opendev/system-config
Code Issues Proposed changes
07d453d4e6
system-config/zuul.d/project.yaml
Ian Wienand be992b3bb6
infra-prod: run job against linaro 
We have access to manage the linaro cloud, but we don't want to
completely own the host as it has been configured with kolla-ansible;
so we don't want to take over things like name resolution, iptables
rules, docker installation, etc.

But we would like to manage some parts of it, like rolling out our
root users, some cron jobs, etc.  While we could just log in and do
these things, it doesn't feel very openinfra.

This allows us to have a group "unmanaged" that skips the base jobs.
The base playbook is updated to skip these hosts.

For now, we add a cloud-linaro prod job that just does nothing so we
can validate the whole thing.  When it's working, I plan to add a few
things as discussed above.

Change-Id: Ie8de70cbac7ffb9d727a06a349c3d2a3b3aa0b40
2023-03-15 12:00:25 +11:00

660 lines
27 KiB
YAML
Raw Blame History

- project:
templates:
- system-config-zuul-role-integration
- system-config-gerrit-images
- system-config-puppet-apply-jobs
check:
jobs:
- opendev-tox-docs
- opendev-buildset-registry
- tox-linters:
timeout: 3600
- system-config-run-base
- system-config-run-base-ansible-devel:
voting: false
- system-config-run-borg-backup
- system-config-run-dns
- system-config-run-eavesdrop:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-accessbot
soft: true
- name: system-config-build-image-ircbot
soft: true
- name: system-config-build-image-matrix-eavesdrop
soft: true
- system-config-run-codesearch:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-hound
soft: true
- system-config-run-kerberos
- system-config-run-lists
- system-config-run-lists3:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-mailman
soft: true
- system-config-run-nodepool:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-zookeeper-statsd
soft: true
- system-config-run-meetpad
- system-config-run-mirror-x86
- system-config-run-mirror-update
- system-config-run-paste:
dependencies:
- name: opendev-buildset-registry
- system-config-run-static
- system-config-run-docker-registry
- system-config-run-etherpad:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-etherpad
soft: true
- system-config-run-gitea:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-gitea
soft: true
- name: system-config-build-image-haproxy-statsd
soft: true
- system-config-run-grafana:
dependencies:
- name: opendev-buildset-registry
- system-config-run-graphite
- system-config-run-keycloak
- system-config-run-review-3.6:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-gerrit-3.6
soft: true
- system-config-run-review-3.7:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-gerrit-3.7
soft: true
- system-config-upgrade-review:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-gerrit-3.6
soft: true
- name: system-config-build-image-gerrit-3.7
soft: true
- system-config-build-image-refstack
- system-config-run-refstack:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-refstack
soft: true
- system-config-run-tracing
- system-config-run-zookeeper:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-zookeeper-statsd
soft: true
- system-config-run-zuul:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-zookeeper-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-build-image-assets
- system-config-build-image-jinja-init:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-base-3.9-bullseye
soft: true
- system-config-build-image-gitea-init:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-jinja-init
soft: true
- system-config-build-image-hound:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-base-3.9-bullseye
soft: true
- system-config-build-image-etherpad
- system-config-build-image-mailman
- system-config-build-image-gitea:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-assets
soft: true
- system-config-build-image-haproxy-statsd:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-base-3.9-bullseye
soft: true
- system-config-build-image-zookeeper-statsd:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-base-3.9-bullseye
soft: true
- system-config-build-image-accessbot:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-base-3.9-bullseye
soft: true
- system-config-build-image-ircbot:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-builder-3.9-bullseye
soft: true
- system-config-build-image-matrix-eavesdrop:
dependencies:
- name: opendev-buildset-registry
- name: system-config-build-image-python-builder-3.9-bullseye
soft: true
- system-config-build-image-python-base-3.9-bullseye
- system-config-build-image-python-base-3.10-bullseye
- system-config-build-image-python-base-3.11-bullseye
- system-config-build-image-python-builder-3.9-bullseye
- system-config-build-image-python-builder-3.10-bullseye
- system-config-build-image-python-builder-3.11-bullseye
- system-config-build-image-uwsgi-base-3.9-bullseye
- system-config-build-image-uwsgi-base-3.10-bullseye
- system-config-build-image-uwsgi-base-3.11-bullseye
check-arm64:
jobs:
- system-config-run-base-arm64
- system-config-run-mirror-arm64
gate:
jobs:
- opendev-tox-docs
- opendev-buildset-registry
- tox-linters:
timeout: 3600
- system-config-run-base
- system-config-run-borg-backup
- system-config-run-dns
- system-config-run-eavesdrop:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-accessbot
soft: true
- name: system-config-upload-image-ircbot
soft: true
- name: system-config-upload-image-matrix-eavesdrop
soft: true
- system-config-run-codesearch:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-hound
soft: true
- system-config-run-kerberos
- system-config-run-lists
- system-config-run-lists3:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-mailman
soft: true
- system-config-run-nodepool:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-zookeeper-statsd
soft: true
- system-config-run-meetpad
- system-config-run-mirror-x86
- system-config-run-mirror-update
- system-config-run-paste:
dependencies:
- name: opendev-buildset-registry
- system-config-run-static
- system-config-run-docker-registry
- system-config-run-etherpad:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-etherpad
soft: true
- system-config-run-gitea:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-gitea
soft: true
- name: system-config-upload-image-haproxy-statsd
soft: true
- system-config-run-grafana:
dependencies:
- name: opendev-buildset-registry
- system-config-run-graphite
- system-config-run-keycloak
- system-config-run-review-3.6:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-gerrit-3.6
soft: true
- system-config-run-review-3.7:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-gerrit-3.7
soft: true
- system-config-run-refstack:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-refstack
soft: true
- system-config-run-tracing
- system-config-run-zookeeper:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-zookeeper-statsd
soft: true
- system-config-run-zuul:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-zookeeper-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-upload-image-jinja-init:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-base-3.9-bullseye
soft: true
- system-config-upload-image-gitea-init:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-jinja-init
soft: true
- system-config-upload-image-hound
- system-config-upload-image-assets
- system-config-upload-image-etherpad
- system-config-upload-image-mailman
- system-config-upload-image-gitea:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-assets
soft: true
- system-config-upload-image-refstack
- system-config-upload-image-haproxy-statsd:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-base-3.9-bullseye
soft: true
- system-config-upload-image-zookeeper-statsd:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-base-3.9-bullseye
soft: true
- system-config-upload-image-accessbot:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-base-3.9-bullseye
soft: true
- system-config-upload-image-ircbot:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-builder-3.9-bullseye
soft: true
- system-config-upload-image-matrix-eavesdrop:
dependencies:
- name: opendev-buildset-registry
- name: system-config-upload-image-python-builder-3.9-bullseye
soft: true
- system-config-upload-image-python-base-3.9-bullseye
- system-config-upload-image-python-base-3.10-bullseye
- system-config-upload-image-python-base-3.11-bullseye
- system-config-upload-image-python-builder-3.9-bullseye
- system-config-upload-image-python-builder-3.10-bullseye
- system-config-upload-image-python-builder-3.11-bullseye
- system-config-upload-image-uwsgi-base-3.9-bullseye
- system-config-upload-image-uwsgi-base-3.10-bullseye
- system-config-upload-image-uwsgi-base-3.11-bullseye
promote:
jobs:
- opendev-promote-docs
deploy:
jobs:
- system-config-promote-image-assets
- system-config-promote-image-hound
- system-config-promote-image-jinja-init
- system-config-promote-image-gitea-init
- system-config-promote-image-gitea
- system-config-promote-image-etherpad
- system-config-promote-image-mailman
- system-config-promote-image-haproxy-statsd
- system-config-promote-image-zookeeper-statsd
- system-config-promote-image-accessbot
- system-config-promote-image-refstack
- system-config-promote-image-ircbot
- system-config-promote-image-matrix-eavesdrop
- system-config-promote-image-python-base-3.9-bullseye
- system-config-promote-image-python-base-3.10-bullseye
- system-config-promote-image-python-base-3.11-bullseye
- system-config-promote-image-python-builder-3.9-bullseye
- system-config-promote-image-python-builder-3.10-bullseye
- system-config-promote-image-python-builder-3.11-bullseye
- system-config-promote-image-uwsgi-base-3.9-bullseye
- system-config-promote-image-uwsgi-base-3.10-bullseye
- system-config-promote-image-uwsgi-base-3.11-bullseye
# NOTE: infra-prod-* jobs have a hierarchy below that ensure
# they can run in parallel. We are deliberately keeping their
# dependencies here rather than job definitions to help keep
# these relationships clear.
# This installs the ansible on bridge that all the infra-prod
# jobs will run with. Note the jobs use this ansible to then
# run against zuul's checkout of system-config.
- infra-prod-bootstrap-bridge
# From now on, all jobs should depend on base
- infra-prod-base: &infra-prod-base
dependencies:
- name: infra-prod-bootstrap-bridge
soft: true
# Legacy puppet hosts
- infra-prod-remote-puppet-else: &infra-prod-remote-puppet-else
dependencies:
- name: infra-prod-base
soft: true
#
# Only depends on base, or amongst themselves.
#
- infra-prod-service-bridge: &infra-prod-service-bridge
dependencies:
- name: infra-prod-base
soft: true
- infra-prod-run-cloud-launcher: &infra-prod-run-cloud-launcher
dependencies:
# depends on the cloud config written out by
# service-bridge
- name: infra-prod-service-bridge
soft: true
- infra-prod-service-kerberos: &infra-prod-service-kerberos
dependencies:
- name: infra-prod-base
soft: true
- infra-prod-service-afs: &infra-prod-service-afs
dependencies:
- name: infra-prod-base
soft: true
# NOTE(ianw) in theory we'd want auth changes before
# updating services like openafs using them. Not sure
# in practice this matters much; we very rarely change
# things here anyway.
- name: infra-prod-service-kerberos
soft: true
- infra-prod-service-nameserver: &infra-prod-service-nameserver
dependencies:
- name: infra-prod-base
soft: true
- infra-prod-service-mirror-update: &infra-prod-service-mirror-update
dependencies:
- name: infra-prod-base
soft: true
- infra-prod-cloud-linaro: &infra-prod-cloud-linaro
dependencies:
- name: infra-prod-base
soft: true
#
# Hosts using certificates and backups
#
# Hosts that backup should depend on this as this will create
# the users and deploy the keys required for the borg-backup
# role to work.
- infra-prod-service-borg-backup: &infra-prod-service-borg-backup
dependencies:
- name: infra-prod-base
soft: true
# Hosts that have letsencrypt certs should depend on this, as
# it will write out the key material before they try to start
# services that depend on it. For simplicity, we parent to
# this job.
- infra-prod-letsencrypt: &infra-prod-letsencrypt
dependencies:
- name: infra-prod-base
soft: true
- name: infra-prod-service-nameserver
soft: true
# letsencrypt depdencies. keep in alphabetical order
- infra-prod-service-codesearch: &infra-prod-service-codesearch
dependencies:
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-hound
soft: true
- infra-prod-service-eavesdrop: &infra-prod-service-eavesdrop
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-ircbot
soft: true
- name: system-config-promote-image-matrix-eavesdrop
soft: true
- infra-prod-service-etherpad: &infra-prod-service-etherpad
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-etherpad
soft: true
- infra-prod-service-gitea: &infra-prod-service-gitea
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-gitea
soft: true
- infra-prod-service-gitea-lb: &infra-prod-service-gitea-lb
dependencies:
- name: system-config-promote-image-haproxy-statsd
soft: true
- infra-prod-service-grafana: &infra-prod-service-grafana
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-graphite: &infra-prod-service-graphite
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-keycloak: &infra-prod-service-keycloak
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-meetpad: &infra-prod-service-meetpad
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-lists: &infra-prod-service-lists
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-lists3: &infra-prod-service-lists3
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-mailman
soft: true
- infra-prod-service-mirror: &infra-prod-service-mirror
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-nodepool: &infra-prod-service-nodepool
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-static: &infra-prod-service-static
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-paste: &infra-prod-service-paste
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-registry: &infra-prod-service-registry
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-refstack: &infra-prod-service-refstack
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-refstack
soft: true
- infra-prod-service-review: &infra-prod-service-review
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-gerrit-3.6
soft: true
- infra-prod-service-tracing: &infra-prod-service-tracing
dependencies:
- name: infra-prod-letsencrypt
soft: true
- infra-prod-service-zookeeper: &infra-prod-service-zookeeper
dependencies:
- name: infra-prod-letsencrypt
soft: true
- name: system-config-promote-image-zookeeper-statsd
soft: true
- infra-prod-service-zuul: &infra-prod-service-zuul
dependencies:
- name: infra-prod-service-borg-backup
soft: true
- name: infra-prod-letsencrypt
soft: true
# should reconfigure after any project updates
- name: infra-prod-manage-projects
soft: true
- infra-prod-service-zuul-lb: &infra-prod-service-zuul-lb
dependencies:
- name: system-config-promote-image-haproxy-statsd
soft: true
- infra-prod-service-zuul-preview: &infra-prod-service-zuul-preview
dependencies:
- name: infra-prod-letsencrypt
soft: true
#
# Jobs that run as secondary steps
#
# accessbot should run on a setup eavesdrop host
- infra-prod-run-accessbot: &infra-prod-run-accessbot
dependencies:
- name: infra-prod-base
soft: true
- name: infra-prod-service-eavesdrop
soft: true
- name: system-config-promote-image-accessbot
soft: true
# manage-projects runs jeepyb etc. and should run on
# a setup review host. also sets up gitea
- infra-prod-manage-projects: &infra-prod-manage-projects
dependencies:
- name: infra-prod-base
soft: true
- name: infra-prod-service-review
soft: true
- name: infra-prod-service-gitea
soft: true
- name: system-config-promote-image-gerrit-3.6
soft: true
# Note that this job also runs from project-config, so we
# match system-config specific files here rather than the
# job definition.
files:
- inventory/.*
- playbooks/manage-projects.yaml
- inventory/service/group_vars/review.yaml
- inventory/service/group_vars/gitea.yaml
- inventory/service/host_vars/gitea
- inventory/service/host_vars/review
- playbooks/roles/gitea-git-repos/
- playbooks/roles/gerrit/defaults/main.yaml
- playbooks/roles/gerrit/tasks/manage-projects.yaml
periodic:
jobs:
- developer-openstack-goaccess-report
- docs-opendev-goaccess-report
- docs-openstack-goaccess-report
- docs-starlingx-goaccess-report
- governance-openstack-goaccess-report
- releases-openstack-goaccess-report
- security-openstack-goaccess-report
- specs-openstack-goaccess-report
- tarballs-opendev-goaccess-report
- zuul-ci-goaccess-report
# Nightly runs of ansible things for catchup
# Keep in order from above
- infra-prod-bootstrap-bridge
- infra-prod-base: *infra-prod-base
- infra-prod-remote-puppet-else: *infra-prod-remote-puppet-else
- infra-prod-letsencrypt: *infra-prod-letsencrypt
- infra-prod-service-bridge: *infra-prod-service-bridge
- infra-prod-run-cloud-launcher: *infra-prod-run-cloud-launcher
- infra-prod-service-kerberos: *infra-prod-service-kerberos
- infra-prod-service-afs: *infra-prod-service-afs
- infra-prod-service-nameserver: *infra-prod-service-nameserver
- infra-prod-service-mirror-update: *infra-prod-service-mirror-update
- infra-prod-cloud-linaro: *infra-prod-cloud-linaro
- infra-prod-service-borg-backup: *infra-prod-service-borg-backup
- infra-prod-letsencrypt: *infra-prod-letsencrypt
- infra-prod-service-codesearch: *infra-prod-service-codesearch
- infra-prod-service-eavesdrop: *infra-prod-service-eavesdrop
- infra-prod-service-etherpad: *infra-prod-service-etherpad
- infra-prod-service-gitea: *infra-prod-service-gitea
- infra-prod-service-gitea-lb: *infra-prod-service-gitea-lb
- infra-prod-service-grafana: *infra-prod-service-grafana
- infra-prod-service-graphite: *infra-prod-service-graphite
- infra-prod-service-keycloak: *infra-prod-service-keycloak
- infra-prod-service-meetpad: *infra-prod-service-meetpad
- infra-prod-service-lists: *infra-prod-service-lists
- infra-prod-service-lists3: *infra-prod-service-lists3
- infra-prod-service-mirror: *infra-prod-service-mirror
- infra-prod-service-nodepool: *infra-prod-service-nodepool
- infra-prod-service-static: *infra-prod-service-static
- infra-prod-service-paste: *infra-prod-service-paste
- infra-prod-service-registry: *infra-prod-service-registry
- infra-prod-service-refstack: *infra-prod-service-refstack
- infra-prod-service-review: *infra-prod-service-review
- infra-prod-service-tracing: *infra-prod-service-tracing
- infra-prod-service-zookeeper: *infra-prod-service-zookeeper
- infra-prod-service-zuul: *infra-prod-service-zuul
- infra-prod-service-zuul-lb: *infra-prod-service-zuul-lb
- infra-prod-service-zuul-preview: *infra-prod-service-zuul-preview
- infra-prod-run-accessbot: *infra-prod-run-accessbot
- infra-prod-manage-projects: *infra-prod-manage-projects
opendev-prod-hourly:
jobs:
- infra-prod-bootstrap-bridge
- infra-prod-service-bridge: *infra-prod-service-bridge
- infra-prod-service-nodepool: *infra-prod-service-nodepool
- infra-prod-service-registry: *infra-prod-service-registry
- infra-prod-service-zuul: *infra-prod-service-zuul
- infra-prod-service-eavesdrop: *infra-prod-service-eavesdrop
View Git Blame Copy Permalink