From 4b9d1a88bd8f73eedf0b8a7a353cf82520861a1f Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 30 Apr 2020 09:33:21 -0500 Subject: [PATCH] Use zuul checkouts of ansible roles from other repos We have two standalone roles, puppet and cloud-launcher, but we currently install them with galaxy so depends-on patches don't work. We also install them every time we run anything, even if we don't need them for the playbook in question. Add two roles, one to install a set of ansible roles needed by the host in question, and the other to encapsulate the sequence of running puppet, which now includes installing the puppet role, installing puppet, disabling the puppet agent and then running puppet. As a followup, we'll do the same thing with the puppet modules, so that we arent' cloning and rsyncing ALL of the puppet modules all the time no matter what. Change-Id: I69a2e99e869ee39a3da573af421b18ad93056d5b --- .zuul.yaml | 41 ++++++++++++++++++- inventory/groups.yaml | 2 + playbooks/group_vars/cloud-launcher.yaml | 2 + playbooks/group_vars/puppet.yaml | 2 + playbooks/remote_puppet_afs.yaml | 8 +--- playbooks/remote_puppet_else.yaml | 4 +- .../roles/install-ansible-roles/README.rst | 1 + .../install-ansible-roles/defaults/main.yaml | 4 ++ .../install-ansible-roles/tasks/main.yaml | 9 ++++ .../roles/install-ansible/tasks/main.yaml | 8 ---- playbooks/roles/run-puppet/README.rst | 12 ++++++ playbooks/roles/run-puppet/tasks/main.yaml | 9 ++++ playbooks/run_cloud_launcher.yaml | 16 +++++--- playbooks/service-codesearch.yaml | 4 +- playbooks/service-eavesdrop.yaml | 4 +- playbooks/service-nodepool.yaml | 4 +- roles.yaml | 7 ---- 17 files changed, 96 insertions(+), 41 deletions(-) create mode 100644 playbooks/group_vars/cloud-launcher.yaml create mode 100644 playbooks/roles/install-ansible-roles/README.rst create mode 100644 playbooks/roles/install-ansible-roles/defaults/main.yaml create mode 100644 playbooks/roles/install-ansible-roles/tasks/main.yaml create mode 100644 playbooks/roles/run-puppet/README.rst create mode 100644 playbooks/roles/run-puppet/tasks/main.yaml delete mode 100644 roles.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 626efd56b8..366fcc6b76 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1112,6 +1112,7 @@ description: | Run the playbook for an eavesdrop server. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config requires: accessbot-container-image @@ -1152,12 +1153,15 @@ - name: codesearch01.openstack.org label: ubuntu-xenial required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config files: - playbooks/install-ansible.yaml - playbooks/service-codesearch.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/sync-project-config - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ @@ -1210,10 +1214,16 @@ label: ubuntu-bionic - name: lists.openstack.org label: ubuntu-xenial + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - playbooks/install-ansible.yaml - modules/openstack_project/manifests/lists.pp - playbooks/host_vars/lists.openstack.org.yaml + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - roles/exim vars: run_playbooks: @@ -1238,8 +1248,9 @@ - name: nb04.opendev.org label: ubuntu-bionic required-projects: - - openstack/project-config + - opendev/ansible-role-puppet - opendev/system-config + - openstack/project-config host-vars: nl01.openstack.org: host_copy_output: @@ -1261,6 +1272,9 @@ - playbooks/group_vars/nodepool.yaml - playbooks/group_vars/nodepool-builder.yaml - playbooks/group_vars/nodepool-launcher.yaml + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/configure-openstacksdk/ - playbooks/roles/nodepool - playbooks/templates/clouds/ @@ -2080,7 +2094,6 @@ files: - inventory/ - roles/ - - roles.yaml - install_modules.sh - modules.env - playbooks/install-ansible.yaml @@ -2228,6 +2241,9 @@ - playbooks/host_vars/nb - playbooks/host_vars/nl - playbooks/group_vars/nodepool + - playbooks/group_vars/puppet + - playbooks/roles/install-ansible-roles/ + - playbooks/roles/run-puppet/ - playbooks/roles/configure-kubectl/ - playbooks/roles/configure-openstacksdk/ - playbooks/roles/install-docker/ @@ -2483,6 +2499,7 @@ parent: infra-prod-service-base description: Run service-codesearch.yaml playbook. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config vars: @@ -2492,6 +2509,8 @@ - playbooks/install-ansible.yaml - playbooks/service-codesearch.