opendev/system-config
Code Issues Proposed changes
Files
7cd0c0425e873ea9a4d78d7b139a8433e965274a
system-config/zuul.d/system-config-run.yaml
Clark Boylan 3f10b06710 Fix system-config-run for Ansible 9 vs 11 
Ansible 11 dropped support for the python version on Ubuntu bionic. Some
of our test jobs continue to test against bionic nodes to cover
functioanlity there. Pin these jobs back to Ansible 9 so that Ansible
can speak to these test nodes

We also drop the bionic and focal image types from the mirror job
entirely because we no longer have any bionic or focal image nodes
acting as mirrors.

Change-Id: I12718599f7e252f45a625e96a0dbbbce9768d008
2025-08-18 14:54:36 -07:00

1163 lines
37 KiB
YAML
Raw Blame History

- job:
name: system-config-run
timeout: 3600
description: |
Run the "base" playbook for system-config hosts.
This is a parent job designed to be inherited.
abstract: true
pre-run: playbooks/zuul/run-base-pre.yaml
run: playbooks/zuul/run-base.yaml
post-run: playbooks/zuul/run-base-post.yaml
vars:
zuul_copy_output: "{{ copy_output | combine(host_copy_output | default({})) }}"
stage_dir: "{{ ansible_user_dir }}/zuul-output"
copy_output:
'/var/log/apparmor_status': logs_txt
'/var/log/syslog': logs_txt
'/var/log/messages': logs_txt
'/var/log/exim4': logs
'/var/log/docker': logs
'/var/log/containers': logs
'/var/log/dstat-csv.log': logs
'/etc/iptables/rules.v4': logs_txt
'/etc/iptables/rules.v6': logs_txt
host-vars:
bridge99.opendev.org:
install_ansible_ara_enable: true
host_copy_output:
'{{ zuul.project.src_dir }}/junit.xml': logs
'{{ zuul.project.src_dir }}/test-results.html': logs
'{{ zuul.project.src_dir }}/inventory/base/gate-hosts.yaml': logs
'/var/log/screenshots': logs
'/var/log/ansible': logs
# Note: the following two jobs implement the variant-based multiple
# inheritance trick. Both of these variants will always apply,
# therefore both parents will appear in the inheritance hierarchy).
- job:
name: system-config-run-containers
parent: system-config-run
# Note: see above re multiple-inheritance.
- job:
name: system-config-run-containers
parent: opendev-buildset-registry-consumer
description: |
Run the "base" playbook for system-config hosts which use
containers.
This is a parent job designed to be inherited. Use this job if
the service in question is container-based. It expects a
buildset registry and pulls images from the intermediate
registry.
- job:
name: system-config-run-base
parent: system-config-run
description: |
Run the "base" playbook on each of the node types
currently in use.
# Pinned for now due to Ansible 11 not supporting the Python on Bionic.
ansible-version: '9'
nodeset:
nodes:
- &bridge_node_x86 { name: bridge99.opendev.org, label: ubuntu-jammy }
- name: bionic
label: ubuntu-bionic
- name: focal
label: ubuntu-focal
- name: jammy
label: ubuntu-jammy
- name: noble
label: ubuntu-noble
groups:
# Each job should define this group -- to avoid hard-coding
# the bastion hostname in the job setup, playbooks/tasks refer
# to it only by this group. This should only have one entry
# -- in a couple of places the jobs use the actual hostname
# and assume element [0] here is that hostname.
#
# Note that this shouldn't be confused with the group in
# inventory/service/groups.yaml -- this group contains the
# host that Zuul, running on the executor, will setup as the
# bridge node. This node will then run a nested Ansible to
# test the production playbooks -- *that* Ansible has a
# "bastion" group too
- &bastion_group { name: prod_bastion, nodes: [ bridge99.opendev.org ] }
files:
- tox.ini
- launch/
- playbooks/
- roles/
- testinfra/
- inventory/
- job:
name: system-config-run-base-ansible-devel
parent: system-config-run-base
description: |
Run the base playbook with the latest ansible.
