Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
According to the Ubuntu 12.04 release notes, up until Ubuntu 11.10
admin access was granted via the "admin" unix group, but was changed
to the "sudo" group to be more consistent with Debian et al.
Remove the now unnecessary group
Modify the install-ansible role to set some directory ownership to
root:root; there didn't seem to be any reason to use admin here.
This means the "users" role is no longer required in the bridge.yaml,
as it is run from the base playbook anyway.
Change-Id: I6a7fdd460fb472f0d3468eb080aebbb010931e11
This adds a job which creates a bridge-like node and bootstraps it,
and then runs the base playbook against all of the node types we
use in our control plane. It uses testinfra to validate the results.
Change-Id: Ibdbaf511bbdaee46e1335f2c83b95ba1553a1d94
Depends-On: https://review.openstack.org/595905
Normally the bridge playbook runs as root on bridge. In order to
allow zuul to bootstrap a bridge-like node in its tests while running
as the zuul user, add become: true to the playbook. This will have
no effect on bridge itself, but will cause the playbook to behave
in the same manner in tests.
Also add the "users" role to bridge. This is in the base playbook
and is therefore eventually run on bridge. However it needs to also
be in the bridge playbook in order to bootstrap bridge correctly, as
the install-ansible role references groups which are created in the
users role.
Change-Id: If311914e9e632d8be855fff0a62528dd191bf1d0
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.
Update the linters jobs to look for roles in the top level
Update the Role documentation to explain what the split in roles is
about.
Change-Id: I6b49d2a4b120141b3c99f5f1e28c410da12d9dc3
These role docs aren't exactly War and Peace, but I think longer term
as we fiddle about making things generic or not and moving them
around, we'll be better off having kept ourselves to writing
*something*.
Add terse README.rst files for all existing roles, and add simple
linter check to ensure new roles get them too.
Change-Id: Ibc836310fb8a45e12c2e31f112d92509ac350413
This filter is unsued in the role, remove it.
This allows it to be run under zuul and can be moved into the
top-level role/ directory later.
Change-Id: Ice97f0c3c9f52b6bf9f48c7b16d577e555924034
Since we're building out roles in system-config now, generate
documentation. We look in roles/* and playbook/roles/* (follow-on
changes will split things up between the two).
Correct the reference names in the exim documentation to avoid
warnings and failure.
This also revealed a single unicode character in the exim readme
(which caused prior versions of zuul-sphinx to barf). For fun, see if
you can find it!
Depends-On: https://review.openstack.org/#/c/579474/
Change-Id: I243a96bbd6d09560f8aa80b6345b90039422547a
Puppet cron is no longer being run on puppetmaster (yay!) so start
running it in cron from bridge.
Change-Id: Idc579a2660a5450092544c21a2e9e6cb9688e5f9
There is an issue with our nb0* hosts where they have zypper installed
for building suse images but that tricks ansible in to thinking it
should use zypper for package management.
This has been submitted upstream as
https://github.com/ansible/ansible/pull/44413
Change-Id: I96f60501e43bfe9c6acb4ce80f8450b245943ca8
In zuul's ansible config we add retries=3 to deal with transient issues.
Do the same thing for our production runs.
Change-Id: Ide53bae34e5e622de1fd4741706752e8728da20e
We don't run a cloud anymore and don't use these. With the cfg
management update effort, it's unlikely we'd use them in the form they
are in even if we did get more hardware and decide to run a cloud again.
Remove them for clarity.
Change-Id: I88f58fc7f2768ad60c5387eb775a340cac2c822a
We copied this over from puppetmaster, but let's manage it in ansible.
The key has been renamed in host_vars on bridge.openstack.org already.
Change-Id: Ia102dbe2ae2836880092b8997cb99135f5197b00
The CentOS tasks run inside of a loop in tasks/main.yaml. That means
that item has been defined in the loop there. While it's currently
working, go ahead and add loop_control.loop_var to remove the clash.
Change-Id: I0e8288c35645945aa9b43fb02c29576c1ad31d7e
puppet wants the code to be in /opt/system-config/production because of
the environment config. bridge just wants /opt/system-config because
it's an ansible server.
Rather than relying on inferring things, just be explicit about what we
want where.
