diff --git a/.zuul.yaml b/.zuul.yaml index 48420990cd..55e81f0743 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1145,6 +1145,7 @@ description: | Run the playbook for an eavesdrop server. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config requires: accessbot-container-image @@ -1185,12 +1186,15 @@ - name: codesearch01.openstack.org label: ubuntu-xenial required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config files: - playbooks/install-ansible.yaml - playbooks/service-codesearch.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/sync-project-config - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ @@ -1243,10 +1247,16 @@ label: ubuntu-bionic - name: lists.openstack.org label: ubuntu-xenial + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - playbooks/install-ansible.yaml - modules/openstack_project/manifests/lists.pp - playbooks/host_vars/lists.openstack.org.yaml + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - roles/exim vars: run_playbooks: @@ -1269,8 +1279,9 @@ - name: nb04.opendev.org label: ubuntu-bionic required-projects: - - openstack/project-config + - opendev/ansible-role-puppet - opendev/system-config + - openstack/project-config host-vars: nl01.openstack.org: host_copy_output: @@ -1289,6 +1300,9 @@ - playbooks/group_vars/nodepool.yaml - playbooks/group_vars/nodepool-builder.yaml - playbooks/group_vars/nodepool-launcher.yaml + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/configure-openstacksdk/ - playbooks/roles/nodepool - playbooks/templates/clouds/ @@ -2113,7 +2127,6 @@ files: - inventory/ - roles/ - - roles.yaml - install_modules.sh - modules.env - playbooks/install-ansible.yaml @@ -2261,6 +2274,9 @@ - playbooks/host_vars/nb - playbooks/host_vars/nl - playbooks/group_vars/nodepool + - playbooks/group_vars/puppet + - playbooks/roles/install-ansible-roles/ + - playbooks/roles/run-puppet/ - playbooks/roles/configure-kubectl/ - playbooks/roles/configure-openstacksdk/ - playbooks/roles/install-docker/ @@ -2516,6 +2532,7 @@ parent: infra-prod-service-base description: Run service-codesearch.yaml playbook. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config vars: @@ -2525,6 +2542,8 @@ - playbooks/install-ansible.yaml - playbooks/service-codesearch.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/sync-project-config - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ @@ -2537,6 +2556,7 @@ parent: infra-prod-service-base description: Run service-eavesdrop.yaml playbook. required-projects: + - opendev/ansible-role-puppet - opendev/system-config - openstack/project-config dependencies: @@ -2556,6 +2576,8 @@ - playbooks/run-accessbot.yaml - playbooks/group_vars/eavesdrop.yaml - playbooks/group_vars/puppet.yaml + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/zuul-user - playbooks/roles/install-docker - playbooks/roles/puppet-install/ @@ -2588,11 +2610,17 @@ vars: playbook_name: remote_puppet_afs.yaml infra_prod_ansible_forks: 1 + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - inventory/ - playbooks/remote_puppet_afs.yaml - playbooks/group_vars/afs - playbooks/group_vars/mirror-update + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ - playbooks/roles/vos-release/ @@ -2606,12 +2634,18 @@ vars: playbook_name: remote_puppet_else.yaml infra_prod_ansible_forks: 50 + required-projects: + - opendev/ansible-role-puppet + - opendev/system-config files: - hiera/ - inventory/ - playbooks/remote_puppet_else.yaml - playbooks/group_vars/ - playbooks/host_vars/ + - playbooks/group_vars/puppet + - playbooks/roles/run-puppet/ + - playbooks/roles/install-ansible-roles/ - playbooks/roles/puppet-install/ - playbooks/roles/disable-puppet-agent/ - modules/ @@ -2624,6 +2658,9 @@ vars: playbook_name: run_cloud_launcher.yaml infra_prod_ansible_forks: 1 + required-projects: + - opendev/ansible-role-cloud-launcher + - opendev/system-config dependencies: - name: infra-prod-service-bridge soft: true diff --git a/inventory/groups.yaml b/inventory/groups.yaml index 4c1161821f..a468fc35ef 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -28,6 +28,8 @@ groups: # backup-server: # - backup[0-9]*.opendev.org cacti: cacti[0-9]*.open*.org + cloud-launcher: + - bridge.openstack.org codesearch: - codesearch[0-9]*.open*.org control-plane-clouds: diff --git a/playbooks/group_vars/cloud-launcher.yaml b/playbooks/group_vars/cloud-launcher.yaml new file mode 100644 index 0000000000..f7fceca490 --- /dev/null +++ b/playbooks/group_vars/cloud-launcher.yaml @@ -0,0 +1,2 @@ +ansible_roles: + - cloud-launcher diff --git a/playbooks/group_vars/puppet.yaml b/playbooks/group_vars/puppet.yaml index e6bec333f5..7da5274604 100644 --- a/playbooks/group_vars/puppet.yaml +++ b/playbooks/group_vars/puppet.yaml @@ -10,3 +10,5 @@ puppet_color: 'false' mgmt_hieradata: /etc/ansible/hosts mgmt_puppet_module_dir: /etc/puppet/modules puppet_hieradata_link_dest: /opt/system-config/hieradata +ansible_roles: + - puppet diff --git a/playbooks/remote_puppet_afs.yaml b/playbooks/remote_puppet_afs.yaml index aa92eef1bf..eed1ea92d3 100644 --- a/playbooks/remote_puppet_afs.yaml +++ b/playbooks/remote_puppet_afs.yaml @@ -1,14 +1,8 @@ -- hosts: "afs:afsdb:!disabled" - name: "Base: install and configure puppet on puppet hosts" - roles: - - puppet-install - - disable-puppet-agent - - hosts: "afs:afsdb:!disabled" name: "AFS: run puppet on the AFS servers" strategy: free roles: - - puppet + - run-puppet - hosts: "mirror-update:!disabled" name: "Create key for remote vos release" diff --git a/playbooks/remote_puppet_else.yaml b/playbooks/remote_puppet_else.yaml index 2cd6f64354..36b2bdc1c0 100644 --- a/playbooks/remote_puppet_else.yaml +++ b/playbooks/remote_puppet_else.yaml @@ -2,6 +2,4 @@ name: "Puppet-else: run puppet on all other servers" strategy: free roles: - - puppet-install - - disable-puppet-agent - - puppet + - run-puppet diff --git a/playbooks/roles/install-ansible-roles/README.rst b/playbooks/roles/install-ansible-roles/README.rst new file mode 100644 index 0000000000..f03fabeab8 --- /dev/null +++ b/playbooks/roles/install-ansible-roles/README.rst @@ -0,0 +1 @@ +Install additional Ansible roles from git repos diff --git a/playbooks/roles/install-ansible-roles/defaults/main.yaml b/playbooks/roles/install-ansible-roles/defaults/main.yaml new file mode 100644 index 0000000000..8bfa95e4d3 --- /dev/null +++ b/playbooks/roles/install-ansible-roles/defaults/main.yaml @@ -0,0 +1,4 @@ +# Roles to install from source +ansible_roles: [] +ansible_role_src_root: /home/zuul +ansible_role_dest: /etc/ansible/roles diff --git a/playbooks/roles/install-ansible-roles/tasks/main.yaml b/playbooks/roles/install-ansible-roles/tasks/main.yaml new file mode 100644 index 0000000000..40f119cffd --- /dev/null +++ b/playbooks/roles/install-ansible-roles/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: Install ansible roles to /etc/ansible/roles + git: + repo: '{{ ansible_role_src_root }}/src/opendev.org/opendev/ansible-role-{{ ansible_role }}' + dest: '/etc/ansible/roles/{{ ansible_role }}' + force: yes + delegate_to: localhost + loop: '{{ ansible_roles }}' + loop_control: + loop_var: ansible_role diff --git a/playbooks/roles/install-ansible/tasks/main.yaml b/playbooks/roles/install-ansible/tasks/main.yaml index e0a8019876..afa438affc 100644 --- a/playbooks/roles/install-ansible/tasks/main.yaml +++ b/playbooks/roles/install-ansible/tasks/main.yaml @@ -111,14 +111,6 @@ src: roles/ dest: /etc/ansible/roles -- name: Copy roles.yaml into /etc/ansible - copy: - src: roles.yaml - dest: /etc/ansible/roles.yaml - -- name: Install ansible roles to /etc/ansible/roles - command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml - - name: Make sure k8s-on-openstack repo is up to date git: repo: https://github.com/infraly/k8s-on-openstack diff --git a/playbooks/roles/run-puppet/README.rst b/playbooks/roles/run-puppet/README.rst new file mode 100644 index 0000000000..b0a8bc5cb8 --- /dev/null +++ b/playbooks/roles/run-puppet/README.rst @@ -0,0 +1,12 @@ +Run puppet on remote servers + +Omnibus role that takes care of installing the puppet role, +installing puppet and then running puppet. Uses include_role +so that the installation of the puppet role can run as the +first task, then the puppet role can be used in a following +task. + +.. zuul:rolevar:: manifest + :default: manifests/site.pp + + Puppet manifest file to run. diff --git a/playbooks/roles/run-puppet/tasks/main.yaml b/playbooks/roles/run-puppet/tasks/main.yaml new file mode 100644 index 0000000000..9efa7e999d --- /dev/null +++ b/playbooks/roles/run-puppet/tasks/main.yaml @@ -0,0 +1,9 @@ +# Use include_role instead of roles: so that we can late-bind the roles list +- include_role: + name: install-ansible-roles +- include_role: + name: puppet-install +- include_role: + name: disable-puppet-agent +- include_role: + name: puppet diff --git a/playbooks/run_cloud_launcher.yaml b/playbooks/run_cloud_launcher.yaml index 30f497944c..17f6f635cc 100644 --- a/playbooks/run_cloud_launcher.yaml +++ b/playbooks/run_cloud_launcher.yaml @@ -1,7 +1,13 @@ -- hosts: bridge.openstack.org:!disabled +- hosts: cloud-launcher:!disabled name: "Cloud-launcher: Run cloud launcher" gather_facts: false - roles: - - role: cloud-launcher - profiles: '{{ cloud_launcher_profiles }}' - clouds: '{{ cloud_launcher_clouds }}' + tasks: + # Use include_role so that the cloud-launcher role install + # is late-binding + - include_role: + name: install-ansible-roles + - include_role: + name: cloud-launcher + vars: + profiles: '{{ cloud_launcher_profiles }}' + clouds: '{{ cloud_launcher_clouds }}' diff --git a/playbooks/service-codesearch.yaml b/playbooks/service-codesearch.yaml index 117b096d16..e0f0ff3bcf 100644 --- a/playbooks/service-codesearch.yaml +++ b/playbooks/service-codesearch.yaml @@ -3,7 +3,5 @@ strategy: free roles: - sync-project-config - - puppet-install - - disable-puppet-agent - - name: puppet + - name: run-puppet manifest: /opt/system-config/production/manifests/codesearch.pp diff --git a/playbooks/service-eavesdrop.yaml b/playbooks/service-eavesdrop.yaml index 9f6af287b4..a8ed205f6e 100644 --- a/playbooks/service-eavesdrop.yaml +++ b/playbooks/service-eavesdrop.yaml @@ -6,7 +6,5 @@ - sync-project-config - install-docker - accessbot - - puppet-install - - disable-puppet-agent - - name: puppet + - name: run-puppet manifest: /opt/system-config/production/manifests/eavesdrop.pp diff --git a/playbooks/service-nodepool.yaml b/playbooks/service-nodepool.yaml index 58c85a483d..ee7db05997 100644 --- a/playbooks/service-nodepool.yaml +++ b/playbooks/service-nodepool.yaml @@ -14,9 +14,7 @@ - nodepool-base-legacy - configure-openstacksdk - configure-kubectl - - puppet-install - - disable-puppet-agent - - puppet + - run-puppet - hosts: nodepool-launcher:!disabled name: "Configure nodepool launchers" diff --git a/roles.yaml b/roles.yaml deleted file mode 100644 index 7e6cd676d8..0000000000 --- a/roles.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- src: git+https://opendev.org/opendev/ansible-role-puppet.git - version: HEAD - name: puppet -- src: git+https://opendev.org/opendev/ansible-role-cloud-launcher.git - version: HEAD - name: cloud-launcher