# Pinned for now due to Ansible 11 not supporting the Python on Bionic.
ansible-version: '9'
nodeset:
nodes:
- <<: *bridge_node_x86
- name: bionic
label: ubuntu-bionic
- name: focal
label: ubuntu-focal
- name: jammy
label: ubuntu-jammy
groups:
- <<: *bastion_group
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
- name: github.com/pytest-dev/pytest-testinfra
override-checkout: main
- name: openstack/openstacksdk
- name: github.com/ansible-collections/ansible.posix
override-checkout: main
- name: github.com/ansible-collections/ansible.netcommon
override-checkout: main
- name: github.com/ansible-collections/community.crypto
override-checkout: main
- name: github.com/ansible-collections/community.general
override-checkout: main
vars:
install_ansible_requirements:
# Zuul checkout of Ansible devel
- '{{ ansible_user_dir}}/src/github.com/ansible/ansible'
- '{{ ansible_user_dir }}/src/opendev.org/openstack/openstacksdk'
# These are required because we are not install the pypi
# "ansible" bundle here, but the upstream devel branch
install_ansible_collections:
- namespace: ansible
name: netcommon
repo: ansible-collections/ansible.netcommon
- namespace: ansible
name: posix
repo: ansible-collections/ansible.posix
- namespace: community
name: general
repo: ansible-collections/community.general
- namespace: community
name: crypto
repo: ansible-collections/community.crypto
# Although we don't have an arm64 based bridge; Zuul can't currently
# allocate a mixed x86/arm64 situation across clouds. Thus it helps
# to keep this clean so we can run the other tests.
- job:
name: system-config-run-base-arm64
parent: system-config-run
description: |
Run the "base" playbook on ARM64.
nodeset:
nodes:
- &bridge_node_arm64 { name: bridge99.opendev.org, label: ubuntu-jammy-arm64 }
- name: jammy
label: ubuntu-jammy-arm64
- name: noble
label: ubuntu-noble-arm64
groups:
- <<: *bastion_group
files:
- playbooks/
- roles/
- testinfra/
- inventory/
- job:
name: system-config-run-eavesdrop
parent: system-config-run-containers
description: |
Run the playbook for an eavesdrop server.
required-projects:
- opendev/system-config
- openstack/project-config
requires:
- accessbot-container-image
- gerritbot-container-image
- statusbot-container-image
- ircbot-container-image
- matrix-eavesdrop-container-image
- ptgbot-container-image
nodeset:
nodes:
- <<: *bridge_node_x86
- name: eavesdrop99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-eavesdrop.yaml
host-vars:
eavesdrop99.opendev.org:
host_copy_output:
'/var/lib/limnoria': logs
'/var/log/apache2': logs
'/var/log/acme.sh': logs
'/etc/apache2': logs
'/var/log/statusbot': logs
'/etc/statusbot': logs
files:
- playbooks/service-eavesdrop.yaml
- playbooks/run-accessbot.yaml
- inventory/service/group_vars/eavesdrop.yaml
- playbooks/roles/install-docker
- playbooks/roles/accessbot
- playbooks/roles/gerritbot
- playbooks/roles/limnoria
- playbooks/roles/logrotate
- playbooks/roles/matrix-eavesdrop
- playbooks/roles/matrix-gerritbot
- playbooks/roles/statusbot
- playbooks/roles/ptgbot
- playbooks/roles/sync-project-config
- playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
- docker/accessbot/
- docker/ircbot
- docker/matrix-eavesdrop
- testinfra/test_eavesdrop.py
- job:
name: system-config-run-letsencrypt
parent: system-config-run
description: |
Run the playbook for letsencrypt key acquisition
nodeset:
nodes:
- <<: *bridge_node_x86
# The other tests run the letsencrypt.yaml playbook to create
# self-signed certificates but do not exercise any of the DNS
# path because they don't have DNS servers in the inventory.
# By adding them for this test, the letsencrypt.yaml playbook
# will make a request to LE staging and get TXT records, which
# it will populate to the test DNS servers. LE won't actually
# authenticate those records, but we are validating the path
# of at least creating and collecting them here.
- name: adns99.opendev.org
label: ubuntu-jammy
- name: ns99.opendev.org
label: ubuntu-jammy
- name: letsencrypt01.opendev.org
label: ubuntu-jammy
- name: letsencrypt02.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
- playbooks/letsencrypt.yaml
# Run twice to ensure correct behavior on a second pass
- playbooks/letsencrypt.yaml
# Make sure this test runs acme.sh
letsencrypt_self_generate_tokens: False
host-vars:
bridge99.opendev.org:
host_copy_output:
'/var/lib/certcheck': logs
letsencrypt01.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
letsencrypt02.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
files:
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/letsencrypt.yaml
# This is split because we ant to avoid
# ...create-certs/handlers/main.yaml matching since every
# letsencrypt user has its handler in there. re2 matching
# doesn't provide us a way to say "everything but this file"
- playbooks/roles/letsencrypt-acme-sh-install
- playbooks/roles/letsencrypt-config-certcheck
- playbooks/roles/letsencrypt-create-certs/defaults
- playbooks/roles/letsencrypt-create-certs/handlers/restart_apache.yaml
- playbooks/roles/letsencrypt-create-certs/handlers/touch_file.yaml
- playbooks/roles/letsencrypt-create-certs/tasks
- playbooks/roles/letsencrypt-install-txt-record
- playbooks/roles/letsencrypt-request-certs
- job:
name: system-config-run-lists3
# We don't use the system-config-run-containers base job because we
# are consuming upstream containers only.
parent: system-config-run-containers
requires: mailman-container-images
description: |
Run the playbook for a mailman3 list server.
timeout: 3600
nodeset:
nodes:
- <<: *bridge_node_x86
- name: lists99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
required-projects:
- opendev/system-config
files:
- docker/mailman
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/mailman3.yaml
- playbooks/roles/apache-ua-filter/
- playbooks/roles/base/exim
- playbooks/roles/mailman3
- playbooks/service-lists3.yaml
- playbooks/test-lists3.yaml
- playbooks/zuul/templates/group_vars/mailman3.yaml.j2
- testinfra/test_lists_opendev_org.py
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-lists3.yaml
# Run this twice to check idempotency
- playbooks/service-lists3.yaml
- playbooks/zuul/lists3-alias-logs.yaml
run_test_playbook: playbooks/zuul/test-lists3.yaml
host-vars:
lists99.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
'/var/log/apache2': logs
'/var/lib/mailman/mailman-web-logs': logs
'/var/lib/mailman/mailman-core-logs': logs
- job:
name: system-config-run-dns
parent: system-config-run
description: |
Run the playbook for dns.
required-projects:
- opendev/zone-opendev.org
- opendev/zone-zuul-ci.org
nodeset:
nodes:
- <<: *bridge_node_x86
- name: adns99.opendev.org
label: ubuntu-jammy
- name: ns99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
host-vars:
adns99.opendev.org:
host_copy_output:
'/etc/bind/named.conf': logs
'/var/lib/bind/zones': logs
files:
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/adns-primary.yaml
- inventory/service/group_vars/adns-secondary.yaml
- inventory/service/group_vars/adns.yaml
- playbooks/zuul/templates/group_vars/adns-primary.yaml.j2
- playbooks/zuul/templates/group_vars/adns-secondary.yaml.j2
- playbooks/roles/master-nameserver/
- playbooks/roles/nameserver/
- testinfra/test_adns.py
- testinfra/test_ns.py
- job:
name: system-config-run-borg-backup
parent: system-config-run
description: |
Run the playbook for borg backup configuration
# Pinned for now due to Ansible 11 not supporting the Python on Bionic.
ansible-version: '9'
nodeset:
nodes:
- <<: *bridge_node_x86
- name: borg-backup01.region.provider.opendev.org
label: ubuntu-focal
- name: borg-backup-focal.opendev.org
label: ubuntu-focal
- name: borg-backup-bionic.opendev.org
label: ubuntu-bionic
- name: borg-backup-jammy.opendev.org
label: ubuntu-jammy
- name: borg-backup-noble.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/test-borg-backup-pre.yaml
- playbooks/service-borg-backup.yaml
run_test_playbook: playbooks/test-borg-backup.yaml
files:
- playbooks/service-borg-backup.yaml
- playbooks/test-borg-backup.yaml
- playbooks/bootstrap-bridge.yaml
- playbooks/roles/install-borg
- playbooks/roles/borg-backup
- playbooks/roles/create-venv
- playbooks/zuul/templates/host_vars/borg-backup
- testinfra/test_borg_backups.py
host-vars:
borg-backup01.region.provider.opendev.org:
host_copy_output:
'/var/log/prune-borg-backups.log': logs
'/var/log/verify-borg-backups.log': logs
borg-backup-bionic.opendev.org:
host_copy_output:
'/var/log/borg-backup-borg-backup01.region.provider.opendev.org.log': logs
borg-backup-focal.opendev.org:
host_copy_output:
'/var/log/borg-backup-borg-backup01.region.provider.opendev.org.log': logs
borg-backup-jammy.opendev.org:
host_copy_output:
'/var/log/borg-backup-borg-backup01.region.provider.opendev.org.log': logs
borg-backup-noble.opendev.org:
host_copy_output:
'/var/log/borg-backup-borg-backup01.region.provider.opendev.org.log': logs
- job:
name: system-config-run-mirror-base
parent: system-config-run
abstract: true
description: |
Run the playbook for a mirror node
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-mirror.yaml
host-vars:
mirror01.openafs.provider.opendev.org:
host_copy_output:
'/var/log/apache2/': logs
'/var/log/acme.sh': logs
'/etc/apache2/sites-available/mirror.conf': logs
mirror02.openafs.provider.opendev.org:
host_copy_output:
'/var/log/apache2/': logs
'/var/log/acme.sh': logs
'/etc/apache2/sites-available/mirror.conf': logs
files:
- playbooks/bootstrap-bridge.yaml
- roles/
- playbooks/roles/base/
- inventory/service/group_vars/mirror.yaml
- playbooks/roles/mirror/
- playbooks/roles/letsencrypt
- playbooks/letsencrypt.yaml
- playbooks/service-mirror.yaml
- playbooks/zuul/templates/group_vars/mirror.yaml.j2
- testinfra/test_mirror.py
- job:
name: system-config-run-mirror-x86
parent: system-config-run-mirror-base
nodeset:
nodes:
- <<: *bridge_node_x86
- name: mirror01.openafs.provider.opendev.org
label: ubuntu-jammy
- name: mirror02.openafs.provider.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
- job:
name: system-config-run-mirror-arm64
parent: system-config-run-mirror-base
nodeset:
nodes:
- <<: *bridge_node_arm64
- name: mirror01.openafs.provider.opendev.org
label: ubuntu-noble-arm64
groups:
- <<: *bastion_group
- job:
name: system-config-run-mirror-update
parent: system-config-run
description: |
Run the playbook for a mirror update node
nodeset:
nodes:
- <<: *bridge_node_x86
- name: mirror-update99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-mirror-update.yaml
files:
- playbooks/bootstrap-bridge.yaml
- roles/
- playbooks/roles/mirror-update/
- playbooks/roles/reprepro/
- playbooks/roles/afs-release/
- playbooks/roles/afsmon/
- playbooks/service-mirror-update.yaml
- playbooks/zuul/templates/host_vars/mirror-update99.opendev.org.yaml.j2
- testinfra/test_mirror-update.py
- job:
name: system-config-run-docker-registry
parent: system-config-run
description: |
Run the playbook for the docker registry.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: insecure-ci-registry99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-registry.yaml
host-vars:
insecure-ci-registry99.opendev.org:
host_copy_output:
'/var/registry/auth': logs
'/var/registry/conf': logs
'/var/registry/certs': logs
files:
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/registry.yaml
- inventory/service/host_vars/insecure-ci-registry\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/registry.yaml.j2
- playbooks/roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
- playbooks/roles/registry/
- playbooks/roles/pip3/
- playbooks/roles/install-docker/
- testinfra/test_registry.py
- job:
name: system-config-run-codesearch
parent: system-config-run-containers
description: |
Run the playbook for the codesearch server.