Depends-On: https://review.openstack.org/593134
Change-Id: I9e749d2c50f7d8a7b0681fe48f38f4741c8a8d01
This is not a variable describing the system-under-management
bridge.openstack.org - it's a variable that is always true for all
systems in the puppet group.
As a result, update the puppet apply test to figure out which directory
we should be copying modules _from_ - since the puppet4 tests will be
unhappy otherwise.
Change-Id: Iddee83944bd85f69acf4fcfde83dc70304386baf
The first entry is where ansible galaxy will install roles. We want that
to be /etc/ansible/roles, not overlaid on the system-config repo.
Pass --roles-path to ansible-galaxy to make sure they go to the right
place.
Change-Id: I109dc004acad32a515c6a1caca50ab38edc62aed
file: state=touch returns changed every time. Instead, put the log files
into a /var/log/ansible directory.
Change-Id: I086d803f0e532b9da41cb01d4e7d2ed66245dfc1
restricted is supported software that is non-free.
multiverse is unsupported software that is non-free.
Use of software from either would be unacceptable on any Infra server,
so remove them from the sources.list files.
While we're in there, clean things up a little bit and add an arm file
for bionic.
Change-Id: I55a3b3d411e8a3496a4e6910baaf72f3c192e9d4
This was a setting added for infra cloud that had to do with bootstrap
order. It seems to have been cargo-culted elsewhere. Remove it. Let's be
specific with our sources.list files.
Change-Id: Iefbd59ad20e9fdc450d9a0c4e58b9cf4a89ff5a3
Rather than copying these out of system-config inside of
install-ansible, just point the ansible.cfg to them in the system-config
location. This way as changes come in that have group updates we don't
have to first apply them to the system.
Change-Id: I1cefd7848b7f3f1adc8fbfa080eb9831124a297b
The puppet playbooks were some of the first we wrote, so they're
slightly wonky.
Remove '---' lines that are completely unnecessary.
Fix indentation.
Move some variables that are the same everywhere into
ansible variables.
Put puppet related variables into the puppet group_vars.
Stop running puppet on localhost in the git playbook.
Change-Id: I2d2a4acccd3523f1931ebec5977771d5a310a0c7
The production directory is a relic from the puppet environment concept,
which we do not use. Remove it.
The puppet apply tests run puppet locally, where the production
environment is still needed, so don't update the paths in the
tools/prep-apply.sh.
Depends-On: https://review.openstack.org/592946
Change-Id: I82572cc616e3c994eab38b0de8c3c72cb5ec5413
We do this for zuul jobs already, so let's do it for our production
runs.
Shift the inventory cache location down a directory so that launch-node
can invalidate the inventory cache.
Change-Id: I52b1c48d091c07e4205c1a7233448925ca26d8d3
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
The exim config chunk has a {{ in it, which makes the ansible jinja
very cranky. Add in a raw block so it doesn't try to understand the
exim.
Change-Id: If49d976e503b6ebe236a2d2c6077cce96783e102
So that we can have complete control of the router order, always
template the full set of routers, including the "default" ones.
So that it's easy to use the defaults but put them in a different
order, define each router in its own variable which can be used
in host or group vars to "copy" that router in.
Apply this change to lists, firehose, and storyboard, all of which
have custom exim routers. Note that firehose intentionally has
its localuser router last.
Change-Id: I737942b8c15f7020b54e350db885e968a93f806a
We want to configure firehose logically as the firehose service, but the
host that is in the group is called firehose01.openstack.org. Make a
group and put the config variables for firehose into it.
Change-Id: I17c8e8a72f41c5e2730af81f70cef81dd3ed7bca
regex_match seems to either not work or not exist or something. match,
otoh, works. Additionally, we get this:
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead
of using `result|match` use `result is match`. This feature will
be removed in version 2.9.
when using the | syntax, so obey the warning and switch to is.
Change-Id: Ie201241a11c08b9fed58c0e1790e8187ee4cf474
Now that we're running with ansible, we can set the futureparser varible
in the group_vars for the futureparser group and stop passing it as a
parameter explicitly.
Change-Id: I41fe283e96bb48a17f2acfe2ffd939223b5345e7
