- hosts: "!disabled" name: "Base: set up users and base package repositories on all hosts" roles: - users - base-repos # Run base-server seperately so that the update apt cache handler in base-repos # fires before we run base-server - hosts: "!disabled" name: "Base: set up common environment on all hosts" roles: - base-server - timezone - unbound - exim # Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack. # TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will # need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first. - hosts: "!disabled:!kubernetes" name: "Base: set up firewall rules" roles: - snmpd - iptables - hosts: bridge.openstack.org:!disabled name: "Base: configure cloud credentials on bridge" roles: - install-kubectl - configure-kubectl tasks: - include_role: name: configure-openstacksdk vars: openstacksdk_config_file: '{{ openstacksdk_config_dir }}/all-clouds.yaml' openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2 - include_role: name: configure-openstacksdk vars: openstacksdk_config_template: clouds/bridge_clouds.yaml.j2 - hosts: nodepool-launcher:nodepool-builder:!disabled name: "Base: configure OpenStackSDK on nodepool" strategy: free roles: - minimal-nodepool - configure-openstacksdk - configure-kubectl - hosts: "puppet:!disabled" name: "Base: install and configure puppet on puppet hosts" roles: - puppet-install - disable-puppet-agent - hosts: adns:!disabled name: "Base: configure adns server" roles: - master-nameserver - hosts: "ns1.opendev.org:ns2.opendev.org:!disabled" name: "Base: configure authoritative nameservers" roles: - nameserver - hosts: "docker:!disabled" name: "Base: install and configure docker on docker hosts" roles: - install-docker - hosts: "registry:!disabled" name: "Base: configure registry" roles: - install-docker - registry - hosts: "gitea:!disabled" name: "Base: configure gitea" roles: - install-docker - gitea - hosts: "gitea-lb:!disabled" name: "Base: configure gitea load balancer" roles: - install-docker - haproxy - hosts: "zuul-preview:!disabled" name: "Base: configure zuul-preview" roles: - install-docker - zuul-preview