diff --git a/playbooks/service-codesearch.yaml b/playbooks/service-codesearch.yaml index 9a86ef49b5..9615df422f 100644 --- a/playbooks/service-codesearch.yaml +++ b/playbooks/service-codesearch.yaml @@ -1,3 +1,4 @@ +# NOTE(ianw): 2022-02-16 : comment to trigger prod run - hosts: "codesearch:!disabled" name: "Configure codesearch" roles: diff --git a/playbooks/zuul/run-production-playbook.yaml b/playbooks/zuul/run-production-playbook.yaml index 42171f0702..472e07f1e2 100644 --- a/playbooks/zuul/run-production-playbook.yaml +++ b/playbooks/zuul/run-production-playbook.yaml @@ -26,6 +26,40 @@ always: + - name: Encrypt log + when: infra_prod_playbook_encrypt_log + block: + + - name: Create temp dir for download script + tempfile: + state: directory + register: _download_tmpdir + + - name: Encrypt logs + include_role: + name: encrypt-logs + vars: + encrypt_logs_files: + - '/var/log/ansible/{{ playbook_name }}.log' + # Artifact in root directory + encrypt_logs_artifact_path: '' + encrypt_logs_download_script_path: '{{ _download_tmpdir.path }}' + + - name: Return logs + synchronize: + src: '{{ item[0] }}' + dest: '{{ item[1] }}' + mode: pull + verify_host: true + loop: + - [ '{{ zuul.executor.log_root }}/{{ playbook_name }}.log.gpg }}', '/var/log/ansible/{{ playbook_name }}.log.gpg' ] + - [ '{{ zuul.executor.log_root }}/download-gpg-logs.sh }}', '{{ _download_tmpdir.path }}/download-logs.sh }}' ] + + - name: Remove tmpdir + file: + path: '{{ _download_tmpdir.path }}' + state: absent + # Not using normal zuul job roles as bridge.openstack.org is not a # test node with all the normal bits in place. - name: Collect log output diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 50d3cefd85..cd816bf968 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -506,6 +506,7 @@ description: Run service-codesearch.yaml playbook. vars: playbook_name: service-codesearch.yaml + infra_prod_playbook_encrypt_log: True files: - docker/hound/ - inventory/base