opendev/system-config
Code Issues Proposed changes
05e0ffdebc
system-config/.zuul.yaml
Ian Wienand 814e4be128 Ansible roles for backup 
This introduces two new roles for managing the backup-server and hosts
that we wish to back up.

Firstly the "backup" role runs on hosts we wish to backup.  This
generates and configures a separate ssh key for running bup and
installs the appropriate cron job to run the backup daily.

The "backup-server" job runs on the backup server (or, indeed
servers).  It creates users for each backup host, accepts the remote
keys mentioned above and initalises bup.  It is then ready to receive
backups from the remote hosts.

This eliminates a fairly long-standing requirement for manual setup of
the backup server users and keys; this section is removed from the
documentation.

testinfra coverage is added.

Change-Id: I9bf74df351e056791ed817180436617048224d2c
2019-08-05 16:59:57 +10:00

966 lines
31 KiB
YAML
Raw Blame History

- job:
name: puppet-beaker-rspec-puppet-4-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
# Image building jobs
- secret:
name: system-config-dockerhub
data:
username: opendevzuul
password: !encrypted/pkcs1-oaep
- FF2mwsdYo4b9QI/kEmeFdZS32I+OJUac2xy4JEQJaIevRK9E3rQ/11cBn7xX6zelA/htY
hENMM1gGTYO8BKgTVNijFfCiVCTYFJ9efsOrSeMdj2aLcq/OkZFeq8gMHAZDv+3qaiggq
hbDmldgSouNahhJByWMsDjYqnItfR8w1dYisNQBkDEJdNW5+Cin5WgHRYv2skui9pjumU
vWHjwLbITLEjb0hwVErggAzvED4x0UjNEMfb6KCpoXeKdlCaI8h1DXVD9RdQ4s1WvUCro
xwl4AIUyCmdtXbqW787PQ4j8BgdOi8RD40ZTSxpoV/bwT+/NrP3Jj2KVYdEKQJimzXnwL
goDclapu9aFrAaqwWSnWCRc7GQptSZ7DBXmA7MsNinBclWHX/chX5k9Q1+XifAhmKJZqP
ovkzEGtmUjTQZFjvuCtFxIWZEGVtGHDmgEkzevgVCeuHDTeIDlkAvA3+TT+/A70zyYdbP
EHOTSSjCU6RSlJxAXjNb5pzKjpeT7PyX2f4/8Zn3JnwTlfPJ0C7qdEYjQ54hbsKynjrpQ
7f6NN9pAeQS1pid5J7oH4f7YaKM78pnhoTxRl3LmeitIlAG+zCpiT4J+se2eG27ep4aUA
bYuO0L+KBosY6DcvEbR9TqkYLPgJuEPi/6SQr9bBOldEspXXAv9msyCB4VMhVU=
- job:
name: system-config-build-image
parent: opendev-build-docker-image
dependencies: opendev-buildset-registry
abstract: true
- job:
name: system-config-upload-image
parent: opendev-upload-docker-image
dependencies: opendev-buildset-registry
abstract: true
secrets:
name: docker_credentials
secret: system-config-dockerhub
pass-to-parent: true
- job:
name: system-config-promote-image
parent: opendev-promote-docker-image
abstract: true
secrets:
name: docker_credentials
secret: system-config-dockerhub
pass-to-parent: true
# Jinja-init jobs
- job:
name: system-config-build-image-jinja-init
description: Build a jinja-init image.
parent: system-config-build-image
vars: &jinja-init_vars
docker_images:
- context: docker/jinja-init
target: jinja-init
repository: opendevorg/jinja-init
files: &jinja-init_files
- docker/jinja-init/.*
- job:
name: system-config-upload-image-jinja-init
description: Build and upload a jinja-init image.
parent: system-config-upload-image
vars: *jinja-init_vars
files: *jinja-init_files
- job:
name: system-config-promote-image-jinja-init
description: Promote a previously published jinja-init image to latest.
parent: system-config-promote-image
vars: *jinja-init_vars
files: *jinja-init_files
# Gitea-init jobs
- job:
name: system-config-build-image-gitea-init
description: Build a gitea-init image.
parent: system-config-build-image
vars: &gitea-init_vars
docker_images:
- context: docker/gitea-init
target: gitea-init
repository: opendevorg/gitea-init
files: &gitea-init_files
- docker/gitea-init/.*
- job:
name: system-config-upload-image-gitea-init
description: Build and upload a gitea-init image.
