Merge "Reference bastion through prod_bastion group"
This commit is contained in:
Zuul
Gerrit Code Review
commit
3b60679d6b
@ -15,10 +15,8 @@ groups:
|
||||
- afsdb*.open*.org
|
||||
- afs[0-9]*.open*.org
|
||||
- static[0-9]*.opendev.org
|
||||
# bastion group should should only have one entry because we assume
|
||||
# groups['bastion'][0] is the bastion host name in several places.
|
||||
bastion:
|
||||
- bridge01.opendev.org
|
||||
- bridge*.opendev.org
|
||||
borg-backup:
|
||||
- etherpad[0-9]*.opendev.org
|
||||
- gitea01.opendev.org
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
# In both cases, the "bastion" group has one entry, which is the
|
||||
# bastion host to run against.
|
||||
|
||||
- hosts: bastion[0]:!disabled
|
||||
- hosts: prod_bastion[0]:!disabled
|
||||
name: "Bridge: bootstrap the bastion host"
|
||||
become: true
|
||||
tasks:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
- name: Add bastion host to inventory for production playbook
|
||||
add_host:
|
||||
name: 'bridge01.opendev.org'
|
||||
groups: 'bastion'
|
||||
groups: 'prod_bastion'
|
||||
ansible_python_interpreter: python3
|
||||
ansible_user: zuul
|
||||
# Without setting ansible_host directly, mirror-workspace-git-repos
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
- include_role:
|
||||
name: stage-output
|
||||
|
||||
- hosts: bastion
|
||||
- hosts: prod_bastion[0]
|
||||
tasks:
|
||||
- name: Set log directory
|
||||
set_fact:
|
||||
@ -69,7 +69,7 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: ARA report
|
||||
url: '{{ groups["bastion"][0] }}/ara-report/'
|
||||
url: '{{ groups["prod_bastion"][0] }}/ara-report/'
|
||||
|
||||
- name: Collect ansible configuration
|
||||
synchronize:
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
cloud_launcher_disable_job: true
|
||||
|
||||
# setup opendev CA
|
||||
- hosts: bastion[0]
|
||||
- hosts: prod_bastion[0]
|
||||
become: true
|
||||
tasks:
|
||||
- name: Make temporary dir for CA generation
|
||||
@ -57,9 +57,9 @@
|
||||
creates: '{{ item.file }}'
|
||||
loop:
|
||||
- file: '/etc/opendev-ca/ca.key'
|
||||
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_key"]["content"] }}'
|
||||
content: '{{ hostvars[groups["prod_bastion"][0]]["_opendev_ca_key"]["content"] }}'
|
||||
- file: '/etc/opendev-ca/ca.crt'
|
||||
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
|
||||
content: '{{ hostvars[groups["prod_bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
|
||||
|
||||
- name: Install and trust certificate
|
||||
shell:
|
||||
@ -67,7 +67,7 @@
|
||||
cp /etc/opendev-ca/ca.crt /usr/local/share/ca-certificates/opendev-infra-ca.crt
|
||||
update-ca-certificates
|
||||
|
||||
- hosts: bastion[0]
|
||||
- hosts: prod_bastion[0]
|
||||
become: true
|
||||
tasks:
|
||||
- name: Write inventory on bridge
|
||||
@ -185,7 +185,7 @@
|
||||
name: encrypt-logs
|
||||
vars:
|
||||
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
|
||||
encrypt_logs_artifact_path: '{{ groups["bastion"][0] }}/ansible'
|
||||
encrypt_logs_artifact_path: '{{ groups["prod_bastion"][0] }}/ansible'
|
||||
encrypt_logs_download_script_path: '/var/log/ansible'
|
||||
|
||||
- name: Run test playbook
|
||||
@ -216,7 +216,7 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: Screenshots
|
||||
url: '{{ groups["bastion"][0] }}/screenshots'
|
||||
url: '{{ groups["prod_bastion"][0] }}/screenshots'
|
||||
|
||||
- name: Allow PBR's git calls to operate in system-config, despite not owning it
|
||||
command: git config --global safe.directory /home/zuul/src/opendev.org/opendev/system-config
|
||||
@ -240,4 +240,4 @@
|
||||
zuul:
|
||||
artifacts:
|
||||
- name: testinfra results
|
||||
url: '{{ groups["bastion"][0] }}/test-results.html'
|
||||
url: '{{ groups["prod_bastion"][0] }}/test-results.html'
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
- hosts: bastion[0]
|
||||
- hosts: prod_bastion[0]
|
||||
connection: local
|
||||
tasks:
|
||||
- name: Install root keys
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
roles:
|
||||
- add-bastion-host
|
||||
|
||||
- hosts: bastion[0]
|
||||
- hosts: prod_bastion[0]
|
||||
tasks:
|
||||
- name: Encrypt log
|
||||
when: infra_prod_playbook_encrypt_log|default(False)
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
roles:
|
||||
- add-bastion-host
|
||||
|
||||
- hosts: bastion[0]
|
||||
- hosts: prod_bastion[0]
|
||||
tasks:
|
||||
- name: Run the production playbook and capture logs
|
||||
block:
|
||||
|
||||
@ -59,7 +59,7 @@
|
||||
currently in use.
|
||||
nodeset:
|
||||
nodes:
|
||||
- &bridge_node_x86 { name: bridge01.opendev.org, label: ubuntu-jammy }
|
||||
- &bridge_node_x86 { name: bridge99.opendev.org, label: ubuntu-jammy }
|
||||
- name: xenial
|
||||
label: ubuntu-xenial
|
||||
- name: bionic
|
||||
@ -81,7 +81,7 @@
|
||||
# bridge node. This node will then run a nested Ansible to
|
||||
# test the production playbooks -- *that* Ansible has a
|
||||
# "bastion" group too
|
||||
- &bastion_group { name: bastion, nodes: [ bridge01.opendev.org ] }
|
||||
- &bastion_group { name: prod_bastion, nodes: [ bridge99.opendev.org ] }
|
||||
files:
|
||||
- tox.ini
|
||||
- playbooks/
|
||||
@ -138,7 +138,7 @@
|
||||
Run the "base" playbook on ARM64.
|
||||
nodeset:
|
||||
nodes:
|
||||
- &bridge_node_arm64 { name: bridge01.opendev.org, label: ubuntu-jammy-arm64 }
|
||||
- &bridge_node_arm64 { name: bridge99.opendev.org, label: ubuntu-jammy-arm64 }
|
||||
- name: bionic
|
||||
label: ubuntu-bionic-arm64
|
||||
- name: focal
|
||||
@ -228,7 +228,7 @@
|
||||
# Make sure this test runs acme.sh
|
||||
letsencrypt_self_generate_tokens: False
|
||||
host-vars:
|
||||
bridge01.opendev.org:
|
||||
bridge99.opendev.org:
|
||||
host_copy_output:
|
||||
'/var/lib/certcheck': logs
|
||||
letsencrypt01.opendev.org:
|
||||
@ -967,7 +967,7 @@
|
||||
'/etc/hosts': logs
|
||||
'/etc/zuul/zuul.conf': logs
|
||||
'/var/log/zuul/debug.log': logs
|
||||
bridge01.opendev.org:
|
||||
bridge99.opendev.org:
|
||||
host_copy_output:
|
||||
'/etc/hosts': logs
|
||||
zuul-lb01.opendev.org:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user