Currently our puppet-requiring hosts (all !bridge) do not manage their
puppet installs. This is OK for existing servers, but new servers
come up without puppet installed.
This is playbooks to manage puppet installs on hosts. It is mostly a
port of the relevant parts of ./install_puppet.sh for our various
control-plane platforms.
Basic testing with zuul-integration jobs is added. Using this in the
control-plane base.yaml playbooks will be a follow-on.
Change-Id: Id5b2f5eb0f1ade198acf53a7c886dd5b3ab79816
The top-level roles in roles/* should be usable as roles under Zuul
and as generic Ansible roles (for control plane).
Add an integration job to ensure this. Start with the kerberos and
afs roles.
Change-Id: I9f5d572d5f69ca4b58e6e62b06fc873fe7a1e2f0
Contains a handler to restart crond when tz is changed. Cron service
name differs across distros.
Removes the puppet-timezone usage.
Change-Id: I4e45d0e0ed37214ac491f373ff2d37750e720718
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
This is used in a handler which may be run after intervening roles;
ensure it has a unique variable name.
Change-Id: I6a3d856d3252ff62220d9769232e31ea7c4f9080
Fix indents of some pages, the wrong indent let to gray bars besides
them.
Also, fix a typo and add some markup.
Change-Id: I6e7126ef7b782b376efcc7c6d69c6de9a504ddb5
According to the Ubuntu 12.04 release notes, up until Ubuntu 11.10
admin access was granted via the "admin" unix group, but was changed
to the "sudo" group to be more consistent with Debian et al.
Remove the now unnecessary group
Modify the install-ansible role to set some directory ownership to
root:root; there didn't seem to be any reason to use admin here.
This means the "users" role is no longer required in the bridge.yaml,
as it is run from the base playbook anyway.
Change-Id: I6a7fdd460fb472f0d3468eb080aebbb010931e11
This adds a job which creates a bridge-like node and bootstraps it,
and then runs the base playbook against all of the node types we
use in our control plane. It uses testinfra to validate the results.
Change-Id: Ibdbaf511bbdaee46e1335f2c83b95ba1553a1d94
Depends-On: https://review.openstack.org/595905
Normally the bridge playbook runs as root on bridge. In order to
allow zuul to bootstrap a bridge-like node in its tests while running
as the zuul user, add become: true to the playbook. This will have
no effect on bridge itself, but will cause the playbook to behave
in the same manner in tests.
Also add the "users" role to bridge. This is in the base playbook
and is therefore eventually run on bridge. However it needs to also
be in the bridge playbook in order to bootstrap bridge correctly, as
the install-ansible role references groups which are created in the
users role.
Change-Id: If311914e9e632d8be855fff0a62528dd191bf1d0
The role sets up a host as an OpenAFS client.
As noted in the README, OpenAFS is not available in every
distribution, or on every architecture. The goal is to provide
sensible defaults but allow for flexibility.
This is largely a port of the client parts of
openstack-infra/puppet-openafs.
This is a generic role because it will be used from Zuul jobs
(wheel-builds) and in the control-plane (servers mounting AFS)
Tested-By: https://review.openstack.org/589335
Needed-By: https://review.openstack.org/590636
Change-Id: Iaaa18194baca4ebd37669ea00505416ebf6c884c
A role to setup a host as a kerberos client
This is largely a port of the client ports of
openstack-infra/puppet-kerberos.
This is a generic role because it will be used from Zuul jobs
(wheel-builds) and in the control-plane (servers mounting AFS)
Tested-By: https://review.openstack.org/589335
Needed-By: https://review.openstack.org/590636
Change-Id: I4b38ea7ec2325071a67068555ef47e15d559c18e
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.
Update the linters jobs to look for roles in the top level
Update the Role documentation to explain what the split in roles is
about.
Change-Id: I6b49d2a4b120141b3c99f5f1e28c410da12d9dc3
These role docs aren't exactly War and Peace, but I think longer term
as we fiddle about making things generic or not and moving them
around, we'll be better off having kept ourselves to writing
*something*.
Add terse README.rst files for all existing roles, and add simple
linter check to ensure new roles get them too.
Change-Id: Ibc836310fb8a45e12c2e31f112d92509ac350413
This filter is unsued in the role, remove it.
This allows it to be run under zuul and can be moved into the
top-level role/ directory later.
Change-Id: Ice97f0c3c9f52b6bf9f48c7b16d577e555924034
Since we're building out roles in system-config now, generate
documentation. We look in roles/* and playbook/roles/* (follow-on
changes will split things up between the two).
Correct the reference names in the exim documentation to avoid
warnings and failure.
This also revealed a single unicode character in the exim readme
(which caused prior versions of zuul-sphinx to barf). For fun, see if
you can find it!
Depends-On: https://review.openstack.org/#/c/579474/
Change-Id: I243a96bbd6d09560f8aa80b6345b90039422547a
