opendev/system-config
Code Issues Proposed changes
system-config/playbooks/zuul/run-production-playbook.yaml
James E. Blair b9f7f5506f Use infra-prod-base in infra-prod jobs 
This uses a new base job which handles pushing the git repos on to
bridge since that must now happen in a trusted playbook.

Depends-On: https://review.opendev.org/742934
Change-Id: Ie6d0668f83af801c0c0e920b676f2f49e19c59f6
2020-07-24 09:04:50 -07:00

64 lines
2.5 KiB
YAML
Raw Blame History

- hosts: bridge.openstack.org
tasks:
- name: Should we run from master
set_fact:
infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}"
- name: Update from master
when: infra_prod_run_from_master|bool
git:
repo: https://opendev.org/opendev/system-config
dest: /home/zuul/src/opendev.org/opendev/system-config
force: yes
- name: Run the production playbook and capture logs
block:
- name: Log a playbook start header
become: yes
shell: 'echo "Running {{ ansible_date_time.iso8601 }}: ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }}" > /var/log/ansible/{{ playbook_name }}.log'
- name: Run specified playbook on bridge.o.o and redirect output
become: yes
shell: 'ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }} >> /var/log/ansible/{{ playbook_name }}.log'
always:
# Not using normal zuul job roles as bridge.openstack.org is not a
# test node with all the normal bits in place.
- name: Collect log output
synchronize:
dest: "{{ zuul.executor.log_root }}/{{ playbook_name }}.log"
mode: pull
src: "/var/log/ansible/{{ playbook_name }}.log"
verify_host: true
when: infra_prod_playbook_collect_log
- name: Return playbook log artifact to Zuul
when: infra_prod_playbook_collect_log
zuul_return:
data:
zuul:
artifacts:
- name: "Playbook Log"
url: "{{ playbook_name }}.log"
metadata:
type: text
# If we aren't publishing logs through zuul then keep a set on
# bridge directly.
- name: Rename playbook log on bridge
when: not infra_prod_playbook_collect_log
become: yes
copy:
remote_src: yes
src: "/var/log/ansible/{{ playbook_name }}.log"
dest: "/var/log/ansible/{{ playbook_name }}.log.{{ ansible_date_time.iso8601 }}"
- name: Cleanup old playbook logs on bridge
when: not infra_prod_playbook_collect_log
become: yes
shell: |
find /var/log/ansible -name '{{ playbook_name }}.log.*' -type f -mtime 30 -delete
View Git Blame Copy Permalink