ansible: introduce create-github-bot playbook #1067
Conversation
|
ping @nodejs/build |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
|
Agreed I'm fine with adding these, but we should have a review from team supporting the bot to make sure its complete. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
💯 to that |
|
@phillipj (or anyone else with infra permissions level -- I don't have access) would you be able to run this playbook on the production server and make sure everything looks okay? I have tested locally on a Vagrant machine, but I just want to be sure nothing will break. After that, I will land this PR and remove |
|
I'm so sorry for not having given this a test run yet, it got buried in my mail backlog. I'll do my best to have a look at this today. |
|
This is the first time I'm trying to run a playbook in the new ansible setup, so this might be me doing something wrong... I'm not able to run the playbook because the host is not found in the inventory: $ cd ansible
$ ansible-playbook --check -i inventory.yml playbooks/create-github-bot.yml
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for dynamic
inclusions. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about
this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Could not match supplied host pattern, ignoring: infra-rackspace-debian8-x64-1
PLAY [infra-rackspace-debian8-x64-1] *************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP ***************************************************************************************************************************************************I assume that's because |
|
Sadly I get more or less the same error when including $ ansible-playbook --check -i inventory.yml --limit infra-rackspace-debian8-x64-1 playbooks/create-github-bot.yml
[WARNING]: Could not match supplied host pattern, ignoring: all
[WARNING]: provided hosts list is empty, only localhost is available
[WARNING]: Could not match supplied host pattern, ignoring: infra-rackspace-debian8-x64-1
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for dynamic
inclusions. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about
this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [infra-rackspace-debian8-x64-1] *************************************************************************************************************************
skipping: no hosts matched
PLAY RECAP ***************************************************************************************************************************************************I'm currently running ansible v2.4.2.0 if that's important by any chance. |
|
Hmmm, interesting -- I'm running the same version of Ansible. Are you able to just run the playbook directly ( |
|
That for sure worked better, though still fails: $ ansible-playbook --check --limit infra-rackspace-debian8-x64-1 playbooks/create-github-bot.yml
[DEPRECATION WARNING]: The use of 'include' for tasks has been deprecated. Use 'import_tasks' for static inclusions or 'include_tasks' for dynamic
inclusions. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: include is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about
this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [infra-rackspace-debian8-x64-1] *************************************************************************************************************************
TASK [check if secrets are properly set] *********************************************************************************************************************
[WARNING]: when statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: not {{ secret }}
ok: [infra-rackspace-debian8-x64-1] => (item=envs.port)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.travis_token)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.github_token)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.github_webhook_secret)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.login_credentials)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.jenkins_api_credentials)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.jenkins_job_url_citgm)
ok: [infra-rackspace-debian8-x64-1] => (item=envs.jenkins_build_token_citgm)
ok: [infra-rackspace-debian8-x64-1] => (item=conf.github_deploy_webhook_secret)
TASK [bootstrap : run os-specific bootstrap] *****************************************************************************************************************
included: /github/build/ansible/roles/bootstrap/tasks/partials/debian8.yml for infra-rackspace-debian8-x64-1
TASK [bootstrap : check for apt-transport-https] *************************************************************************************************************
skipping: [infra-rackspace-debian8-x64-1]
TASK [bootstrap : install apt-transport-https] ***************************************************************************************************************
fatal: [infra-rackspace-debian8-x64-1]: FAILED! => {"msg": "The conditional check 'has_apt_transport.rc == 1' failed. The error was: error while evaluating conditional (has_apt_transport.rc == 1): 'dict object' has no attribute 'rc'\n\nThe error appears to have been in '/Users/flipp/Dev/github/build/ansible/roles/bootstrap/tasks/partials/debian8.yml': line 12, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: install apt-transport-https\n ^ here\n"}
PLAY RECAP ***************************************************************************************************************************************************
infra-rackspace-debian8-x64-1 : ok=2 changed=0 unreachable=0 failed=1 |
|
@phillipj Hmm, interesting. The odd thing about that failure is that the |
|
@maclover7 a I'm for sure open to me possibly doing something wrong here, since I haven't tested this new ansible set before. Any hint of other playbook(s) you'd recommend me doing a test run on, to double check I'm able to run something that we know works for others? |
|
@phillipj what version of ansible-playbook do you have (and what machine are you running on)? |
|
macOS v10.12.6 (16G29) + $ ansible-playbook --version
ansible-playbook 2.4.2.0
config file = None
configured module search path = [u'/Users/phillipj/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /Library/Python/2.7/site-packages/ansible
executable location = /usr/local/bin/ansible-playbook
python version = 2.7.10 (default, Feb 7 2017, 00:08:15) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] |
|
Looks like I don't have access, should the infra team have access to github-bot secrets? Looks like Rod, Joao and Johan have access. |
|
I don't see why infra team shouldn't have. IIRC that's the team that has SSH-access to the bot server, I've just been granted access to that host explicitly. |
maclover7
force-pushed
the
jm-ansible-bot
branch
from
2281852 to
30a83a7
Compare
|
@phillipj Just updated this PR, and ran it on the production server -- all looks to be okay. Would appreciate a review if possible |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This has been migrated via nodejs#1067.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This is a migrated version of the playbook that lives in `setup/github-bot`. I have tested this on the production server, and works good. I will be removing the `setup/github-bot` directory in a later PR, to avoid a gigantic diff.
maclover7
force-pushed
the
jm-ansible-bot
branch
from
30a83a7 to
754a523
Compare
|
Landed in 1b3f78e |
This has been migrated via #1067. PR-URL: #1362 Reviewed-By: Phillip Johnsen <[email protected]>
This is a migrated version of the playbook that lives in
setup/github-bot.I have tested this on the production server, and works good.
I will be removing the
setup/github-botdirectory in a later PR, to avoid a smaller diff.cc infra admins: @gibfahn @jbergstroem @joaocgreis @mhdawson @rvagg
cc @phillipj