We don't want to run ansible if we don't get a complete inventory from
our clouds. The reason for this is we cannot be sure that the ordering
of git servers, gerrit, and zuul or our serialized updates of afs
servers will work correctly if we have an incomplete inventory.
Instead we just want ansible to fail and try again in the future (we can
then debug why our clouds are not working).
From the ansible docs for any_unparsed_is_failed:
If 'true', it is a fatal error when any given inventory source
cannot be successfully parsed by any available inventory plugin;
otherwise, this situation only attracts a warning.
Additionally we tell openstack inventory plugin to report failures
rather than empty inventory so that the unparsed failures happen.
Change-Id: I9025776af4316fbdd2c910566883eb3a2530852a
There is an ERB parsing error for puppet 4, roll back while we figure it
out.
This reverts commit a156accb7d2799cb76e263c927f6bcfaac3c22b2.
Change-Id: I1d2cd468a8d1ebab2573b03250bf6c3ba1195798
ethercalc doesn't have a dev site to use as a canary, but it does have
passing puppet 4 tests so go go go
Change-Id: Ifec4bf00d4c966653455e567abbdc9bd500ae2ef
We have made some mirror config changes that are not being deployed here
because we have disabled puppet on this node. I do not think we need to
disable puppet here so go ahead and reenable it.
Change-Id: If7da76d24ea64db3c038bc60f64fa39a4f5f6f72
In order to talk to limestone clouds we need to configure a custom CA.
Do this in ansible instead of puppet.
A followup should add writing out clouds.yaml files.
Change-Id: I355df1efb31feb31e039040da4ca6088ea632b7e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Add a job which runs testinfra for the eavesdrop server. When we
have a per-hostgroup playbook, we will add it to this job too.
The puppet group is removed from the run-base job because the
groups.yaml file is now used to construct groups (as it does
in production) and will construct the group correctly.
The testinfra iptables module may throw an error if it's run
multiple times simultaneously on the same host. To avoid this,
stop using parallel execution.
Change-Id: I1a7bab5c14b0da22393ab568000d0921c28675aa
The planet.openstack.org service is currently provided by the
planet01.openstack.org server, so correct the inventory pattern for
the webservers group accordingly. This was spotted as the firewall
rules for planet ceased allowing HTTP/HTTPS connections.
Change-Id: I4e3353e8f1a73db13c54dfe93a6a26fc618d2aa4
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
These hosts are not currently working with ansible from bridge. Let's
explicitly disable them so that it doesn't look like issues are
happening.
Change-Id: Iaad69df2d8666285f12f201e2c9913e84bde9a26
Rather than copying these out of system-config inside of
install-ansible, just point the ansible.cfg to them in the system-config
location. This way as changes come in that have group updates we don't
have to first apply them to the system.
Change-Id: I1cefd7848b7f3f1adc8fbfa080eb9831124a297b
