system-config

opendev/system-config

Commit Graph

Author	SHA1	Message	Date
Ian Wienand	e70c1e581c	static: move certs to group, update testing name to static99 Currently we define the letsencrypt certs for each host in its individual host variables. With recent work we have a trusted CA and SAN names setup in our testing environment; introducing the possibility that we could accidentally reference the production host during testing (both have valid certs, as far as the testing hosts are concerned). To avoid this, we can use our naming scheme to move our testing hosts to "99" and avoid collision with the production hosts. As a bonus, this really makes you think more about your group/host split to get things right and keep the environment as abstract as possible. One example of this is that with letsencrypt certificates defined in host vars, testing and production need to use the same hostname to get the right certificates created. Really, this should be group-level information so it applies equally to host01 and host99. To cover "hostXX.opendev.org" as a SAN we can include the inventory_hostname in the group variables. This updates one of the more tricky hosts, static, as a proof of concept. We rename the handlers to be generic, and update the testing targets. Change-Id: Id98768e29a06cebaf645eb75b39e4dc5adb8830d	2022-08-05 08:18:55 +10:00
Ian Wienand	8627b4dfc3	static: remove unused letsencrypt group variable The etsencrypt_certs variable defined here in the "static" group file is overwritten by the host variable. This is not doing anything (and we don't have a logs.openstack.org any more as it is all in object storage), remove it. Change-Id: I6910d6652c558c94d71b1609d1194b654bc5b42d	2022-08-04 16:03:56 +10:00
Monty Taylor	83ced7f6e6	Split inventory into multiple dirs and move hostvars Make inventory/service for service-specific things, including the groups.yaml group definitions, and inventory/base for hostvars related to the base system, including the list of hosts. Move the exisitng host_vars into inventory/service, since most of them are likely service-specific. Move group_vars/all.yaml into base/group_vars as almost all of it is related to base things, with the execption of the gerrit public key. A followup patch will move host-specific values into equivilent files in inventory/base. This should let us override hostvars in gate jobs. It should also allow us to do better file matchers - and to be able to organize our playbooks move if we want to. Depends-On: https://review.opendev.org/731583 Change-Id: Iddf57b5be47c2e9de16b83a1bc83bee25db995cf	2020-06-04 07:44:36 -05:00

Author

SHA1

Message

Date

Ian Wienand

e70c1e581c

static: move certs to group, update testing name to static99

Currently we define the letsencrypt certs for each host in its
individual host variables.

With recent work we have a trusted CA and SAN names setup in
our testing environment; introducing the possibility that we could
accidentally reference the production host during testing (both have
valid certs, as far as the testing hosts are concerned).

To avoid this, we can use our naming scheme to move our testing hosts
to "99" and avoid collision with the production hosts.  As a bonus,
this really makes you think more about your group/host split to get
things right and keep the environment as abstract as possible.

One example of this is that with letsencrypt certificates defined in
host vars, testing and production need to use the same hostname to get
the right certificates created.  Really, this should be group-level
information so it applies equally to host01 and host99.  To cover
"hostXX.opendev.org" as a SAN we can include the inventory_hostname in
the group variables.

This updates one of the more tricky hosts, static, as a proof of
concept.  We rename the handlers to be generic, and update the testing
targets.

Change-Id: Id98768e29a06cebaf645eb75b39e4dc5adb8830d

2022-08-05 08:18:55 +10:00

Ian Wienand

8627b4dfc3

static: remove unused letsencrypt group variable

The etsencrypt_certs variable defined here in the "static" group file
is overwritten by the host variable.  This is not doing anything (and
we don't have a logs.openstack.org any more as it is all in object
storage), remove it.

Change-Id: I6910d6652c558c94d71b1609d1194b654bc5b42d

2022-08-04 16:03:56 +10:00

Monty Taylor

83ced7f6e6

Split inventory into multiple dirs and move hostvars

Make inventory/service for service-specific things, including the
groups.yaml group definitions, and inventory/base for hostvars
related to the base system, including the list of hosts.

Move the exisitng host_vars into inventory/service, since most of
them are likely service-specific. Move group_vars/all.yaml into
base/group_vars as almost all of it is related to base things,
with the execption of the gerrit public key.

A followup patch will move host-specific values into equivilent
files in inventory/base.

This should let us override hostvars in gate jobs. It should also
allow us to do better file matchers - and to be able to organize
our playbooks move if we want to.

Depends-On: https://review.opendev.org/731583
Change-Id: Iddf57b5be47c2e9de16b83a1bc83bee25db995cf

2020-06-04 07:44:36 -05:00

3 Commits