requires: codesearch-container-image
required-projects:
- opendev/system-config
nodeset:
nodes:
- <<: *bridge_node_x86
- name: codesearch02.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-codesearch.yaml
run_test_playbook: playbooks/test-codesearch.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-codesearch.yaml
- playbooks/roles/codesearch/
- playbooks/roles/install-docker/
- playbooks/roles/pip3/
- playbooks/roles/run-selenium/
- playbooks/zuul/templates/group_vars/codesearch.yaml.j2
- testinfra/util.py
- docker/hound/
- testinfra/test_codesearch.py
- job:
name: system-config-run-etherpad
parent: system-config-run-containers
description: |
Run the playbook for the etherpad servers.
requires: etherpad-container-image
nodeset:
nodes:
- <<: *bridge_node_x86
- name: etherpad99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-etherpad.yaml
run_test_playbook: playbooks/test-etherpad.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-etherpad.yaml
- playbooks/roles/etherpad/
- playbooks/roles/install-docker/
- playbooks/roles/pip3/
- docker/etherpad/
- testinfra/test_etherpad.py
- job:
name: system-config-run-gitea
parent: system-config-run-containers
description: |
Run the playbook for the gitea servers.
timeout: 5400
nodeset:
nodes:
- <<: *bridge_node_x86
- name: gitea-lb03.opendev.org
label: ubuntu-noble
- name: gitea99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
requires:
- gitea-container-image
- haproxy-statsd-container-image
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-gitea-lb.yaml
- playbooks/service-gitea.yaml
- playbooks/manage-projects.yaml
- playbooks/test-update-zuul-description.yaml
# Run twice to ensure that we noop properly when
# all projects are created in gitea. We also update
# zuul's description to ensure that descriptions are
# updated. This uses a test specific playbook to set
# the always_update flag.
- playbooks/test-manage-projects.yaml
run_test_playbook: playbooks/test-gitea.yaml
host-vars:
gitea99.opendev.org:
host_copy_output:
'/var/gitea/conf': logs
'/var/gitea/certs': logs
'/var/gitea/logs': logs
'/var/log/apache2': logs
gitea-lb03.opendev.org:
host_copy_output:
'/var/lib/haproxy/etc': logs
'/var/log/haproxy.log': logs
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-gitea-lb.yaml
- playbooks/service-gitea.yaml
- playbooks/manage-projects.yaml
- playbooks/test-gitea.yaml
- playbooks/rename_repos.yaml
- inventory/service/group_vars/gitea.yaml
- inventory/service/group_vars/gitea-lb.yaml
- inventory/service/host_vars/gitea
- playbooks/zuul/templates/group_vars/gitea.yaml.j2
- playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2
- playbooks/roles/apache-ua-filter/
- playbooks/roles/pip3/
- playbooks/roles/install-docker/
- playbooks/roles/gerrit/
- playbooks/roles/gitea.*
- playbooks/roles/haproxy/
- playbooks/roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- testinfra/test_gitea.py
- testinfra/test_gitea_lb.py
# From gitea_files -- If we rebuild the image, we want to run
# this job as well.
- docker/gitea/
# From haproxy-statsd_files -- If we rebuild the image, we want
# to run this job as well.
- docker/haproxy-statsd/
- playbooks/roles/run-selenium/
- testinfra/util.py
- job:
name: system-config-run-grafana
parent: system-config-run-containers
description: |
Run the playbook for the etherpad servers.
