Clean up base playbook
We're going to try using this in some other organizations, so simplify thing. Add in a flush handlers so that we don't have to split plays. Remove kubernetes group, this isn't actually a thing right now. Change-Id: I26b21aa8ffca1ac5112136831aa7664d5c3becac
This commit is contained in:
parent
f91b324e91
commit
67212c3ef2
@ -67,8 +67,6 @@ groups:
|
||||
- jvb[0-9]*.opendev.org
|
||||
kdc:
|
||||
- kdc[0-9]*.open*.org
|
||||
kubernetes:
|
||||
- opendev-k8s*.opendev.org
|
||||
letsencrypt:
|
||||
- etherpad[0-9]*.opendev.org
|
||||
- gitea[0-9]*.opendev.org
|
||||
|
@ -1,25 +1,12 @@
|
||||
- hosts: "!disabled"
|
||||
name: "Base: set up users and base package repositories on all hosts"
|
||||
roles:
|
||||
- users
|
||||
- base-repos
|
||||
|
||||
# Run base-server seperately so that the update apt cache handler in base-repos
|
||||
# fires before we run base-server
|
||||
- hosts: "!disabled"
|
||||
name: "Base: set up common environment on all hosts"
|
||||
roles:
|
||||
- users
|
||||
- base-repos
|
||||
- base-server
|
||||
- timezone
|
||||
- unbound
|
||||
- exim
|
||||
- disable-puppet-agent
|
||||
|
||||
# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
|
||||
# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
|
||||
# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
|
||||
- hosts: "!disabled:!kubernetes"
|
||||
name: "Base: set up firewall rules"
|
||||
roles:
|
||||
- snmpd
|
||||
- iptables
|
||||
|
@ -6,3 +6,5 @@
|
||||
- "{{ ansible_facts.distribution }}.yaml"
|
||||
- "{{ ansible_facts.os_family }}.yaml"
|
||||
loop: "{{ query('first_found', params, errors='ignore') }}"
|
||||
|
||||
- meta: flush_handlers
|
||||
|
Loading…
Reference in New Issue
Block a user