Use zuul checkouts of ansible roles from other repos
We have two standalone roles, puppet and cloud-launcher, but we currently install them with galaxy so depends-on patches don't work. We also install them every time we run anything, even if we don't need them for the playbook in question. Add two roles, one to install a set of ansible roles needed by the host in question, and the other to encapsulate the sequence of running puppet, which now includes installing the puppet role, installing puppet, disabling the puppet agent and then running puppet. As a followup, we'll do the same thing with the puppet modules, so that we arent' cloning and rsyncing ALL of the puppet modules all the time no matter what. Change-Id: I69a2e99e869ee39a3da573af421b18ad93056d5b
This commit is contained in:
parent
1b126ef48a
commit
4b9d1a88bd
41
.zuul.yaml
41
.zuul.yaml
@ -1112,6 +1112,7 @@
|
|||||||
description: |
|
description: |
|
||||||
Run the playbook for an eavesdrop server.
|
Run the playbook for an eavesdrop server.
|
||||||
required-projects:
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
- opendev/system-config
|
- opendev/system-config
|
||||||
- openstack/project-config
|
- openstack/project-config
|
||||||
requires: accessbot-container-image
|
requires: accessbot-container-image
|
||||||
@ -1152,12 +1153,15 @@
|
|||||||
- name: codesearch01.openstack.org
|
- name: codesearch01.openstack.org
|
||||||
label: ubuntu-xenial
|
label: ubuntu-xenial
|
||||||
required-projects:
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
- opendev/system-config
|
- opendev/system-config
|
||||||
- openstack/project-config
|
- openstack/project-config
|
||||||
files:
|
files:
|
||||||
- playbooks/install-ansible.yaml
|
- playbooks/install-ansible.yaml
|
||||||
- playbooks/service-codesearch.yaml
|
- playbooks/service-codesearch.yaml
|
||||||
- playbooks/group_vars/puppet.yaml
|
- playbooks/group_vars/puppet.yaml
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/sync-project-config
|
- playbooks/roles/sync-project-config
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
@ -1210,10 +1214,16 @@
|
|||||||
label: ubuntu-bionic
|
label: ubuntu-bionic
|
||||||
- name: lists.openstack.org
|
- name: lists.openstack.org
|
||||||
label: ubuntu-xenial
|
label: ubuntu-xenial
|
||||||
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
|
- opendev/system-config
|
||||||
files:
|
files:
|
||||||
- playbooks/install-ansible.yaml
|
- playbooks/install-ansible.yaml
|
||||||
- modules/openstack_project/manifests/lists.pp
|
- modules/openstack_project/manifests/lists.pp
|
||||||
- playbooks/host_vars/lists.openstack.org.yaml
|
- playbooks/host_vars/lists.openstack.org.yaml
|
||||||
|
- playbooks/group_vars/puppet
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- roles/exim
|
- roles/exim
|
||||||
vars:
|
vars:
|
||||||
run_playbooks:
|
run_playbooks:
|
||||||
@ -1238,8 +1248,9 @@
|
|||||||
- name: nb04.opendev.org
|
- name: nb04.opendev.org
|
||||||
label: ubuntu-bionic
|
label: ubuntu-bionic
|
||||||
required-projects:
|
required-projects:
|
||||||
- openstack/project-config
|
- opendev/ansible-role-puppet
|
||||||
- opendev/system-config
|
- opendev/system-config
|
||||||
|
- openstack/project-config
|
||||||
host-vars:
|
host-vars:
|
||||||
nl01.openstack.org:
|
nl01.openstack.org:
|
||||||
host_copy_output:
|
host_copy_output:
|
||||||
@ -1261,6 +1272,9 @@
|
|||||||
- playbooks/group_vars/nodepool.yaml
|
- playbooks/group_vars/nodepool.yaml
|
||||||
- playbooks/group_vars/nodepool-builder.yaml
|
- playbooks/group_vars/nodepool-builder.yaml
|
||||||
- playbooks/group_vars/nodepool-launcher.yaml
|
- playbooks/group_vars/nodepool-launcher.yaml
|
||||||
|
- playbooks/group_vars/puppet
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/configure-openstacksdk/
|
- playbooks/roles/configure-openstacksdk/
|
||||||
- playbooks/roles/nodepool
|
- playbooks/roles/nodepool
|
||||||
- playbooks/templates/clouds/
|
- playbooks/templates/clouds/
|
||||||
@ -2080,7 +2094,6 @@
|
|||||||
files:
|
files:
|
||||||
- inventory/
|
- inventory/
|
||||||
- roles/
|
- roles/
|
||||||
- roles.yaml
|
|
||||||
- install_modules.sh
|
- install_modules.sh
|
||||||
- modules.env
|
- modules.env
|
||||||
- playbooks/install-ansible.yaml
|
- playbooks/install-ansible.yaml
|
||||||
@ -2228,6 +2241,9 @@
|
|||||||
- playbooks/host_vars/nb
|
- playbooks/host_vars/nb
|
||||||
- playbooks/host_vars/nl
|
- playbooks/host_vars/nl
|
||||||
- playbooks/group_vars/nodepool
|
- playbooks/group_vars/nodepool
|
||||||
|
- playbooks/group_vars/puppet
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
- playbooks/roles/configure-kubectl/
|
- playbooks/roles/configure-kubectl/
|
||||||
- playbooks/roles/configure-openstacksdk/
|
- playbooks/roles/configure-openstacksdk/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
@ -2483,6 +2499,7 @@
|
|||||||
parent: infra-prod-service-base
|
parent: infra-prod-service-base
|
||||||
description: Run service-codesearch.yaml playbook.