requires: grafyaml-container-image
required-projects:
- opendev/system-config
- openstack/project-config
nodeset:
nodes:
- <<: *bridge_node_x86
- name: grafana02.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-grafana.yaml
run_test_playbook: playbooks/test-grafana.yaml
host-vars:
grafana02.opendev.org:
host_copy_output:
'/tmp/json_blobs': logs
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-grafana.yaml
- playbooks/roles/grafana/
- playbooks/roles/install-docker/
- playbooks/roles/pip3/
- playbooks/roles/run-selenium/
- playbooks/roles/sync-project-config
- playbooks/zuul/templates/group_vars/grafana
- tesinfra/util.py
- testinfra/test_grafana.py
- job:
name: system-config-run-graphite
parent: system-config-run
description: |
Run the playbook for the graphite servers.
required-projects:
- opendev/system-config
nodeset:
nodes:
- <<: *bridge_node_x86
- name: graphite02.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-graphite.yaml
host-vars:
graphite02.opendev.org:
host_copy_output:
'/var/log/graphite': logs
'/etc/graphite-docker': logs
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-graphite.yaml
- playbooks/roles/graphite
- playbooks/roles/install-docker/
- playbooks/roles/letsencrypt-create-certs/handlers/restart_graphite.yaml
- playbooks/roles/pip3/
- testinfra/test_graphite.py
- job:
name: system-config-run-keycloak
parent: system-config-run
description: |
Run the playbook for the keycloak servers.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: keycloak99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-keycloak.yaml
files:
- inventory/service/group_vars/keycloak.yaml
- playbooks/install-ansible.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-keycloak.yaml
- playbooks/roles/keycloak/
- playbooks/roles/install-docker/
- playbooks/roles/iptables/
- playbooks/zuul/templates/group_vars/keycloak.yaml.j2
- testinfra/test_keycloak.py
- job:
name: system-config-run-meetpad
parent: system-config-run
description: |
Run the playbook for jitsi-meet.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: meetpad99.opendev.org
label: ubuntu-jammy
- name: jvb99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-meetpad.yaml
host-vars:
meetpad99.opendev.org:
host_copy_output:
'/var/jitsi-meet': logs
jvb99.opendev.org:
host_copy_output:
'/var/jitsi-meet': logs
files:
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/meetpad.yaml
- inventory/service/host_vars/meetpad\d+.opendev.org.yaml
- playbooks/roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml
- playbooks/roles/jitsi-meet/
- playbooks/roles/pip3/
- playbooks/roles/install-docker/
- playbooks/zuul/templates/group_vars/meetpad.yaml.j2
- testinfra/test_meetpad.py
- job:
name: system-config-run-paste
parent: system-config-run-containers
description: |
Run the playbook for the paste server.
required-projects:
- opendev/system-config
requires:
- lodgeit-container-image
nodeset:
nodes:
- <<: *bridge_node_x86
- name: paste99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-paste.yaml
run_test_playbook: playbooks/test-paste.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-paste.yaml
- playbooks/roles/lodgeit
- playbooks/roles/install-docker/
- playbooks/roles/pip3/
- playbooks/roles/run-selenium/
- testinfra/util.py
- playbooks/test-paste.yaml
- testinfra/test_paste.py
- job:
name: system-config-run-tracing
parent: system-config-run
description: |
Run the playbook for the jaeger servers.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: tracing99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-tracing.yaml
files:
- inventory/service/group_vars/tracing.yaml
- playbooks/install-ansible.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-tracing.yaml
- playbooks/roles/jaeger/
- playbooks/roles/install-docker/
- playbooks/roles/iptables/
- testinfra/test_tracing.py
- job:
name: system-config-run-zookeeper
parent: system-config-run
description: |
Run the playbook for the zookeeper cluster.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: zk99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-zookeeper.yaml
files:
- playbooks/bootstrap-bridge.yaml
- inventory/service/group_vars/zookeeper.yaml
- ^inventory/service/host_vars/zk\d+\..*
- playbooks/roles/zookeeper/
- playbooks/roles/pip3/
- playbooks/roles/install-docker/
- testinfra/test_zookeeper.py
# From zookeeper-statsd_files -- If we rebuild the image, we want
# to run this job as well.
- docker/zookeeper-statsd/
- job:
name: system-config-run-zuul-preview
parent: system-config-run
description: |
Run the playbook for the zuul-preview service.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: zp99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-zuul-preview.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/roles/zuul-preview/
- playbooks/roles/pip3/
- playbooks/roles/install-docker/
- testinfra/test_zuul_preview.py
- job:
name: system-config-run-zuul
parent: system-config-run
description: |
Run the playbook for the main Zuul cluster.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: zk99.opendev.org
label: ubuntu-noble
- name: zm01.opendev.org
label: ubuntu-noble
- name: zl01.opendev.org
label: ubuntu-noble
- name: ze01.opendev.org
label: ubuntu-noble
- name: zuul02.opendev.org
label: ubuntu-noble
- name: zuul-lb02.opendev.org
label: ubuntu-noble
- name: zuul-db99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-zookeeper.yaml
- playbooks/service-zuul-db.yaml
- playbooks/service-zuul.yaml
- playbooks/service-zuul-lb.yaml
# Test our ad hoc restart playbook works
- playbooks/zuul_restart.yaml
host-vars:
zm01.opendev.org:
host_copy_output:
'/etc/hosts': logs
'/etc/zuul/zuul.conf': logs
'/var/log/zuul/merger-debug.log': logs
zl01.opendev.org:
host_copy_output:
'/etc/hosts': logs
'/etc/zuul/zuul.conf': logs
'/var/log/zuul/launcher-debug.log': logs
ze01.opendev.org:
host_copy_output:
'/etc/hosts': logs
'/etc/zuul/zuul.conf': logs
'/var/log/zuul/executor-debug.log': logs
zuul02.opendev.org:
host_copy_output:
'/etc/hosts': logs
'/etc/zuul/zuul.conf': logs
'/var/log/zuul/debug.log': logs
bridge99.opendev.org:
host_copy_output:
'/etc/hosts': logs
zuul-lb02.opendev.org:
host_copy_output:
'/var/lib/haproxy/etc': logs
'/var/log/haproxy.log': logs
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/service-zookeeper.yaml
- playbooks/service-zuul.yaml
- playbooks/service-zuul-db.yaml
- playbooks/service-zuul-lb.yaml
- inventory/service/group_vars/zuul
- inventory/service/group_vars/zuul-db.yaml
- inventory/service/group_vars/zuul-lb.yaml
- inventory/service/group_vars/zookeeper.yaml
- inventory/service/host_vars/zk\d+
- inventory/service/host_vars/zuul02.opendev.org
- playbooks/roles/apache-ua-filter/
- playbooks/roles/haproxy/
- playbooks/roles/mariadb/
- playbooks/roles/zookeeper/
- playbooks/roles/install-apt-repo/
- playbooks/roles/zuul.*
- playbooks/roles/sync-project-config
- playbooks/zuul/templates/group_vars/zuul.*
- playbooks/zuul/templates/group_vars/zookeeper.yaml
- playbooks/zuul/templates/group_vars/zuul-lb.yaml.j2
- playbooks/zuul/templates/host_vars/zk\d+
- playbooks/zuul/templates/host_vars/zuul02.opendev.org
- playbooks/zuul_restart.yaml
- testinfra/test_zuul_executor.py
- testinfra/test_zuul_scheduler.py
- testinfra/test_zuul_merger.py
- testinfra/test_zuul_launcher.py
- testinfra/test_zuul_db.py
- testinfra/util.py
- job:
name: system-config-run-review-base
parent: system-config-run-containers
