- hosts: bastion:!disabled name: "Bridge: configure the bastion host" roles: - iptables - edit-secrets-script - install-docker tasks: # Skip as no arm64 support available; only used for gate testing, # where we can't mix arm64 and x86 nodes, so need a minimally # working bridge to drive the tests for mirrors/nodepool # etc. things. - name: Install openshift/kubectl when: ansible_architecture != 'aarch64' block: - include_role: name: install-kubectl - include_role: name: configure-kubectl - include_role: name: configure-openstacksdk vars: openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2 - name: Get rid of all-clouds.yaml file: state: absent path: '/etc/openstack/all-clouds.yaml' - name: Install rackspace DNS backup tool include_role: name: rax-dns-backup # NOTE: we have hard-coded the active bridge here because we only want # to install this on the currently active production bridge that will # execute this reboot cycle (we don't have two bastion hosts usually, # but if we are bootstrapping a new one there may be a period where # both have credentials). For testing we also allow it to install on # the system-config-run host -- but it will not have the credentials # to actually do anything there if it does fire. - hosts: bridge01.opendev.org:bridge99.opendev.org:!disabled name: Install reboot jobs tasks: - name: Automated Zuul cluster reboots and updates # Note this is run via cron because a zuul job can't run this playbook # as the playbook relies on all jobs ending for graceful stops on the # executors. cron: name: "Zuul cluster restart" # Start Sundays at 00:01 UTC. # Estimated completion time Sunday at 18:00 UTC. minute: 1 hour: 0 weekday: 6 job: "flock -n /var/run/zuul_reboot.lock /usr/local/bin/ansible-playbook -f 20 /home/zuul/src/opendev.org/opendev/system-config/playbooks/zuul_reboot.yaml >> /var/log/ansible/zuul_reboot.log 2>&1" - name: Rotate Zuul restart logs include_role: name: logrotate vars: logrotate_file_name: /var/log/ansible/zuul_reboot.log logrotate_frequency: weekly - name: Install node launcher include_role: name: install-launch-node