Run iptables in service playbooks instead of base
It's the only part of base that's important to run when we run a service. Run it in the service playbooks and get rid of the dependency on infra-prod-base. Continue running it in base so that new nodes are brought up with iptables in place. Bump the timeout for the mirror job, because the iptables addition seems to have just bumped it over the edge. Change-Id: I4608216f7a59cfa96d3bdb191edd9bc7bb9cca39
This commit is contained in:
parent
807b083735
commit
d93a661ae4
@ -8,4 +8,4 @@
|
|||||||
- base/unbound
|
- base/unbound
|
||||||
- base/exim
|
- base/exim
|
||||||
- base/snmpd
|
- base/snmpd
|
||||||
- base/iptables
|
- iptables
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
# Use include_role instead of roles: so that we can late-bind the roles list
|
# Use include_role instead of roles: so that we can late-bind the roles list
|
||||||
|
- include_role:
|
||||||
|
name: iptables
|
||||||
- include_role:
|
- include_role:
|
||||||
name: install-ansible-roles
|
name: install-ansible-roles
|
||||||
- include_role:
|
- include_role:
|
||||||
|
@ -3,8 +3,10 @@
|
|||||||
- hosts: "backup:!disabled"
|
- hosts: "backup:!disabled"
|
||||||
name: "Base: Generate backup users and keys"
|
name: "Base: Generate backup users and keys"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- backup
|
- backup
|
||||||
- hosts: "backup-server:!disabled"
|
- hosts: "backup-server:!disabled"
|
||||||
name: "Generate bup configuration"
|
name: "Generate bup configuration"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- backup-server
|
- backup-server
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- hosts: bridge.openstack.org:!disabled
|
- hosts: bridge.openstack.org:!disabled
|
||||||
name: "Bridge: configure the bastion host"
|
name: "Bridge: configure the bastion host"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- edit-secrets-script
|
- edit-secrets-script
|
||||||
- install-docker
|
- install-docker
|
||||||
tasks:
|
tasks:
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
name: "codesearch: run puppet on codesearch"
|
name: "codesearch: run puppet on codesearch"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- sync-project-config
|
- sync-project-config
|
||||||
- name: run-puppet
|
- name: run-puppet
|
||||||
manifest: /opt/system-config/production/manifests/codesearch.pp
|
manifest: /opt/system-config/production/manifests/codesearch.pp
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
name: "eavesdrop: run puppet on eavesdrop"
|
name: "eavesdrop: run puppet on eavesdrop"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- zuul-user
|
- zuul-user
|
||||||
- sync-project-config
|
- sync-project-config
|
||||||
- install-docker
|
- install-docker
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
- hosts: "etherpad01.opendev.org:!disabled"
|
- hosts: "etherpad01.opendev.org:!disabled"
|
||||||
name: "Base: configure etherpad"
|
name: "Base: configure etherpad"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- etherpad
|
- etherpad
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
- hosts: "gitea-lb:!disabled"
|
- hosts: "gitea-lb:!disabled"
|
||||||
name: "Base: configure gitea load balancer"
|
name: "Base: configure gitea load balancer"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- haproxy
|
- haproxy
|
||||||
|
@ -2,5 +2,6 @@
|
|||||||
name: "Base: configure gitea"
|
name: "Base: configure gitea"
|
||||||
serial: 1
|
serial: 1
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- gitea
|
- gitea
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
roles:
|
roles:
|
||||||
- install-certcheck
|
- install-certcheck
|
||||||
- hosts: "letsencrypt:!disabled"
|
- hosts: "letsencrypt:!disabled"
|
||||||
name: "Base: deploy and renew certificates"
|
name: "Deploy and renew certificates"
|
||||||
roles:
|
roles:
|
||||||
- letsencrypt-acme-sh-install
|
- letsencrypt-acme-sh-install
|
||||||
- letsencrypt-request-certs
|
- letsencrypt-request-certs
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
- hosts: "meetpad:!disabled"
|
- hosts: "meetpad:!disabled"
|
||||||
name: "Configure meetpad"
|
name: "Configure meetpad"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- jitsi-meet
|
- jitsi-meet
|
||||||
|
|
||||||
- hosts: "jvb:!disabled"