parent: system-config-upload-image
vars: *gitea-init_vars
files: *gitea-init_files
- job:
name: system-config-promote-image-gitea-init
description: Promote a previously published gitea-init image to latest.
parent: system-config-promote-image
vars: *gitea-init_vars
files: *gitea-init_files
# Gitea jobs
- job:
name: system-config-build-image-gitea
description: Build a gitea image.
parent: system-config-build-image
vars: &gitea_vars
docker_images:
- context: docker/gitea
target: gitea
repository: opendevorg/gitea
- context: docker/gitea
target: gitea-openssh
repository: opendevorg/gitea-openssh
# Duplicate in the run-gitea job
files: &gitea_files
- docker/gitea/.*
- job:
name: system-config-upload-image-gitea
description: Build and upload a gitea image.
parent: system-config-upload-image
vars: *gitea_vars
files: *gitea_files
- job:
name: system-config-promote-image-gitea
description: Promote a previously published gitea image to latest.
parent: system-config-promote-image
vars: *gitea_vars
files: *gitea_files
# Haproxy-statsd jobs
- job:
name: system-config-build-image-haproxy-statsd
description: Build a haproxy-statsd image.
parent: system-config-build-image
vars: &haproxy-statsd_vars
docker_images:
- context: docker/haproxy-statsd
repository: opendevorg/haproxy-statsd
# Duplicate in the run-gitea job
files: &haproxy-statsd_files
- docker/haproxy-statsd/.*
- job:
name: system-config-upload-image-haproxy-statsd
description: Build and upload a haproxy-statsd image.
parent: system-config-upload-image
vars: *haproxy-statsd_vars
files: *haproxy-statsd_files
- job:
name: system-config-promote-image-haproxy-statsd
description: Promote a previously published haproxy-statsd image to latest.
parent: system-config-promote-image
vars: *haproxy-statsd_vars
files: *haproxy-statsd_files
# Gerrit 2.13 jobs
- job:
name: system-config-build-image-gerrit-2.13
description: Build a gerrit 2.13 image.
parent: system-config-build-image
vars: &gerrit_vars_2_13
docker_images:
# The 2.13 image doesn't build from source, but from existing war file
- context: docker/gerrit/2.13
repository: opendevorg/gerrit
path: /home/zuul/src/opendev.org/opendev/system-config
tags:
- 2.13
files: &gerrit_files_2_13
- docker/gerrit/2.13/.*
- job:
name: system-config-upload-image-gerrit-2.13
description: Build and upload a gerrit 2.13 image.
parent: system-config-upload-image
vars: *gerrit_vars_2_13
files: *gerrit_files_2_13
- job:
name: system-config-promote-image-gerrit-2.13
description: Promote a previously published gerrit 2.13 image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_13
files: *gerrit_files_2_13
# Gerrit 2.15 jobs
- job:
name: system-config-build-image-gerrit-2.15
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_2_15
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-2.15
vars: &gerrit_vars_2_15
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.15
files: &gerrit_files_2_15
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-2.15
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_2_15
vars: *gerrit_vars_2_15
files: *gerrit_files_2_15
- job:
name: system-config-promote-image-gerrit-2.15
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_15
files: *gerrit_files_2_15
# Gerrit 2.16 jobs
- job:
name: system-config-build-image-gerrit-2.16
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_2_16
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/codemirror-editor
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-2.16
vars: &gerrit_vars_2_16
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.16
gerrit_additional_plugins:
- codemirror-editor
files: &gerrit_files_2_16
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-2.16
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_2_16
vars: *gerrit_vars_2_16
files: *gerrit_files_2_16
- job:
name: system-config-promote-image-gerrit-2.16
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_16
files: *gerrit_files_2_16
# Gerrit 3.0 jobs
- job:
name: system-config-build-image-gerrit-3.0
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_3_0
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/codemirror-editor
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/delete-project
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/gitiles
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/plugin-manager
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/webhooks
override-checkout: stable-3.0
vars: &gerrit_vars_3_0
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 3.0
gerrit_additional_plugins:
- codemirror-editor
- delete-project
- gitiles
- plugin-manager
- webhooks
files: &gerrit_files_3_0
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-3.0
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_3_0
vars: *gerrit_vars_3_0
files: *gerrit_files_3_0
- job:
name: system-config-promote-image-gerrit-3.0
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_3_0
files: *gerrit_files_3_0
# python-builder jobs
- job:
name: system-config-build-image-python-builder
description: Build a python-builder image.
