Use project-config from zuul instead of direct clones

We use project-config for gerrit, gitea and nodepool config. That's
cool, because can clone that from zuul too and make sure that each
prod run we're doing runs with the contents of the patch in question.

Introduce a flag file that can be touched in /home/zuulcd that will
block zuul from running prod playbooks. By default, if the file is
there, zuul will wait for an hour before giving up.

Rename zuulcd to zuul

To better align prod and test, name the zuul user zuul.

Change-Id: I83c38c9c430218059579f3763e02d6b9f40c7b89
This commit is contained in:
Monty Taylor 2020-04-12 10:54:17 -05:00
parent edd46d1acc
commit ebae022d07
24 changed files with 97 additions and 104 deletions

View File

@ -1069,6 +1069,9 @@
label: ubuntu-xenial label: ubuntu-xenial
- name: nb01-test.opendev.org - name: nb01-test.opendev.org
label: ubuntu-bionic label: ubuntu-bionic
required-projects:
- openstack/project-config
- opendev/system-config
vars: vars:
run_playbooks: run_playbooks:
- playbooks/service-letsencrypt.yaml - playbooks/service-letsencrypt.yaml
@ -1279,6 +1282,9 @@
label: ubuntu-bionic label: ubuntu-bionic
- name: gitea99.opendev.org - name: gitea99.opendev.org
label: ubuntu-bionic label: ubuntu-bionic
required-projects:
- openstack/project-config
- opendev/system-config
vars: vars:
run_playbooks: run_playbooks:
- playbooks/service-letsencrypt.yaml - playbooks/service-letsencrypt.yaml
@ -1384,6 +1390,9 @@
label: ubuntu-xenial label: ubuntu-xenial
- name: review-dev01.opendev.org - name: review-dev01.opendev.org
label: ubuntu-xenial label: ubuntu-xenial
required-projects:
- openstack/project-config
- opendev/system-config
vars: vars:
run_playbooks: run_playbooks:
- playbooks/service-letsencrypt.yaml - playbooks/service-letsencrypt.yaml
@ -1460,7 +1469,8 @@
This is a parent job designed to be inherited to enabled This is a parent job designed to be inherited to enabled
CD deployment of our infrastructure. Set playbook_name to CD deployment of our infrastructure. Set playbook_name to
specify the playbook relative to specify the playbook relative to
bridge.openstack.org:/opt/system-config/playbooks /home/zuul/src/opendev.org/opendev/system-config/playbooks
on bridge.openstack.org.
abstract: true abstract: true
semaphore: infra-prod-playbook semaphore: infra-prod-playbook
run: playbooks/zuul/run-production-playbook.yaml run: playbooks/zuul/run-production-playbook.yaml
@ -1557,6 +1567,9 @@
allowed-projects: allowed-projects:
- opendev/system-config - opendev/system-config
- openstack/project-config - openstack/project-config
required-projects:
- opendev/system-config
- openstack/project-config
vars: vars:
playbook_name: manage-projects.yaml playbook_name: manage-projects.yaml
infra_prod_ansible_forks: 10 infra_prod_ansible_forks: 10
@ -1631,6 +1644,9 @@
description: Run service-nodepool.yaml playbook description: Run service-nodepool.yaml playbook
vars: vars:
playbook_name: service-nodepool.yaml playbook_name: service-nodepool.yaml
required-projects:
- opendev/system-config
- openstack/project-config
files: files:
- inventory/.* - inventory/.*
- playbooks/service-nodepool.yaml - playbooks/service-nodepool.yaml

View File

@ -1,33 +0,0 @@
# This ansible.cfg file is only for running ad-hoc commands from
# the /opt/system-config checkout. This file should be kept in
# sync with playbooks/roles/install-ansible/templates/ansible.cfg.j2
[defaults]
inventory=/opt/system-config/inventory/openstack.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/emergency.yaml
library=/usr/share/ansible
log_path=/var/log/ansible/ansible.log
inventory_plugins=/opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins/inventory_plugins
roles_path=/opt/system-config/roles:/etc/ansible/roles
retry_files_enabled=False
retry_files_save_path=
gathering=smart
fact_caching=jsonfile
fact_caching_connection=/var/cache/ansible/facts
# Squash warning about ansible auto-transforming group names with -'s in them
force_valid_group_names=ignore
callback_whitelist=profile_tasks, timer
callback_plugins=/etc/ansible/callback_plugins
stdout_callback=debug
[inventory]
enable_plugins=yaml,yamlgroup,advanced_host_list,ini
cache=True
cache_plugin=jsonfile
cache_connection=/var/cache/ansible/inventory
any_unparsed_is_failed=True
[ssh_connection]
retries=3
pipelining = True
[callback_profile_tasks]
task_output_limit = 50