|
- hosts: "jvb:!disabled"
|
||||||
name: "Configure extra jitsi video bridges"
|
name: "Configure extra jitsi video bridges"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- role: jitsi-meet
|
- role: jitsi-meet
|
||||||
docker_compose_file: jvb-docker-compose.yaml
|
docker_compose_file: jvb-docker-compose.yaml
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- hosts: "mirror-update:!disabled"
|
- hosts: "mirror-update:!disabled"
|
||||||
name: "Configure mirror-update"
|
name: "Configure mirror-update"
|
||||||
roles:
|
roles:
|
||||||
|
- role: iptables
|
||||||
- role: kerberos-client
|
- role: kerberos-client
|
||||||
kerberos_realm: 'OPENSTACK.ORG'
|
kerberos_realm: 'OPENSTACK.ORG'
|
||||||
kerberos_admin_server: 'kdc.openstack.org'
|
kerberos_admin_server: 'kdc.openstack.org'
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- hosts: "mirror:!disabled"
|
- hosts: "mirror:!disabled"
|
||||||
name: "Configure per region opendev mirrors"
|
name: "Configure per region opendev mirrors"
|
||||||
roles:
|
roles:
|
||||||
|
- role: iptables
|
||||||
- role: kerberos-client
|
- role: kerberos-client
|
||||||
kerberos_realm: 'OPENSTACK.ORG'
|
kerberos_realm: 'OPENSTACK.ORG'
|
||||||
kerberos_admin_server: 'kdc.openstack.org'
|
kerberos_admin_server: 'kdc.openstack.org'
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
- hosts: adns:!disabled
|
- hosts: adns:!disabled
|
||||||
name: "Base: configure adns server"
|
name: "Base: configure adns server"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- master-nameserver
|
- master-nameserver
|
||||||
|
|
||||||
- hosts: "ns1.opendev.org:ns2.opendev.org:!disabled"
|
- hosts: "ns1.opendev.org:ns2.opendev.org:!disabled"
|
||||||
name: "Base: configure authoritative nameservers"
|
name: "Base: configure authoritative nameservers"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- nameserver
|
- nameserver
|
||||||
|
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
name: "Configure nodepool builders"
|
name: "Configure nodepool builders"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- nodepool-base
|
- nodepool-base
|
||||||
- configure-openstacksdk
|
- configure-openstacksdk
|
||||||
@ -11,6 +12,7 @@
|
|||||||
name: "run puppet on all older servers"
|
name: "run puppet on all older servers"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- nodepool-base-legacy
|
- nodepool-base-legacy
|
||||||
- configure-openstacksdk
|
- configure-openstacksdk
|
||||||
- configure-kubectl
|
- configure-kubectl
|
||||||
@ -20,6 +22,7 @@
|
|||||||
name: "Configure nodepool launchers"
|
name: "Configure nodepool launchers"
|
||||||
strategy: free
|
strategy: free
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- nodepool-base
|
- nodepool-base
|
||||||
- configure-openstacksdk
|
- configure-openstacksdk
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
- hosts: "registry:!disabled"
|
- hosts: "registry:!disabled"
|
||||||
name: "Base: configure registry"
|
name: "Base: configure registry"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- registry
|
- registry
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- hosts: "review-dev:!disabled"
|
- hosts: "review-dev:!disabled"
|
||||||
name: "Configure gerrit on review-dev"
|
name: "Configure gerrit on review-dev"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- role: gerrit
|
- role: gerrit
|
||||||
gerrit_ssh_rsa_key_contents: "{{ gerrit_dev_ssh_rsa_key_contents }}"
|
gerrit_ssh_rsa_key_contents: "{{ gerrit_dev_ssh_rsa_key_contents }}"
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
- hosts: "review:!disabled"
|
- hosts: "review:!disabled"
|
||||||
name: "Configure gerrit"
|
name: "Configure gerrit"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- gerrit
|
- gerrit
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
- hosts: "static:!disabled"
|
- hosts: "static:!disabled"
|
||||||
name: "Static webserver"
|
name: "Static webserver"
|
||||||
roles:
|
roles:
|
||||||
|
- role: iptables
|
||||||
- role: kerberos-client
|
- role: kerberos-client
|
||||||
kerberos_realm: 'OPENSTACK.ORG'
|
kerberos_realm: 'OPENSTACK.ORG'
|
||||||
kerberos_admin_server: 'kdc.openstack.org'
|
kerberos_admin_server: 'kdc.openstack.org'
|
||||||
|
@ -12,5 +12,6 @@
|
|||||||
name: "Configure Zookeeper"