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/sync-project-config - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ @@ -2504,6 +2523,7 @@ parent: infra-prod-service-base description: Run service-eavesdrop.yaml playbook. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config dependencies: @@ -2523,6 +2543,8 @@ - playbooks/run-accessbot.yaml - playbooks/group_vars/eavesdrop.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/zuul-user - playbooks/roles/install-docker - playbooks/roles/puppet-install/ @@ -2555,11 +2577,17 @@ vars: playbook_name: remote_puppet_afs.yaml infra_prod_ansible_forks: 1 + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - inventory/ - playbooks/remote_puppet_afs.yaml - playbooks/group_vars/afs - playbooks/group_vars/mirror-update + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ - playbooks/roles/vos-release/ @@ -2573,12 +2601,18 @@ vars: playbook_name: remote_puppet_else.yaml infra_prod_ansible_forks: 50 + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - hiera/ - inventory/ - playbooks/remote_puppet_else.yaml - playbooks/group_vars/ - playbooks/host_vars/ + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ - modules/ @@ -2591,6 +2625,9 @@ vars: playbook_name: run_cloud_launcher.yaml infra_prod_ansible_forks: 1 + required-projects: + - opendev/ansible-role-cloud-launcher + - opendev/system-config dependencies: - name: infra-prod-service-bridge soft: true diff --git a/inventory/groups.yaml b/inventory/groups.yaml index 72c6fad00c..a91bcf98fa 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -28,6 +28,8 @@ groups: # backup-server: # - backup[0-9]*.opendev.org cacti: cacti[0-9]*.open*.org + cloud-launcher: + - bridge.openstack.org codesearch: - codesearch[0-9]*.open*.org control-plane-clouds: diff --git a/playbooks/group_vars/cloud-launcher.yaml b/playbooks/group_vars/cloud-launcher.yaml new file mode 100644 index 0000000000..f7fceca490 --- /dev/null +++ b/playbooks/group_vars/cloud-launcher.yaml @@ -0,0 +1,2 @@ +ansible_roles: + - cloud-launcher diff --git a/playbooks/group_vars/puppet.yaml b/playbooks/group_vars/puppet.yaml index e6bec333f5..7da5274604 100644 --- a/playbooks/group_vars/puppet.yaml +++ b/playbooks/group_vars/puppet.yaml @@ -10,3 +10,5 @@ puppet_color: 'false' mgmt_hieradata: /etc/ansible/hosts mgmt_puppet_module_dir: /etc/puppet/modules puppet_hieradata_link_dest: /opt/system-config/hieradata +ansible_roles: + - puppet diff --git a/playbooks/remote_puppet_afs.yaml b/playbooks/remote_puppet_afs.yaml index aa92eef1bf..eed1ea92d3 100644 --- a/playbooks/remote_puppet_afs.yaml +++ b/playbooks/remote_puppet_afs.yaml @@ -1,14 +1,8 @@ -- hosts: "afs:afsdb:!disabled" - name: "Base: install and configure puppet on puppet hosts" - roles: - - puppet-install - - disable-puppet-agent - - hosts: "afs:afsdb:!disabled" name: "AFS: run puppet on the AFS servers" strategy: free roles: - - puppet + - run-puppet - hosts: "mirror-update:!disabled" name: "Create key for remote vos release" diff --git a/playbooks/remote_puppet_else.yaml b/playbooks/remote_puppet_else.yaml index 2cd6f64354..36b2bdc1c0 100644 --- a/playbooks/remote_puppet_else.yaml +++ b/playbooks/remote_puppet_else.yaml @@ -2,6 +2,4 @@ name: "Puppet-else: run puppet on all other servers" strategy: free roles: - - puppet-install - - disable-puppet-agent - - puppet + - run-puppet diff --git a/playbooks/roles/install-ansible-roles/README.rst b/playbooks/roles/install-ansible-roles/README.rst new file mode 100644 index 0000000000..f03fabeab8 --- /dev/null +++ b/playbooks/roles/install-ansible-roles/README.rst @@ -0,0 +1 @@ +Install additional Ansible roles from git repos diff --git a/playbooks/roles/install-ansible-roles/defaults/main.yaml b/playbooks/roles/install-ansible-roles/defaults/main.yaml new file mode 100644 index 0000000000..8bfa95e4d3 --- /dev/null +++ b/playbooks/roles/install-ansible-roles/defaults/main.yaml @@ -0,0 +1,4 @@ +# Roles to install from source +ansible_roles: [] +ansible_role_src_root: /home/zuul +ansible_role_dest: /etc/ansible/roles diff --git a/playbooks/roles/install-ansible-roles/tasks/main.yaml b/playbooks/roles/install-ansible-roles/tasks/main.yaml new file mode 100644 index 0000000000..40f119cffd --- /dev/null +++ b/playbooks/roles/install-ansible-roles/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: Install ansible roles to /etc/ansible/roles + git: + repo: '{{ ansible_role_src_root }}/src/opendev.org/opendev/ansible-role-{{ ansible_role }}' + dest: '/etc/ansible/roles/{{ ansible_role }}' + force: yes + delegate_to: localhost + loop: '{{ ansible_roles }}' + loop_control: + loop_var: ansible_role diff --git a/playbooks/roles/install-ansible/tasks/main.yaml b/playbooks/roles/install-ansible/tasks/main.yaml index e0a8019876..afa438affc 100644 --- a/playbooks/roles/install-ansible/tasks/main.yaml +++ b/playbooks/roles/install-ansible/tasks/main.yaml @@ -111,14 +111,6 @@ src: roles/ dest: /etc/ansible/roles -- name: Copy roles.yaml into /etc/ansible - copy: - src: roles.yaml - dest: /etc/ansible/roles.yaml - -- name: Install ansible roles to /etc/ansible/roles - command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml - - name: Make sure k8s-on-openstack repo is up to date git: repo: https://github.com/infraly/k8s-on-openstack diff --git a/playbooks/roles/run-puppet/README.rst b/playbooks/roles/run-puppet/README.rst new file mode 100644 index 0000000000..b0a8bc5cb8 --- /dev/null +++ b/playbooks/roles/run-puppet/README.rst @@ -0,0 +1,12 @@ +Run puppet on remote servers + +Omnibus role that takes care of installing the puppet role, +installing puppet and then running puppet. Uses include_role +so that the installation of the puppet role can run as the +first task, then the puppet role can be used in a following +task. + +.. zuul:rolevar:: manifest + :default: manifests/site.pp + + Puppet manifest file to run. diff --git a/playbooks/roles/run-puppet/tasks/main.yaml b/playbooks/roles/run-puppet/tasks/main.yaml new file mode 100644 index 0000000000..9efa7e999d --- /dev/null +++ b/playbooks/roles/run-puppet/tasks/main.yaml @@ -0,0 +1,9 @@ +# Use include_role instead of roles: so that we can late-bind the roles list +- include_role: + name: install-ansible-roles +- include_role: + name: puppet-install +- include_role: + name: disable-puppet-agent +- include_role: + name: puppet diff --git a/playbooks/run_cloud_launcher.yaml b/playbooks/run_cloud_launcher.yaml index 30f497944c..17f6f635cc 100644 --- a/playbooks/run_cloud_launcher.yaml +++ b/playbooks/run_cloud_launcher.yaml @@ -1,7 +1,13 @@ -- hosts: bridge.openstack.org:!disabled +- hosts: cloud-launcher:!disabled name: "Cloud-launcher: Run cloud launcher" gather_facts: false - roles: - - role: cloud-launcher - profiles: '{{ cloud_launcher_profiles }}' - clouds: '{{ cloud_launcher_clouds }}' + tasks: + # Use include_role so that the cloud-launcher role install + # is late-binding + - include_role: + name: install-ansible-roles + - include_role: + name: cloud-launcher + vars: + profiles: '{{ cloud_launcher_profiles }}' + clouds: '{{ cloud_launcher_clouds }}' diff --git a/playbooks/service-codesearch.yaml b/playbooks/service-codesearch.yaml index 117b096d16..e0f0ff3bcf 100644 --- a/playbooks/service-codesearch.yaml +++ b/playbooks/service-codesearch.yaml @@ -3,7 +3,5 @@ strategy: free roles: - sync-project-config - - puppet-install - - disable-puppet-agent - - name: puppet + - name: run-puppet manifest: /opt/system-config/production/manifests/codesearch.pp diff --git a/playbooks/service-eavesdrop.yaml b/playbooks/service-eavesdrop.yaml index 9f6af287b4..a8ed205f6e 100644 --- a/playbooks/service-eavesdrop.yaml +++ b/playbooks/service-eavesdrop.yaml @@ -6,7 +6,5 @@ - sync-project-config - install-docker - accessbot - - puppet-install - - disable-puppet-agent - - name: puppet + - name: run-puppet manifest: /opt/system-config/production/manifests/eavesdrop.pp diff --git a/playbooks/service-nodepool.yaml b/playbooks/service-nodepool.yaml index 84ab9a3a88..17f4fee36b 100644 --- a/playbooks/service-nodepool.yaml +++ b/playbooks/service-nodepool.yaml @@ -14,9 +14,7 @@ - nodepool-base-legacy - configure-openstacksdk - configure-kubectl - - puppet-install - - disable-puppet-agent - - puppet + - run-puppet - hosts: nodepool-launcher:!disabled name: "Configure nodepool launchers" diff --git a/roles.yaml b/roles.yaml deleted file mode 100644 index 7e6cd676d8..0000000000 --- a/roles.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- src: git+https://opendev.org/opendev/ansible-role-puppet.git - version: HEAD - name: puppet -- src: git+https://opendev.org/opendev/ansible-role-cloud-launcher.git - version: HEAD - name: cloud-launcher