|
description: Run service-codesearch.yaml playbook.
|
||||||
required-projects:
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
- opendev/system-config
|
- opendev/system-config
|
||||||
- openstack/project-config
|
- openstack/project-config
|
||||||
vars:
|
vars:
|
||||||
@ -2492,6 +2509,8 @@
|
|||||||
- playbooks/install-ansible.yaml
|
- playbooks/install-ansible.yaml
|
||||||
- playbooks/service-codesearch.yaml
|
- playbooks/service-codesearch.yaml
|
||||||
- playbooks/group_vars/puppet.yaml
|
- playbooks/group_vars/puppet.yaml
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/sync-project-config
|
- playbooks/roles/sync-project-config
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
@ -2504,6 +2523,7 @@
|
|||||||
parent: infra-prod-service-base
|
parent: infra-prod-service-base
|
||||||
description: Run service-eavesdrop.yaml playbook.
|
description: Run service-eavesdrop.yaml playbook.
|
||||||
required-projects:
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
- opendev/system-config
|
- opendev/system-config
|
||||||
- openstack/project-config
|
- openstack/project-config
|
||||||
dependencies:
|
dependencies:
|
||||||
@ -2523,6 +2543,8 @@
|
|||||||
- playbooks/run-accessbot.yaml
|
- playbooks/run-accessbot.yaml
|
||||||
- playbooks/group_vars/eavesdrop.yaml
|
- playbooks/group_vars/eavesdrop.yaml
|
||||||
- playbooks/group_vars/puppet.yaml
|
- playbooks/group_vars/puppet.yaml
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/zuul-user
|
- playbooks/roles/zuul-user
|
||||||
- playbooks/roles/install-docker
|
- playbooks/roles/install-docker
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
@ -2555,11 +2577,17 @@
|
|||||||
vars:
|
vars:
|
||||||
playbook_name: remote_puppet_afs.yaml
|
playbook_name: remote_puppet_afs.yaml
|
||||||
infra_prod_ansible_forks: 1
|
infra_prod_ansible_forks: 1
|
||||||
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
|
- opendev/system-config
|
||||||
files:
|
files:
|
||||||
- inventory/
|
- inventory/
|
||||||
- playbooks/remote_puppet_afs.yaml
|
- playbooks/remote_puppet_afs.yaml
|
||||||
- playbooks/group_vars/afs
|
- playbooks/group_vars/afs
|
||||||
- playbooks/group_vars/mirror-update
|
- playbooks/group_vars/mirror-update
|
||||||
|
- playbooks/group_vars/puppet
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
- playbooks/roles/vos-release/
|
- playbooks/roles/vos-release/
|
||||||
@ -2573,12 +2601,18 @@
|
|||||||
vars:
|
vars:
|
||||||
playbook_name: remote_puppet_else.yaml
|
playbook_name: remote_puppet_else.yaml
|
||||||
infra_prod_ansible_forks: 50
|
infra_prod_ansible_forks: 50
|
||||||
|
required-projects:
|
||||||
|
- opendev/ansible-role-puppet
|
||||||
|
- opendev/system-config
|
||||||
files:
|
files:
|
||||||
- hiera/
|
- hiera/
|
||||||
- inventory/
|
- inventory/
|
||||||
- playbooks/remote_puppet_else.yaml
|
- playbooks/remote_puppet_else.yaml
|
||||||
- playbooks/group_vars/
|
- playbooks/group_vars/
|
||||||
- playbooks/host_vars/
|
- playbooks/host_vars/
|
||||||
|
- playbooks/group_vars/puppet
|
||||||
|
- playbooks/roles/run-puppet/
|
||||||
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
- modules/
|
- modules/
|
||||||
@ -2591,6 +2625,9 @@
|
|||||||
vars:
|
vars:
|
||||||
playbook_name: run_cloud_launcher.yaml
|
playbook_name: run_cloud_launcher.yaml
|
||||||
infra_prod_ansible_forks: 1
|
infra_prod_ansible_forks: 1
|
||||||
|
required-projects:
|
||||||
|
- opendev/ansible-role-cloud-launcher
|
||||||
|
- opendev/system-config
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-service-bridge
|
- name: infra-prod-service-bridge
|
||||||
soft: true
|
soft: true
|
||||||
|
@ -28,6 +28,8 @@ groups:
|
|||||||
# backup-server:
|
# backup-server:
|
||||||
# - backup[0-9]*.opendev.org
|
# - backup[0-9]*.opendev.org
|
||||||
cacti: cacti[0-9]*.open*.org
|
cacti: cacti[0-9]*.open*.org
|
||||||
|
cloud-launcher:
|
||||||
|
- bridge.openstack.org
|
||||||
codesearch:
|
codesearch:
|
||||||
- codesearch[0-9]*.open*.org
|
- codesearch[0-9]*.open*.org
