b85282c046
This move was prompted by wishing to expose the mirror update logs for the rsync updates so that debugging problems does not require a root user (note: not actually done in this change; will be a follow-on). Rather than start hacking at puppet, the rsync mirror scripts make a nice delination point for starting an Ansible-first/Bionic update. Most magic is included in the scripts, so there is not much more to do than copy them. The host uses the existing kerberos and openafs roles and copies the key material into place (to be added before merge). Note the scripts are removed from the extant puppet so we don't have two updates happening simultaneously. This will also require a manual clean to remove the cron jobs as a once-off when merging. The other part of mirror-update is the reprepro based scripts for the various debuntu repositories. They are left as future work for now. Testing is added to ensure dependencies and scripts are all in place. Change-Id: I525ac18b55f0e11b0a541b51fa97ee5d6512bf70
105 lines
4.2 KiB
YAML
105 lines
4.2 KiB
YAML
- import_playbook: ../bridge.yaml
|
|
vars:
|
|
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}"
|
|
ansible_cron_install_cron: false
|
|
|
|
- hosts: bridge.openstack.org
|
|
become: true
|
|
tasks:
|
|
- name: Write inventory on bridge
|
|
include_role:
|
|
name: write-inventory
|
|
vars:
|
|
write_inventory_dest: /etc/ansible/hosts/inventory.yaml
|
|
write_inventory_exclude_hostvars:
|
|
- ansible_user
|
|
- name: Set up /opt/system-config repo
|
|
git:
|
|
repo: /home/zuul/src/opendev.org/opendev/system-config
|
|
dest: /opt/system-config
|
|
force: yes
|
|
# TODO: the next two tasks are update-system-config.yaml and
|
|
# should be removed or refactored out of here to a shared
|
|
# location.
|
|
- name: Clone puppet modules to /etc/puppet/modules
|
|
command: ./install_modules.sh
|
|
args:
|
|
chdir: /opt/system-config
|
|
- name: Install ansible roles to /etc/ansible/roles
|
|
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
|
|
args:
|
|
chdir: /opt/system-config
|
|
- name: Add groups config for test nodes
|
|
template:
|
|
src: "templates/gate-groups.yaml.j2"
|
|
dest: "/etc/ansible/hosts/gate-groups.yaml"
|
|
- name: Update ansible.cfg to use job inventory
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory
|
|
value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
|
|
- name: Update ansible.cfg to use yamlgroup plugin
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory_plugins
|
|
value: /opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins
|
|
- name: Update ansible.cfg to configure inventory plugins
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: inventory
|
|
option: enable_plugins
|
|
value: yamlgroup,yaml,advanced_host_list,ini
|
|
- name: Make host_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/host_vars"
|
|
state: directory
|
|
- name: Make group_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/group_vars"
|
|
state: directory
|
|
- name: Write hostvars files
|
|
vars:
|
|
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
|
|
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
|
|
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
|
|
iptables_test_public_tcp_ports: [19885]
|
|
template:
|
|
src: "templates/{{ item }}.j2"
|
|
dest: "/etc/ansible/hosts/{{ item }}"
|
|
loop:
|
|
- group_vars/all.yaml
|
|
- group_vars/adns.yaml
|
|
- group_vars/nodepool.yaml
|
|
- group_vars/ns.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/gitea.yaml
|
|
- group_vars/gitea-lb.yaml
|
|
- group_vars/letsencrypt.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/control-plane-clouds.yaml
|
|
- host_vars/bridge.openstack.org.yaml
|
|
- host_vars/letsencrypt01.opendev.org.yaml
|
|
- host_vars/letsencrypt02.opendev.org.yaml
|
|
- host_vars/mirror01.openafs.provider.opendev.org.yaml
|
|
- host_vars/mirror-update01.opendev.org.yaml
|
|
- name: Display group membership
|
|
command: ansible localhost -m debug -a 'var=groups'
|
|
- name: Run base.yaml
|
|
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
|
|
- name: Run bridge service playbook
|
|
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml
|
|
- name: Run playbook
|
|
when: run_playbooks is defined
|
|
loop: "{{ run_playbooks }}"
|
|
command: "ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }}"
|
|
- name: Run test playbook
|
|
when: run_test_playbook is defined
|
|
shell: "ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }}"
|
|
- name: Run testinfra to validate configuration
|
|
include_role:
|
|
name: tox
|
|
vars:
|
|
tox_envlist: testinfra
|