|
name: "Configure Zookeeper"
|
||||||
serial: 1
|
serial: 1
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- zookeeper
|
- zookeeper
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
- hosts: "zuul-preview:!disabled"
|
- hosts: "zuul-preview:!disabled"
|
||||||
name: "Base: configure zuul-preview"
|
name: "Base: configure zuul-preview"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- zuul-preview
|
- zuul-preview
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
- hosts: "zuul:!disabled"
|
- hosts: "zuul:!disabled"
|
||||||
name: "Configure zuul servers"
|
name: "Configure zuul servers"
|
||||||
roles:
|
roles:
|
||||||
|
- iptables
|
||||||
- install-docker
|
- install-docker
|
||||||
- zuul
|
- zuul
|
||||||
|
|
||||||
|
@ -14,7 +14,6 @@
|
|||||||
|
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
|
|
||||||
testinfra_hosts = ['all']
|
testinfra_hosts = ['all']
|
||||||
|
|
||||||
|
|
||||||
|
73
testinfra/test_zuul.py
Normal file
73
testinfra/test_zuul.py
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
# Copyright 2018 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import socket
|
||||||
|
|
||||||
|
|
||||||
|
testinfra_hosts = [
|
||||||
|
'ze01.opendev.org',
|
||||||
|
'zm01.openstack.org',
|
||||||
|
'zuul01.openstack.org',
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def get_ips(value, family=None):
|
||||||
|
ret = set()
|
||||||
|
try:
|
||||||
|
addr_info = socket.getaddrinfo(value, None, family)
|
||||||
|
except socket.gaierror:
|
||||||
|
return ret
|
||||||
|
for addr in addr_info:
|
||||||
|
ret.add(addr[4][0])
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
def test_iptables(host):
|
||||||
|
rules = host.iptables.rules()
|
||||||
|
rules = [x.strip() for x in rules]
|
||||||
|
|
||||||
|
needed_rules = [
|
||||||
|
'-P INPUT ACCEPT',
|
||||||
|
'-P FORWARD DROP',
|
||||||
|
'-P OUTPUT ACCEPT',
|
||||||
|
'-N openstack-INPUT',
|
||||||
|
'-A INPUT -j openstack-INPUT',
|
||||||
|
'-A openstack-INPUT -i lo -j ACCEPT',
|
||||||
|
'-A openstack-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT',
|
||||||
|
'-A openstack-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
|
||||||
|
'-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT',
|
||||||
|
'-A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited'
|
||||||
|
]
|
||||||
|
for rule in needed_rules:
|
||||||
|
assert rule in rules
|
||||||
|
|
||||||
|
# Make sure that the gearman port is open to executors on the scheduler
|
||||||
|
if host.backend.get_hostname() == 'zuul01.openstack.org':
|
||||||
|
for ip in get_ips('ze01.opendev.org', socket.AF_INET):
|
||||||
|
zuul = ('-A openstack-INPUT -s %s/32 -p tcp -m state --state NEW'
|
||||||
|
' -m tcp --dport 4730 -j ACCEPT' % ip)
|
||||||
|
assert zuul in rules
|
||||||
|
|
||||||
|
# Ensure all IPv4+6 addresses for cacti are allowed
|
||||||
|
for ip in get_ips('cacti.openstack.org', socket.AF_INET):
|
||||||
|
snmp = ('-A openstack-INPUT -s %s/32 -p udp -m udp'
|
||||||
|
' --dport 161 -j ACCEPT' % ip)
|
||||||
|
assert snmp in rules
|
||||||
|
|
||||||
|
# TODO(ianw) add ip6tables support to testinfra iptables module
|
||||||
|
ip6rules = host.check_output('ip6tables -S')
|
||||||
|
for ip in get_ips('cacti.openstack.org', socket.AF_INET6):
|
||||||
|
snmp = ('-A openstack-INPUT -s %s/128 -p udp -m udp'
|
||||||
|
' --dport 161 -j ACCEPT' % ip)
|
||||||
|
assert snmp in ip6rules
|
@ -69,8 +69,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
files:
|
files:
|
||||||
- inventory/
|
- inventory/
|
||||||
- playbooks/service-letsencrypt.yaml
|
- playbooks/service-letsencrypt.yaml
|
||||||
@ -105,8 +103,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
|
|
||||||
@ -120,6 +116,7 @@
|
|||||||
- inventory/
|
- inventory/
|
||||||
- playbooks/service-bridge.yaml
|
- playbooks/service-bridge.yaml
|
||||||
- playbooks/host_vars/bridge.openstack.org.yaml
|
- playbooks/host_vars/bridge.openstack.org.yaml
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/logrotate/
|
- playbooks/roles/logrotate/
|
||||||
- playbooks/roles/edit-secrets-script/
|
- playbooks/roles/edit-secrets-script/
|
||||||
- playbooks/roles/install-kubectl/
|
- playbooks/roles/install-kubectl/
|
||||||
@ -138,6 +135,7 @@
|
|||||||
- playbooks/service-gitea-lb.yaml
|