View File

@ -441,7 +441,7 @@ read-write volumes.
.. code-block:: console .. code-block:: console
root@bridge:~# /opt/system-config/tools/hieraedit.py \ root@bridge:~# /home/zuul/src/opendev.org/opendev/system-config/tools/hieraedit.py \
--yaml /etc/ansible/hosts/host_vars/mirror-update01.opendev.org.yaml \ --yaml /etc/ansible/hosts/host_vars/mirror-update01.opendev.org.yaml \
-f /path/to/foo.keytab KEYNAME -f /path/to/foo.keytab KEYNAME

View File

@ -177,8 +177,8 @@ def bootstrap_server(server, key, name, volume_device, keep,
t.start() t.start()
inventory_list = ( inventory_list = (
'/opt/system-config/inventory/openstack.yaml', '/etc/ansible/hosts/openstack.yaml',
'/opt/system-config/inventory/groups.yaml', '/etc/ansible/hosts/groups.yaml',
'/etc/ansible/hosts/emergency.yaml', '/etc/ansible/hosts/emergency.yaml',
jobdir.inventory_root, jobdir.inventory_root,
) )

View File

@ -28,6 +28,8 @@ iptables_base_public_udp_ports: []
iptables_extra_public_udp_ports: [] iptables_extra_public_udp_ports: []
iptables_public_udp_ports: "{{ iptables_base_public_udp_ports + iptables_extra_public_udp_ports }}" iptables_public_udp_ports: "{{ iptables_base_public_udp_ports + iptables_extra_public_udp_ports }}"
project_config_src: /home/zuul/src/opendev.org/openstack/project-config
# When adding new users, always pick a UID larger than the last UID, do not # When adding new users, always pick a UID larger than the last UID, do not
# fill in holes in the middle of the range. # fill in holes in the middle of the range.
all_users: all_users:
@ -150,7 +152,7 @@ all_users:
uid: 2030 uid: 2030
gid: 2030 gid: 2030
zuulcd: zuul:
comment: Zuul CICD comment: Zuul CICD
key: | key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h zuul-system-config-20180924 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcXd/QJDEprSLh6N6bULnhchf9M+uzYBEJ2b51Au67FON+5M6VEj5Ut+DlkEPhabOP+tSv9Cn1HpmpBjdEOXdmBj6JS7G/gBb4w28oZDyNjrPT2ebpRw/XnVEkGfikR2J+j3o7CV+ybhLDalXm2TUDReVXnONUq3YzZbjRzoYs0xxrxyss47vZP0xFpsAt9jCMAJW2k6H589VUY38k9LFyhZUZ72FB6eJ68B9GN0TimBYm2DqvupBGQrRhkP8OZ0WoBV8PulKXaHVFdmfBNHB7E7FLlZKuiM6nkV4bOWMGOB/TF++wXBK86t9po3pWCM7+kr72xGRTE+6LuZ2z1K+h zuul-system-config-20180924

View File

@ -5,7 +5,7 @@ puppet_reports: none
manage_config: true manage_config: true
manifest: /opt/system-config/production/manifests/site.pp manifest: /opt/system-config/production/manifests/site.pp
manifest_base: /opt/system-config/production manifest_base: /opt/system-config/production
mgmt_manifestpath: /opt/system-config/ mgmt_manifestpath: /home/zuul/src/opendev.org/opendev/system-config/
puppet_logdest: syslog puppet_logdest: syslog
mgmt_hieradata: /etc/ansible/hosts mgmt_hieradata: /etc/ansible/hosts
mgmt_puppet_module_dir: /etc/puppet/modules mgmt_puppet_module_dir: /etc/puppet/modules

