system-config/playbooks/service-bridge.yaml

67 lines
2.4 KiB
YAML

- hosts: bastion:!disabled
name: "Bridge: configure the bastion host"
roles:
- iptables
- edit-secrets-script
- install-docker
tasks:
# Skip as no arm64 support available; only used for gate testing,
# where we can't mix arm64 and x86 nodes, so need a minimally
# working bridge to drive the tests for mirrors/nodepool
# etc. things.
- name: Install openshift/kubectl
when: ansible_architecture != 'aarch64'
block:
- include_role:
name: install-kubectl
- include_role:
name: configure-kubectl
- include_role:
name: configure-openstacksdk
vars:
openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2
- name: Get rid of all-clouds.yaml
file:
state: absent
path: '/etc/openstack/all-clouds.yaml'
- name: Install rackspace DNS backup tool
include_role:
name: rax-dns-backup
# NOTE: we have hard-coded the active bridge here because we only want
# to install this on the currently active production bridge that will
# execute this reboot cycle (we don't have two bastion hosts usually,
# but if we are bootstrapping a new one there may be a period where
# both have credentials). For testing we also allow it to install on
# the system-config-run host -- but it will not have the credentials
# to actually do anything there if it does fire.
- hosts: bridge01.opendev.org:bridge99.opendev.org:!disabled
name: Install reboot jobs
tasks:
- name: Automated Zuul cluster reboots and updates
# Note this is run via cron because a zuul job can't run this playbook
# as the playbook relies on all jobs ending for graceful stops on the
# executors.
cron:
name: "Zuul cluster restart"
# Start Sundays at 00:01 UTC.
# Estimated completion time Sunday at 18:00 UTC.
minute: 1
hour: 0
weekday: 6
job: "flock -n /var/run/zuul_reboot.lock /usr/local/bin/ansible-playbook -f 20 /home/zuul/src/opendev.org/opendev/system-config/playbooks/zuul_reboot.yaml >> /var/log/ansible/zuul_reboot.log 2>&1"
- name: Rotate Zuul restart logs
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/ansible/zuul_reboot.log
logrotate_frequency: weekly
- name: Install node launcher
include_role:
name: install-launch-node