|
||||||
control-plane-clouds:
|
control-plane-clouds:
|
||||||
|
2
playbooks/group_vars/cloud-launcher.yaml
Normal file
2
playbooks/group_vars/cloud-launcher.yaml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
ansible_roles:
|
||||||
|
- cloud-launcher
|
@ -10,3 +10,5 @@ puppet_color: 'false'
|
|||||||
mgmt_hieradata: /etc/ansible/hosts
|
mgmt_hieradata: /etc/ansible/hosts
|
||||||
mgmt_puppet_module_dir: /etc/puppet/modules
|
mgmt_puppet_module_dir: /etc/puppet/modules
|
||||||
puppet_hieradata_link_dest: /opt/system-config/hieradata
|
puppet_hieradata_link_dest: /opt/system-config/hieradata
|
||||||
|
ansible_roles:
|
||||||
|
- puppet
|
||||||
|
@ -1,14 +1,8 @@
|
|||||||
- hosts: "afs:afsdb:!disabled"
|
|
||||||
name: "Base: install and configure puppet on puppet hosts"
|
|
||||||
roles:
|
|
||||||
- puppet-install
|
|
||||||
- disable-puppet-agent
|
|
||||||
|
|
||||||
- hosts: "afs:afsdb:!disabled"
|
- hosts: "afs:afsdb:!disabled"
|
||||||
name: "AFS: run puppet on the AFS servers"
|
name: "AFS: run puppet on the AFS servers"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
- puppet
|
- run-puppet
|
||||||
|
|
||||||
- hosts: "mirror-update:!disabled"
|
- hosts: "mirror-update:!disabled"
|
||||||
name: "Create key for remote vos release"
|
name: "Create key for remote vos release"
|
||||||
|
@ -2,6 +2,4 @@
|
|||||||
name: "Puppet-else: run puppet on all other servers"
|
name: "Puppet-else: run puppet on all other servers"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
- puppet-install
|
- run-puppet
|
||||||
- disable-puppet-agent
|
|
||||||
- puppet
|
|
||||||
|
1
playbooks/roles/install-ansible-roles/README.rst
Normal file
1
playbooks/roles/install-ansible-roles/README.rst
Normal file
@ -0,0 +1 @@
|
|||||||
|
Install additional Ansible roles from git repos
|
4
playbooks/roles/install-ansible-roles/defaults/main.yaml
Normal file
4
playbooks/roles/install-ansible-roles/defaults/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Roles to install from source
|
||||||
|
ansible_roles: []
|
||||||
|
ansible_role_src_root: /home/zuul
|
||||||
|
ansible_role_dest: /etc/ansible/roles
|
9
playbooks/roles/install-ansible-roles/tasks/main.yaml
Normal file
9
playbooks/roles/install-ansible-roles/tasks/main.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
- name: Install ansible roles to /etc/ansible/roles
|
||||||
|
git:
|
||||||
|
repo: '{{ ansible_role_src_root }}/src/opendev.org/opendev/ansible-role-{{ ansible_role }}'
|
||||||
|
dest: '/etc/ansible/roles/{{ ansible_role }}'
|
||||||
|
force: yes
|
||||||
|
delegate_to: localhost
|
||||||
|
loop: '{{ ansible_roles }}'
|
||||||
|
loop_control:
|
||||||
|
loop_var: ansible_role
|
@ -111,14 +111,6 @@
|
|||||||
src: roles/
|
src: roles/
|
||||||
dest: /etc/ansible/roles
|
dest: /etc/ansible/roles
|
||||||
|
|
||||||
- name: Copy roles.yaml into /etc/ansible
|
|
||||||
copy:
|
|
||||||
src: roles.yaml
|
|
||||||
dest: /etc/ansible/roles.yaml
|
|
||||||
|
|
||||||
- name: Install ansible roles to /etc/ansible/roles
|
|
||||||
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml
|
|
||||||
|
|
||||||
- name: Make sure k8s-on-openstack repo is up to date
|
- name: Make sure k8s-on-openstack repo is up to date
|
||||||
git:
|
git:
|
||||||
repo: https://github.com/infraly/k8s-on-openstack
|
repo: https://github.com/infraly/k8s-on-openstack
|
||||||
|
12
playbooks/roles/run-puppet/README.rst
Normal file
12
playbooks/roles/run-puppet/README.rst
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
Run puppet on remote servers
|
||||||
|
|
||||||
|
Omnibus role that takes care of installing the puppet role,
|
||||||
|
installing puppet and then running puppet. Uses include_role
|
||||||
|
so that the installation of the puppet role can run as the
|
||||||
|
first task, then the puppet role can be used in a following
|
||||||
|
task.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: manifest
|
||||||
|
:default: manifests/site.pp
|
||||||
|
|
||||||
|
Puppet manifest file to run.
