Add opendev kubernetes nodes to ansible inventory

We want our base ansible roles to run on these nodes. However, k8s-on-openstack manages firewall rules via openstack security groups, so we don't want to run those there. There was a discussion about making a minimal set of roles that are run by default and then a group containing servers that got the full set ... but that would require a duplicate entry for 99% of our servers in the inventory, while the "only run a subset" is the exception case. Change-Id: I2cbf364305f758cecf11df41398d3d2c05222fda
2019-02-07 10:07:56 +00:00 · 2019-02-07 10:07:56 +00:00 · 07edd9d297
commit 07edd9d297
parent a252f99de9
3 changed files with 40 additions and 1 deletions
--- a/inventory/groups.yaml
+++ b/inventory/groups.yaml
@ -96,6 +96,8 @@ groups:
    - health*.open*.org
  kdc:
    - kdc[0-9]*.open*.org
+  kubernetes:
+    - opendev-k8s*.opendev.org
  logstash:
    - logstash[0-9]*.open*.org
  logstash-worker:
--- a/inventory/openstack.yaml
+++ b/inventory/openstack.yaml
@ -679,6 +679,36 @@ all:
        region_name: ca-ymq-1
      public_v4: 162.253.55.16
      public_v6: 2604:e100:1:0:f816:3eff:fe2c:7447
+    opendev-k8s-master.opendev.org:
+      ansible_host: 38.108.68.20
+      location:
+        cloud: openstackci-vexxhost
+        region_name: sjc1
+      public_v4: 38.108.68.20
+    opendev-k8s-1.opendev.org:
+      ansible_host: 38.108.68.70
+      location:
+        cloud: openstackci-vexxhost
+        region_name: sjc1
+      public_v4: 38.108.68.70
+    opendev-k8s-2.opendev.org:
+      ansible_host: 38.108.68.91
+      location:
+        cloud: openstackci-vexxhost
+        region_name: sjc1
+      public_v4: 38.108.68.91
+    opendev-k8s-3.opendev.org:
+      ansible_host: 38.108.68.72
+      location:
+        cloud: openstackci-vexxhost
+        region_name: sjc1
+      public_v4: 38.108.68.72
+    opendev-k8s-4.opendev.org:
+      ansible_host: 38.108.68.125
+      location:
+        cloud: openstackci-vexxhost
+        region_name: sjc1
+      public_v4: 38.108.68.125
    openstackid-dev.openstack.org:
      ansible_host: 2001:4800:7819:103:be76:4eff:fe05:3d
      location:
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@ -13,8 +13,15 @@
    - timezone
    - unbound
    - exim
-    - iptables
+
+# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
+# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
+# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
+- hosts: "!disabled:!kubernetes"
+  name: "Base: set up firewall rules"
+  roles:
    - snmpd
+    - iptables

 - hosts: bridge.openstack.org:!disabled
  name: "Base: configure cloud credentials on bridge"