This is designed to run on bridge.o.o and give us an overview of the
last few ansible cron runs so we can see if there are issues.
Change-Id: I1b23cac74272af891d0b29963dc943bd54128664
Add a logrotate role that allows basic configuration of a logrotate
configuration for a specific log-file.
Use this role in the ansible-cron and install-ansible roles to ensure
the log output they are generating is rotated.
This role is not intended to manage the logrotate package (mostly to
avoid the overhead of frequently checking package state when this is
expected to be called for multiple configuration files on a server).
We add it as a base package to our servers.
Tests are added for testinfra.
Change-Id: I90f59c3e42c1135d6be120de38e942ece608b761
20 is working fine with plenty of ram/cpu to spare, increase to 50
to attempt to speed up the runtime.
The environment variable should be used by default, but the "-f"
option will override that, in the one case where we need it.
Change-Id: Ie6a1d991a346702ec58cd716b0b94af5c93554ac
Package is the generic way of using package managers in Ansible. This
will be a noop.
Don't use loops for package managers, since we are able to pass lists of
packages. This will reduce the number of tasks ansible will do.
Change-Id: If7988ba81a6bf851d1b5ec9db6888ba9509ed788
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This manages the clouds.yaml files in ansible so that we can get them
updated automatically on bridge.openstack.org (which does not puppet).
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Depends-On: https://review.openstack.org/598378
Change-Id: I2071f2593f57024bc985e18eaf1ffbf6f3d38140
We have made some mirror config changes that are not being deployed here
because we have disabled puppet on this node. I do not think we need to
disable puppet here so go ahead and reenable it.
Change-Id: If7da76d24ea64db3c038bc60f64fa39a4f5f6f72
In order to talk to limestone clouds we need to configure a custom CA.
Do this in ansible instead of puppet.
A followup should add writing out clouds.yaml files.
Change-Id: I355df1efb31feb31e039040da4ca6088ea632b7e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Create a parent run job and inherit from it. This reduces duplicate
'run' parameters, and corrects the omission of run-post from the
eavesdrop job.
Change-Id: Ib2a21b7190bf3611972097d6db545989cd54b3d4
Add a job which runs testinfra for the eavesdrop server. When we
have a per-hostgroup playbook, we will add it to this job too.
The puppet group is removed from the run-base job because the
groups.yaml file is now used to construct groups (as it does
in production) and will construct the group correctly.
The testinfra iptables module may throw an error if it's run
multiple times simultaneously on the same host. To avoid this,
stop using parallel execution.
Change-Id: I1a7bab5c14b0da22393ab568000d0921c28675aa
This adds a group var which should normally be the empty list but
can be overridden by the test framework to inject additional iptables
rules. It's used to add the zuul console streaming port. To
accomplish this, the base+extras pattern is adopted for
iptables public tcp/udp ports. This means all host/group vars should
use the "extra" form of the variable rather than the actual variable
defined by the role.
Change-Id: I33fe2b7de4a4ba79c25c0fb41a00e3437cee5463
And collect it on post, it is helpful to see the results.
Change-Id: I0dbecf57bf9182168eb6f99cdf88329fcdeb1bdc
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Switch to etherpad-lite 1.7.0 in production prior to the PTG. This
version brings a couple more security fixes since 1.6.6 and also
fixes the bullet list authorship misattribution bug. See
https://github.com/ether/etherpad-lite/blob/1.7.0/CHANGELOG.md for a
summary of changes. The version of NodeJS we're using now should
meet the minimum requirements (but will need to be updated prior to
the next etherpad-lite release). This version is the one currently
served from etherpad-dev.openstack.org and can be tested there as
desired.
Change-Id: If52d1b1c3dc33da56133ccb5e6adf33ebd3d2428
releasestatus is not used since December 2015, see
https://review.openstack.org/#/c/254817/ .
We can remove the disablement of releasestatus now.
Change-Id: I0c8f5f45463d563dcd6aff8135cc86091e0aa19c
We do not use pypi-mirror anymore, there's also no usage of pypimirror
in jeepyb. Remove the now obsolete module.
Related change: https://review.openstack.org/597370/
Change-Id: I13423bf55eac57da18449852e2102c9633d595bb
Talking to clarkb, it was decided we can remove this logic in favor of
having ansible-role-puppet push system-config and modules to the remote
nodes.
Change-Id: I59b8a713cdf2b4c1fede44e977c49be5e8cc08fa
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We can directly pass a list of packages to the package task in ansible,
this will help save us some times on run times.
Change-Id: I9b26f4f4f9731dc7d32186584620f1cec04b7a81
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The original version of this was wishful thinking: "is file" only
works locally, but this needs to run on the remote node.
Change-Id: Ib683809fdf580f41d213308331925c4765bb09d9
We need to be able to install puppet in our base ansible as part of the
transition from puppet to other management. Test using testinfra that
our base ansible playbook does install puppet.
Change-Id: I3a080a0717483a0885fefb329a168dd438eb9854
Ubuntu xenial does not come with python2 by default. In order to
accomodate a transition from trusty nodes to xenial nodes that are
managed by ansible we want to use python2 on trusty and xenial. Then
when a group of nodes are fully xenialed we can force ansible to use
python3 instead.
Eventually we will have no trusty nodes and can default to using
python3 instead and just have to have a small number of exceptions for
centos.
Change-Id: If1d97e25069d6ed5012c147024aad4d921febfc8
The planet.openstack.org service is currently provided by the
planet01.openstack.org server, so correct the inventory pattern for
the webservers group accordingly. This was spotted as the firewall
rules for planet ceased allowing HTTP/HTTPS connections.
Change-Id: I4e3353e8f1a73db13c54dfe93a6a26fc618d2aa4