View File

@ -2,4 +2,4 @@ ansible_python_interpreter: python3
bastion_key_exclusive: false bastion_key_exclusive: false
kube_config_template: clouds/bridge_kube_config.yaml.j2 kube_config_template: clouds/bridge_kube_config.yaml.j2
extra_users: extra_users:
- zuulcd - zuul

View File

@ -10,6 +10,6 @@ letsencrypt_gid: 3001
gerrit_storyboard_url: https://storyboard-dev.openstack.org gerrit_storyboard_url: https://storyboard-dev.openstack.org
gerrit_vhost_name: review-dev.opendev.org gerrit_vhost_name: review-dev.opendev.org
gerrit_redirect_vhost: review-dev.openstack.org gerrit_redirect_vhost: review-dev.openstack.org
gerrit_project_config_base: /opt/project-config/dev
gerrit_project_creator_user: openstack-dev-project-creator gerrit_project_creator_user: openstack-dev-project-creator
gerrit_self_hostkey: '[review-dev.opendev.org]:29418,[review-dev.openstack.org]:29418,[23.253.109.153]:29418,[2001:4800:7819:104:be76:4eff:fe04:8e55]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4J4BJ/C6kl1PcfD5ZdpYIwWXA+vRiB4USncZQHW9+Idtdr4dZRA05RlBAfiTkKKhjarJpt8PQP2hYt8aJL1miZZjp1s05d9mxGVHfoH7Vyg85vhRa7Jg4VZS0cu34R909q23cBcjSNQSyVKP9neOqovoV/DyB8HHEg0kbsOWC3qzdA+6aVdVV7Mtx/0t0MyiTz0xA5ZCRFwF6IuiMPHLNk128qDhjO2UXnrhyP5A7Kl/JHpIWToLKGIorePndFcFyNXlWIhBoQRDcX6FYjPdavjAGlK1S/Jd5DVJ184Z7rEXL682o487c0NQ/lAV4QF3iz0Aw9QRVrUw21xWvfU4R' gerrit_self_hostkey: '[review-dev.opendev.org]:29418,[review-dev.openstack.org]:29418,[23.253.109.153]:29418,[2001:4800:7819:104:be76:4eff:fe04:8e55]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4J4BJ/C6kl1PcfD5ZdpYIwWXA+vRiB4USncZQHW9+Idtdr4dZRA05RlBAfiTkKKhjarJpt8PQP2hYt8aJL1miZZjp1s05d9mxGVHfoH7Vyg85vhRa7Jg4VZS0cu34R909q23cBcjSNQSyVKP9neOqovoV/DyB8HHEg0kbsOWC3qzdA+6aVdVV7Mtx/0t0MyiTz0xA5ZCRFwF6IuiMPHLNk128qDhjO2UXnrhyP5A7Kl/JHpIWToLKGIorePndFcFyNXlWIhBoQRDcX6FYjPdavjAGlK1S/Jd5DVJ184Z7rEXL682o487c0NQ/lAV4QF3iz0Aw9QRVrUw21xWvfU4R'
project_config_subdir: dev/

View File

@ -1,16 +1,3 @@
# Run on localhost for lookup plugins, on review/review-dev
# because manage-projects runs remotely.
- hosts: "localhost:!disabled"
name: "Clone project-config for projects list"
strategy: free
connection: local
tasks:
- name: Clone project-config repo
git:
repo: https://opendev.org/openstack/project-config
dest: /opt/project-config
force: yes
- hosts: "gitea:!disabled" - hosts: "gitea:!disabled"
name: "Create repos on gitea servers" name: "Create repos on gitea servers"
strategy: free strategy: free
@ -21,11 +8,9 @@
- hosts: "review:review-dev:!disabled" - hosts: "review:review-dev:!disabled"
name: "Create repos on gerrit servers" name: "Create repos on gerrit servers"
tasks: tasks:
- name: Clone project-config repo - name: Sync project-config
git: include_role:
repo: https://opendev.org/openstack/project-config name: sync-project-config
dest: /opt/project-config
force: yes
- name: Run manage-projects - name: Run manage-projects
include_role: include_role:
name: gerrit name: gerrit

