The current code runs k8s-on-openstack's ansible in an ansible
task. This makes debugging failures especially difficult.
Instead, move the prep task to update-system-config, which will
ensure the repo is cloned, and move the post task to its own
playbook. The cinder storage class k8s action can be removed from
this completely as it's handled in the rook playbook.
Then just run the k8s-on-openstack playbook as usual, but without
the cd first so that our normal ansible.cfg works.
Change-Id: I6015e58daa940914d46602a2cb64ecac5d59fa2e
Also, correct the host_vars filename. Again.
Also, make sure we run the test on changes to the host_vars filename.
Change-Id: I95fb61531bae677f5c68f4e56ed718da6c507eb9
We want our base ansible roles to run on these nodes. However,
k8s-on-openstack manages firewall rules via openstack security
groups, so we don't want to run those there.
There was a discussion about making a minimal set of roles that
are run by default and then a group containing servers that got
the full set ... but that would require a duplicate entry for 99%
of our servers in the inventory, while the "only run a subset" is
the exception case.
Change-Id: I2cbf364305f758cecf11df41398d3d2c05222fda
k8s-on-openstack uses the baked in ubuntu user and ssh keypairs
to interact with the host. Our other roles assume that we'll be
logging in directly as root.
Run base-repos logging in as ubuntu with become: true set so that
we can overwrite the root ssh key with the one allowing direct
login from bridge.
Change-Id: I98e91e0a9e5f4a44fcad8f22a0f710ce2c4138e0
Add the gitea k8s cluster to root's .kube/config file on bridge.
The default context does not exist in order to force us to explicitly
specify a context for all commands (so that we do not inadvertently
deploy something on the wrong k8s cluster).
Change-Id: I53368c76e6f5b3ab45b1982e9a977f9ce9f08581
The gitea service needs an HA shared filesystem, which is provided by
cephfs and managed by rook.io.
It also needs a database service, which is provided by
percona-xtradb-cluster.
Change-Id: Ie019c2e24c3780cec2468a00987dba4ac34ed570
In order to make sure we don't accidentally get broken by any
upstream patches, pin k8s-on-openstack to a specific sha.
Change-Id: Iabd80a7f95646304ed293fe11bed3a9260411705
The k8s-on-openstack project produces an opinionated kubernetes
that is correctly set up to be integrated with OpenStack. All of the
patches we've submitted to update it for our environment have been
landed upstream, so just consume it directly.
It's possible we might want to take a more hands-on forky approach in
the future, but for now it seems fairly stable.
Change-Id: I4ff605b6a947ab9b9f3d0a73852dde74c705979f
Both staging and production OpenStackID servers are being updated to
our enumerated host naming convention as part of their upgrade from
Ubuntu Trusty to Xenial. Move their host-specific Ansible variables
to the new host groups we've created for each of them.
Change-Id: I359a51812b749bf9937943bae1cf1850bc1f85c3
Updating the system-config git checkout was not working correctly. Since
we don't need the whole repo anyway, just retrieve the install_puppet.sh
script.
Change-Id: If83482eacdb303ea4fc3fe453818ea435ed062dc
There are upstream jobs in zuul-jobs with the docker build playbooks,
so use them. The system-config jobs are kept so that we don't have
to duplicate the secret stanza.
Change-Id: Iceee55a3d0e8b243549fa988f134b1ea9bb6dac5
To debug DMARC issues, save a copy of every message sent to
openstack-discuss with as little manipulation as possible.
Change-Id: Ic1156849957bc326e9216c2aca0ab9d180e158e6
This adds the infrastructure for building docker images: the
credential used to upload to Docker Hub as well as the parent jobs
and playbooks to perform the builds.
Change-Id: I7cbbcdd184c4934f1b0ce5905d9760c732b06aa9
Depends-On: https://review.openstack.org/631078
The gerrit source dir needs three plugins cloned into
the plugins dir and also a few files updated.
Depends-On: https://review.openstack.org/631007
Change-Id: I56037137d43ee1cea0a4c17e48d09102e1599ddc
Whenever we promote an image, delete the change tag for that image
in Docker Hub, and also delete any change tags older than 24 hours
in order to keep the Docker Hub image registry tidy.
Change-Id: Id4654c893963bdb0a364b1132793fe4fb152bf27
If we clone gerrit to ~/src/gerrit.googlesource.com/gerrit but
want to keep the Dockerfile in system-config, then we need to be
able to run:
docker build ~/src/gerrit.googlesource.com/gerrit -f Dockerfile
Most of the time the dir will just be '.', so put in a sensible
default.
Change-Id: I235080c05e679d2ac270cd5401b85c655fab3112
This job has no nodes; the playbook needs to run on localhost.
The only tasks use the uri module without local files, so should
be safe.
Change-Id: Ic012426a66be3b85efe9af35089addf1316dfa63
Upload an image to dockerhub with a change-specific tag in every
gate job, and then, if the change lands, re-tag the image in
dockerhub.
Change-Id: Ie57fc342cbe29d261d33845829b77a0c1bae5ff4
Remove the puppetry for managing nameservers as we now use ansible
configured name servers without puppet.
We will need to follow this up with deletion of the existing
ns*.openstack.org and adns1.openstack.org servers.
Change-Id: Id7ec8fa58c9e37ce94ec71e4562607914e5c3ea4
