opendev/system-config
Code Issues Proposed changes
system-config/playbooks/zuul/run-base.yaml
Ian Wienand 814e4be128 Ansible roles for backup 
This introduces two new roles for managing the backup-server and hosts
that we wish to back up.

Firstly the "backup" role runs on hosts we wish to backup.  This
generates and configures a separate ssh key for running bup and
installs the appropriate cron job to run the backup daily.

The "backup-server" job runs on the backup server (or, indeed
servers).  It creates users for each backup host, accepts the remote
keys mentioned above and initalises bup.  It is then ready to receive
backups from the remote hosts.

This eliminates a fairly long-standing requirement for manual setup of
the backup server users and keys; this section is removed from the
documentation.

testinfra coverage is added.

Change-Id: I9bf74df351e056791ed817180436617048224d2c
2019-08-05 16:59:57 +10:00

110 lines
4.4 KiB
YAML
Raw Blame History

- import_playbook: ../bridge.yaml
vars:
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}"
ansible_cron_disable_job: true
cloud_launcher_disable_job: true
- hosts: bridge.openstack.org
become: true
tasks:
- name: Write inventory on bridge
include_role:
name: write-inventory
vars:
write_inventory_dest: /etc/ansible/hosts/inventory.yaml
write_inventory_exclude_hostvars:
- ansible_user
- ansible_python_interpreter
- name: Set up /opt/system-config repo
git:
repo: /home/zuul/src/opendev.org/opendev/system-config
dest: /opt/system-config
force: yes
# TODO: the next two tasks are update-system-config.yaml and
# should be removed or refactored out of here to a shared
# location.
- name: Clone puppet modules to /etc/puppet/modules
command: ./install_modules.sh
args:
chdir: /opt/system-config
- name: Install ansible roles to /etc/ansible/roles
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
args:
chdir: /opt/system-config
- name: Add groups config for test nodes
template:
src: "templates/gate-groups.yaml.j2"
dest: "/etc/ansible/hosts/gate-groups.yaml"
- name: Update ansible.cfg to use job inventory
ini_file:
path: /etc/ansible/ansible.cfg
section: defaults
option: inventory
value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
- name: Update ansible.cfg to use yamlgroup plugin
ini_file:
path: /etc/ansible/ansible.cfg
section: defaults
option: inventory_plugins
value: /opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins
- name: Update ansible.cfg to configure inventory plugins
ini_file:
path: /etc/ansible/ansible.cfg
section: inventory
option: enable_plugins
value: yamlgroup,yaml,advanced_host_list,ini
- name: Make host_vars directory
file:
path: "/etc/ansible/hosts/host_vars"
state: directory
- name: Make group_vars directory
file:
path: "/etc/ansible/hosts/group_vars"
state: directory
- name: Write hostvars files
vars:
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
iptables_test_public_tcp_ports: [19885]
template:
src: "templates/{{ item }}.j2"
dest: "/etc/ansible/hosts/{{ item }}"
loop:
- group_vars/all.yaml
- group_vars/adns.yaml
- group_vars/nodepool.yaml
- group_vars/ns.yaml
- group_vars/registry.yaml
- group_vars/gitea.yaml
- group_vars/gitea-lb.yaml
- group_vars/letsencrypt.yaml
- group_vars/registry.yaml
- group_vars/control-plane-clouds.yaml
- group_vars/mirror_opendev.yaml
- host_vars/bridge.openstack.org.yaml
- host_vars/letsencrypt01.opendev.org.yaml
- host_vars/letsencrypt02.opendev.org.yaml
- host_vars/mirror01.openafs.provider.opendev.org.yaml
- host_vars/mirror-update01.opendev.org.yaml
- host_vars/backup-test01.opendev.org.yaml
- host_vars/backup-test02.opendev.org.yaml
- name: Display group membership
command: ansible localhost -m debug -a 'var=groups'
- name: Run base.yaml
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
- name: Run bridge service playbook
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml
- name: Run playbook
when: run_playbooks is defined
loop: "{{ run_playbooks }}"
command: "ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }}"
- name: Run test playbook
when: run_test_playbook is defined
shell: "ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }}"
- name: Run testinfra to validate configuration
include_role:
name: tox
vars:
tox_envlist: testinfra
View Git Blame Copy Permalink