diff --git a/playbooks/install-ansible.yaml b/playbooks/bootstrap-bridge.yaml similarity index 96% rename from playbooks/install-ansible.yaml rename to playbooks/bootstrap-bridge.yaml index bde5ac38d5..ef0f0b01e4 100644 --- a/playbooks/install-ansible.yaml +++ b/playbooks/bootstrap-bridge.yaml @@ -1,5 +1,5 @@ - hosts: bridge.openstack.org:!disabled - name: "Bridge: boostrap the bastion host" + name: "Bridge: bootstrap the bastion host" become: true roles: - pip3 diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index f0da45bad9..bd6fdfcf49 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -1,4 +1,4 @@ -- import_playbook: ../install-ansible.yaml +- import_playbook: ../bootstrap-bridge.yaml vars: root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa', rstrip=False) }}" ansible_cron_disable_job: true diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 0cd230917f..89a7ec4fcd 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -30,17 +30,28 @@ nodes: [] - job: - name: infra-prod-install-ansible + name: infra-prod-bootstrap-bridge parent: infra-prod-playbook - description: Install ansible on bridge. + description: | + Configure the bastion host (bridge) + + This job does minimal configuration on the bastion host + (bridge.openstack.org) to allow it to run system-config + playbooks against our production hosts. It sets up Ansible on + the host. + + Note that this is separate to infra-prod-service-bridge; + bridge in it's role as the bastion host actaully runs that + against itself; it includes things not strictly needed to make + the host able to deploy system-config. vars: - playbook_name: install-ansible.yaml + playbook_name: bootstrap-bridge.yaml files: - inventory/ - roles/ - install_modules.sh - modules.env - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/roles/pip3/ - playbooks/roles/install-ansible/ - playbooks/roles/logrotate/ @@ -363,7 +374,6 @@ playbook_name: service-zuul.yaml files: - inventory/base - - playbooks/install-ansible.yaml - playbooks/service-zuul.yaml - inventory/service/group_vars/zuul - inventory/service/group_vars/zookeeper.yaml diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 2b83eda77d..0894e181f4 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -358,12 +358,12 @@ # This installs the ansible on bridge that all the infra-prod # jobs will run with. Note the jobs use this ansible to then # run against zuul's checkout of system-config. - - infra-prod-install-ansible + - infra-prod-bootstrap-bridge # From now on, all jobs should depend on base - infra-prod-base: &infra-prod-base dependencies: - - name: infra-prod-install-ansible + - name: infra-prod-bootstrap-bridge soft: true # Legacy puppet hosts @@ -611,7 +611,7 @@ - zuul-ci-goaccess-report # Nightly runs of ansible things for catchup # Keep in order from above - - infra-prod-install-ansible + - infra-prod-bootstrap-bridge - infra-prod-base: *infra-prod-base - infra-prod-remote-puppet-else: *infra-prod-remote-puppet-else - infra-prod-letsencrypt: *infra-prod-letsencrypt @@ -649,7 +649,7 @@ opendev-prod-hourly: jobs: - - infra-prod-install-ansible + - infra-prod-bootstrap-bridge - infra-prod-service-bridge: *infra-prod-service-bridge - infra-prod-service-nodepool: *infra-prod-service-nodepool - infra-prod-service-registry: *infra-prod-service-registry diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index c663904f63..2ff5ab8d9a 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -212,7 +212,7 @@ host_copy_output: '/var/log/acme.sh': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/letsencrypt.yaml # This is split because we ant to avoid # ...create-certs/handlers/main.yaml matching since every @@ -243,7 +243,7 @@ required-projects: - opendev/system-config files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/host_vars/lists.openstack.org.yaml - inventory/service/host_vars/lists.katacontainers.io.yaml - inventory/service/group_vars/mailman.yaml @@ -296,7 +296,7 @@ # Test our ad hoc restart playbook works - playbooks/nodepool_restart.