bootstrap-bridge: use abstracted hostname

The prior change Iffb462371939989b03e5d6ac6c5df63aa7708513 added the "bastion" group for system-config-run-* jobs, and the dependent change here adds the bridge host to the "bastion" group when it is dynamically added in opendev/base-jobs. This playbook can thus refer to the bastion group, rather than having to hardcode the hostname. This should have no affect in production as it all still refers to the existing bridge.openstack.org; but will make it easier to switch in the (near) future. Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/861026 Change-Id: Icc52d2544afc1faf519a036cda94a3cae10448ee
2022-10-12 14:23:23 +11:00 · 2022-10-12 14:23:23 +11:00 · 04a129c328
commit 04a129c328
parent d4c46ecdef
3 changed files with 30 additions and 8 deletions
--- a/playbooks/bootstrap-bridge.yaml
+++ b/playbooks/bootstrap-bridge.yaml
@ -1,4 +1,18 @@
- hosts: bridge.openstack.org:!disabled
+# NOTE: This is included from two paths to setup the bridge/bastion
+# host in different circumstances:
+#
+# 1) Gate tests -- here Zuul is running this on the executor against
+#    ephemeral nodes.  It uses the "bastion" group as defined in the
+#    system-config-run jobs.
+#
+# 2) Production -- here we actually run against the real bastion host.
+#    The host is dynamically added in opendev/base-jobs before this
+#    runs, and put into a group called "bastion".
+#
+# In both cases, the "bastion" group has one entry, which is the
+# bastion host to run against.
+
+- hosts: bastion[0]:!disabled
  name: "Bridge: bootstrap the bastion host"
  become: true
  tasks:
@ -53,6 +67,14 @@
            content: '{{ _root_rsa_key_dict | to_nice_json }}'
            dest: '/home/zuul/root-rsa-key.json'

+        - name: Save abstracted inventory file
+          copy:
+            content: |
+                {{ inventory_hostname }}
+                [bastion]
+                {{ inventory_hostname }}
+            dest: '/home/zuul/bastion-inventory.ini'
+
    - name: Make ansible log directory
      file:
        path: '/var/log/ansible'
@ -68,11 +90,10 @@
      environment:
        ROOT_RSA_KEY: '{{ "-e @/home/zuul/root-rsa-key.json" if root_rsa_key is defined else "" }}'
        # In production "install-ansible" has setup ansible to point
-        # to the system-config inventory which has bridge in it.  In
-        # the gate, bridge is ephemeral and we haven't yet built the
-        # inventory to use for testing (that is done in
-        # zuul/run-base.yaml).  Pass the hostname -- the playbook uses
-        # the local connection.
-        BRIDGE_INVENTORY: '{{ "-ibridge.openstack.org," if root_rsa_key is defined else "" }}'
+        # to the system-config inventory which has the bastion group
+        # in it.  In the gate, bridge is ephemeral and we haven't yet
+        # built the inventory to use for testing (that is done in
+        # zuul/run-base.yaml).  Use this constructed inventory.
+        BRIDGE_INVENTORY: '{{ "-i/home/zuul/bastion-inventory.ini" if root_rsa_key is defined else "" }}'
        ANSIBLE_ROLES_PATH: '/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles'
      no_log: true
--- a/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
+++ b/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
@ -1,4 +1,4 @@
- hosts: bridge.openstack.org
+- hosts: bastion[0]
  connection: local
  tasks:
    - name: Install root keys
--- a/playbooks/zuul/run-production-bootstrap-bridge.yaml
+++ b/playbooks/zuul/run-production-bootstrap-bridge.yaml
@ -3,6 +3,7 @@
    - name: Add bridge.o.o to inventory for playbook
      add_host:
        name: bridge.openstack.org
+        groups: 'bastion'
        ansible_python_interpreter: python3
        ansible_user: zuul
        # Without setting ansible_host directly, mirror-workspace-git-repos