- playbooks/service-gitea-lb.yaml
|
||||||
- playbooks/group_vars/gitea-lb.yaml
|
- playbooks/group_vars/gitea-lb.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
- playbooks/roles/haproxy/
|
- playbooks/roles/haproxy/
|
||||||
|
|
||||||
@ -157,6 +155,7 @@
|
|||||||
- playbooks/group_vars/ns.yaml
|
- playbooks/group_vars/ns.yaml
|
||||||
- playbooks/roles/master-nameserver/
|
- playbooks/roles/master-nameserver/
|
||||||
- playbooks/roles/nameserver/
|
- playbooks/roles/nameserver/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: infra-prod-service-nodepool
|
name: infra-prod-service-nodepool
|
||||||
@ -179,6 +178,7 @@
|
|||||||
- playbooks/roles/configure-kubectl/
|
- playbooks/roles/configure-kubectl/
|
||||||
- playbooks/roles/configure-openstacksdk/
|
- playbooks/roles/configure-openstacksdk/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/nodepool
|
- playbooks/roles/nodepool
|
||||||
- playbooks/templates/clouds/nodepool_
|
- playbooks/templates/clouds/nodepool_
|
||||||
|
|
||||||
@ -197,6 +197,7 @@
|
|||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/etherpad
|
- playbooks/roles/etherpad
|
||||||
- playbooks/roles/logrotate
|
- playbooks/roles/logrotate
|
||||||
|
- playbooks/roles/iptables/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: infra-prod-service-meetpad
|
name: infra-prod-service-meetpad
|
||||||
@ -205,8 +206,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: system-config-promote-image-jitsi-meet
|
- name: system-config-promote-image-jitsi-meet
|
||||||
@ -220,6 +219,7 @@
|
|||||||
- playbooks/group_vars/meetpad.yaml
|
- playbooks/group_vars/meetpad.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/jitsi-meet/
|
- playbooks/roles/jitsi-meet/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -234,6 +234,7 @@
|
|||||||
- playbooks/roles/kerberos-client/
|
- playbooks/roles/kerberos-client/
|
||||||
- playbooks/roles/openafs-client/
|
- playbooks/roles/openafs-client/
|
||||||
- playbooks/roles/mirror-update/
|
- playbooks/roles/mirror-update/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/logrotate/
|
- playbooks/roles/logrotate/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -251,6 +252,7 @@
|
|||||||
- playbooks/roles/mirror/
|
- playbooks/roles/mirror/
|
||||||
- playbooks/roles/afs-release/
|
- playbooks/roles/afs-release/
|
||||||
- playbooks/roles/afsmon/
|
- playbooks/roles/afsmon/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/logrotate/
|
- playbooks/roles/logrotate/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -264,6 +266,7 @@
|
|||||||
- playbooks/service-static.yaml
|
- playbooks/service-static.yaml
|
||||||
- playbooks/host_vars/static01.opendev.org.yaml
|
- playbooks/host_vars/static01.opendev.org.yaml
|
||||||
- playbooks/group_vars/static.yaml
|
- playbooks/group_vars/static.yaml
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/kerberos-client/
|
- playbooks/roles/kerberos-client/
|
||||||
- playbooks/roles/openafs-client/
|
- playbooks/roles/openafs-client/
|
||||||
- playbooks/roles/static/
|
- playbooks/roles/static/
|
||||||
@ -280,6 +283,7 @@
|
|||||||
- playbooks/service-backup.yaml
|
- playbooks/service-backup.yaml
|
||||||
- playbooks/roles/backup/
|
- playbooks/roles/backup/
|
||||||
- playbooks/roles/backup-server/
|
- playbooks/roles/backup-server/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: infra-prod-service-registry
|
name: infra-prod-service-registry
|
||||||
@ -293,6 +297,7 @@
|
|||||||
- playbooks/group_vars/registry.yaml
|
- playbooks/group_vars/registry.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/registry/
|
- playbooks/roles/registry/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -307,6 +312,7 @@
|
|||||||
- playbooks/group_vars/zuul-preview.yaml
|
- playbooks/group_vars/zuul-preview.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/zuul-preview/
|
- playbooks/roles/zuul-preview/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -321,6 +327,7 @@
|
|||||||
- ^playbooks/host_vars/zk\d+\..*
|
- ^playbooks/host_vars/zk\d+\..*
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/zookeeper/
|
- playbooks/roles/zookeeper/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -337,8 +344,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-manage-projects
|
- name: infra-prod-manage-projects
