So, the idea is to pass our YAML config to the Ansible playbooks as extra vars. However, not all variables we need to pass on to Ansible are exposed in the config (and they shouldn't be). Update the config values dictionary with these variables before passing on to Ansible. Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx> --- guests/lcitool | 10 ++---- guests/playbooks/build/main.yml | 2 +- guests/playbooks/update/main.yml | 6 ++-- guests/playbooks/update/tasks/gitlab.yml | 4 +-- guests/playbooks/update/tasks/kludges.yml | 2 +- guests/playbooks/update/tasks/users.yml | 42 +++++++++++------------ 6 files changed, 30 insertions(+), 36 deletions(-) diff --git a/guests/lcitool b/guests/lcitool index 07d0b3c..818ae82 100755 --- a/guests/lcitool +++ b/guests/lcitool @@ -567,20 +567,16 @@ class Application: playbook_base = os.path.join(base, "playbooks", playbook) playbook_path = os.path.join(playbook_base, "main.yml") extra_vars_path = os.path.join(tempdir.name, "extra_vars.json") - extra_vars = { + self._config.values.update({ "base": base, "playbook_base": playbook_base, - "root_password_file": root_pass_file, - "flavor": flavor, "selected_projects": selected_projects, "git_remote": git_remote, "git_branch": git_branch, - "gitlab_url_file": gitlab_url_file, - "gitlab_runner_token_file": gitlab_runner_token_file, - } + }) with open(extra_vars_path, "w") as fp: - json.dump(extra_vars, fp) + json.dump(self._config.values, fp) ansible_playbook = distutils.spawn.find_executable("ansible-playbook") if ansible_playbook is None: diff --git a/guests/playbooks/build/main.yml b/guests/playbooks/build/main.yml index 8abda67..462764b 100644 --- a/guests/playbooks/build/main.yml +++ b/guests/playbooks/build/main.yml @@ -1,6 +1,6 @@ --- - hosts: all - remote_user: '{{ flavor }}' + remote_user: '{{ install.flavor }}' vars_files: - '{{ playbook_base }}/jobs/defaults.yml' diff --git a/guests/playbooks/update/main.yml b/guests/playbooks/update/main.yml index 371e53d..1b97027 100644 --- a/guests/playbooks/update/main.yml +++ b/guests/playbooks/update/main.yml @@ -45,7 +45,7 @@ vars: project: jenkins when: - - flavor == "jenkins" + - install.flavor == "jenkins" # Configure environment. Needs to happen after installing packages - include: '{{ playbook_base }}/tasks/kludges.yml' @@ -57,9 +57,9 @@ # Configure the Jenkins agent - include: '{{ playbook_base }}/tasks/jenkins.yml' when: - - flavor == 'jenkins' + - install.flavor == 'jenkins' # Install the Gitlab runner agent - include: '{{ playbook_base }}/tasks/gitlab.yml' when: - - flavor == 'gitlab' + - install.flavor == 'gitlab' diff --git a/guests/playbooks/update/tasks/gitlab.yml b/guests/playbooks/update/tasks/gitlab.yml index f07279c..07a376c 100644 --- a/guests/playbooks/update/tasks/gitlab.yml +++ b/guests/playbooks/update/tasks/gitlab.yml @@ -1,8 +1,6 @@ --- - name: Define gitlab-related facts set_fact: - gitlab_url: '{{ lookup("file", gitlab_url_file) }}' - gitlab_runner_secret: '{{ lookup("file", gitlab_runner_token_file) }}' gitlab_runner_download_url: https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-{{ ansible_system|lower }}-amd64 gitlab_runner_config_dir: '/etc/gitlab-runner' @@ -14,7 +12,7 @@ force: yes - name: Register the gitlab-runner agent - shell: 'gitlab-runner register --non-interactive --config "{{ gitlab_runner_config_dir }}/config.toml" --registration-token "{{ gitlab_runner_secret }}" --url "{{ gitlab_url }}" --executor shell --tag-list "{{ os.name|lower }}-{{ os.version }}"' + shell: 'gitlab-runner register --non-interactive --config "{{ gitlab_runner_config_dir }}/config.toml" --registration-token "{{ gitlab.runner_secret }}" --url "{{ gitlab.url }}" --executor shell --tag-list "{{ os.name|lower }}-{{ os.version }}"' args: creates: '{{ gitlab_runner_config_dir }}/config.toml' diff --git a/guests/playbooks/update/tasks/kludges.yml b/guests/playbooks/update/tasks/kludges.yml index 96fe1a5..33c6532 100644 --- a/guests/playbooks/update/tasks/kludges.yml +++ b/guests/playbooks/update/tasks/kludges.yml @@ -12,7 +12,7 @@ group: wheel when: - os.name == 'FreeBSD' - - flavor == "jenkins" + - install.flavor == "jenkins" # FreeBSD compiles bash without defining SSH_SOURCE_BASHRC, which means # it won't try to detect when it's spawned by ssh and source ~/.bashrc diff --git a/guests/playbooks/update/tasks/users.yml b/guests/playbooks/update/tasks/users.yml index 5c6ce8f..bc3cc11 100644 --- a/guests/playbooks/update/tasks/users.yml +++ b/guests/playbooks/update/tasks/users.yml @@ -2,7 +2,7 @@ - name: 'root: Set password' user: name: root - password: '{{ lookup("file", root_password_file)|password_hash("sha512") }}' + password: '{{ install.root_password|password_hash("sha512") }}' - name: 'root: Configure ssh access' authorized_key: @@ -17,54 +17,54 @@ line: 'PermitRootLogin without-password' state: present -- name: '{{ flavor }}: Create group' +- name: '{{ install.flavor }}: Create group' group: - name: '{{ flavor }}' + name: '{{ install.flavor }}' state: present -- name: '{{ flavor }}: Create user account' +- name: '{{ install.flavor }}: Create user account' user: - name: '{{ flavor }}' - group: '{{ flavor }}' - comment: '{{ flavor }}' + name: '{{ install.flavor }}' + group: '{{ install.flavor }}' + comment: '{{ install.flavor }}' password: '*' shell: '{{ paths.bash }}' -- name: '{{ flavor }}: Set password' +- name: '{{ install.flavor }}: Set password' user: - name: '{{ flavor }}' + name: '{{ install.flavor }}' password: '{{ "test"|password_hash("sha512") }}' when: - - flavor == 'test' + - install.flavor == 'test' -- name: '{{ flavor }}: Configure ssh access' +- name: '{{ install.flavor }}: Configure ssh access' authorized_key: - user: '{{ flavor }}' + user: '{{ install.flavor }}' key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}' state: present -- name: '{{ flavor }}: Grant passwordless sudo access' +- name: '{{ install.flavor }}: Grant passwordless sudo access' lineinfile: path: '{{ paths.sudoers }}' - line: '{{ flavor }} ALL=(ALL) NOPASSWD: ALL' + line: '{{ install.flavor }} ALL=(ALL) NOPASSWD: ALL' state: present validate: 'visudo -cf %s' when: - - flavor == 'test' + - install.flavor == 'test' -- name: '{{ flavor }}: Create shell profile' +- name: '{{ install.flavor }}: Create shell profile' template: src: '{{ playbook_base }}/templates/{{ item }}.j2' - dest: /home/{{ flavor }}/.{{ item }} - owner: '{{ flavor }}' - group: '{{ flavor }}' + dest: /home/{{ install.flavor }}/.{{ item }} + owner: '{{ install.flavor }}' + group: '{{ install.flavor }}' with_items: - bash_profile - bashrc -- name: '{{ flavor }}: Remove unnecessary home skeleton files' +- name: '{{ install.flavor }}: Remove unnecessary home skeleton files' file: - path: /home/{{ flavor }}/.{{ item }} + path: /home/{{ install.flavor }}/.{{ item }} state: absent with_items: - profile -- 2.25.3