upd(create_kci_k8s_azure_build.sh): Add token for storage #192
Conversation
Add storage token in recipe Signed-off-by: Denys Fedoryshchenko <[email protected]>
nuclearcat
force-pushed
the
add-kci-storage-token
branch
from
1f36347 to
b08aedb
Compare
Add initial ansible recipe for production server Signed-off-by: Denys Fedoryshchenko <[email protected]>
Signed-off-by: Denys Fedoryshchenko <[email protected]>
| @@ -0,0 +1,7 @@ | |||
| vhosts: | |||
| - vhost_name: docs.kernelci.org | |||
| data_dir: /data/kernelci.org | |||
There was a problem hiding this comment.
Would it make sense to align docs data dir to match the full vhost name like others, i.e. /data/docs.kernelci.org?
There was a problem hiding this comment.
Probably yes, i was just mapping things as they are now on legacy, i might add rename in recipe.
There was a problem hiding this comment.
Created #193 to track it post-merge
| - vhost_name: storage.kernelci.org | ||
| data_dir: /data/storage.kernelci.org | ||
| - vhost_name: storage.chromeos.kernelci.org | ||
| data_dir: /data/storage.chromeos.kernelci.org |
There was a problem hiding this comment.
Also, could these be made a host var to allow reusing this role in staging/sandbox?
It could be a dict if we leave the contents as they are ({vhost_name: data_dir}) or just the list of names ([vhost_name, ...]) and another host var with main data dir for Create data directories task
There was a problem hiding this comment.
Yes, indeed might be useful for staging. I will think how to do that properly
There was a problem hiding this comment.
Created #193 to track it post-merge
|
|
||
| - name: Mount the disk | ||
| ansible.posix.mount: | ||
| path=/data src=UUID=64d72737-f1de-4f67-a22a-f693a79f228f fstype=ext4 state=mounted |
There was a problem hiding this comment.
I believe this is a volume in Azure. I think this UUID should be retrieved first with k8s_info task, exported as a fact and only then used here (I'll look up similar task as an example later - ping me if I forget to do so 😅)
There was a problem hiding this comment.
It is legacy block device i want to reuse, unfortunately this is old storage stuff i have to migrate first, but then system will be cleaned up from legacy things and recipe will change.
Main purpose of this initial recipe how to image system fast and bring up on new distro with minimum downtime (and reverse if something doesnt work).
Then, final recipe after i will finish storage cleanup will be done.
| - name: Verify if Rust installed | ||
| shell: rustc --version | ||
| register: rust_installed | ||
| ignore_errors: true | ||
|
|
||
| - name: Install Rust | ||
| when: rust_installed.rc != 0 | ||
| shell: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | ||
| args: | ||
| creates: /root/rustup-init | ||
|
|
||
| - name: Is cargo in PATH? | ||
| shell: echo $PATH | grep -q "$HOME/.cargo/bin" | ||
| register: cargo_in_path | ||
| ignore_errors: true | ||
|
|
||
| - name: Add cargo to PATH | ||
| when: cargo_in_path.rc != 0 | ||
| shell: echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> /root/.bashrc | ||
| args: | ||
| creates: /root/.bashrc | ||
|
|
||
| - name: Delete old kernelci-storage directory | ||
| file: path=/root/kernelci-storage state=absent | ||
| ignore_errors: true | ||
|
|
||
| - name: Clone storage repo | ||
| git: | ||
| repo: https://github.com/nuclearcat/kernelci-storage.git | ||
| dest: /root/kernelci-storage | ||
| update: true | ||
| force: true | ||
|
|
||
| - name: Build Rust program kernelci-storage | ||
| shell: cd /root/kernelci-storage && cargo build --release | ||
| args: | ||
| creates: /root/kernelci-storage/target/release/kernelci-storage | ||
|
|
||
| - name: Install kernelci-storage to /usr/local/bin | ||
| shell: mv /root/kernelci-storage/target/release/kernelci-storage /usr/local/bin |
There was a problem hiding this comment.
I'd suggest setting up kernelci-storage releases externally and just retrieving the binary to the servers.
This way we limit software deployed on the server to reduce potential attacks surface and overall clutter in the systems ;)
There was a problem hiding this comment.
It's great to have kernelci-storage now packaged into Docker container image, it should be a good fit as a replacement for these tasks
Add storage token in recipe