8193a01742
The puppet-agent package has added mcollective as a service that just gets run, so we have a ton of servers, basically anything that has been rebooted since the package update, that are running an mcollective daemon that is trying and failing to connect to the mcollective system that does not exist. Add a disabling of the mcollective unit to the disable-puppet-agent role. Also - add disable-puppet-agent everywhere. We'll re-remove it later, but let's make sure we've got this turned off on all of our non-puppet hosts now too. Change-Id: I5c6235e88e5aac3fee85f58d762023c793635f42
26 lines
780 B
YAML
26 lines
780 B
YAML
- hosts: "!disabled"
|
|
name: "Base: set up users and base package repositories on all hosts"
|
|
roles:
|
|
- users
|
|
- base-repos
|
|
|
|
# Run base-server seperately so that the update apt cache handler in base-repos
|
|
# fires before we run base-server
|
|
- hosts: "!disabled"
|
|
name: "Base: set up common environment on all hosts"
|
|
roles:
|
|
- base-server
|
|
- timezone
|
|
- unbound
|
|
- exim
|
|
- disable-puppet-agent
|
|
|
|
# Do not run firewall rules on kubernetes hosts, they are managed by k8s-on-openstack.
|
|
# TODO(mordred) snmpd should be able to be re-added to kubernetes hosts but we will
|
|
# need to add cacti to sg-opendev-nodes and sg-opendev-master security groups first.
|
|
- hosts: "!disabled:!kubernetes"
|
|
name: "Base: set up firewall rules"
|
|
roles:
|
|
- snmpd
|
|
- iptables
|