Abstract name of bastion host for testing path
This replaces hard-coding of the host "bridge.openstack.org" with hard-coding of the first (and only) host in the group "bastion". The idea here is that we can, as much as possible, simply switch one place to an alternative hostname for the bastion such as "bridge.opendev.org" when we upgrade. This is just the testing path, for now; a follow-on will modify the production path (which doesn't really get speculatively tested) This needs to be defined in two places : 1) We need to define this in the run jobs for Zuul to use in the playbooks/zuul/run-*.yaml playbooks, as it sets up and collects logs from the testing bastion host. 2) The nested Ansible run will then use inventory inventory/service/groups.yaml Various other places are updated to use this abstracted group as the bastion host. Variables are moved into the bastion group (which only has one host -- the actual bastion host) which means we only have to update the group mapping to the new host. This is intended to be a no-op change; all the jobs should work the same, but just using the new abstractions. Change-Id: Iffb462371939989b03e5d6ac6c5df63aa7708513
This commit is contained in:
parent
deed697853
commit
d4c46ecdef
@ -15,6 +15,10 @@ groups:
|
||||
- afsdb*.open*.org
|
||||
- afs[0-9]*.open*.org
|
||||
- static[0-9]*.opendev.org
|
||||
# bastion group should should only have one entry because we assume
|
||||
# groups['bastion'][0] is the bastion host name in several places.
|
||||
bastion:
|
||||
- bridge.openstack.org
|
||||
borg-backup:
|
||||
- etherpad[0-9]*.opendev.org
|
||||
- gitea01.opendev.org
|
||||
@ -41,11 +45,11 @@ groups:
|
||||
certcheck:
|
||||
- cacti[0-9]*.open*.org
|
||||
cloud-launcher:
|
||||
- bridge.openstack.org
|
||||
- bridge*.open*.org
|
||||
codesearch:
|
||||
- codesearch[0-9]*.opendev.org
|
||||
control-plane-clouds:
|
||||
- bridge.openstack.org
|
||||
- bridge*.open*.org
|
||||
disabled: []
|
||||
dns:
|
||||
- adns*.opendev.org
|
||||
|
@ -3,9 +3,9 @@
|
||||
path: '{{ project_config_dest }}'
|
||||
state: directory
|
||||
|
||||
- name: Update from master
|
||||
- name: Update from master on bastion host
|
||||
when: infra_prod_run_from_master|bool
|
||||
delegate_to: bridge.openstack.org
|
||||
delegate_to: '{{ groups["bastion"][0] }}'
|
||||
git:
|
||||
repo: https://opendev.org/openstack/project-config
|
||||
dest: '{{ project_config_src }}'
|
||||
|
@ -1,4 +1,4 @@
|
||||
- hosts: bridge.openstack.org:!disabled
|
||||
- hosts: bastion:!disabled
|
||||
name: "Bridge: configure the bastion host"
|
||||
roles:
|
||||
- iptables
|
||||
|
@ -1,4 +1,4 @@
|
||||
- hosts: "bridge.openstack.org:!disabled"
|
||||
- hosts: bastion:!disabled
|
||||
tasks:
|
||||
- name: Modify Zuuls description
|
||||
lineinfile:
|
||||
|
@ -28,7 +28,7 @@
|
||||
- include_role:
|
||||
name: stage-output
|
||||
|
||||
- hosts: bridge.openstack.org
|
||||
- hosts: bastion
|
||||
tasks:
|
||||
- name: Set log directory
|
||||
set_fact:
|
||||
@ -69,7 +69,7 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: ARA report
|
||||
url: "bridge.openstack.org/ara-report/"
|
||||
url: '{{ groups["bastion"][0] }}/ara-report/'
|
||||
|
||||
- name: Collect ansible configuration
|
||||
synchronize:
|
||||
|
@ -5,7 +5,7 @@
|
||||
cloud_launcher_disable_job: true
|
||||
|
||||
# setup opendev CA
|
||||
- hosts: bridge.openstack.org
|
||||
- hosts: bastion[0]
|
||||
become: true
|
||||
tasks:
|
||||
- name: Make temporary dir for CA generation
|
||||
@ -57,9 +57,9 @@
|
||||
