Clean up base playbook

We're going to try using this in some other organizations, so
simplify thing.

Add in a flush handlers so that we don't have to split plays.
Remove kubernetes group, this isn't actually a thing right now.

Change-Id: I26b21aa8ffca1ac5112136831aa7664d5c3becac
This commit is contained in:
Monty Taylor 2020-05-26 15:08:02 -05:00
parent f91b324e91
commit 67212c3ef2
3 changed files with 4 additions and 17 deletions

View File

@ -67,8 +67,6 @@ groups:
- jvb[0-9]*.opendev.org
kdc:
- kdc[0-9]*.open*.org
kubernetes:
- opendev-k8s*.opendev.org
letsencrypt:
- etherpad[0-9]*.opendev.org
- gitea[0-9]*.opendev.org

View File

@ -1,25 +1,12 @@
- hosts: "!disabled"
name: "Base: set up users and base package repositories on all hosts"
roles:
- users
- base-repos
# Run base-server seperately so that the update apt cache handler in base-repos
# fires before we run base-server
- hosts: "!disabled"
name: "Base: set up common environment on all hosts"
roles:
- users
- base-repos
- base-server
- timezone
- unbound
- exim
- disable-puppet-agent
# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
- hosts: "!disabled:!kubernetes"
name: "Base: set up firewall rules"
roles:
- snmpd
- iptables

View File

@ -6,3 +6,5 @@
- "{{ ansible_facts.distribution }}.yaml"
- "{{ ansible_facts.os_family }}.yaml"
loop: "{{ query('first_found', params, errors='ignore') }}"
- meta: flush_handlers