We don't manage the ssl cert (or anything else) on
openstackid-resources.openstack.org. Lets stop checking when its cert
expires as it appears to have auto renewing short term cert validity
(which results in a lot of email).
Change-Id: I9f08a09d76b2862de89a6ee022ade1ac637d9aeb
The mirror that we were using seems to be out of date and not
properly updated, causing jobs to fail.
This fixes this issue by updating from the mirror from Kernel.org
which seems to stable and it has all the needed updated packages.
Change-Id: I079d9dd8a34e24b33ee35d4dad934e8ca4b60cee
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
The exim config chunk has a {{ in it, which makes the ansible jinja
very cranky. Add in a raw block so it doesn't try to understand the
exim.
Change-Id: If49d976e503b6ebe236a2d2c6077cce96783e102
So that we can have complete control of the router order, always
template the full set of routers, including the "default" ones.
So that it's easy to use the defaults but put them in a different
order, define each router in its own variable which can be used
in host or group vars to "copy" that router in.
Apply this change to lists, firehose, and storyboard, all of which
have custom exim routers. Note that firehose intentionally has
its localuser router last.
Change-Id: I737942b8c15f7020b54e350db885e968a93f806a
We want to configure firehose logically as the firehose service, but the
host that is in the group is called firehose01.openstack.org. Make a
group and put the config variables for firehose into it.
Change-Id: I17c8e8a72f41c5e2730af81f70cef81dd3ed7bca
regex_match seems to either not work or not exist or something. match,
otoh, works. Additionally, we get this:
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead
of using `result|match` use `result is match`. This feature will
be removed in version 2.9.
when using the | syntax, so obey the warning and switch to is.
Change-Id: Ie201241a11c08b9fed58c0e1790e8187ee4cf474
Now that we're running with ansible, we can set the futureparser varible
in the group_vars for the futureparser group and stop passing it as a
parameter explicitly.
Change-Id: I41fe283e96bb48a17f2acfe2ffd939223b5345e7
Bridge can run puppet on the remote hosts. Stop running on puppetmaster
so that we can run from bridge. Put it in the disabled group so that we
don't try to run puppet on it from bridge.
Change-Id: Ibcfa7e902c07c55e3a84f8232a11792c5f7d80e9
In order to get puppet out of the business of mucking with exim and
fighting ansible, finish moving the config to ansible.
This introduces a storyboard group that we can use to apply the exim
config across both servers. It also splits the base playbook so that we
can avoid running exim on the backup servers. And we set
purge_apt_sources the same as was set in puppet. We should probably
remove it though, since none of us have any clue why it's here.
Change-Id: I43ee891a9c1beead7f97808208829b01a0a7ced6
The mailing list servers have a more complex exim config. Put the
routers and transports into ansible variables.
While we're doing it, role variables with an exim_ prefix - since 'routers'
as a global variable might be a little broad.
iteritems isn't a thing in python3, only items.
We need to escape the exim config with ${if or{{ - because of the {{
which looks like jinja. Wrap it in a {% raw %} block.
Getting the yaml indentation right for things here is non-trivial. Make
them strings instead.
Add a README.rst file - and use the zuul:rolevar construct in it,
because it's nice.
Change-Id: Ieccfce99a1d278440c5baa207479a1887898298e
Now that we're running more than just "puppet apply", reconnecting
starts to add up. Turn on pipelining.
Change-Id: If629485a0e602f1a906fef0cabd73154243d7e3d
Instead of just having bridge be disabled, make a puppet group that it's
not a part of and switch the remote_puppet_else playbook to use that.
Change-Id: Ifb96ce483fc5675d095723bda70242a425bdc619
Previously we assumed ethercalc01 was the backup destination but we've
recently migrated to a new ethercalc02 running on Xenial. Update the bup
puppetry to use the hostname as the backup target on the remote server.
Change-Id: Ie3854d9cf0f154bcb15aa1e4655a764caa3c8506
This is a setup for the next patch, to allow us to roll the change out.
Update the roles path to point to the system-config roles dir.
Change-Id: I6bcf36beba8e65c9dd8ddf9f4a99d0308f42c565
We want email to work.
Add a default value so that integration tests work - and update the
template so that if the value in the alias mapping is empty we don't
write out a half-formed alias.
Enable the epel repo on CentOS nodes in base-repos. This is done in
install_puppet.sh, but install_puppet.sh doesn't get run on ansible-only
nodes.
Change-Id: I68ad9f66c3b8672d9642c7764e50adac9cafdaf9
ansible-role-puppet attempts to infer where it should copy hieradata
from based on puppet3 or puppet4. On bridge there is no puppet and thus
there is no puppet version. Set mgmt_hieradata to tell
ansible-role-puppet from where it should copy hiera secrets.
Change-Id: I0c518b8a5a8ee2155e2125d6bc7f4e0a3bf4faeb
We don't really need to keep these in here. We can put a user in the
remove group without them being in this list.
Change-Id: I321d489d4202272e36d25c5b8913ca7cdda25fdd
Split base playbook into two plays
The update apt-cache handler from base-repos needs to fire before we run
base-server. Split into two plays so that the handler will fire.
Fix use of first_found
For include_vars, using the lookup version of first_found requires being
explicit about the path to search in as well. We also need to use query
together with loop to get skip to work right.
Extract the list of file locations we look for for distro and platform
specific variables into a variable so that we can reuse it instead of
copy-pasta.
The vim package is vim-nox on ubuntu and vim-minimal on debian.
ntpdate only needs to be enabled on boot, it does not need to be
immediately started. At least, that's what the old puppet was doing and
trying to start it immediately breaks centos integration tests.
emacs-nox is emacs23-nox on trusty.
Change-Id: If3db276a5f6a8f76d7ce8635da8d2cbc316af341
Depends-On: https://review.openstack.org/588326
The puppet 4 tests are passing for etherpad_lite so let's try it out for
real.
Depends-on: https://review.openstack.org/590023
Change-Id: Ia91bd3950c9f48505a3024a16300091cf42d7f69
