Add initial Ansible for nodepool hosts

This is a start at ansible-deployed nodepool environments. We rename the minimal-nodepool element to nodepool-base-legacy, and keep running that for the old nodes. The groups are updated so that only the .openstack.org hosts will run puppet. Essentially they should remain unchanged. We start a nodepool-base element that will replace the current puppet-<openstackci|nodepool> deployment parts. For step one, this grabs project-config and links in the elements and config file. A testing host is added for gate testing which should trigger these roles. This will build into a full deployment test of the builder container. Change-Id: If0eb9f02763535bf200062c51a8a0f8793b1e1aa Depends-On: https://review.opendev.org/#/c/710700/
2020-03-03 10:48:34 +11:00 · 2020-03-03 10:48:34 +11:00 · 281425a44d
commit 281425a44d
parent ac11734cf9
9 changed files with 85 additions and 10 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -837,6 +837,8 @@
          label: ubuntu-xenial
        - name: nb01.openstack.org
          label: ubuntu-xenial
+        - name: nb01-test.opendev.org
+          label: ubuntu-bionic
    vars:
      run_playbooks:
        - playbooks/service-nodepool.yaml
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@ -92,9 +92,13 @@ groups:
    - nb[0-9]*.open*.org
    - nl[0-9]*.open*.org
  nodepool-builder:
-    - nb[0-9]*.open*.org
+    - nb[0-9]*.openstack.org
+  nodepool-builder_opendev:
+    - nb[0-9]*.opendev.org
  nodepool-launcher:
-    - nl[0-9]*.open*.org
+    - nl[0-9]*.openstack.org
+  nodepool-launcher_opendev:
+    - nl[0-8]*.opendev.org
  ns:
    - ns[0-9]*.open*.org
  openstackid-dev:
@ -131,8 +135,8 @@ groups:
    - logstash[0-9]*.open*.org
    - mirror-update[0-9]*.openstack.org
    - mirror[0-9]*.openstack.org
-    - nb[0-9]*.open*.org
-    - nl[0-9]*.open*.org
+    - nb[0-9]*.openstack.org
+    - nl[0-9]*.openstack.org
    - openstackid-dev*.openstack.org
    - openstackid.org
    - openstackid[0-9]*.openstack.org
@ -180,7 +184,7 @@ groups:
    - logstash[0-9]*.open*.org
    - mirror-update[0-9]*.openstack.org
    - ^mirror[0-9].*\..*\.(?!linaro|linaro-london|linaro-us).*\.openstack\.org
-    - ^nb(?!03)[0-9]*\.open.*\.org
+    - ^nb(?!03)[0-9]*\.openstack\.org
    - nl[0-9]*.open*.org
    - openstackid[0-9]*.openstack.org
    - openstackid-dev[0-9]*.openstack.org
--- a/playbooks/group_vars/nodepool-builder_opendev.yaml
+++ b/playbooks/group_vars/nodepool-builder_opendev.yaml
@ -0,0 +1,4 @@
+openstacksdk_config_dir: /home/nodepool/.config/openstack
+openstacksdk_config_owner: nodepool
+openstacksdk_config_group: nodepool
+openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
--- a/playbooks/group_vars/nodepool-launcher_opendev.yaml
+++ b/playbooks/group_vars/nodepool-launcher_opendev.yaml
@ -0,0 +1,4 @@
+openstacksdk_config_dir: /home/nodepool/.config/openstack
+openstacksdk_config_owner: nodepool
+openstacksdk_config_group: nodepool
+openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2
--- a/playbooks/roles/nodepool-base-legacy/README.rst
+++ b/playbooks/roles/nodepool-base-legacy/README.rst
@ -1,9 +1,8 @@
+Minimal nodepool requirements for mixed puppet/ansible deployment.
+
 Create minimal nodepool requirements so that we can manage nodepool servers
 with ansible and puppet while we transition.

-NOTE: THis likely isn't what we want long term. Should have a proper nodepool
-role or use windmill.
-
 **Role Variables**

 * None
--- a/playbooks/roles/nodepool-base-legacy/tasks/main.yaml
+++ b/playbooks/roles/nodepool-base-legacy/tasks/main.yaml
--- a/playbooks/roles/nodepool-base/README.rst
+++ b/playbooks/roles/nodepool-base/README.rst
@ -0,0 +1,3 @@
+nodepool base setup
+
+**Role Variables**
--- a/playbooks/roles/nodepool-base/tasks/main.yaml
+++ b/playbooks/roles/nodepool-base/tasks/main.yaml
@ -0,0 +1,48 @@
+- name: Add the nodepool group
+  group:
+    name: nodepool
+    state: present
+
+- name: Add the nodepool user
+  user:
+    name: nodepool
+    group: nodepool
+    home: /home/nodepool
+    create_home: yes
+    shell: /bin/bash
+
+# NOTE(ianw) : A note on testing; we have some configurations for
+# system-config-run-nodepool test hosts committed to project-config.
+# Since this is a protected repo we can't speculatively test, which is
+# why we're just cloning from opendev.org master and not a local
+# checkout here.  We don't expect the configs to change so this is OK.
+- name: Clone the project-config repo for configs
+  git:
+    repo: 'https://opendev.org/openstack/project-config'
+    dest: /opt/project-config
+    force: yes
+
+- name: Create nodepool config dir
+  file:
+    name: /etc/nodepool
+    state: directory
+    owner: nodepool
+    group: nodepool
+    mode: 0755
+
+- name: Look for a host specific config file
+  stat:
+    path: /opt/project-config/nodepool/{{ inventory_hostname }}.yaml
+  register: host_config_file
+
+- name: Set config file symlink
+  file:
+    state: link
+    src: '{{ host_config_file.stat.exists | ternary(host_config_file.stat.path, "/opt/project-config/nodepool/nodepool.yaml") }}'
+    dest: /etc/nodepool/nodepool.yaml
+
+- name: Symlink in elements from project-config repo
+  file:
+    state: link
+    src: /opt/project-config/nodepool/elements
+    dest: /etc/nodepool/elements
--- a/playbooks/service-nodepool.yaml
+++ b/playbooks/service-nodepool.yaml
@ -1,7 +1,18 @@
 - hosts: nodepool-launcher:nodepool-builder:!disabled
-  name: "Base: configure OpenStackSDK on nodepool"
+  name: "Base: configure OpenStackSDK on nodepool legacy hosts"
  strategy: free
  roles:
-    - minimal-nodepool
+    - nodepool-base-legacy
    - configure-openstacksdk
    - configure-kubectl
+
+- hosts: nodepool-builder_opendev:!disabled
+  name: "Configure nodepool builders"
+  strategy: free
+  roles:
+    - nodepool-base
+    - configure-openstacksdk
+
+# TODO(ianw) 2020-03-03 : watch this space...
+#- hosts: nodepool-launcher_opendev:!disabled
+#  name: "Configure nodepool launchers"