system-config/playbooks/service-bridge.yaml

- hosts: bridge.openstack.org:!disabled
  name: "Bridge: configure the bastion host"
  roles:
    - iptables
    - edit-secrets-script
    - install-docker
  tasks:
    # Skip as no arm64 support available; only used for gate testing,
    # where we can't mix arm64 and x86 nodes, so need a minimally
    # working bridge to drive the tests for mirrors/nodepool
    # etc. things.
    - name: Install openshift/kubectl
      when: ansible_architecture != 'aarch64'
      block:
        - include_role:
            name: install-osc-container
        - include_role:
            name: install-kubectl
        - include_role:
            name: configure-kubectl

    - include_role:
        name: configure-openstacksdk
      vars:
        openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2

    - name: Get rid of all-clouds.yaml
      file:
        state: absent
        path: '/etc/openstack/all-clouds.yaml'

    - name: Install rackspace DNS backup tool
      include_role:
        name: rax-dns-backup

    - name: Make ansible log directory
      file:
        path: '/var/log/ansible'
        state: directory
        owner: root
        mode: 0755

    - name: Automated Zuul cluster reboots and updates
      # Note this is run via cron because a zuul job can't run this playbook
      # as the playbook relies on all jobs ending for graceful stops on the
      # executors.
      cron:
        name: "Zuul cluster restart"
        # Start Sundays at 00:01 UTC.
        # Estimated completion time Sunday at 18:00 UTC.
        minute: 1
        hour: 0
        weekday: 6
        job: "flock -n /var/run/zuul_reboot.lock /usr/local/bin/ansible-playbook -f 20 /home/zuul/src/opendev.org/opendev/system-config/playbooks/zuul_reboot.yaml >> /var/log/ansible/zuul_reboot.log 2>&1"

    - name: Rotate Zuul restart logs
      include_role:
        name: logrotate
      vars:
        logrotate_file_name: /var/log/ansible/zuul_reboot.log
        logrotate_frequency: weekly