Verify that wheels are built while running against multiple hosts

Infra team has reported that OSA deployments use to DDoS gitea.
During some investigation we discovered that the potential workflow that
lead to DDoS was incorrect order during upgrade, when
compute nodes were upgraded before controllers and thus
each compute node was independently pulling same repos as no repo
server was available to this specific OS version.

Based on that we're implementing check that allows such behaviour only
if it's performed in a serial manner.
Undocumented variable `venv_wheel_build_skip_check` is added for cases
when local repos are used for service deployment and limitation should
not be applicable.

Change-Id: I54b2d4bdf6d101cc72c92be196962902a6138757

tasks/main.yml

@@ -22,6 +22,26 @@
   tags:
     - always
 
+# NOTE(noonedeadpunk): If you are deploying services from local forks high load on which is not
+#                      an issue for you, you can disable this with `venv_wheel_build_skip_check: true`
+- name: Fail if wheels are not built for multiple hosts
+  fail:
+    msg: >-
+      You are not building wheels while running role against multiple hosts.
+      This might result in DOS-ing OpenDev infrustructure servers.
+      In order to proceed, please ensure that you have repo servers
+      for selected OS version and architecture.
+      If you want to avoid building wheel on purpose, ensure that you run
+      playbook in serial manner.
+      In case of causing unreasonable load on the opendev.org git servers,
+      your access may be blocked to protect other users and the OpenDev CI
+      infrastructure which are reliant on this service.
+      Found venv_build_targets: {{ venv_build_targets }}
+  when:
+    - venv_wheel_build_enable | bool
+    - ansible_play_batch | length > 2
+    - not (venv_wheel_build_skip_check | default(False))
+
 - include_tasks: "python_venv_wheel_build.yml"
   args:
     apply: