opendev/system-config
Code Issues Proposed changes
31b505d3ba
system-config/inventory/service/groups.yaml
Ian Wienand be992b3bb6
infra-prod: run job against linaro 
We have access to manage the linaro cloud, but we don't want to
completely own the host as it has been configured with kolla-ansible;
so we don't want to take over things like name resolution, iptables
rules, docker installation, etc.

But we would like to manage some parts of it, like rolling out our
root users, some cron jobs, etc.  While we could just log in and do
these things, it doesn't feel very openinfra.

This allows us to have a group "unmanaged" that skips the base jobs.
The base playbook is updated to skip these hosts.

For now, we add a cloud-linaro prod job that just does nothing so we
can validate the whole thing.  When it's working, I plan to add a few
things as discussed above.

Change-Id: Ie8de70cbac7ffb9d727a06a349c3d2a3b3aa0b40
2023-03-15 12:00:25 +11:00

201 lines
5.3 KiB
YAML
Raw Blame History

plugin: yamlgroup
groups:
adns: adns*.open*.org
afs-server-common:
- afs[0-9]*.openstack.org
- afsdb[0-9]*.openstack.org
afs-file-server:
- afs[0-9]*.openstack.org
afs-db-server:
- afsdb[0-9]*.openstack.org
afs-client:
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- ze[0-9]*.open*.org
- afsdb*.open*.org
- afs[0-9]*.open*.org
- static[0-9]*.opendev.org
bastion:
- bridge*.opendev.org
borg-backup:
- etherpad[0-9]*.opendev.org
- gitea09.opendev.org
- review02.opendev.org
- zuul[0-9]*.opendev.org
- refstack01.openstack.org
- kdc03.openstack.org
- eavesdrop01.opendev.org
- paste01.opendev.org
- lists01.opendev.org
# These are test specific hosts that we add to the backup
# group to mimic as much as possible what their prod version
# end up doing.
- gitea99.opendev.org
- review99.opendev.org
- lists99.opendev.org
# All these servers are "special-cased" in specifically
# as they are puppet and should be replaced "soon"
- lists.openstack.org
- storyboard01.opendev.org
- translate01.openstack.org
borg-backup-server:
- backup02.ca-ymq-1.vexxhost.opendev.org
- backup01.ord.rax.opendev.org
cacti: cacti[0-9]*.open*.org
certcheck:
- cacti[0-9]*.open*.org
cloud-launcher:
- bridge*.open*.org
codesearch:
- codesearch[0-9]*.opendev.org
control-plane-clouds:
- bridge*.open*.org
disabled: []
dns:
- adns*.opendev.org
- ns*.opendev.org
eavesdrop: eavesdrop[0-9]*.opendev.org
etherpad: etherpad[0-9]*.open*.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
- gitea-lb[0-9]*.opendev.org
grafana:
- grafana[0-9]*.opendev.org
graphite:
- graphite*.opendev.org
jvb:
- jvb[0-9]*.opendev.org
kerberos-client:
- afs[0-9]*.open*.org
- afsdb*.open*.org
- kdc[0-9]*.openstack.org
- mirror[0-9]*.opendev.org
- mirror-update[0-9]*.opendev.org
- static[0-9]*.opendev.org
- ze[0-9]*.open*.org
kerberos-kdc:
- kdc03.openstack.org
- kdc04.openstack.org
kerberos-kdc-primary:
- kdc03.openstack.org
kerberos-kdc-replica:
- kdc04.openstack.org
keycloak: keycloak[0-9]*.opendev.org
letsencrypt:
- codesearch[0-9]*.opendev.org
- eavesdrop[0-9]*.opendev.org
- etherpad[0-9]*.opendev.org
- gitea[0-9]*.opendev.org
- grafana[0-9]*.opendev.org
- graphite[0-9]*.opendev.org
- insecure-ci-registry[0-9]*.opendev.org
- keycloak[0-9]*.opendev.org
- lists.katacontainers.io
- lists.openstack.org
- lists[0-9]*.opendev.org
- meetpad[0-9]*.opendev.org
- mirror[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- review[0-9]*.opendev.org
- static[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- tracing[0-9]*.opendev.org
- translate[0-9]*.open*.org
- zuul[0-9]*.opendev.org
mailman:
- lists.katacontainers.io
- lists.openstack.org
mailman3:
- lists[0-9]*.opendev.org
meetpad:
- meetpad[0-9]*.opendev.org
mirror:
- mirror[0-9]*.opendev.org
mirror-update:
- mirror-update[0-9]*.opendev.org
nodepool:
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
nodepool-builder:
- nb[0-9]*.opendev.org
nodepool-launcher:
- nl[0-9]*.open*.org
ns:
- ns[0-9]*.open*.org
paste:
- paste[0-9]*.opendev.org
puppet:
- cacti[0-9]*.open*.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
puppet4:
- cacti[0-9]*.open*.org
- storyboard[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- translate[0-9]*.open*.org
- translate-dev[0-9]*.open*.org
refstack:
- refstack[0-9]*.openstack.org
registry:
- insecure-ci-registry[0-9]*.opendev.org
review:
- review[0-9]*.opendev.org
# This group disables operations like project-managment and
# replication. It is intended for staging new production servers.
#review-staging:
static:
- static[0-9]*.opendev.org
storyboard:
- storyboard[0-9]*.opendev.org
storyboard-dev:
- storyboard-dev[0-9]*.opendev.org
tracing: tracing[0-9]*.opendev.org
translate-dev:
- translate-dev[0-9]*.open*.org
translate:
- translate[0-9]*.open*.org
# This group does not run the base jobs
unmanaged:
- openinfraci.linaro.cloud
webservers:
- cacti[0-9]*.open*.org
- codesearch[0-9]*.opendev.org
# eavesdrop has its own group with custom ports
- etherpad[0-9]*.open*.org
- grafana[0-9]*.opendev.org
- graphite*.opendev.org
- keycloak[0-9]*.opendev.org
- nb[0-9]*.opendev.org
- nl[0-9]*.open*.org
- paste[0-9]*.opendev.org
- refstack[0-9]*.openstack.org
- static[0-9]*.opendev.org
- storyboard-dev[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
- tracing[0-9]*.opendev.org
- translate-dev[0-9]*.open*.org
- translate[0-9]*.open*.org
zookeeper:
- zk[0-9]*.open*.org
zuul-lb:
- zuul-lb[0-9]*.opendev.org
zuul:
- ze[0-9]*.opendev.org
- zm[0-9]*.opendev.org
- zuul[0-9]*.opendev.org
zuul-executor:
- ze[0-9]*.opendev.org
zuul-merger:
- zm[0-9]*.opendev.org
zuul-preview:
- zp[0-9]*.opendev.org
zuul-scheduler:
- zuul[0-9]*.opendev.org
zuul-web:
- zuul[0-9]*.opendev.org
View Git Blame Copy Permalink