parent: system-config-build-image
vars: &python-builder_vars
docker_images:
- context: docker/python-builder
repository: opendevorg/python-builder
files: &python-builder_files
- docker/python-builder/.*
- job:
name: system-config-upload-image-python-builder
description: Build and upload a python-builder image.
parent: system-config-upload-image
vars: *python-builder_vars
files: *python-builder_files
- job:
name: system-config-promote-image-python-builder
description: Promote a previously published python-builder image to latest.
parent: system-config-promote-image
vars: *python-builder_vars
files: *python-builder_files
# python-base jobs
- job:
name: system-config-build-image-python-base
description: Build a python-base image.
parent: system-config-build-image
vars: &python-base_vars
docker_images:
- context: docker/python-base
repository: opendevorg/python-base
files: &python-base_files
- docker/python-base/.*
- job:
name: system-config-upload-image-python-base
description: Build and upload a python-base image.
parent: system-config-upload-image
vars: *python-base_vars
files: *python-base_files
- job:
name: system-config-promote-image-python-base
description: Promote a previously published python-base image to latest.
parent: system-config-promote-image
vars: *python-base_vars
files: *python-base_files
# Role integration jobs. These test the top-level generic roles/*
# under Zuul. The range of platforms should be the same as those for
# openstack-zuul-jobs.
#
# NOTE(ianw): 2018-08 have left off Fedora & OpenSUSE because
# no roles currently run on them.
- job:
name: system-config-zuul-role-integration
description: |
Test roles provided by system-config with Zuul
abstract: true
parent: base
run: roles-test/base.yaml
files:
- roles/.*
- job:
name: system-config-zuul-role-integration-xenial
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-xenial
- name: puppet4
label: ubuntu-xenial
groups:
- name: puppet3
nodes:
- base
- name: openafs
nodes:
- base
- job:
name: system-config-zuul-role-integration-bionic
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-bionic
groups:
- name: puppet5
nodes:
- base
- name: openafs
nodes:
- base
- job:
name: system-config-zuul-role-integration-debian-stable
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: debian-stretch
groups:
- name: openafs
nodes:
- base
- project-template:
name: system-config-zuul-role-integration
check:
jobs:
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
gate:
jobs:
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
- job:
name: system-config-run
description: |
Run the "base" playbook for system-config hosts.
This is a parent job designed to be inherited.
abstract: true
pre-run: playbooks/zuul/run-base-pre.yaml
run: playbooks/zuul/run-base.yaml
post-run: playbooks/zuul/run-base-post.yaml
vars:
install_ansible_ara_enable: true
zuul_copy_output: "{{ copy_output | combine(host_copy_output | default({})) }}"
stage_dir: "{{ ansible_user_dir }}/zuul-output"
copy_output:
'/var/log/syslog': logs_txt
'/var/log/messages': logs_txt
'/var/log/docker': logs
host-vars:
bridge.openstack.org:
host_copy_output:
'{{ zuul.project.src_dir }}/junit.xml': logs
- job:
name: system-config-run-base
parent: system-config-run
description: |
Run the "base" playbook on each of the node types
currently in use.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: trusty
label: ubuntu-trusty
- name: xenial
label: ubuntu-xenial
- name: bionic
label: ubuntu-bionic
files:
- playbooks/.*
- roles/.*
- testinfra/.*
- job:
name: system-config-run-base-ansible-devel
parent: system-config-run-base
description: |
Run the base playbook with the latest ansible
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
- name: github.com/philpep/testinfra
- name: openstack/openstacksdk
- name: recordsansible/ara
# NOTE(ianw): 2019-06-11 pinned to stable branch until we handle 1.0
# http://lists.openstack.org/pipermail/openstack-infra/2019-June/006400.html
override-checkout: stable/0.x
vars:
bridge_ansible_name: '{{ ansible_user_dir}}/src/github.com/ansible/ansible'
bridge_ansible_version: null
bridge_openstacksdk_name: '{{ ansible_user_dir }}/src/opendev.org/openstack/openstacksdk'
bridge_openstacksdk_version: null
bridge_ara_name: '{{ ansible_user_dir}}/src/opendev.org/recordsansible/ara'
bridge_ara_version: null
- job:
name: system-config-run-eavesdrop
parent: system-config-run
description: |
Run the playbook for an eavesdrop server.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: eavesdrop01.openstack.org
label: ubuntu-xenial
files:
- playbooks/group_vars/eavesdrop.yaml
- testinfra/test_eavesdrop.py
vars:
run_playbooks:
- playbooks/remote_puppet_else.yaml
- job:
name: system-config-run-letsencrypt
parent: system-config-run
description: |
Run the playbook for letsencrypt key acquisition
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: adns-letsencrypt.opendev.org
label: ubuntu-bionic
- name: letsencrypt01.opendev.org
label: ubuntu-bionic
- name: letsencrypt02.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
- playbooks/service-letsencrypt.yaml
host-vars:
letsencrypt01.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
letsencrypt02.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
files:
- playbooks/group_vars/letsencrypt.yaml
- playbooks/roles/letsencrypt.*
- job:
name: system-config-run-lists
parent: system-config-run
description: |
Run the playbook for a list server.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: lists.openstack.org
label: ubuntu-xenial
files:
- modules/openstack_project/manifests/lists.pp
- playbooks/host_vars/lists.openstack.org.yaml
- roles/exim
vars:
run_playbooks:
- playbooks/remote_puppet_else.yaml
- job:
name: system-config-run-nodepool
parent: system-config-run
description: |
Run the playbook for nodepool.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: nl01.openstack.org
label: ubuntu-xenial
- name: nb01.openstack.org
label: ubuntu-xenial
vars:
run_playbooks:
- playbooks/service-nodepool.yaml
- playbooks/remote_puppet_else.yaml
files:
- playbooks/group_vars/nodepool.yaml
- playbooks/group_vars/nodepool-builder.yaml
- playbooks/group_vars/nodepool-launcher.yaml
- playbooks/roles/configure-openstacksdk/
- playbooks/templates/clouds/
- testinfra/test_nodepool.py
- job:
name: system-config-run-dns
parent: system-config-run
description: |
Run the playbook for dns.
required-projects:
- opendev/zone-opendev.org
- opendev/zone-zuul-ci.org
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: adns1.opendev.org
label: ubuntu-bionic
- name: ns1.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
host-vars:
adns1.opendev.org:
host_copy_output:
'/etc/bind/named.conf': logs
'/var/lib/bind/zones': logs
files:
- playbooks/group_vars/adns.yaml
- playbooks/group_vars/dns.yaml
- ^playbooks/host_vars/(ad)?ns\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/adns.yaml.j2
- playbooks/zuul/templates/group_vars/ns.yaml.j2
- playbooks/roles/master-nameserver/
- playbooks/roles/nameserver/
- testinfra/test_adns.py
- testinfra/test_ns.py
- job:
name: system-config-run-backup
parent: system-config-run
description: |
Run the playbook for backup configuration
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: backup01.region.provider.opendev.org
label: ubuntu-bionic
- name: backup-test01.opendev.org
label: ubuntu-bionic
- name: backup-test02.opendev.org
label: ubuntu-xenial
vars:
run_playbooks:
- playbooks/service-backup.yaml
files:
- .zuul.yaml
- playbooks/roles/backup.*
- playbooks/zuul/templates/host_vars/backup.*
- testinfra/test_backups.py
- job:
name: system-config-run-mirror
parent: system-config-run
description: |
Run the playbook for a mirror node
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: mirror01.openafs.provider.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-letsencrypt.yaml
- playbooks/service-mirror.yaml
files:
- roles/
- playbooks/group_vars/mirror_opendev.yaml
- playbooks/roles/mirror/
- playbooks/roles/letsencrypt.*
- playbooks/service-letsencrypt.yaml
- playbooks/service-mirror.yaml
- playbooks/zuul/templates/group_vars/mirror_opendev.yaml.j2
- testinfra/test_mirror.py
host-vars:
mirror.region.provider.opendev.org:
host_copy_output:
'/var/log/apache2/': logs
- job:
name: system-config-run-mirror-update
parent: system-config-run
description: |
Run the playbook for a mirror update node
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: mirror-update01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-mirror-update.yaml
files:
- roles/
- playbooks/roles/mirror-update/
- playbooks/service-mirror-update.yaml
- testinfra/test_mirror-update.py
- job:
name: system-config-run-docker-registry
parent: system-config-run
description: |
Run the playbook for the docker registry.
dependencies: opendev-buildset-registry
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: insecure-ci-registry01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-registry.yaml
host-vars:
insecure-ci-registry01.opendev.org:
host_copy_output:
'/var/registry/auth': logs
'/var/registry/certs': logs
files:
- playbooks/group_vars/registry.yaml
- ^playbooks/host_vars/insecure-ci-registry\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/registry.yaml.j2
- playbooks/roles/registry/
- testinfra/test_registry.py
- job:
name: system-config-run-gitea
parent: system-config-run
description: |
Run the playbook for the gitea servers.
