-
Notifications
You must be signed in to change notification settings - Fork 167
/
main.yml
136 lines (114 loc) · 3.23 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
---
#
# Create a Git server to be used for CI temporary binaries
# https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
#
- name: Run which git-shell
command: "which git-shell"
register: which_git_shell
- name: Add git-shell to /etc/shells
when: "which_git_shell.rc == 0"
lineinfile:
dest: "/etc/shells"
state: present
line: "{{ which_git_shell.stdout }}"
- name: Create binary_tmp group
group:
name: "binary_tmp"
- name: Create binary_tmp user
user:
name: "binary_tmp"
group: "binary_tmp"
shell: "{{ which_git_shell.stdout }}"
- name: Download GitHub pubkey for nodejs-ci
get_url:
url: "https://github.com/nodejs-ci.keys"
dest: "/tmp/nodejs-ci.keys"
delegate_to: 127.0.0.1
become: no
- name: Add nodejs-ci to authorized_keys for binary_tmp
authorized_key:
user: "binary_tmp"
key: "{{ lookup('file', '/tmp/nodejs-ci.keys') }}"
# Repository needs to be created in /home/iojs/build because the partition with
# free space might be mounted in a way that does not include /home/binary_tmp
- name: Create repository directory
file:
path: "{{ home }}/{{ server_user }}/build/binary_tmp.git"
state: directory
owner: "binary_tmp"
group: "binary_tmp"
mode: 0755
- name: Link to repository directory from bintmp home
file:
src: "{{ home }}/{{ server_user }}/build/binary_tmp.git"
dest: "~binary_tmp/binary_tmp.git"
state: link
owner: "binary_tmp"
group: "binary_tmp"
mode: 0755
- name: Initialize Git repository
become: true
become_user: binary_tmp
git:
repo: "https://github.com/nodejs/node"
dest: "~binary_tmp/binary_tmp.git"
bare: yes
- name: Create git-shell-commands directory
file:
path: "~binary_tmp/git-shell-commands"
state: directory
owner: "binary_tmp"
group: "binary_tmp"
mode: 0755
- name: Create git-shell-commands/no-interactive-login
copy:
content: "echo \"No interactive login.\"\n"
dest: "~binary_tmp/git-shell-commands/no-interactive-login"
owner: "binary_tmp"
group: "binary_tmp"
mode: 0755
- name: Increase the maximum number of connections trying to authenticate
notify: restart sshd
lineinfile:
line: "MaxStartups 100:30:150"
dest: "{{ ssh_config }}"
regexp: "MaxStartups"
- name: Create clean-up script
copy:
src: "{{ role_path }}/files/clean_binary_tmp.sh"
dest: "~binary_tmp/clean_binary_tmp.sh"
owner: "binary_tmp"
group: "binary_tmp"
mode: 0755
- name: Schedule clean-up script to run daily
lineinfile:
line: "0 5 * * * binary_tmp ~binary_tmp/clean_binary_tmp.sh"
dest: "/etc/crontab"
regexp: "clean_binary_tmp"
- name: Disable automatic garbage collection
command: "git config gc.auto 0"
args:
chdir: "~binary_tmp/binary_tmp.git/"
- name: Add nodesource signing key
apt_key:
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
state: present
- name: Add nodesource repo
apt_repository:
repo: deb https://deb.nodesource.com/node_12.x xenial main
state: present
- name: Install node
package:
name: nodejs
state: present
- name: Upgrade pip2
pip:
name: pip
executable: pip2
state: latest
- name: Upgrade pip3
pip:
name: pip
executable: pip3
state: latest