a88adc4101
We previously auto updated nodepool builders but not launchers when new container images were present. This created confusion over what versions of nodepool opendev is running. Use the same behavior for both services now and auto restart them both. There is a small chance that we can pull in an update that breaks things so we run serially to avoid the most egregious instances of this scenario. Change-Id: Ifc3ca375553527f9a72e4bb1bdb617523a3f269e
181 lines
7.1 KiB
YAML
181 lines
7.1 KiB
YAML
- import_playbook: ../bootstrap-bridge.yaml
|
|
vars:
|
|
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa', rstrip=False) }}"
|
|
ansible_cron_disable_job: true
|
|
cloud_launcher_disable_job: true
|
|
|
|
- hosts: bridge.openstack.org
|
|
become: true
|
|
tasks:
|
|
- name: Write inventory on bridge
|
|
include_role:
|
|
name: write-inventory
|
|
vars:
|
|
write_inventory_dest: /home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml
|
|
write_inventory_exclude_hostvars:
|
|
- ansible_user
|
|
- ansible_python_interpreter
|
|
write_inventory_additional_hostvars:
|
|
public_v4: nodepool.private_ipv4
|
|
public_v6: nodepool.public_ipv6
|
|
- name: Add groups config for test nodes
|
|
template:
|
|
src: "templates/gate-groups.yaml.j2"
|
|
dest: "/etc/ansible/hosts/gate-groups.yaml"
|
|
- name: Update ansible.cfg to use job inventory
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory
|
|
value: /home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml,/home/zuul/src/opendev.org/opendev/system-config/inventory/service/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
|
|
- name: Make host_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/host_vars"
|
|
state: directory
|
|
- name: Make group_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/group_vars"
|
|
state: directory
|
|
- name: Write hostvars files
|
|
vars:
|
|
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
|
|
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
|
|
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
|
|
iptables_test_public_tcp_ports:
|
|
# Zuul web console
|
|
- 19885
|
|
# selenium
|
|
- 4444
|
|
template:
|
|
src: "templates/{{ item }}.j2"
|
|
dest: "/etc/ansible/hosts/{{ item }}"
|
|
loop:
|
|
- group_vars/all.yaml
|
|
- group_vars/adns.yaml
|
|
- group_vars/eavesdrop.yaml
|
|
- group_vars/nodepool.yaml
|
|
- group_vars/ns.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/gitea.yaml
|
|
- group_vars/gitea-lb.yaml
|
|
- group_vars/kerberos-kdc.yaml
|
|
- group_vars/keycloak.yaml
|
|
- group_vars/letsencrypt.yaml
|
|
- group_vars/meetpad.yaml
|
|
- group_vars/jvb.yaml
|
|
- group_vars/refstack.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/control-plane-clouds.yaml
|
|
- group_vars/afs-client.yaml
|
|
- group_vars/zuul-lb.yaml
|
|
- group_vars/zuul.yaml
|
|
- group_vars/zuul-executor.yaml
|
|
- group_vars/zuul-merger.yaml
|
|
- group_vars/zuul-scheduler.yaml
|
|
- group_vars/zuul-web.yaml
|
|
- host_vars/bridge.openstack.org.yaml
|
|
- host_vars/codesearch01.opendev.org.yaml
|
|
- host_vars/etherpad01.opendev.org.yaml
|
|
- host_vars/letsencrypt01.opendev.org.yaml
|
|
- host_vars/letsencrypt02.opendev.org.yaml
|
|
- host_vars/lists.openstack.org.yaml
|
|
- host_vars/lists.katacontainers.io.yaml
|
|
- host_vars/gitea99.opendev.org.yaml
|
|
- host_vars/grafana01.opendev.org.yaml
|
|
- host_vars/mirror01.openafs.provider.opendev.org.yaml
|
|
- host_vars/mirror02.openafs.provider.opendev.org.yaml
|
|
- host_vars/mirror-update01.opendev.org.yaml
|
|
- host_vars/paste01.opendev.org.yaml
|
|
- host_vars/refstack01.openstack.org.yaml
|
|
- host_vars/review99.opendev.org.yaml
|
|
- name: Display group membership
|
|
command: ansible localhost -m debug -a 'var=groups'
|
|
- name: Run base.yaml
|
|
shell: 'set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml 2>&1 | tee /var/log/ansible/base.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
- name: Run bridge service playbook
|
|
shell: 'set -o pipefail && ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml 2>&1 | tee /var/log/ansible/service-bridge.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
- name: Run dstat logger playbook
|
|
shell: 'set -o pipefail && ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-dstatlogger.yaml 2>&1 | tee /var/log/ansible/service-dstatlogger.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Run playbook
|
|
when: run_playbooks is defined
|
|
loop: "{{ run_playbooks }}"
|
|
shell: "set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }} 2>&1 | tee /var/log/ansible/{{ item | basename }}.log"
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Build list of playbook logs
|
|
find:
|
|
paths: '/var/log/ansible'
|
|
patterns: '*.yaml.log'
|
|
register: _run_playbooks_logs
|
|
|
|
- name: Encrypt playbook logs
|
|
when: run_playbooks is defined
|
|
include_role:
|
|
name: encrypt-logs
|
|
vars:
|
|
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
|
|
encrypt_logs_artifact_path: 'bridge.openstack.org/ansible'
|
|
encrypt_logs_download_script_path: '/var/log/ansible'
|
|
|
|
- name: Run test playbook
|
|
when: run_test_playbook is defined
|
|
shell: "set -o pipefail && ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }} 2>&1 | tee /var/log/ansible/{{ run_test_playbook | basename }}.log"
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Generate testinfra extra data fixture
|
|
set_fact:
|
|
testinfra_extra_data:
|
|
zuul_job: '{{ zuul.job }}'
|
|
zuul: '{{ zuul }}'
|
|
|
|
- name: Write out testinfra extra data fixture
|
|
copy:
|
|
content: '{{ testinfra_extra_data | to_nice_yaml(indent=2) }}'
|
|
dest: '/home/zuul/testinfra_extra_data_fixture.yaml'
|
|
|
|
- name: Make screenshots directory
|
|
file:
|
|
path: '/var/log/screenshots'
|
|
state: directory
|
|
|
|
- name: Return screenshots artifact
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
artifacts:
|
|
- name: Screenshots
|
|
url: "bridge.openstack.org/screenshots"
|
|
|
|
- name: Allow PBR's git calls to operate in system-config, despite not owning it
|
|
command: git config --global safe.directory /home/zuul/src/opendev.org/opendev/system-config
|
|
|
|
- name: Run and collect testinfra
|
|
block:
|
|
- name: Run testinfra to validate configuration
|
|
include_role:
|
|
name: tox
|
|
vars:
|
|
tox_envlist: testinfra
|
|
# This allows us to run from external projects (like testinfra
|
|
# itself)
|
|
tox_environment:
|
|
TESTINFRA_EXTRA_DATA: '/home/zuul/testinfra_extra_data_fixture.yaml'
|
|
zuul_work_dir: src/opendev.org/opendev/system-config
|
|
always:
|
|
- name: Return testinfra report artifact
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
artifacts:
|
|
- name: testinfra results
|
|
url: "bridge.openstack.org/test-results.html"
|