system-config/playbooks/base.yaml
James E. Blair 8ad300927e Split the base playbook into services
This is a first step toward making smaller playbooks which can be
run by Zuul in CD.

Zuul should be able to handle missing projects now, so remove it
from the puppet_git playbook and into puppet.

Make the base playbook be merely the base roles.

Make service playbooks for each service.

Remove the run-docker job because it's covered by service jobs.

Stop testing that puppet is installed in testinfra. It's accidentally
working due to the selection of non-puppeted hosts only being on
bionic nodes and not installing puppet on bionic. Instead, we can now
rely on actually *running* puppet when it's important, such as in the
eavesdrop job. Also remove the installation of puppet on the nodes in
the base job, since it's only useful to test that a synthetic test
of installing puppet on nodes we don't use works.

Don't run remote_puppet_git on gitea for now - it's too slow. A
followup patch will rework gitea project creation to not take hours.

Change-Id: Ibb78341c2c6be28005cea73542e829d8f7cfab08
2019-05-19 07:31:00 -05:00

25 lines
753 B
YAML

- hosts: "!disabled"
name: "Base: set up users and base package repositories on all hosts"
roles:
- users
- base-repos
# Run base-server seperately so that the update apt cache handler in base-repos
# fires before we run base-server
- hosts: "!disabled"
name: "Base: set up common environment on all hosts"
roles:
- base-server
- timezone
- unbound
- exim
# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
- hosts: "!disabled:!kubernetes"
name: "Base: set up firewall rules"
roles:
- snmpd
- iptables