Commit Graph

9 Commits

Author SHA1 Message Date
Jeremy Stanley
f8bf371583 Install GNU Privacy Guard on Gitea servers
The install-docker role uses the apt-key utility which expects to
have GPG installed, so include the package for it (this seems to
have been manually installed or preinstalled on the images for our
existing Gitea servers, but our new images do not include it).

Change-Id: I28d748fab35e22219a7278603ed984aaa7658ef0
2019-07-24 15:46:50 +00:00
Ian Wienand
482e1110f0 Use systemd-timesyncd on Bionic
There are long-standing issues with ntp start ordering w.r.t unbound
and being able to resolve DNS names.  Things have moved on to
systemd-timesyncd anyway.  Move the ntp start from the generic
locations to only apply to older distros, and use system-timesyncd on
Bionic.  Update testing.

Change-Id: I664539f93242e2c68d0cb1cf95c260f3bc03550d
2019-06-14 13:06:24 +10:00
Ian Wienand
76b48d185b base: Install yaml-mode
Life is not worth living without yaml-mode

Change-Id: I4da6b07999fefd917435e671e683ac143d2663c1
2018-09-11 11:41:00 +10:00
Clark Boylan
f48c8d9bac Install python2.7 on xenial nodes
Ubuntu xenial does not come with python2 by default. In order to
accomodate a transition from trusty nodes to xenial nodes that are
managed by ansible we want to use python2 on trusty and xenial. Then
when a group of nodes are fully xenialed we can force ansible to use
python3 instead.

Eventually we will have no trusty nodes and can default to using
python3 instead and just have to have a small number of exceptions for
centos.

Change-Id: If1d97e25069d6ed5012c147024aad4d921febfc8
2018-08-28 13:08:45 -07:00
David Shrewsbury
6a8707a02d Enable unattended upgrades
Debian gets this from 'unattended-upgrades' and Red Hat family
gets it from yum-cron.

Change-Id: Ie00f6073ad1127b11a89e69816baf47011480dbf
2018-08-28 12:05:15 -04:00
David Shrewsbury
360e0107a7 Add NTP service to base-server
Removes puppet-side ntp setup.

Change-Id: I75a87ca55fd4b75c5715cc3fd2b708e0b0ae2c20
2018-08-27 07:34:25 -07:00
Monty Taylor
eae9a42b4b
Manage sshd config with ansible
We write out a specific sshd config file. Let's do it with ansible.

Change-Id: Ie92b6ec6c8772d31009d1c2a2f7d5558bb38f67a
2018-08-20 11:26:38 -05:00
Monty Taylor
d587307aaf
Make integration tests works
Split base playbook into two plays

The update apt-cache handler from base-repos needs to fire before we run
base-server. Split into two plays so that the handler will fire.

Fix use of first_found

For include_vars, using the lookup version of first_found requires being
explicit about the path to search in as well. We also need to use query
together with loop to get skip to work right.

Extract the list of file locations we look for for distro and platform
specific variables into a variable so that we can reuse it instead of
copy-pasta.

The vim package is vim-nox on ubuntu and vim-minimal on debian.

ntpdate only needs to be enabled on boot, it does not need to be
immediately started. At least, that's what the old puppet was doing and
trying to start it immediately breaks centos integration tests.

emacs-nox is emacs23-nox on trusty.

Change-Id: If3db276a5f6a8f76d7ce8635da8d2cbc316af341
Depends-On: https://review.openstack.org/588326
2018-08-10 12:12:32 -05:00
Monty Taylor
0bb4232586 Add base playbooks and roles to bootstrap a new server
We want to launch a new bastion host to run ansible on. Because we're
working on the transition to ansible, it seems like being able to do
that without needing puppet would be nice. This gets user management,
base repo setup and whatnot installed. It doesn't remove them from the
existing puppet, nor does it change the way we're calling anything that
currently exists.

Add bridge.openstack.org to the disabled group so that we don't try to
run puppet on it.

Change-Id: I3165423753009c639d9d2e2ed7d9adbe70360932
2018-08-01 14:57:44 -07:00