8ad300927e
This is a first step toward making smaller playbooks which can be run by Zuul in CD. Zuul should be able to handle missing projects now, so remove it from the puppet_git playbook and into puppet. Make the base playbook be merely the base roles. Make service playbooks for each service. Remove the run-docker job because it's covered by service jobs. Stop testing that puppet is installed in testinfra. It's accidentally working due to the selection of non-puppeted hosts only being on bionic nodes and not installing puppet on bionic. Instead, we can now rely on actually *running* puppet when it's important, such as in the eavesdrop job. Also remove the installation of puppet on the nodes in the base job, since it's only useful to test that a synthetic test of installing puppet on nodes we don't use works. Don't run remote_puppet_git on gitea for now - it's too slow. A followup patch will rework gitea project creation to not take hours. Change-Id: Ibb78341c2c6be28005cea73542e829d8f7cfab08
102 lines
4.0 KiB
YAML
102 lines
4.0 KiB
YAML
- import_playbook: ../bridge.yaml
|
|
vars:
|
|
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}"
|
|
ansible_cron_install_cron: false
|
|
|
|
- hosts: bridge.openstack.org
|
|
become: true
|
|
tasks:
|
|
- name: Write inventory on bridge
|
|
include_role:
|
|
name: write-inventory
|
|
vars:
|
|
write_inventory_dest: /etc/ansible/hosts/inventory.yaml
|
|
write_inventory_exclude_hostvars:
|
|
- ansible_user
|
|
- name: Set up /opt/system-config repo
|
|
git:
|
|
repo: /home/zuul/src/opendev.org/opendev/system-config
|
|
dest: /opt/system-config
|
|
force: yes
|
|
# TODO: the next two tasks are update-system-config.yaml and
|
|
# should be removed or refactored out of here to a shared
|
|
# location.
|
|
- name: Clone puppet modules to /etc/puppet/modules
|
|
command: ./install_modules.sh
|
|
args:
|
|
chdir: /opt/system-config
|
|
- name: Install ansible roles to /etc/ansible/roles
|
|
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
|
|
args:
|
|
chdir: /opt/system-config
|
|
- name: Add groups config for test nodes
|
|
template:
|
|
src: "templates/gate-groups.yaml.j2"
|
|
dest: "/etc/ansible/hosts/gate-groups.yaml"
|
|
- name: Update ansible.cfg to use job inventory
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory
|
|
value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
|
|
- name: Update ansible.cfg to use yamlgroup plugin
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory_plugins
|
|
value: /opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins
|
|
- name: Update ansible.cfg to configure inventory plugins
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: inventory
|
|
option: enable_plugins
|
|
value: yamlgroup,yaml,advanced_host_list,ini
|
|
- name: Make host_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/host_vars"
|
|
state: directory
|
|
- name: Make group_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/group_vars"
|
|
state: directory
|
|
- name: Write hostvars files
|
|
vars:
|
|
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
|
|
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
|
|
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
|
|
iptables_test_public_tcp_ports: [19885]
|
|
template:
|
|
src: "templates/{{ item }}.j2"
|
|
dest: "/etc/ansible/hosts/{{ item }}"
|
|
loop:
|
|
- group_vars/all.yaml
|
|
- group_vars/adns.yaml
|
|
- group_vars/nodepool.yaml
|
|
- group_vars/ns.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/gitea.yaml
|
|
- group_vars/gitea-lb.yaml
|
|
- group_vars/letsencrypt.yaml
|
|
- group_vars/registry.yaml
|
|
- host_vars/bridge.openstack.org.yaml
|
|
- host_vars/letsencrypt01.opendev.org.yaml
|
|
- host_vars/letsencrypt02.opendev.org.yaml
|
|
- name: Display group membership
|
|
command: ansible localhost -m debug -a 'var=groups'
|
|
- name: Run base.yaml
|
|
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
|
|
- name: Run bridge service playbook
|
|
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml
|
|
- name: Run playbook
|
|
when: run_playbooks is defined
|
|
loop: "{{ run_playbooks }}"
|
|
command: "ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }}"
|
|
- name: Run test playbook
|
|
when: run_test_playbook is defined
|
|
shell: "ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }}"
|
|
- name: Run testinfra to validate configuration
|
|
include_role:
|
|
name: tox
|
|
vars:
|
|
tox_envlist: testinfra
|