diff --git a/doc/source/misc-jobs.rst b/doc/source/misc-jobs.rst index 1070998..7b51cf5 100644 --- a/doc/source/misc-jobs.rst +++ b/doc/source/misc-jobs.rst @@ -15,3 +15,5 @@ Specialized Jobs These jobs are not for general use. .. zuul:autojob:: opendev-infra-prod-base +.. zuul:autojob:: opendev-infra-prod-setup-src +.. zuul:autojob:: opendev-infra-prod-setup-keys diff --git a/playbooks/infra-prod/pre.yaml b/playbooks/infra-prod/pre.yaml index 01a85b1..79d4660 100644 --- a/playbooks/infra-prod/pre.yaml +++ b/playbooks/infra-prod/pre.yaml @@ -1,59 +1,5 @@ -- hosts: localhost - tasks: - - name: Add bridge.o.o to inventory - add_host: - name: bridge.openstack.org - ansible_python_interpreter: python3 - ansible_user: zuul - # Without setting ansible_host directly, mirror-workspace-git-repos - # gets sad because if delegate_to localhost and with add_host that - # ends up with ansible_host being localhost. - ansible_host: bridge.openstack.org - ansible_port: 22 +- name: Setup keys + import_playbook: setup-keys.yaml -- hosts: localhost - tasks: - - name: Add bridge.o.o hostkey to known hosts - known_hosts: - name: bridge.openstack.org - key: "bridge.openstack.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxRzDkWvvVQtsLTAqAwedRWA84/42KKVdFS0QP8lZFsMpgTXUhjipJ7VcFun5gM87tnt0J71rlN+ospBh0/1wfp2jASEskUyGhXAa5xHjnJN7veUyW+AggEosK/OTunvZgf54p1sQg45Sq/uCjc0Ua0fRMOq2o5z/mgpl6rSjLOlWi9wKA/6axnUbs9w4iD5esyBQ+VcISSJOTqhAo/3UG0NwCU+6Ggwwhg0nl5iCMpQfq4A207IbJ72MkJzlQgW3edsRb5POzdZcGxkTYvVdP3kgHP4Bof3MFFZjBUMz6SuRQyNV5poysMtbtlO0SvgAJNhXr6Vn0GA9XhqFP6+HT" - -- hosts: bridge.openstack.org - tasks: - - name: "Make sure a manaul maint isn't going on" - wait_for: - path: /home/zuul/DISABLE-ANSIBLE - state: absent - sleep: 10 - timeout: 3600 # Wait for an hour before bailing - - - name: "Correct ownership of repos" - command: "chown -R zuul:zuul /home/zuul/src" - # E303: Skip linting since it triggers on the "chown" command, - # but we prefer the shell above - tags: - - skip_ansible_lint - # Ignore the error if the dir doesn't exist - ignore_errors: true - # Do this as root, because it needs to chown root-owned files - become: true - - # This role executes code on the executor, so this needs to be in - # a trusted playbook. - - name: Synchronize src repos to workspace directory. - include_role: - name: prepare-workspace-git - - # When running from periodic/hourly we want to explicitly override - # to run from the tip of master - - name: Should we run from master - set_fact: - infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}" - - - name: Update from master - when: infra_prod_run_from_master|bool - git: - repo: https://opendev.org/opendev/system-config - dest: /home/zuul/src/opendev.org/opendev/system-config - force: yes - version: master +- name: Setup source + import_playbook: setup-source.yaml diff --git a/playbooks/infra-prod/setup-keys.yaml b/playbooks/infra-prod/setup-keys.yaml new file mode 100644 index 0000000..50c8c6d --- /dev/null +++ b/playbooks/infra-prod/setup-keys.yaml @@ -0,0 +1,18 @@ +- hosts: localhost + tasks: + - name: Add bridge.o.o to inventory + add_host: + name: bridge.openstack.org + ansible_python_interpreter: python3 + ansible_user: zuul + # Without setting ansible_host directly, mirror-workspace-git-repos + # gets sad because if delegate_to localhost and with add_host that + # ends up with ansible_host being localhost. + ansible_host: bridge.openstack.org + ansible_port: 22 + + - name: Add bridge.o.o hostkey to known hosts + known_hosts: + name: bridge.openstack.org + key: "bridge.openstack.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxRzDkWvvVQtsLTAqAwedRWA84/42KKVdFS0QP8lZFsMpgTXUhjipJ7VcFun5gM87tnt0J71rlN+ospBh0/1wfp2jASEskUyGhXAa5xHjnJN7veUyW+AggEosK/OTunvZgf54p1sQg45Sq/uCjc0Ua0fRMOq2o5z/mgpl6rSjLOlWi9wKA/6axnUbs9w4iD5esyBQ+VcISSJOTqhAo/3UG0NwCU+6Ggwwhg0nl5iCMpQfq4A207IbJ72MkJzlQgW3edsRb5POzdZcGxkTYvVdP3kgHP4Bof3MFFZjBUMz6SuRQyNV5poysMtbtlO0SvgAJNhXr6Vn0GA9XhqFP6+HT" + diff --git a/playbooks/infra-prod/setup-source.yaml b/playbooks/infra-prod/setup-source.yaml new file mode 100644 index 0000000..92391a4 --- /dev/null +++ b/playbooks/infra-prod/setup-source.yaml @@ -0,0 +1,39 @@ +- hosts: bridge.openstack.org + tasks: + - name: "Make sure a manual maintenance isn't going on" + wait_for: + path: /home/zuul/DISABLE-ANSIBLE + state: absent + sleep: 10 + timeout: 3600 # Wait for an hour before bailing + + - name: "Correct ownership of repos" + command: "chown -R zuul:zuul /home/zuul/src" + # E303: Skip linting since it triggers on the "chown" command, + # but we prefer the shell above + tags: + - skip_ansible_lint + # Ignore the error if the dir doesn't exist + ignore_errors: true + # Do this as root, because it needs to chown root-owned files + become: true + + # This role executes code on the executor, so this needs to be in + # a trusted playbook. + - name: Synchronize src repos to workspace directory. + include_role: + name: prepare-workspace-git + + # When running from periodic/hourly we want to explicitly override + # to run from the tip of master + - name: Should we run from master + set_fact: + infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}" + + - name: Update from master + when: infra_prod_run_from_master|bool + git: + repo: https://opendev.org/opendev/system-config + dest: /home/zuul/src/opendev.org/opendev/system-config + force: yes + version: master diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 04e7c46..88a88fd 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -600,3 +600,23 @@ This is not for general use. abstract: true pre-run: playbooks/infra-prod/pre.yaml + +- job: + name: opendev-infra-prod-setup-src + description: | + A base job for replicating source to OpenDev's bridge. + + This is not for general use. + abstract: true + pre-run: + - playbooks/infra-prod/setup-keys.yaml + - playbooks/infra-prod/setup-src.yaml + +- job: + name: opendev-infra-prod-setup-keys + description: | + A base job for allowing executors to log into OpenDev's bridge. + + This is not for general use. + abstract: true + pre-run: playbooks/infra-prod/setup-keys.yaml