93e2b84df0
Change I5b9f9dd53eb896bb542652e8175c570877842584 introduced this tee to capture and encrypt the logs. However, we should make sure to fail if the ansible runs fail. Switch on pipefail, which will exit with an error if the earlier parts of the pipeline fail. Also make sure we run under bash. Change-Id: I2c4cb9aec3d4f8bb5bb93e2d2c20168dc64e78cb
179 lines
7.0 KiB
YAML
179 lines
7.0 KiB
YAML
- import_playbook: ../bootstrap-bridge.yaml
|
|
vars:
|
|
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa', rstrip=False) }}"
|
|
ansible_cron_disable_job: true
|
|
cloud_launcher_disable_job: true
|
|
|
|
- hosts: bridge.openstack.org
|
|
become: true
|
|
tasks:
|
|
- name: Write inventory on bridge
|
|
include_role:
|
|
name: write-inventory
|
|
vars:
|
|
write_inventory_dest: /home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml
|
|
write_inventory_exclude_hostvars:
|
|
- ansible_user
|
|
- ansible_python_interpreter
|
|
write_inventory_additional_hostvars:
|
|
public_v4: nodepool.private_ipv4
|
|
public_v6: nodepool.public_ipv6
|
|
- name: Add groups config for test nodes
|
|
template:
|
|
src: "templates/gate-groups.yaml.j2"
|
|
dest: "/etc/ansible/hosts/gate-groups.yaml"
|
|
- name: Update ansible.cfg to use job inventory
|
|
ini_file:
|
|
path: /etc/ansible/ansible.cfg
|
|
section: defaults
|
|
option: inventory
|
|
value: /home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml,/home/zuul/src/opendev.org/opendev/system-config/inventory/service/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
|
|
- name: Make host_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/host_vars"
|
|
state: directory
|
|
- name: Make group_vars directory
|
|
file:
|
|
path: "/etc/ansible/hosts/group_vars"
|
|
state: directory
|
|
- name: Write hostvars files
|
|
vars:
|
|
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
|
|
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
|
|
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
|
|
iptables_test_public_tcp_ports:
|
|
# Zuul web console
|
|
- 19885
|
|
# selenium
|
|
- 4444
|
|
template:
|
|
src: "templates/{{ item }}.j2"
|
|
dest: "/etc/ansible/hosts/{{ item }}"
|
|
loop:
|
|
- group_vars/all.yaml
|
|
- group_vars/adns.yaml
|
|
- group_vars/eavesdrop.yaml
|
|
- group_vars/nodepool.yaml
|
|
- group_vars/ns.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/gitea.yaml
|
|
- group_vars/gitea-lb.yaml
|
|
- group_vars/kerberos-kdc.yaml
|
|
- group_vars/keycloak.yaml
|
|
- group_vars/letsencrypt.yaml
|
|
- group_vars/meetpad.yaml
|
|
- group_vars/jvb.yaml
|
|
- group_vars/nodepool-launcher.yaml
|
|
- group_vars/refstack.yaml
|
|
- group_vars/registry.yaml
|
|
- group_vars/control-plane-clouds.yaml
|
|
- group_vars/afs-client.yaml
|
|
- group_vars/zuul-lb.yaml
|
|
- group_vars/zuul.yaml
|
|
- group_vars/zuul-executor.yaml
|
|
- group_vars/zuul-merger.yaml
|
|
- group_vars/zuul-scheduler.yaml
|
|
- group_vars/zuul-web.yaml
|
|
- host_vars/bridge.openstack.org.yaml
|
|
- host_vars/codesearch01.opendev.org.yaml
|
|
- host_vars/etherpad01.opendev.org.yaml
|
|
- host_vars/letsencrypt01.opendev.org.yaml
|
|
- host_vars/letsencrypt02.opendev.org.yaml
|
|
- host_vars/lists.openstack.org.yaml
|
|
- host_vars/lists.katacontainers.io.yaml
|
|
- host_vars/gitea99.opendev.org.yaml
|
|
- host_vars/grafana01.opendev.org.yaml
|
|
- host_vars/mirror01.openafs.provider.opendev.org.yaml
|
|
- host_vars/mirror02.openafs.provider.opendev.org.yaml
|
|
- host_vars/mirror-update01.opendev.org.yaml
|
|
- host_vars/paste01.opendev.org.yaml
|
|
- host_vars/refstack01.openstack.org.yaml
|
|
- host_vars/review99.opendev.org.yaml
|
|
- name: Display group membership
|
|
command: ansible localhost -m debug -a 'var=groups'
|
|
- name: Run base.yaml
|
|
shell: 'set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml 2>&1 | tee /var/log/ansible/base.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
- name: Run bridge service playbook
|
|
shell: 'set -o pipefail && ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml 2>&1 | tee /var/log/ansible/service-bridge.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
- name: Run dstat logger playbook
|
|
shell: 'set -o pipefail && ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-dstatlogger.yaml 2>&1 | tee /var/log/ansible/service-dstatlogger.yaml.log'
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Run playbook
|
|
when: run_playbooks is defined
|
|
loop: "{{ run_playbooks }}"
|
|
shell: "set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }} 2>&1 | tee /var/log/ansible/{{ item | basename }}.log"
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Build list of playbook logs
|
|
find:
|
|
paths: '/var/log/ansible'
|
|
patterns: '*.yaml.log'
|
|
register: _run_playbooks_logs
|
|
|
|
- name: Encrypt playbook logs
|
|
when: run_playbooks is defined
|
|
include_role:
|
|
name: encrypt-logs
|
|
vars:
|
|
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
|
|
encrypt_logs_artifact_path: 'bridge.openstack.org/ansible'
|
|
encrypt_logs_download_script_path: '/var/log/ansible'
|
|
|
|
- name: Run test playbook
|
|
when: run_test_playbook is defined
|
|
shell: "set -o pipefail && ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }} 2>&1 | tee /var/log/ansible/{{ run_test_playbook | basename }}.log"
|
|
args:
|
|
executable: /bin/bash
|
|
|
|
- name: Generate testinfra extra data fixture
|
|
set_fact:
|
|
testinfra_extra_data:
|
|
zuul_job: '{{ zuul.job }}'
|
|
zuul: '{{ zuul }}'
|
|
|
|
- name: Write out testinfra extra data fixture
|
|
copy:
|
|
content: '{{ testinfra_extra_data | to_nice_yaml(indent=2) }}'
|
|
dest: '/home/zuul/testinfra_extra_data_fixture.yaml'
|
|
|
|
- name: Make screenshots directory
|
|
file:
|
|
path: '/var/log/screenshots'
|
|
state: directory
|
|
|
|
- name: Return screenshots artifact
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
artifacts:
|
|
- name: Screenshots
|
|
url: "bridge.openstack.org/screenshots"
|
|
|
|
- name: Run and collect testinfra
|
|
block:
|
|
- name: Run testinfra to validate configuration
|
|
include_role:
|
|
name: tox
|
|
vars:
|
|
tox_envlist: testinfra
|
|
# This allows us to run from external projects (like testinfra
|
|
# itself)
|
|
tox_environment:
|
|
TESTINFRA_EXTRA_DATA: '/home/zuul/testinfra_extra_data_fixture.yaml'
|
|
zuul_work_dir: src/opendev.org/opendev/system-config
|
|
always:
|
|
- name: Return testinfra report artifact
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
artifacts:
|
|
- name: testinfra results
|
|
url: "bridge.openstack.org/test-results.html"
|