Clean up base playbook

We're going to try using this in some other organizations, so simplify thing. Add in a flush handlers so that we don't have to split plays. Remove kubernetes group, this isn't actually a thing right now. Change-Id: I26b21aa8ffca1ac5112136831aa7664d5c3becac
2020-05-26 15:08:02 -05:00 · 2020-05-26 15:08:02 -05:00 · 67212c3ef2
commit 67212c3ef2
parent f91b324e91
3 changed files with 4 additions and 17 deletions
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@ -67,8 +67,6 @@ groups:
    - jvb[0-9]*.opendev.org
  kdc:
    - kdc[0-9]*.open*.org
-  kubernetes:
-    - opendev-k8s*.opendev.org
  letsencrypt:
    - etherpad[0-9]*.opendev.org
    - gitea[0-9]*.opendev.org
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@ -1,25 +1,12 @@
- hosts: "!disabled"
-  name: "Base: set up users and base package repositories on all hosts"
-  roles:
-    - users
-    - base-repos
-
-# Run base-server seperately so that the update apt cache handler in base-repos
-# fires before we run base-server
 - hosts: "!disabled"
  name: "Base: set up common environment on all hosts"
  roles:
+    - users
+    - base-repos
    - base-server
    - timezone
    - unbound
    - exim
    - disable-puppet-agent
-
-# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
-# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
-# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
- hosts: "!disabled:!kubernetes"
-  name: "Base: set up firewall rules"
-  roles:
    - snmpd
    - iptables
--- a/playbooks/roles/base-repos/tasks/main.yaml
+++ b/playbooks/roles/base-repos/tasks/main.yaml
@ -6,3 +6,5 @@
        - "{{ ansible_facts.distribution }}.yaml"
        - "{{ ansible_facts.os_family }}.yaml"
  loop: "{{ query('first_found', params, errors='ignore') }}"
+
+- meta: flush_handlers