dependencies: opendev-buildset-registry
timeout: 3600
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: gitea-lb01.opendev.org
label: ubuntu-bionic
- name: gitea99.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-gitea-lb.yaml
- playbooks/remote_puppet_git.yaml
run_test_playbook: playbooks/test-gitea.yaml
host-vars:
gitea99.opendev.org:
host_copy_output:
'/var/gitea/conf': logs
'/var/gitea/certs': logs
'/var/gitea/logs': logs
gitea-lb01.opendev.org:
host_copy_output:
'/var/haproxy/etc': logs
files:
- playbooks/group_vars/gitea.yaml
- playbooks/group_vars/gitea-lb.yaml
- playbooks/zuul/templates/group_vars/gitea.yaml.j2
- playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2
- playbooks/roles/gitea/
- playbooks/roles/gitea-git-repos/
- playbooks/roles/haproxy/
- testinfra/test_gitea.py
- testinfra/test_gitea_lb.py
# From gitea_files -- If we rebuild the image, we want to run
# this job as well.
- docker/gitea/.*
# From haproxy-statsd_files -- If we rebuild the image, we want
# to run this job as well.
- docker/haproxy-statsd/.*
- job:
name: system-config-run-zuul-preview
parent: system-config-run
description: |
Run the playbook for the docker registry.
dependencies: opendev-buildset-registry
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: zp01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-zuul.yaml
files:
- playbooks/roles/zuul-preview/
- testinfra/test_zuul_preview.py
- job:
name: infra-prod-playbook
description: |
Run specified playbook against productions hosts.
This is a parent job designed to be inherited to enabled
CD deployment of our infrastructure. Set playbook_name to
specify the playbook relative to
bridge.openstack.org:/opt/system-config/playbooks
abstract: true
run: playbooks/zuul/run-production-playbook.yaml
vars:
ansible_forks: 5
nodeset:
nodes: []
- job:
name: infra-prod-zuul_reconfigure
parent: infra-prod-playbook
description: |
Perform a full Zuul reconfiguration.
This reloads the tenant config file and clears all configuration
caches.
vars:
playbook_name: zuul_reconfigure.yaml
- project:
templates:
- system-config-zuul-role-integration
- infra-puppet-apply-jobs
- infra-logstash-filter-jobs
- publish-tox-docs-infra
check:
jobs:
- opendev-buildset-registry
- tox-linters
- puppet-beaker-rspec-puppet-4-infra-system-config
- system-config-run-base
- system-config-run-base-ansible-devel:
voting: false
- system-config-run-backup
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-lists
- system-config-run-nodepool
- system-config-run-mirror
- system-config-run-mirror-update
- system-config-run-docker-registry
- system-config-run-gitea:
dependencies:
- name: system-config-build-image-gitea
soft: true
- name: system-config-build-image-haproxy-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-build-image-jinja-init
- system-config-build-image-gitea-init
- system-config-build-image-gitea
- system-config-build-image-gerrit-2.13
- system-config-build-image-gerrit-2.15
- system-config-build-image-gerrit-2.16
- system-config-build-image-gerrit-3.0
- system-config-build-image-haproxy-statsd
- system-config-build-image-python-base
- system-config-build-image-python-builder
gate:
jobs:
- opendev-buildset-registry
- tox-linters
- puppet-beaker-rspec-puppet-4-infra-system-config
- system-config-run-base
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-lists
- system-config-run-nodepool
- system-config-run-mirror
- system-config-run-mirror-update
- system-config-run-docker-registry
- system-config-run-gitea:
dependencies:
- name: system-config-upload-image-gitea
soft: true
- name: system-config-upload-image-haproxy-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-upload-image-jinja-init
- system-config-upload-image-gitea-init
- system-config-upload-image-gitea
- system-config-upload-image-gerrit-2.13
- system-config-upload-image-gerrit-2.15
- system-config-upload-image-gerrit-2.16
- system-config-upload-image-gerrit-3.0
- system-config-upload-image-haproxy-statsd
- system-config-upload-image-python-base
- system-config-upload-image-python-builder
promote:
jobs:
- system-config-promote-image-jinja-init
- system-config-promote-image-gitea-init
- system-config-promote-image-gitea
- system-config-promote-image-gerrit-2.13
- system-config-promote-image-gerrit-2.15
- system-config-promote-image-gerrit-2.16
- system-config-promote-image-gerrit-3.0
- system-config-promote-image-haproxy-statsd
- system-config-promote-image-python-base
- system-config-promote-image-python-builder
View Git Blame Copy Permalink