creates: '{{ item.file }}'
|
||||
loop:
|
||||
- file: '/etc/opendev-ca/ca.key'
|
||||
content: '{{ hostvars["bridge.openstack.org"]["_opendev_ca_key"]["content"] }}'
|
||||
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_key"]["content"] }}'
|
||||
- file: '/etc/opendev-ca/ca.crt'
|
||||
content: '{{ hostvars["bridge.openstack.org"]["_opendev_ca_certificate"]["content"] }}'
|
||||
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
|
||||
|
||||
- name: Install and trust certificate
|
||||
shell:
|
||||
@ -67,7 +67,7 @@
|
||||
cp /etc/opendev-ca/ca.crt /usr/local/share/ca-certificates/opendev-infra-ca.crt
|
||||
update-ca-certificates
|
||||
|
||||
- hosts: bridge.openstack.org
|
||||
- hosts: bastion[0]
|
||||
become: true
|
||||
tasks:
|
||||
- name: Write inventory on bridge
|
||||
@ -115,6 +115,7 @@
|
||||
loop:
|
||||
- group_vars/all.yaml
|
||||
- group_vars/adns.yaml
|
||||
- group_vars/bastion.yaml
|
||||
- group_vars/eavesdrop.yaml
|
||||
- group_vars/nodepool.yaml
|
||||
- group_vars/ns.yaml
|
||||
@ -136,7 +137,6 @@
|
||||
- group_vars/zuul-merger.yaml
|
||||
- group_vars/zuul-scheduler.yaml
|
||||
- group_vars/zuul-web.yaml
|
||||
- host_vars/bridge.openstack.org.yaml
|
||||
- host_vars/codesearch01.opendev.org.yaml
|
||||
- host_vars/etherpad01.opendev.org.yaml
|
||||
- host_vars/letsencrypt01.opendev.org.yaml
|
||||
@ -185,7 +185,7 @@
|
||||
name: encrypt-logs
|
||||
vars:
|
||||
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
|
||||
encrypt_logs_artifact_path: 'bridge.openstack.org/ansible'
|
||||
encrypt_logs_artifact_path: '{{ groups["bastion"][0] }}/ansible'
|
||||
encrypt_logs_download_script_path: '/var/log/ansible'
|
||||
|
||||
- name: Run test playbook
|
||||
@ -216,7 +216,7 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: Screenshots
|
||||
url: "bridge.openstack.org/screenshots"
|
||||
url: '{{ groups["bastion"][0] }}/screenshots'
|
||||
|
||||
- name: Allow PBR's git calls to operate in system-config, despite not owning it
|
||||
command: git config --global safe.directory /home/zuul/src/opendev.org/opendev/system-config
|
||||
@ -240,4 +240,4 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: testinfra results
|
||||
url: "bridge.openstack.org/test-results.html"
|
||||
url: '{{ groups["bastion"][0] }}/test-results.html'
|
||||
|
@ -6,7 +6,7 @@ groups:
|
||||
- bionic-docker
|
||||
|
||||
certcheck:
|
||||
- bridge.openstack.org
|
||||
- bridge[0-9]*.open*.org
|
||||
|
||||
letsencrypt:
|
||||
- letsencrypt01.opendev.org
|
||||
|
@ -53,7 +53,7 @@
|
||||
- playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
|
||||
- playbooks/roles/install-ansible/
|
||||
- playbooks/roles/root-keys/
|
||||
- inventory/service/host_vars/bridge.openstack.org.yaml
|
||||
- inventory/service/group_vars/bastion.yaml
|
||||
|
||||
- job:
|
||||
name: infra-prod-base
|
||||
@ -117,7 +117,7 @@
|
||||
files:
|
||||
- inventory/base
|
||||
- playbooks/service-bridge.yaml
|
||||
- inventory/service/host_vars/bridge.openstack.org.yaml
|
||||
- inventory/service/group_vars/bastion.yaml
|
||||
- playbooks/roles/logrotate/
|
||||
- playbooks/roles/edit-secrets-script/
|
||||
- playbooks/roles/install-kubectl/
|
||||
@ -656,4 +656,4 @@
|
||||
- opendev/system-config
|
||||
files:
|
||||
- playbooks/run_cloud_launcher.yaml
|
||||
- inventory/service/host_vars/bridge.openstack.org.yaml
|
||||
- inventory/service/group_vars/bastion.yaml
|
||||
|
@ -68,6 +68,20 @@
|
||||
label: ubuntu-focal
|
||||
- name: jammy
|
||||
label: ubuntu-jammy
|
||||
groups:
|
||||
# Each job should define this group -- to avoid hard-coding
|
||||
# the bastion hostname in the job setup, playbooks/tasks refer
|
||||
# to it only by this group. This should only have one entry
|
||||
# -- in a couple of places the jobs use the actual hostname
|
||||
# and assume element [0] here is that hostname.
|
||||
#
|
||||
# Note that this shouldn't be confused with the group in
|
||||
# inventory/service/groups.yaml -- this group contains the
|
||||
# host that Zuul, running on the executor, will setup as the
|
||||
# bridge node. This node will then run a nested Ansible to
|
||||
# test the production playbooks -- *that* Ansible has a
|
||||
# "bastion" group too
|
||||
- &bastion_group { name: bastion, nodes: [ bridge.openstack.org ] }
|
||||
files:
|
||||
- tox.ini
|
||||
- playbooks/
|
||||
@ -90,6 +104,8 @@
|
||||
label: ubuntu-focal
|
||||
- name: jammy
|
||||
label: ubuntu-jammy
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- name: github.com/ansible/ansible
|
||||
override-checkout: devel
|
||||
@ -129,6 +145,8 @@
|
||||
label: ubuntu-focal-arm64
|
||||
- name: jammy
|
||||
label: ubuntu-jammy-arm64
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
files:
|
||||
- playbooks/
|
||||
- roles/
|
||||
@ -154,6 +172,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: eavesdrop01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -199,6 +219,8 @@
|
||||
label: ubuntu-bionic
|
||||
- name: letsencrypt02.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-nameserver.yaml
|
||||
@ -244,6 +266,8 @@
|
||||
label: ubuntu-focal
|
||||
- name: lists.katacontainers.io
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- opendev/system-config
|
||||
files:
|
||||
@ -294,6 +318,8 @@
|
||||
label: ubuntu-focal
|
||||
- name: nb01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- opendev/system-config
|
||||
- openstack/project-config
|
||||
@ -339,6 +365,8 @@
|
||||
label: ubuntu-bionic
|
||||
- name: ns1.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-nameserver.yaml
|
||||
@ -375,6 +403,8 @@
|
||||
label: ubuntu-bionic
|
||||
- name: borg-backup-jammy.opendev.org
|
||||
label: ubuntu-jammy
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-borg-backup.yaml
|
||||
@ -446,6 +476,8 @@
|
||||
label: ubuntu-bionic
|
||||
- name: mirror02.openafs.provider.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
|
||||
- job:
|
||||
name: system-config-run-mirror-arm64
|
||||
@ -455,6 +487,8 @@
|
||||
- <<: *bridge_node_arm64
|
||||
- name: mirror01.openafs.provider.opendev.org
|
||||
label: ubuntu-focal-arm64
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
|
||||
- job:
|
||||
name: system-config-run-mirror-update
|
||||
@ -466,6 +500,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: mirror-update99.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-mirror-update.yaml
|
||||
@ -489,6 +525,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: insecure-ci-registry01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -522,6 +560,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: codesearch01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -551,6 +591,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: etherpad01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -579,6 +621,8 @@
|
||||
label: ubuntu-jammy
|
||||
- name: gitea99.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- openstack/project-config
|
||||
- opendev/system-config
|
||||
@ -655,6 +699,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: grafana01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -683,6 +729,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: graphite02.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -711,6 +759,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: keycloak01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -738,6 +788,8 @@
|
||||
label: ubuntu-bionic
|
||||
- name: jvb01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -774,6 +826,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: paste99.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -801,6 +855,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: tracing99.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -825,6 +881,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: zk04.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-zookeeper.yaml
|
||||
@ -850,6 +908,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: zp01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-zuul-preview.yaml
|
||||
@ -878,6 +938,8 @@
|
||||
label: ubuntu-focal
|
||||
- name: zuul-lb01.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- openstack/project-config
|
||||
- opendev/system-config
|
||||
@ -946,6 +1008,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: review99.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
required-projects:
|
||||
- openstack/project-config
|
||||
- opendev/system-config
|
||||
@ -1026,6 +1090,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: static99.opendev.org
|
||||
label: ubuntu-bionic
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/letsencrypt.yaml
|
||||
@ -1056,6 +1122,8 @@
|
||||
- <<: *bridge_node_x86
|
||||
- name: refstack01.openstack.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
host-vars:
|
||||
refstack01.openstack.org:
|
||||
host_copy_output:
|
||||
@ -1089,6 +1157,8 @@
|
||||
label: ubuntu-focal
|
||||
- name: kdc-replica.opendev.org
|
||||
label: ubuntu-focal
|
||||
groups:
|
||||
- <<: *bastion_group
|
||||
host-vars:
|
||||
kdc-primary.opendev.org:
|
||||
host_copy_output:
|
||||
|
Loading…
Reference in New Issue
Block a user