Testinfra works with Ansible 2.8.0 now, so we can update
bridge.opendev.org to the latest version. This also needs an ARA
update; bring it to the latest 0.16.4 release.
Update test-requirements so that tox/ansible-lint use Ansible 2.8.0
too. See note inline about dependencies.
Note we replace import_tasks with include_tasks in handlers to address
this porting issue:
https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
Change-Id: I7ed75d253857f86b68f67023af6897af4e1b4f50
This is a first step toward making smaller playbooks which can be
run by Zuul in CD.
Zuul should be able to handle missing projects now, so remove it
from the puppet_git playbook and into puppet.
Make the base playbook be merely the base roles.
Make service playbooks for each service.
Remove the run-docker job because it's covered by service jobs.
Stop testing that puppet is installed in testinfra. It's accidentally
working due to the selection of non-puppeted hosts only being on
bionic nodes and not installing puppet on bionic. Instead, we can now
rely on actually *running* puppet when it's important, such as in the
eavesdrop job. Also remove the installation of puppet on the nodes in
the base job, since it's only useful to test that a synthetic test
of installing puppet on nodes we don't use works.
Don't run remote_puppet_git on gitea for now - it's too slow. A
followup patch will rework gitea project creation to not take hours.
Change-Id: Ibb78341c2c6be28005cea73542e829d8f7cfab08
We want to trigger ansible runs on bridge.o.o from zuul jobs. First
iteration of this tried to login as root but this is not allowed by our
ssh config. That config seems reasonable so we add a zuul user instead
which we can ssh in as then run things as root from zuul jobs. This
makes use of our existing user management system.
Change-Id: I257ebb6ffbade4eb645a08d3602a7024069e60b3
This adds a script that will wrap emacs with gpg-agent when editing the
secrets file. This avoids issues with rogue gpg-agents running on the
system.
Change-Id: Ic3cc73b5c25eab2ede41d8ca05b5695b817973d9
This change takes the ARA report from the "inner" run of the base
playbooks on our bridge.o.o node and publishes it into the final log
output. This is then displayed by the middleware.
Create a new log hierarchy with a "bridge.o.o" to make it clear the
logs here are related to the test running on that node. Move the
ansible config under there too.
Change-Id: I74122db09f0f712836a0ee820c6fac87c3c9c734
Rename install_openstacksdk to install_ansible_opensatcksdk to make it
clear this is part of the install-ansible role, and it's the
openstacksdk version used with ansible (might be important if we
switch to virtualenvs). This also clears up inconsistency when we add
ARA install options too.
Change-Id: Ie8cb3d5651322b3f6d2de9d6d80964b0d2822dce
This installs Ansible 2.7.3 on bridge.o.o to incorporate fixes for [1]
which is currently stopping the cloud-launcher from running.
Currently every run it hits citycloud Lon1 and tries to delete it's
router
TASK [cloud-launcher : Processing router openstackci-router1 for openstackci-citycloud Lon1] ***
Monday 12 November 2018 04:07:48 +0000 (0:00:00.430) 0:07:45.811 *******
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error
detaching interface from router c7197a8f-096a-4488-a3ae-16fdce0ea580
... cannot be deleted, as it is required by one or more floating
IPs."}
Although it doesn't succeed, it's probably better that it isn't even
trying...
A prior version of this installed the unreleased stable branch to
bring this in, but didn't end up with enough reviews. I've left
behind how to do that as a breadcrumb should we need to do similar in
the future (we do seem to have a nack of tickling Ansible bugs :)
[1] 951572bec1
Change-Id: I8f112ba994040c52c7b3c7ee6fd6f5a69fd22919
Similar to the pinning introduced in
Ic465efb637c0a1eb475f04b0b0e356d8797ecdeb, use the "latest"
openstacksdk package and allow for passing of pinned versions if
required.
Update the devel test to also use the master of opensatcksdk
Change-Id: I4b437ca9024c87903bdd3569c8309cde725ce28e
This adds arguments to "install-ansible" to allow us to specify the
package name and version.
This is used to pin bridge.o.o to 2.7.0 (see
I9cf4baf1b15893f0c677567f5afede0d0234f0b2).
A new job is added to test against the ansible-devel branch. Added as
voting for now, until it proves to be a concern.
Change-Id: Ic465efb637c0a1eb475f04b0b0e356d8797ecdeb
Allow post-review jobs running under system-config and project-config
to ssh into bridge in order to run Ansible.
Change-Id: I841f87425349722ee69e2f4265b99b5ee0b5a2c8
In run_all, we start a bunch of plays in sequence, but it's difficult
to tell what they're doing until you see the tasks. Name the plays
themselves to produce a better narrative structure.
Change-Id: I0597eab2c06c6963601dec689714c38101a4d470
This formerly ran on puppetmaster.openstack.org but needs to be
transitioned to bridge.openstack.org so that we properly configure new
clouds.
Depends-On: https://review.openstack.org/#/c/598404
Change-Id: I2d1067ef5176ecabb52815752407fa70b64a001b
According to the Ubuntu 12.04 release notes, up until Ubuntu 11.10
admin access was granted via the "admin" unix group, but was changed
to the "sudo" group to be more consistent with Debian et al.
Remove the now unnecessary group
Modify the install-ansible role to set some directory ownership to
root:root; there didn't seem to be any reason to use admin here.
This means the "users" role is no longer required in the bridge.yaml,
as it is run from the base playbook anyway.
Change-Id: I6a7fdd460fb472f0d3468eb080aebbb010931e11
Normally the bridge playbook runs as root on bridge. In order to
allow zuul to bootstrap a bridge-like node in its tests while running
as the zuul user, add become: true to the playbook. This will have
no effect on bridge itself, but will cause the playbook to behave
in the same manner in tests.
Also add the "users" role to bridge. This is in the base playbook
and is therefore eventually run on bridge. However it needs to also
be in the bridge playbook in order to bootstrap bridge correctly, as
the install-ansible role references groups which are created in the
users role.
Change-Id: If311914e9e632d8be855fff0a62528dd191bf1d0
Puppet cron is no longer being run on puppetmaster (yay!) so start
running it in cron from bridge.
Change-Id: Idc579a2660a5450092544c21a2e9e6cb9688e5f9
We copied this over from puppetmaster, but let's manage it in ansible.
The key has been renamed in host_vars on bridge.openstack.org already.
Change-Id: Ia102dbe2ae2836880092b8997cb99135f5197b00
There is a shared caching infrastructure in ansible now for inventory
and fact plugins. It needs to be configured so that our inventory access
isn't slow as dirt.
Unfortunately the copy of openstack.py in 2.6 is busted WRT to caching
because the internal API changed ... and we didn't have any test jobs
set up for it. This also includes a fixed copy of the plugin and
installs it into the a plugin dir.
Change-Id: Ie92e5d7eac4b7e4060a4e07cb29c5a6f2a16ae18