Update install-ansible away from /opt/system-config

So that we can start running things from the zuul source rather
thatn update-system-config and /opt/system-config, we need to
install a few things onto the host in install-ansible so that the
ansible env is standalone.

This introduces a split execution path. The ansible config is
now all installed globally onto the machine by install-ansible
and does not reference a git checkout.

For running ad-hoc commands, an ansible.cfg is introduced inside
the root of the system-config dir. So if ansible-playbook is
executed with PWD==/opt/system-config it will find that ansible.cfg,
it will take precedence, and any content from system-config
will take precedence.

As a followup we'll make /opt/system-config/ansible.cfg written
out by install-ansible from the same template, and we'll update
the split to make ansible only work when executed from one of
the two configured locations, so that it's clear where we're
operating from.

Change-Id: I097694244e95751d96e67304aaae53ad19d8b873

.zuul.yaml

@@ -1499,6 +1499,10 @@
       playbook_name: install-ansible.yaml
     files:
       - inventory/*
+      - roles/*
+      - roles.yaml
+      - install_modules.sh
+      - modules.env
       - playbooks/install-ansible.yaml
       - playbooks/roles/pip3/.*
       - playbooks/roles/install-ansible/.*

ansible.cfg

@@ -0,0 +1,33 @@
+# This ansible.cfg file is only for running ad-hoc commands from
+# the /opt/system-config checkout. This file should be kept in
+# sync with playbooks/roles/install-ansible/templates/ansible.cfg.j2
+[defaults]
+inventory=/opt/system-config/inventory/openstack.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/emergency.yaml
+library=/usr/share/ansible
+log_path=/var/log/ansible/ansible.log
+inventory_plugins=/opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins/inventory_plugins
+roles_path=/opt/system-config/roles:/etc/ansible/roles
+retry_files_enabled=False
+retry_files_save_path=
+gathering=smart
+fact_caching=jsonfile
+fact_caching_connection=/var/cache/ansible/facts
+# Squash warning about ansible auto-transforming group names with -'s in them
+force_valid_group_names=ignore
+callback_whitelist=profile_tasks, timer
+callback_plugins=/etc/ansible/callback_plugins
+stdout_callback=debug
+
+[inventory]
+enable_plugins=yaml,yamlgroup,advanced_host_list,ini
+cache=True
+cache_plugin=jsonfile
+cache_connection=/var/cache/ansible/inventory
+any_unparsed_is_failed=True
+
+[ssh_connection]
+retries=3
+pipelining = True
+
+[callback_profile_tasks]
+task_output_limit = 50

