infra-prod: run job against linaro

We have access to manage the linaro cloud, but we don't want to completely own the host as it has been configured with kolla-ansible; so we don't want to take over things like name resolution, iptables rules, docker installation, etc. But we would like to manage some parts of it, like rolling out our root users, some cron jobs, etc. While we could just log in and do these things, it doesn't feel very openinfra. This allows us to have a group "unmanaged" that skips the base jobs. The base playbook is updated to skip these hosts. For now, we add a cloud-linaro prod job that just does nothing so we can validate the whole thing. When it's working, I plan to add a few things as discussed above. Change-Id: Ie8de70cbac7ffb9d727a06a349c3d2a3b3aa0b40
2023-03-15 12:00:25 +11:00 · 2023-03-15 12:00:25 +11:00 · be992b3bb6
parent b61c9edf66
commit be992b3bb6
6 changed files with 40 additions and 1 deletions
--- a/inventory/base/hosts.yaml
+++ b/inventory/base/hosts.yaml
@ -1006,3 +1006,16 @@ all:
        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUbbEvvPRMJZ1kFqDjMc3ahax3zYx7/ESMgBe4mS3xWsr4HTqlJUXJdIhEk+cw23NdxiEzum7aLiv6vYgHAEfEK9Ajrhy3AKZGe92ey2nXXShbcthJNr35GSjzod2OIC71XJUwh0cM/FbmweIDY0K0E7FRnapSr3H77lUb545we5tXoSrhZtEpgFkMYwUQ3YDQLXgX7/rLb17NE4/zKDgl9oYi9i7LIIVocS9o8bzy+aYCUWIH2lc9Jcf7ho4NdViNGWoih2/f/BxAO3fGWyyHfUYb/HR7qgL9DMlehzG4Z/4XvS8fgCsq8BGoqcyn0aQlGlOI1RX/3Wsr3tmhJ+X9'
        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI8Vbr6vcHDpghr/pKg9I/Dy7FpyAdzEQKd0xOzHNaEtpPpHFcPUH/L9JghHsDPHqcvMKbenyCwaGlAWtB4fJn0='
        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8uoICryIEi+2pecVwX/zYIySEAWKELWH4/XYBBdhDQ'
+    # NOTE - the following hosts are "partially managed" in that we
+    # don't run the full base deployment on them, but rather a
+    # specific subset of hand-picked roles, etc.
+    openinfraci.linaro.cloud:
+      ansible_host: 147.75.35.206
+      location:
+        cloud: opendevci-linaro
+        region_name: RegionOne
+      public_v4: 147.75.35.206
+      host_keys:
+        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4VJyWg7kQTXQ+j2J2U1yrh61VAeZTTIerpc5tu5R+I+ebxZzcE9AAvqDLgflaCGDfv02Ds5BRGsD43sUHNzr/RtxNREqkTe713+dZGFuIdhDJSIz56iOzKmT6woc1n4wh4r8JEjTyiEGFimJYclkIHHx3RZyQroy/ntMr7lQSMfYeMr65LIahJzxOLHM1SEa/fMaMBqerdPsit56tnqfPxEM4iEUkN/Rfc8t94JgtB52VzqKWtvpFHy5DIP0MilrPI2xf/2PMycl1hj+LL4AO+mgSqRtv5TmPjv4KTH6ro0edFXm7vWZEl+8OXCUOErmPwSHFwLVIyuCsV4vI/nUGIZ7ttxUv8ZsKTC8yrzZBZen/0xF+kcLKhm3A3poR/KN8yqoCO542Wl+zwDcXiYvdDVS908796JSlfqf59mMnmuDg4gGGRYGEeRmPkdwwm1Lm8tgkwJX3HAx7ziEZbZ2hu1v3yg2DKI+K1OEhp+eucL0OkaBmdvAAvVMQEn1FbJ8='
+        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGnFxrjQah1S64D3hNzdWl8FmQR93gkw4zsgkCE+ZY1Bc5bdrfS/xQeTuxIpBP6L/7UlCe8ks48qc8caJ5vmy+0='
+        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5xRCcYInStxHXEhkVws5RmqzUc0S/4wi1zOtd6zlUB'
--- a/inventory/service/groups.yaml
+++ b/inventory/service/groups.yaml
@ -159,6 +159,9 @@ groups:
    - translate-dev[0-9]*.open*.org
  translate:
    - translate[0-9]*.open*.org
+  # This group does not run the base jobs
+  unmanaged:
+    - openinfraci.linaro.cloud
  webservers:
    - cacti[0-9]*.open*.org
    - codesearch[0-9]*.opendev.org
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@ -1,4 +1,4 @@
- hosts: "!disabled"
+- hosts: "!unmanaged:!disabled"
  name: "Base: set up common environment on all hosts"
  roles:
    - base/users
--- a/playbooks/service-cloud-linaro.yaml
+++ b/playbooks/service-cloud-linaro.yaml
@ -0,0 +1,6 @@
+- hosts: "openinfraci.linaro.cloud"
+  tasks:
+
+    - name: Initial task
+      debug:
+        msg: "This is a placeholder"
--- a/zuul.d/infra-prod.yaml
+++ b/zuul.d/infra-prod.yaml
@ -669,3 +669,14 @@
    files:
      - playbooks/run_cloud_launcher.yaml
      - inventory/service/group_vars/bastion.yaml
+
+- job:
+    name: infra-prod-cloud-linaro
+    parent: infra-prod-service-base
+    description: Run management tasks against Linaro
+    vars:
+      playbook_name: service-cloud-linaro.yaml
+    required-projects:
+      - opendev/system-config
+    files:
+      - playbooks/service-cloud-linaro.yaml
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -394,6 +394,11 @@
              - name: infra-prod-base
                soft: true

+        - infra-prod-cloud-linaro: &infra-prod-cloud-linaro
+            dependencies:
+              - name: infra-prod-base
+                soft: true
+
        #
        # Hosts using certificates and backups
        #
@ -614,6 +619,7 @@
        - infra-prod-service-afs: *infra-prod-service-afs
        - infra-prod-service-nameserver: *infra-prod-service-nameserver
        - infra-prod-service-mirror-update: *infra-prod-service-mirror-update
+        - infra-prod-cloud-linaro: *infra-prod-cloud-linaro
        - infra-prod-service-borg-backup: *infra-prod-service-borg-backup
        - infra-prod-letsencrypt: *infra-prod-letsencrypt
        - infra-prod-service-codesearch: *infra-prod-service-codesearch