77ebe6e0b7
In discussion of other changes, I realised that the bridge bootstrap job is running via zuul/run-production-playbook.yaml. This means it uses the Ansible installed on bridge to run against itself -- which isn't much of a bootstrap. What should happen is that the bootstrap-bridge.yaml playbook, which sets up ansible and keys on the bridge node, should run directly from the executor against the bridge node. To achieve this we reparent the job to opendev-infra-prod-setup-keys, which sets up the executor to be able to log into the bridge node. We then add the host dynamically and run the bootstrap-bridge.yaml playbook against it. This is similar to the gate testing path; where bootstrap-bridge.yaml is run from the exeuctor against the ephemeral bridge testing node before the nested-Ansible is used. The root key deployment is updated to use the nested Ansible directly, so that it can read the variable from the on-host secrets. Change-Id: Iebaeed5028050d890ab541818f405978afd60124
17 lines
591 B
YAML
17 lines
591 B
YAML
- hosts: localhost
|
|
tasks:
|
|
- name: Add bridge.o.o to inventory for playbook
|
|
add_host:
|
|
name: bridge.openstack.org
|
|
ansible_python_interpreter: python3
|
|
ansible_user: zuul
|
|
# Without setting ansible_host directly, mirror-workspace-git-repos
|
|
# gets sad because if delegate_to localhost and with add_host that
|
|
# ends up with ansible_host being localhost.
|
|
ansible_host: bridge.openstack.org
|
|
ansible_port: 22
|
|
# Port 19885 is firewalled
|
|
zuul_console_disabled: true
|
|
|
|
- import_playbook: ../bootstrap-bridge.yaml
|