310bc5696c
Let's abandon the idea that we'll treat the backup server specially. As long as we allow *any* automated remote access via ansible, we have opened the door to potential compromise of the backup systems if bridge is compromised. Rather than pretending that this separation gives us any benefit, remove it. Change-Id: I751060dc05918c440374e80ffb483d948f048f36
44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
- hosts: "!disabled"
|
|
name: "Base: set up users and base package repositories on all hosts"
|
|
roles:
|
|
- users
|
|
- base-repos
|
|
|
|
# Run base-server seperately so that the update apt cache handler in base-repos
|
|
# fires before we run base-server
|
|
- hosts: "!disabled"
|
|
name: "Base: set up common environment on all hosts"
|
|
roles:
|
|
- base-server
|
|
- timezone
|
|
- unbound
|
|
- exim
|
|
- iptables
|
|
- snmpd
|
|
|
|
- hosts: bridge.openstack.org:!disabled
|
|
name: "Base: configure OpenStackSDK on bridge"
|
|
tasks:
|
|
- include_role:
|
|
name: configure-openstacksdk
|
|
vars:
|
|
openstacksdk_config_file: '{{ openstacksdk_config_dir }}/all-clouds.yaml'
|
|
openstacksdk_config_template: clouds/bridge_all_clouds.yaml.j2
|
|
- include_role:
|
|
name: configure-openstacksdk
|
|
vars:
|
|
openstacksdk_config_template: clouds/bridge_clouds.yaml.j2
|
|
|
|
- hosts: nodepool-launcher:nodepool-builder:!disabled
|
|
name: "Base: configure OpenStackSDK on nodepool"
|
|
strategy: free
|
|
roles:
|
|
- minimal-nodepool
|
|
- configure-openstacksdk
|
|
|
|
- hosts: "puppet:!disabled"
|
|
name: "Base: install and configure puppet on puppet hosts"
|
|
roles:
|
|
- puppet-install
|
|
- disable-puppet-agent
|