system-config/playbooks/zuul/run-base.yaml

- import_playbook: ../install-ansible.yaml
  vars:
    root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}"
    ansible_cron_disable_job: true
    cloud_launcher_disable_job: true

- hosts: bridge.openstack.org
  become: true
  tasks:
    - name: Write inventory on bridge
      include_role:
        name: write-inventory
      vars:
        write_inventory_dest: /etc/ansible/hosts/inventory.yaml
        write_inventory_exclude_hostvars:
          - ansible_user
          - ansible_python_interpreter
    - name: Add groups config for test nodes
      template:
        src: "templates/gate-groups.yaml.j2"
        dest: "/etc/ansible/hosts/gate-groups.yaml"
    - name: Update ansible.cfg to use job inventory
      ini_file:
        path: /etc/ansible/ansible.cfg
        section: defaults
        option: inventory
        value: /etc/ansible/hosts/inventory.yaml,/etc/ansible/hosts/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
    - name: Make host_vars directory
      file:
        path: "/etc/ansible/hosts/host_vars"
        state: directory
    - name: Make group_vars directory
      file:
        path: "/etc/ansible/hosts/group_vars"
        state: directory
    - name: Write hostvars files
      vars:
        bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
        bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
        bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
        iptables_test_public_tcp_ports: [19885]
      template:
        src: "templates/{{ item }}.j2"
        dest: "/etc/ansible/hosts/{{ item }}"
      loop:
        - group_vars/all.yaml
        - group_vars/adns.yaml
        - group_vars/nodepool.yaml
        - group_vars/ns.yaml
        - group_vars/registry.yaml
        - group_vars/gitea.yaml
        - group_vars/gitea-lb.yaml
        - group_vars/letsencrypt.yaml
        - group_vars/registry.yaml
        - group_vars/review.yaml
        - group_vars/review-dev.yaml
        - group_vars/control-plane-clouds.yaml
        - group_vars/afs-client.yaml
        - host_vars/bridge.openstack.org.yaml
        - host_vars/etherpad01.opendev.org.yaml
        - host_vars/letsencrypt01.opendev.org.yaml
        - host_vars/letsencrypt02.opendev.org.yaml
        - host_vars/gitea99.opendev.org.yaml
        - host_vars/mirror01.openafs.provider.opendev.org.yaml
        - host_vars/mirror-update01.opendev.org.yaml
        - host_vars/backup-test01.opendev.org.yaml
        - host_vars/backup-test02.opendev.org.yaml
        - host_vars/nb01-test.opendev.org.yaml
    - name: Display group membership
      command: ansible localhost -m debug -a 'var=groups'

    # In prod, bridge installs a zuul user, but in zuul we already have a zuul user, so we really need 
    # to not modify it.
    - name: Load bridge hostvars
      slurp:
        path: /home/zuul/src/opendev.org/opendev/system-config/playbooks/host_vars/bridge.openstack.org.yaml
      register: bridge_hostvar_content
    - name: Parse bridge_hostvars
      set_fact:
        bridge_hostvars: "{{ bridge_hostvar_content.content | b64decode | from_yaml }}"
    - name: Overwrite extra_users
      vars:
        new_config:
          extra_users: []
      set_fact:
        bridge_hostvars: "{{ bridge_hostvars | combine(new_config) }}"
    - name: Save bridge hostvars
      copy:
        content: "{{ bridge_hostvars | to_nice_yaml }}"
        dest: /home/zuul/src/opendev.org/opendev/system-config/playbooks/host_vars/bridge.openstack.org.yaml
      become: true

    - name: Run base.yaml
      command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
    - name: Run bridge service playbook
      command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml
    - name: Run playbook
      when: run_playbooks is defined
      loop: "{{ run_playbooks }}"
      command: "ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }}"
    - name: Run test playbook
      when: run_test_playbook is defined
      shell: "ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }}"
    - name: Run testinfra to validate configuration
      include_role:
        name: tox
      vars:
        tox_envlist: testinfra
        # This allows us to run from external projects (like testinfra
        # itself)
        zuul_work_dir: src/opendev.org/opendev/system-config