8ad300927e
This is a first step toward making smaller playbooks which can be run by Zuul in CD. Zuul should be able to handle missing projects now, so remove it from the puppet_git playbook and into puppet. Make the base playbook be merely the base roles. Make service playbooks for each service. Remove the run-docker job because it's covered by service jobs. Stop testing that puppet is installed in testinfra. It's accidentally working due to the selection of non-puppeted hosts only being on bionic nodes and not installing puppet on bionic. Instead, we can now rely on actually *running* puppet when it's important, such as in the eavesdrop job. Also remove the installation of puppet on the nodes in the base job, since it's only useful to test that a synthetic test of installing puppet on nodes we don't use works. Don't run remote_puppet_git on gitea for now - it's too slow. A followup patch will rework gitea project creation to not take hours. Change-Id: Ibb78341c2c6be28005cea73542e829d8f7cfab08
17 lines
525 B
YAML
17 lines
525 B
YAML
# This needs to happen in order. letsencrypt hosts export their TXT
|
|
# authentication records which is installed onto adns1, and then the
|
|
# hosts verify to issue/renew keys
|
|
- hosts: "letsencrypt:!disabled"
|
|
name: "Base: deploy and renew certificates"
|
|
roles:
|
|
- letsencrypt-acme-sh-install
|
|
- letsencrypt-request-certs
|
|
- hosts: "adns:!disabled"
|
|
name: "Install txt records"
|
|
roles:
|
|
- letsencrypt-install-txt-record
|
|
- hosts: "letsencrypt:!disabled"
|
|
name: "Create certs"
|
|
roles:
|
|
- letsencrypt-create-certs
|