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/nodepool.yaml - inventory/service/group_vars/nodepool-builder.yaml - inventory/service/group_vars/nodepool-launcher.yaml @@ -331,7 +331,7 @@ '/etc/bind/named.conf': logs '/var/lib/bind/zones': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/adns.yaml - inventory/service/group_vars/dns.yaml - inventory/service/host_vars/(ad)?ns\d+.opendev.org.yaml @@ -364,7 +364,7 @@ files: - playbooks/service-borg-backup.yaml - playbooks/test-borg-bcakup.yaml - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/roles/install-borg - playbooks/roles/borg-backup - playbooks/zuul/templates/host_vars/borg-backup @@ -404,7 +404,7 @@ '/var/log/acme.sh': logs '/etc/apache2/sites-available/mirror.conf': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - roles/ - playbooks/roles/base/ - inventory/service/group_vars/mirror.yaml @@ -454,7 +454,7 @@ run_playbooks: - playbooks/service-mirror-update.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - roles/ - playbooks/roles/mirror-update/ - playbooks/roles/reprepro/ @@ -482,7 +482,7 @@ '/var/registry/auth': logs '/var/registry/certs': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/registry.yaml - inventory/service/host_vars/insecure-ci-registry\d+.opendev.org.yaml - playbooks/zuul/templates/group_vars/registry.yaml.j2 @@ -512,7 +512,7 @@ - playbooks/letsencrypt.yaml - playbooks/service-codesearch.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-codesearch.yaml - playbooks/roles/codesearch/ @@ -539,7 +539,7 @@ - playbooks/letsencrypt.yaml - playbooks/service-etherpad.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-etherpad.yaml - playbooks/roles/etherpad/ @@ -592,7 +592,7 @@ host_copy_output: '/var/haproxy/etc': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-gitea-lb.yaml - playbooks/service-gitea.yaml @@ -643,7 +643,7 @@ - playbooks/service-grafana.yaml run_test_playbook: playbooks/test-grafana.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-grafana.yaml - playbooks/roles/grafana/ @@ -675,7 +675,7 @@ host_copy_output: '/var/log/graphite': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-graphite.yaml - playbooks/roles/graphite @@ -735,7 +735,7 @@ host_copy_output: '/var/jitsi-meet': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/meetpad.yaml - inventory/service/host_vars/meetpad\d+.opendev.org.yaml - playbooks/roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml @@ -767,7 +767,7 @@ - playbooks/service-paste.yaml run_test_playbook: playbooks/test-paste.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-paste.yaml - playbooks/roles/lodgeit @@ -791,7 +791,7 @@ run_playbooks: - playbooks/service-zookeeper.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group_vars/zookeeper.yaml - ^inventory/service/host_vars/zk\d+\..* - playbooks/roles/zookeeper/ @@ -817,7 +817,7 @@ run_playbooks: - playbooks/service-zuul-preview.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/roles/zuul-preview/ - playbooks/roles/pip3/ - playbooks/roles/install-docker/ @@ -871,7 +871,7 @@ host_copy_output: '/etc/hosts': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/service-zookeeper.yaml - playbooks/service-zuul.yaml - inventory/service/group_vars/zuul @@ -918,7 +918,7 @@ '/var/log/apache2/': logs '/var/log/acme.sh': logs files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/letsencrypt.yaml - playbooks/service-review.*.yaml - playbooks/test-review.yaml @@ -984,7 +984,7 @@ - playbooks/letsencrypt.yaml - playbooks/service-static.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/roles/static/ - playbooks/roles/letsencrypt - playbooks/letsencrypt.yaml @@ -1023,7 +1023,7 @@ - playbooks/service-refstack.yaml container_command: docker files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - inventory/service/group-vars/refstack.yaml - playbooks/zuul/templates/group_vars/refstack.yaml.j2 - playbooks/roles/refstack/ @@ -1063,5 +1063,5 @@ - playbooks/service-kerberos.yaml run_test_playbook: playbooks/test-kerberos.yaml files: - - playbooks/install-ansible.yaml + - playbooks/bootstrap-bridge.yaml - playbooks/roles/kerberos-kdc/