description: |
Base job for testing gerrit
nodeset:
nodes:
- <<: *bridge_node_x86
- name: review99.opendev.org
label: ubuntu-noble
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-review.yaml
run_test_playbook: playbooks/zuul/bootstrap-and-test-review.yaml
host-vars:
review99.opendev.org:
host_copy_output:
'/home/gerrit2/review_site/etc': logs
'/home/gerrit2/review_site/logs': logs
'/var/log/apache2/': logs
'/var/log/acme.sh': logs
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/letsencrypt.yaml
- playbooks/service-review.*.yaml
- playbooks/rename_repos.yaml
- inventory/service/group_vars/review.yaml
- playbooks/roles/pip3/
- playbooks/roles/run-selenium/
- testinfra/util.py
- playbooks/roles/install-docker/
- playbooks/roles/gerrit/
- playbooks/roles/sync-project-config
- playbooks/zuul/gerrit/
- playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2
- roles/bazelisk-build/
- testinfra/test_gerrit.py
- docker/gerrit/
- playbooks/zuul/bootstrap-and-test-review.yaml
- playbooks/zuul/bootstrap-test-review.yaml
- playbooks/zuul/test-review.yaml
- playbooks/zuul/upgrade-review.yaml
- zuul.d/docker-images/gerrit.yaml
- job:
name: system-config-run-review-3.10
parent: system-config-run-review-base
description: |
Run the playbook for gerrit 3.10 (in a container).
requires: gerrit-3.10-container-image
vars:
zuul_test_gerrit_version: '3.10'
- job:
name: system-config-run-review-3.11
parent: system-config-run-review-base
description: |
Run the playbook for gerrit 3.11 (in a container).
requires: gerrit-3.11-container-image
vars:
zuul_test_gerrit_version: '3.11'
- job:
name: system-config-upgrade-review
parent: system-config-run-review-base
description: |
Test we can upgrade a gerrit 3.10 to 3.11
requires:
- gerrit-3.10-container-image
- gerrit-3.11-container-image
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/zuul/upgrade-review.yaml
run_test_playbook: playbooks/zuul/test-review.yaml
zuul_test_gerrit_version: '3.10'
- job:
name: system-config-run-static
parent: system-config-run
description: |
Run the playbook for a static node.
nodeset:
nodes:
- <<: *bridge_node_x86
- name: static99.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
- playbooks/service-static.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/roles/apache-ua-filter/
- playbooks/roles/static/
- playbooks/roles/letsencrypt
- playbooks/letsencrypt.yaml
- playbooks/service-static.yaml
- testinfra/test_static.py
host-vars:
static99.opendev.org:
host_copy_output:
'/var/log/acme.sh/': logs
'/etc/apache2/': logs
'/var/log/apache2/': logs
- job:
name: system-config-run-kerberos
parent: system-config-run
description: |
Run the playbook for kerberos servers
nodeset:
nodes:
- <<: *bridge_node_x86
- name: kdc-primary.opendev.org
label: ubuntu-focal
- name: kdc-replica.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
host-vars:
kdc-primary.opendev.org:
host_copy_output:
'/etc/krb5kdc/': logs
'/var/krb5kdc/': logs
kdc-replica.opendev.org:
host_copy_output:
'/etc/krb5kdc/': logs
'/var/krb5kdc/': logs
vars:
run_playbooks:
- playbooks/service-kerberos.yaml
# Run twice to double-check idempotence
- playbooks/service-kerberos.yaml
run_test_playbook: playbooks/test-kerberos.yaml
files:
- playbooks/bootstrap-bridge.yaml
- playbooks/roles/kerberos-kdc/
View Git Blame Copy Permalink