansible.builtin.command:
|
|
cmd: docker ps -q -f name={{ stack_name }}_app
|
|
become: yes
|
|
until: gitea_app_container_name['rc'] == 0 and gitea_app_container_name['stdout'] | length >= 1
|
|
retries: 5
|
|
delay: 10
|
|
changed_when: False
|
|
register: gitea_app_container_name
|
|
|
|
- name: Look for existing admin user
|
|
community.docker.docker_container_exec:
|
|
container: "{{ gitea_app_container_name['stdout'] }}"
|
|
user: git
|
|
command: >
|
|
gitea admin user list --admin
|
|
become: yes
|
|
until: "'connection refused' not in gitea_admin_list['stdout'] and 'Failed to run app' not in gitea_admin_list['stdout']"
|
|
retries: 10
|
|
delay: 10
|
|
changed_when: gitea_admin_list['stdout_lines'] | length <= 1 and 'Username' in gitea_admin_list['stdout']
|
|
failed_when: (gitea_admin_list['rc'] == 1 and gitea_admin_list['attempts'] >= 5) or 'Gitea is not supposed to be run as root' in gitea_admin_list['stdout']
|
|
register: gitea_admin_list
|
|
notify: "no admin user"
|