|
||||||
@ -352,6 +357,7 @@
|
|||||||
- playbooks/host_vars/zk\d+
|
- playbooks/host_vars/zk\d+
|
||||||
- playbooks/host_vars/zuul01.openstack.org
|
- playbooks/host_vars/zuul01.openstack.org
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/zookeeper/
|
- playbooks/roles/zookeeper/
|
||||||
- playbooks/roles/zuul
|
- playbooks/roles/zuul
|
||||||
|
|
||||||
@ -364,8 +370,6 @@
|
|||||||
dependencies: &infra_prod_service_review_deps
|
dependencies: &infra_prod_service_review_deps
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: system-config-promote-image-gerrit-2.13
|
- name: system-config-promote-image-gerrit-2.13
|
||||||
@ -377,6 +381,7 @@
|
|||||||
- playbooks/host_vars/review01.openstack.org.yaml
|
- playbooks/host_vars/review01.openstack.org.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/gerrit/
|
- playbooks/roles/gerrit/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -393,6 +398,7 @@
|
|||||||
- playbooks/host_vars/review-dev01.opendev.org.yaml
|
- playbooks/host_vars/review-dev01.opendev.org.yaml
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/gerrit/
|
- playbooks/roles/gerrit/
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
@ -404,8 +410,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: system-config-promote-image-gitea-init
|
- name: system-config-promote-image-gitea-init
|
||||||
@ -420,6 +424,7 @@
|
|||||||
- playbooks/roles/install-docker/
|
- playbooks/roles/install-docker/
|
||||||
- playbooks/roles/pip3/
|
- playbooks/roles/pip3/
|
||||||
- playbooks/roles/gitea/
|
- playbooks/roles/gitea/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/logrotate/
|
- playbooks/roles/logrotate/
|
||||||
- docker/gitea/
|
- docker/gitea/
|
||||||
- docker/gitea-init/
|
- docker/gitea-init/
|
||||||
@ -443,6 +448,7 @@
|
|||||||
- playbooks/group_vars/puppet.yaml
|
- playbooks/group_vars/puppet.yaml
|
||||||
- playbooks/roles/run-puppet/
|
- playbooks/roles/run-puppet/
|
||||||
- playbooks/roles/install-ansible-roles/
|
- playbooks/roles/install-ansible-roles/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/sync-project-config
|
- playbooks/roles/sync-project-config
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
@ -461,8 +467,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: system-config-promote-image-accessbot
|
- name: system-config-promote-image-accessbot
|
||||||
@ -479,6 +483,7 @@
|
|||||||
- playbooks/roles/install-ansible-roles/
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/zuul-user
|
- playbooks/roles/zuul-user
|
||||||
- playbooks/roles/install-docker
|
- playbooks/roles/install-docker
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
- playbooks/roles/accessbot
|
- playbooks/roles/accessbot
|
||||||
@ -526,6 +531,7 @@
|
|||||||
- playbooks/roles/install-ansible-roles/
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- playbooks/roles/vos-release/
|
- playbooks/roles/vos-release/
|
||||||
- modules/
|
- modules/
|
||||||
- manifests/
|
- manifests/
|
||||||
@ -551,6 +557,7 @@
|
|||||||
- playbooks/roles/install-ansible-roles/
|
- playbooks/roles/install-ansible-roles/
|
||||||
- playbooks/roles/puppet-install/
|
- playbooks/roles/puppet-install/
|
||||||
- playbooks/roles/disable-puppet-agent/
|
- playbooks/roles/disable-puppet-agent/
|
||||||
|
- playbooks/roles/iptables/
|
||||||
- modules/
|
- modules/
|
||||||
- manifests/
|
- manifests/
|
||||||
|
|
||||||
|
@ -204,8 +204,6 @@
|
|||||||
dependencies:
|
dependencies:
|
||||||
- name: infra-prod-install-ansible
|
- name: infra-prod-install-ansible
|
||||||
soft: true
|
soft: true
|
||||||
- name: infra-prod-base
|
|
||||||
soft: true
|
|
||||||
- name: infra-prod-service-letsencrypt
|
- name: infra-prod-service-letsencrypt
|
||||||
soft: true
|
soft: true
|
||||||
- name: system-config-promote-image-etherpad
|
- name: system-config-promote-image-etherpad
|
||||||
|
@ -374,6 +374,7 @@
|
|||||||
- job:
|
- job:
|
||||||
name: system-config-run-mirror-x86
|
name: system-config-run-mirror-x86
|
||||||
parent: system-config-run-mirror-base
|
parent: system-config-run-mirror-base
|
||||||
|
timeout: 3600
|
||||||
nodeset:
|
nodeset:
|
||||||
nodes:
|
nodes:
|
||||||
- name: bridge.openstack.org
|
- name: bridge.openstack.org
|
||||||
|
Loading…
Reference in New Issue
Block a user