From ef56d42b7e06061db5afbf9011e76d308c936080 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Tue, 16 Apr 2024 19:45:09 +0200 Subject: woodpecker agent and server --- roles/woodpecker/Readme.md | 27 ++++++ roles/woodpecker/defaults/main.yaml | 17 ++++ roles/woodpecker/files/containers.conf | 5 ++ roles/woodpecker/files/woodpecker-agent.service | 17 ++++ roles/woodpecker/files/woodpecker-server.service | 17 ++++ roles/woodpecker/handlers/main.yml | 14 +++ roles/woodpecker/tasks/agent.yaml | 104 +++++++++++++++++++++++ roles/woodpecker/tasks/main.yaml | 9 ++ roles/woodpecker/tasks/server.yaml | 43 ++++++++++ roles/woodpecker/templates/woodpecker.j2 | 3 + 10 files changed, 256 insertions(+) create mode 100644 roles/woodpecker/Readme.md create mode 100644 roles/woodpecker/defaults/main.yaml create mode 100644 roles/woodpecker/files/containers.conf create mode 100644 roles/woodpecker/files/woodpecker-agent.service create mode 100644 roles/woodpecker/files/woodpecker-server.service create mode 100644 roles/woodpecker/handlers/main.yml create mode 100644 roles/woodpecker/tasks/agent.yaml create mode 100644 roles/woodpecker/tasks/main.yaml create mode 100644 roles/woodpecker/tasks/server.yaml create mode 100644 roles/woodpecker/templates/woodpecker.j2 diff --git a/roles/woodpecker/Readme.md b/roles/woodpecker/Readme.md new file mode 100644 index 0000000..da33f7d --- /dev/null +++ b/roles/woodpecker/Readme.md @@ -0,0 +1,27 @@ +# Woodpecker CI Podman + +Woodpecker CI agent and server with Podman Backend + +https://woodpecker-ci.org/docs/administration/server-config + +https://woodpecker-ci.org/docs/administration/agent-config + +```yaml +--- +woodpecker_ver: '2.3.0' + +woodpecker_server_enable: true +woodpecker_server: + WOODPECKER_HOST: http://woodpecker.example.com:8000 + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://gitea.example.com + WOODPECKER_GITEA_CLIENT: CLIENT + WOODPECKER_GITEA_SECRET: SECRET + WOODPECKER_OPEN: true + WOODPECKER_ADMIN: jondoe + +woodpecker_agent_enable: false +woodpecker_agent_type: podman +woodpecker_agent: + WOODPECKER_SERVER: localhost:8000 +``` diff --git a/roles/woodpecker/defaults/main.yaml b/roles/woodpecker/defaults/main.yaml new file mode 100644 index 0000000..472b76f --- /dev/null +++ b/roles/woodpecker/defaults/main.yaml @@ -0,0 +1,17 @@ +--- +woodpecker_ver: '2.3.0' + +woodpecker_server_enable: true +woodpecker_server: + WOODPECKER_HOST: http://woodpecker.example.com:8000 + WOODPECKER_GITEA: true + WOODPECKER_GITEA_URL: https://gitea.example.com + WOODPECKER_GITEA_CLIENT: CLIENT + WOODPECKER_GITEA_SECRET: SECRET + WOODPECKER_OPEN: true + WOODPECKER_ADMIN: jondoe + +woodpecker_agent_enable: false +woodpecker_agent_type: podman +woodpecker_agent: + WOODPECKER_SERVER: localhost:8000 diff --git a/roles/woodpecker/files/containers.conf b/roles/woodpecker/files/containers.conf new file mode 100644 index 0000000..28442b9 --- /dev/null +++ b/roles/woodpecker/files/containers.conf @@ -0,0 +1,5 @@ +[containers] +log_driver="json-file" + +[engine] +events_logger="file" diff --git a/roles/woodpecker/files/woodpecker-agent.service b/roles/woodpecker/files/woodpecker-agent.service new file mode 100644 index 0000000..7a4031a --- /dev/null +++ b/roles/woodpecker/files/woodpecker-agent.service @@ -0,0 +1,17 @@ +[Unit] +Description=Woodpecker Agent +After=syslog.target +After=network.target + +[Service] +RestartSec=2s +Type=simple +User=woodpecker-agent +Group=woodpecker-agent +WorkingDirectory=/var/lib/woodpecker-agent/ +ExecStart=/usr/local/bin/woodpecker-agent +Restart=always +EnvironmentFile=/etc/woodpecker_agent + +[Install] +WantedBy=multi-user.target diff --git a/roles/woodpecker/files/woodpecker-server.service b/roles/woodpecker/files/woodpecker-server.service new file mode 100644 index 0000000..96abc63 --- /dev/null +++ b/roles/woodpecker/files/woodpecker-server.service @@ -0,0 +1,17 @@ +[Unit] +Description=Woodpecker Server +After=syslog.target +After=network.target + +[Service] +RestartSec=2s +Type=simple +User=woodpecker +Group=woodpecker +WorkingDirectory=/var/lib/woodpecker/ +ExecStart=/usr/local/bin/woodpecker-server +Restart=always +EnvironmentFile=/etc/woodpecker_server + +[Install] +WantedBy=multi-user.target diff --git a/roles/woodpecker/handlers/main.yml b/roles/woodpecker/handlers/main.yml new file mode 100644 index 0000000..d3f8d99 --- /dev/null +++ b/roles/woodpecker/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: Handle systemd + systemd: + name: woodpecker-server + enabled: true + state: restarted + become: true + +- name: Handle systemd agent + systemd: + name: woodpecker-agent + enabled: true + state: restarted + become: true diff --git a/roles/woodpecker/tasks/agent.yaml b/roles/woodpecker/tasks/agent.yaml new file mode 100644 index 0000000..a3863ef --- /dev/null +++ b/roles/woodpecker/tasks/agent.yaml @@ -0,0 +1,104 @@ +--- +- name: Install packages + apt: + name: + - podman + - dbus-user-session + - slirp4netns + - rootlesskit + become: true + +- name: Create agent User + user: + name: woodpecker-agent + home: /var/lib/woodpecker-agent + shell: /bin/bash + system: true + state: present + become: true + # agent_user.results.uid + register: agent_user + +- name: Create config dir + file: + path: /etc/woodpecker + state: directory + owner: woodpecker-agent + group: woodpecker-agent + become: true + +- name: Enable systemd lingering for woodpecker-agent + command: loginctl enable-linger woodpecker-agent + #file: + # path: /var/lib/systemd/linger/woodpecker-agent + # state: touch + become: true + +- name: + lineinfile: + path: '{{ item.p }}' + line: '{{ item.c }}' + loop: + - p: /etc/subuid + c: 'woodpecker-agent:165536:65536' + - p: /etc/subgid + c: 'woodpecker-agent:165536:65536' + become: true + + # this is needed for woodpecker to detect stopeed containers + # https://github.com/containers/podman/issues/19581 +- name: Create .config/containes + file: + path: /var/lib/woodpecker-agent/.config/containers + state: directory + become_user: woodpecker-agent + become: true +- name: Install containers.conf + copy: + src: containers.conf + dest: /var/lib/woodpecker-agent/.config/containers/containers.conf + become: true + +- name: Enable docker socket + systemd_service: + name: podman.socket + scope: user + enabled: true + state: started + become_user: woodpecker-agent + become: true + +- name: Download DEB + get_url: + url: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v{{ woodpecker_ver }}/woodpecker-agent_{{ woodpecker_ver }}_amd64.deb' + dest: /var/lib/woodpecker-agent/agent.deb + become: true + +- name: Install DEB + apt: + deb: /var/lib/woodpecker-agent/agent.deb + become: true + notify: + - Handle systemd agent + +- name: Install woodpecker unit file + copy: + src: woodpecker-agent.service + dest: /etc/systemd/system/woodpecker-agent.service + become: true + notify: + - Handle systemd agent + +- name: Create config file + template: + src: woodpecker.j2 + dest: /etc/woodpecker_agent + owner: root + group: woodpecker-agent + mode: '640' + become: true + loop: + - '{{ woodpecker_agent | + ansible.builtin.combine({"DOCKER_HOST":"unix:///run/user/{{ agent_user.uid }}/podman/podman.sock"}) }}' + notify: + - Handle systemd agent diff --git a/roles/woodpecker/tasks/main.yaml b/roles/woodpecker/tasks/main.yaml new file mode 100644 index 0000000..522453c --- /dev/null +++ b/roles/woodpecker/tasks/main.yaml @@ -0,0 +1,9 @@ +--- + +- name: Run server install + include_tasks: server.yaml + when: woodpecker_server_enable + +- name: Run agent install + include_tasks: agent.yaml + when: woodpecker_agent_enable diff --git a/roles/woodpecker/tasks/server.yaml b/roles/woodpecker/tasks/server.yaml new file mode 100644 index 0000000..57b9edf --- /dev/null +++ b/roles/woodpecker/tasks/server.yaml @@ -0,0 +1,43 @@ +--- +- name: Create User + user: + name: woodpecker + home: /var/lib/woodpecker + shell: /bin/bash + system: true + state: present + become: true + +- name: Download DEB + get_url: + url: 'https://github.com/woodpecker-ci/woodpecker/releases/download/v{{ woodpecker_ver }}/woodpecker-server_{{ woodpecker_ver }}_amd64.deb' + dest: /var/lib/woodpecker/server.deb + become: true + +- name: Install DEB + apt: + deb: /var/lib/woodpecker/server.deb + become: true + notify: + - Handle systemd + +- name: Install woodpecker unit file + copy: + src: woodpecker-server.service + dest: /etc/systemd/system/woodpecker-server.service + become: true + notify: + - Handle systemd + +- name: Create config file + template: + src: woodpecker.j2 + dest: /etc/woodpecker_server + owner: root + group: woodpecker + mode: '640' + become: true + loop: + - '{{ woodpecker_server }}' + notify: + - Handle systemd diff --git a/roles/woodpecker/templates/woodpecker.j2 b/roles/woodpecker/templates/woodpecker.j2 new file mode 100644 index 0000000..d1e997c --- /dev/null +++ b/roles/woodpecker/templates/woodpecker.j2 @@ -0,0 +1,3 @@ +{% for k, v in item.items() %} +{{ k }}={{ v }} +{% endfor %} -- cgit v1.2.3