playbooks/roles/install-ansible/files/install_modules.sh

@@ -0,0 +1 @@
+../../../../install_modules.sh

playbooks/roles/install-ansible/files/inventory

@@ -0,0 +1 @@
+../../../../inventory

playbooks/roles/install-ansible/files/modules.env

@@ -0,0 +1 @@
+../../../../modules.env

playbooks/roles/install-ansible/files/roles

@@ -0,0 +1 @@
+../../../../roles

playbooks/roles/install-ansible/files/roles.yaml

@@ -0,0 +1 @@
+../../../../roles.yaml

playbooks/roles/install-ansible/tasks/main.yaml

@@ -98,6 +98,55 @@
     src: ansible.cfg.j2
     dest: /etc/ansible/ansible.cfg
 
+- name: Copy static inventory in place
+  copy:
+    src: 'inventory/{{ item }}'
+    dest: '/etc/ansible/hosts/{{ item }}'
+  loop:
+    - openstack.yaml
+    - groups.yaml
+
+- name: Copy system-config roles into place
+  copy:
+    src: roles/
+    dest: /etc/ansible/roles
+
+- name: Copy roles.yaml into /etc/ansible
+  copy:
+    src: roles.yaml
+    dest: /etc/ansible/roles.yaml
+
+- name: Install ansible roles to /etc/ansible/roles
+  command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml
+
+- name: Make sure k8s-on-openstack repo is up to date
+  git:
+    repo: https://github.com/infraly/k8s-on-openstack
+    dest: /opt/k8s-on-openstack
+    # HEAD as of 2019-02-08
+    version: e27a313b1583c377e08385014b9a880da765924b
+    force: yes
+
+# Yeah. This is install-ansible. But we need to do this and doing it when
+# we install the ansible stuff seems like the right time workflow-wise.
+- name: Ensure puppet directory
+  file:
+    state: directory
+    path: /etc/puppet
+
+- name: Install puppet module management scripts
+  copy:
+    src: '{{ item }}'
+    dest: '/etc/puppet/{{ item }}'
+  loop:
+    - install_modules.sh
+    - modules.env
+
+- name: Run puppet module install
+  command:
+    cmd: bash install_modules.sh
+    chdir: /etc/puppet
+
 # NOTE(mordred) The copy of the openstack inventory plugin from 2.6 is busted.
 # It doesn't proerly deal with caching. A fix has been submitted upstream, but
 # for now this is a fixed copy.

playbooks/roles/install-ansible/templates/ansible.cfg.j2

@@ -1,9 +1,9 @@
 [defaults]
-inventory=/opt/system-config/inventory/openstack.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/emergency.yaml
+inventory=/etc/ansible/hosts/openstack.yaml,/etc/ansible/hosts/groups.yaml,/etc/ansible/hosts/emergency.yaml
 library=/usr/share/ansible
 log_path=/var/log/ansible/ansible.log
 inventory_plugins=/etc/ansible/inventory_plugins
-roles_path=/opt/system-config/roles:/etc/ansible/roles
+roles_path=/etc/ansible/roles
 retry_files_enabled=False
 retry_files_save_path=
 gathering=smart

playbooks/update-system-config.yaml

@@ -8,21 +8,3 @@
         repo: https://opendev.org/opendev/system-config
         dest: /opt/system-config
         force: yes
-
-    - name: Clone puppet modules to /etc/puppet/modules
-      command: ./install_modules.sh
-      args:
-        chdir: /opt/system-config
-
-    - name: Install ansible roles to /etc/ansible/roles
-      command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
-      args:
-        chdir: /opt/system-config
-
-    - name: Make sure k8s-on-openstack repo is up to date
-      git:
-        repo: https://github.com/infraly/k8s-on-openstack
-        dest: /opt/k8s-on-openstack
-        # HEAD as of 2019-02-08
-        version: e27a313b1583c377e08385014b9a880da765924b
-        force: yes

playbooks/zuul/run-base.yaml

@@ -20,17 +20,6 @@
         repo: /home/zuul/src/opendev.org/opendev/system-config
         dest: /opt/system-config
         force: yes
-    # TODO: the next two tasks are update-system-config.yaml and
-    # should be removed or refactored out of here to a shared
-    # location.
-    - name: Clone puppet modules to /etc/puppet/modules
-      command: ./install_modules.sh
-      args:
-        chdir: /opt/system-config
-    - name: Install ansible roles to /etc/ansible/roles
-      command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
-      args:
-        chdir: /opt/system-config
     - name: Add groups config for test nodes
       template:
         src: "templates/gate-groups.yaml.j2"
@@ -40,19 +29,7 @@
         path: /etc/ansible/ansible.cfg
         section: defaults
         option: inventory
-        value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
+        value: /etc/ansible/hosts/inventory.yaml,/etc/ansible/hosts/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
-    - name: Update ansible.cfg to use yamlgroup plugin
-      ini_file:
-        path: /etc/ansible/ansible.cfg
-        section: defaults
-        option: inventory_plugins
-        value: /opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins
-    - name: Update ansible.cfg to configure inventory plugins
-      ini_file:
-        path: /etc/ansible/ansible.cfg
-        section: inventory
-        option: enable_plugins
-        value: yamlgroup,yaml,advanced_host_list,ini
     - name: Make host_vars directory
       file:
         path: "/etc/ansible/hosts/host_vars"