8ad300927e
This is a first step toward making smaller playbooks which can be run by Zuul in CD. Zuul should be able to handle missing projects now, so remove it from the puppet_git playbook and into puppet. Make the base playbook be merely the base roles. Make service playbooks for each service. Remove the run-docker job because it's covered by service jobs. Stop testing that puppet is installed in testinfra. It's accidentally working due to the selection of non-puppeted hosts only being on bionic nodes and not installing puppet on bionic. Instead, we can now rely on actually *running* puppet when it's important, such as in the eavesdrop job. Also remove the installation of puppet on the nodes in the base job, since it's only useful to test that a synthetic test of installing puppet on nodes we don't use works. Don't run remote_puppet_git on gitea for now - it's too slow. A followup patch will rework gitea project creation to not take hours. Change-Id: Ibb78341c2c6be28005cea73542e829d8f7cfab08
25 lines
753 B
YAML
25 lines
753 B
YAML
- hosts: "!disabled"
|
|
name: "Base: set up users and base package repositories on all hosts"
|
|
roles:
|
|
- users
|
|
- base-repos
|
|
|
|
# Run base-server seperately so that the update apt cache handler in base-repos
|
|
# fires before we run base-server
|
|
- hosts: "!disabled"
|
|
name: "Base: set up common environment on all hosts"
|
|
roles:
|
|
- base-server
|
|
- timezone
|
|
- unbound
|
|
- exim
|
|
|
|
# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
|
|
# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
|
|
# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
|
|
- hosts: "!disabled:!kubernetes"
|
|
name: "Base: set up firewall rules"
|
|
roles:
|
|
- snmpd
|
|
- iptables
|