View File

@ -8,7 +8,7 @@
name: run_cloud_launcher.sh name: run_cloud_launcher.sh
state: present state: present
disabled: "{{ cloud_launcher_disable_job }}" disabled: "{{ cloud_launcher_disable_job }}"
job: '/usr/bin/flock -n /var/run/ansible/run_cloud_launcher.lock /bin/bash /opt/system-config/run_cloud_launcher.sh -c >> /var/log/ansible/run_cloud_launcher_cron.log 2>&1' job: '/usr/bin/flock -n /var/run/ansible/run_cloud_launcher.lock /bin/bash /home/zuul/src/opendev.org/opendev/system-config/run_cloud_launcher.sh -c >> /var/log/ansible/run_cloud_launcher_cron.log 2>&1'
minute: "{{ cloud_launcher_cron_interval.minute }}" minute: "{{ cloud_launcher_cron_interval.minute }}"
hour: "{{ cloud_launcher_cron_interval.hour }}" hour: "{{ cloud_launcher_cron_interval.hour }}"
day: "{{ cloud_launcher_cron_interval.day }}" day: "{{ cloud_launcher_cron_interval.day }}"

View File

@ -17,9 +17,8 @@ gerrit_container_volumes:
- /home/gerrit2/review_site/static:/var/gerrit/static - /home/gerrit2/review_site/static:/var/gerrit/static
- /home/gerrit2/.launchpadlib:/var/gerrit/.launchpadlib - /home/gerrit2/.launchpadlib:/var/gerrit/.launchpadlib
- /home/gerrit2/.ssh:/var/gerrit/.ssh - /home/gerrit2/.ssh:/var/gerrit/.ssh
- '{{ gerrit_project_config_base }}/gerrit/projects.yaml:/var/gerrit/etc/projects.yaml' - /opt/project-config/gerrit/projects.yaml:/var/gerrit/etc/projects.yaml
- '{{ gerrit_project_config_base }}/gerrit/projects.ini:/var/gerrit/etc/projects.ini' - /opt/project-config/gerrit/projects.ini:/var/gerrit/etc/projects.ini
gerrit_database_type: MYSQL gerrit_database_type: MYSQL
gerrit_project_config_base: /opt/project-config
gerrit_project_creator_user: openstack-project-creator gerrit_project_creator_user: openstack-project-creator
gerrit_manage_projects_args: "-v" gerrit_manage_projects_args: "-v"

View File

@ -1,13 +1,6 @@
# TODO(mordred) We should do *something* where this could use a zuul cloned - name: Sync project-config
# copy of project-config instead. This is needed not just for things like include_role:
# manage-projects (which could be run completely differently and non-locally) name: sync-project-config
# but also for things like notify-impact, which is currently run by a gerrit
# hook inside of the container via jeepyb.
- name: Clone project-config repo
git:
repo: https://opendev.org/openstack/project-config
dest: /opt/project-config
force: yes
- name: Ensure /etc/gerrit-compose directory - name: Ensure /etc/gerrit-compose directory
file: file:
@ -203,7 +196,7 @@
- name: Copy notify-impact yaml file - name: Copy notify-impact yaml file
copy: copy:
src: "{{ gerrit_project_config_base }}/gerrit/notify_impact.yaml" src: "/opt/project-config/gerrit/notify_impact.yaml"
dest: "{{ gerrit_site_dir }}/hooks/notify_impact.yaml" dest: "{{ gerrit_site_dir }}/hooks/notify_impact.yaml"
remote_src: yes remote_src: yes
owner: "{{ gerrit_user_name }}" owner: "{{ gerrit_user_name }}"

View File

@ -15,9 +15,9 @@
# limitations under the License. # limitations under the License.
exec docker run --rm --net=host -u root \ exec docker run --rm --net=host -u root \
-v{{ gerrit_project_config_base }}:/opt/project-config \ -v/opt/project-config:/opt/project-config \
-v{{ gerrit_project_config_base }}/gerrit/acls:/home/gerrit2/acls \ -v/opt/project-config/gerrit/acls:/home/gerrit2/acls \
-v{{ gerrit_project_config_base }}/gerrit/projects.yaml:/home/gerrit2/projects.yaml \ -v/opt/project-config/gerrit/projects.yaml:/home/gerrit2/projects.yaml \
-v/opt/lib/git:/opt/lib/git \ -v/opt/lib/git:/opt/lib/git \
-v/opt/lib/jeepyb:/opt/lib/jeepyb \ -v/opt/lib/jeepyb:/opt/lib/jeepyb \
-v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \ -v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \

View File

@ -15,8 +15,8 @@
# limitations under the License. # limitations under the License.
exec docker run --rm --net=host -u root \ exec docker run --rm --net=host -u root \
-v{{ gerrit_project_config_base }}:/opt/project-config \ -v/opt/project-config:/opt/project-config \
-v{{ gerrit_project_config_base }}/gerrit/projects.yaml:/home/gerrit2/projects.yaml \ -v/opt/project-config/gerrit/projects.yaml:/home/gerrit2/projects.yaml \
-v/opt/lib/git:/opt/lib/git \ -v/opt/lib/git:/opt/lib/git \
-v/opt/lib/jeepyb:/opt/lib/jeepyb \ -v/opt/lib/jeepyb:/opt/lib/jeepyb \
-v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \ -v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \

View File

@ -4,5 +4,5 @@
password: "{{ gitea_root_password }}" password: "{{ gitea_root_password }}"
always_update: "{{ gitea_always_update }}" always_update: "{{ gitea_always_update }}"
# Lookup runs locally on the calling machine, so doesn't need # Lookup runs locally on the calling machine, so doesn't need
# /opt/project-config remotely # project-config remotely
projects: "{{ lookup('file', '/opt/project-config/gerrit/projects.yaml') | from_yaml }}" projects: "{{ lookup('file', project_config_src + '/gerrit/projects.yaml') | from_yaml }}"

View File

@ -18,16 +18,9 @@
name: install-zookeeper name: install-zookeeper
when: nodepool_base_install_zookeeper when: nodepool_base_install_zookeeper
# NOTE(ianw) : A note on testing; we have some configurations for - name: Sync project-config
# system-config-run-nodepool test hosts committed to project-config. include_role:
# Since this is a protected repo we can't speculatively test, which is name: sync-project-config
# why we're just cloning from opendev.org master and not a local
# checkout here. We don't expect the configs to change so this is OK.
- name: Clone the project-config repo for configs
git:
repo: 'https://opendev.org/openstack/project-config'
dest: /opt/project-config
force: yes
- name: Create nodepool config dir - name: Create nodepool config dir
file: file:
@ -52,4 +45,4 @@
file: file:
state: link state: link
src: /opt/project-config/nodepool/elements src: /opt/project-config/nodepool/elements
dest: /etc/nodepool/elements dest: /etc/nodepool/elements

View File

@ -0,0 +1 @@
Sync project-config to remote host

View File

@ -0,0 +1,2 @@
project_config_dest: /opt/project-config
project_config_subdir: ""

View File

@ -0,0 +1,11 @@
- name: Create project-config dir
file:
path: '{{ project_config_dest }}'
state: directory
- name: Sync project-config repo
synchronize:
src: '{{ project_config_src }}/{{ project_config_subdir }}'
dest: '{{ project_config_dest }}'