|
9
playbooks/roles/run-puppet/tasks/main.yaml
Normal file
9
playbooks/roles/run-puppet/tasks/main.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Use include_role instead of roles: so that we can late-bind the roles list
|
||||||
|
- include_role:
|
||||||
|
name: install-ansible-roles
|
||||||
|
- include_role:
|
||||||
|
name: puppet-install
|
||||||
|
- include_role:
|
||||||
|
name: disable-puppet-agent
|
||||||
|
- include_role:
|
||||||
|
name: puppet
|
@ -1,7 +1,13 @@
|
|||||||
- hosts: bridge.openstack.org:!disabled
|
- hosts: cloud-launcher:!disabled
|
||||||
name: "Cloud-launcher: Run cloud launcher"
|
name: "Cloud-launcher: Run cloud launcher"
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
roles:
|
tasks:
|
||||||
- role: cloud-launcher
|
# Use include_role so that the cloud-launcher role install
|
||||||
profiles: '{{ cloud_launcher_profiles }}'
|
# is late-binding
|
||||||
clouds: '{{ cloud_launcher_clouds }}'
|
- include_role:
|
||||||
|
name: install-ansible-roles
|
||||||
|
- include_role:
|
||||||
|
name: cloud-launcher
|
||||||
|
vars:
|
||||||
|
profiles: '{{ cloud_launcher_profiles }}'
|
||||||
|
clouds: '{{ cloud_launcher_clouds }}'
|
||||||
|
@ -3,7 +3,5 @@
|
|||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
- sync-project-config
|
- sync-project-config
|
||||||
- puppet-install
|
- name: run-puppet
|
||||||
- disable-puppet-agent
|
|
||||||
- name: puppet
|
|
||||||
manifest: /opt/system-config/production/manifests/codesearch.pp
|
manifest: /opt/system-config/production/manifests/codesearch.pp
|
||||||
|
@ -6,7 +6,5 @@
|
|||||||
- sync-project-config
|
- sync-project-config
|
||||||
- install-docker
|
- install-docker
|
||||||
- accessbot
|
- accessbot
|
||||||
- puppet-install
|
- name: run-puppet
|
||||||
- disable-puppet-agent
|
|
||||||
- name: puppet
|
|
||||||
manifest: /opt/system-config/production/manifests/eavesdrop.pp
|
manifest: /opt/system-config/production/manifests/eavesdrop.pp
|
||||||
|
@ -14,9 +14,7 @@
|
|||||||
- nodepool-base-legacy
|
- nodepool-base-legacy
|
||||||
- configure-openstacksdk
|
- configure-openstacksdk
|
||||||
- configure-kubectl
|
- configure-kubectl
|
||||||
- puppet-install
|
- run-puppet
|
||||||
- disable-puppet-agent
|
|
||||||
- puppet
|
|
||||||
|
|
||||||
- hosts: nodepool-launcher:!disabled
|
- hosts: nodepool-launcher:!disabled
|
||||||
name: "Configure nodepool launchers"
|
name: "Configure nodepool launchers"
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
- src: git+https://opendev.org/opendev/ansible-role-puppet.git
|
|
||||||
version: HEAD
|
|
||||||
name: puppet
|
|
||||||
- src: git+https://opendev.org/opendev/ansible-role-cloud-launcher.git
|
|
||||||
version: HEAD
|
|
||||||
name: cloud-launcher
|
|
Loading…
Reference in New Issue
Block a user