View File

@ -15,11 +15,6 @@
write_inventory_exclude_hostvars: write_inventory_exclude_hostvars:
- ansible_user - ansible_user
- ansible_python_interpreter - ansible_python_interpreter
- name: Set up /opt/system-config repo
git:
repo: /home/zuul/src/opendev.org/opendev/system-config
dest: /opt/system-config
force: yes
- name: Add groups config for test nodes - name: Add groups config for test nodes
template: template:
src: "templates/gate-groups.yaml.j2" src: "templates/gate-groups.yaml.j2"
@ -73,6 +68,28 @@
- host_vars/nb01-test.opendev.org.yaml - host_vars/nb01-test.opendev.org.yaml
- name: Display group membership - name: Display group membership
command: ansible localhost -m debug -a 'var=groups' command: ansible localhost -m debug -a 'var=groups'
# In prod, bridge installs a zuul user, but in zuul we already have a zuul user, so we really need
# to not modify it.
- name: Load bridge hostvars
slurp:
path: /home/zuul/src/opendev.org/opendev/system-config/playbooks/host_vars/bridge.openstack.org.yaml
register: bridge_hostvar_content
- name: Parse bridge_hostvars
set_fact:
bridge_hostvars: "{{ bridge_hostvar_content.content | b64decode | from_yaml }}"
- name: Overwrite extra_users
vars:
new_config:
extra_users: []
set_fact:
bridge_hostvars: "{{ bridge_hostvars | combine(new_config) }}"
- name: Save bridge hostvars
copy:
content: "{{ bridge_hostvars | to_nice_yaml }}"
dest: /home/zuul/src/opendev.org/opendev/system-config/playbooks/host_vars/bridge.openstack.org.yaml
become: true
- name: Run base.yaml - name: Run base.yaml
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
- name: Run bridge service playbook - name: Run bridge service playbook

View File

@ -4,7 +4,7 @@
add_host: add_host:
name: bridge.openstack.org name: bridge.openstack.org
ansible_python_interpreter: python3 ansible_python_interpreter: python3
ansible_user: zuulcd ansible_user: zuul
- hosts: localhost - hosts: localhost
tasks: tasks:
@ -15,6 +15,13 @@
- hosts: bridge.openstack.org - hosts: bridge.openstack.org
tasks: tasks:
- name: Make sure a manaul maint isn't going on
wait_for:
path: /home/zuul/DISABLE-ANSIBLE
state: absent
sleep: 10
timeout: 3600 # Wait for an hour before bailing
- name: Synchronize src repos to workspace directory. - name: Synchronize src repos to workspace directory.
synchronize: synchronize:
delete: false delete: false
@ -28,11 +35,11 @@
- name: Log a playbook start header - name: Log a playbook start header
become: yes become: yes
shell: 'echo "Running {{ ansible_date_time.iso8601 }}: ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuulcd/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }}" > /var/log/ansible/{{ playbook_name }}.log' shell: 'echo "Running {{ ansible_date_time.iso8601 }}: ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }}" > /var/log/ansible/{{ playbook_name }}.log'
- name: Run specified playbook on bridge.o.o and redirect output - name: Run specified playbook on bridge.o.o and redirect output
become: yes become: yes
shell: 'ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuulcd/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }} >> /var/log/ansible/{{ playbook_name }}.log' shell: 'ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }} >> /var/log/ansible/{{ playbook_name }}.log'
always: always:

View File

@ -19,7 +19,7 @@
# expect. # expect.
set -e set -e
export ANSIBLE_LOG_PATH=/var/log/puppet_run_cloud_launcher.log export ANSIBLE_LOG_PATH=/var/log/puppet_run_cloud_launcher.log
SYSTEM_CONFIG=/opt/system-config SYSTEM_CONFIG=/home/zuul/src/opendev.org/opendev/system-config
ANSIBLE_PLAYBOOKS=$SYSTEM_CONFIG/playbooks ANSIBLE_PLAYBOOKS=$SYSTEM_CONFIG/playbooks
# It's possible for connectivity to a server or manifest application to break # It's possible for connectivity to a server or manifest application to break

View File

@ -79,8 +79,8 @@ def test_kubectl(host):
assert kube.rc == 0 assert kube.rc == 0
def test_zuulcd_authorized_keys(host): def test_zuul_authorized_keys(host):
authorized_keys = host.file('/home/zuulcd/.ssh/authorized_keys') authorized_keys = host.file('/home/zuul/.ssh/authorized_keys')
assert authorized_keys.exists assert authorized_keys.exists
content = authorized_keys.content.decode('utf8') content = authorized_keys.content.decode('utf8')

View File

@ -16,5 +16,5 @@
for playbook in base.yaml remote_puppet_adhoc.yaml ; do for playbook in base.yaml remote_puppet_adhoc.yaml ; do
ansible-playbook -f1 --limit $1 \ ansible-playbook -f1 --limit $1 \
/opt/system-config/playbooks/$playbook /home/zuul/src/opendev.org/opendev/system-config/playbooks/$playbook
done done