opendev/system-config
Code Issues Proposed changes
e1e6e454a9
system-config/.zuul.yaml
James E. Blair a81503921d Set allowed-projects on system-config image jobs 
Without this, other projects could run this job (or its descendents)
and pass in an images dictionary instructing it to upload something
to one of our repositories.

Change-Id: I2c68d6673217bbc274c1134ee221cd6484abcf16
2019-01-16 16:29:53 -08:00

538 lines
16 KiB
YAML
Raw Blame History

- job:
name: puppet-beaker-rspec-infra-system-config
parent: puppet-beaker-rspec-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-infra-centos-7-system-config
parent: puppet-beaker-rspec-centos-7-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-puppet-4-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
- job:
name: puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
# Image building jobs
- secret:
name: system-config-dockerhub
data:
username: openstackzuul
password: !encrypted/pkcs1-oaep
- iz3aVtc1eXwM/d02gaA8qyvryJtrOOTmPZhfWiRw3VaVpuU/lrpSD/qRKPwBEbhFCpzCh
B3eelTaJMKaMsVFU/cD+EOB6MBpCtHreKug3+B1g1Ag9TQaLGfa2d7swPRrhFEENpQBzm
D9OqBYVCWTyGo/Y1nkC/zb+e1H2IdI1axNJrVaKR6FYN8vhpPsflvyW2PCNsdT2YlKCMz
G0wFMJv6zMH6Jw1c0ruHm5pa9O4EWLwhmdxHMeTRAT4JVJdLehVGQLBXvXxZzMOXB2Jrj
KHIMFFhzlc1bZXcFKAMakvfP0ARLmPySEnIcVHjHXvsXmGLuVB0lSXUtUB1QW8qJcso1m
C0ky4VAFHoNB/EV5VGu7btkZDtJKzsQcPXnaT1LcX1xS+QC0bC4SYR25WN9RK7z1sXvMn
dxMIwJIvXOb+aE5mdl63G8OBTxznPAGioCZNjqoMPQJ7VzITSYnPiW5CyZDUinTSDDver
zHBG/Svpwiu7Lm2vOgExHYdCDeo0a5lacxjcwW2FfP7fal3ZLoTeSTGXvIaffS552mZ9L
I0cLfq/ikkbaC4a+bqFnVdDm9wNAyBtOkq5wn3TqOFMrFaBlkI5/34i2fLauZOoka6bcN
zJnvDrjRemvgmWP1q4uI8cPzJK3zjN9/GYrs1MQxHCsNn33sWpc1oHRO+TL/8g=
- job:
name: system-config-build-image
description: |
Build a docker image.
See the `role documentation
<https://zuul-ci.org/docs/zuul-jobs/roles.html#role-build-docker-image>`_
for details.
abstract: true
allowed-projects: openstack-infra/system-config
pre-run: playbooks/zuul/build-image/pre.yaml
run: playbooks/zuul/build-image/run.yaml
- job:
name: system-config-upload-image
parent: system-config-build-image
description: |
Build and upload a docker image.
See the `role documentation
<https://zuul-ci.org/docs/zuul-jobs/roles.html#role-upload-docker-image>`_
for details.
abstract: true
allowed-projects: openstack-infra/system-config
post-run: playbooks/zuul/build-image/upload.yaml
secrets:
name: credentials
secret: system-config-dockerhub
- job:
name: system-config-promote-image
description: |
Retag a previously-uploaded docker image.
See the `role documentation
<https://zuul-ci.org/docs/zuul-jobs/roles.html#role-promote-docker-image>`_
for details.
abstract: true
allowed-projects: openstack-infra/system-config
run: playbooks/zuul/build-image/promote.yaml
secrets:
name: credentials
secret: system-config-dockerhub
nodeset:
nodes: []
# Jinja-init jobs
- job:
name: system-config-build-image-jinja-init
description: Build a jinja-init image.
parent: system-config-build-image
vars: &jinja-init_vars
images:
- context: docker/jinja-init
target: jinja-init
repository: opendevorg/jinja-init
files: &jinja-init_files
- docker/jinja-init/.*
- job:
name: system-config-upload-image-jinja-init
description: Build and upload a jinja-init image.
parent: system-config-upload-image
vars: *jinja-init_vars
files: *jinja-init_files
- job:
name: system-config-promote-image-jinja-init
description: Promote a previously published jinja-init image to latest.
parent: system-config-promote-image
vars: *jinja-init_vars
files: *jinja-init_files
# Gitea-init jobs
- job:
name: system-config-build-image-gitea-init
description: Build a gitea-init image.
parent: system-config-build-image
vars: &gitea-init_vars
images:
- context: docker/gitea-init
target: gitea-init
repository: opendevorg/gitea-init
files: &gitea-init_files
- docker/gitea-init/.*
- job:
name: system-config-upload-image-gitea-init
description: Build and upload a gitea-init image.
parent: system-config-upload-image
vars: *gitea-init_vars
files: *gitea-init_files
- job:
name: system-config-promote-image-gitea-init
description: Promote a previously published gitea-init image to latest.
parent: system-config-promote-image
vars: *gitea-init_vars
files: *gitea-init_files
# Gitea jobs
- job:
name: system-config-build-image-gitea
description: Build a gitea image.
parent: system-config-build-image
vars: &gitea_vars
images:
- context: docker/gitea
target: gitea
repository: opendevorg/gitea
- context: docker/gitea
target: gitea-openssh
repository: opendevorg/gitea-openssh
files: &gitea_files
- docker/gitea/.*
- job:
name: system-config-upload-image-gitea
description: Build and upload a gitea image.
parent: system-config-upload-image
vars: *gitea_vars
files: *gitea_files
- job:
name: system-config-promote-image-gitea
description: Promote a previously published gitea image to latest.
parent: system-config-promote-image
vars: *gitea_vars
files: *gitea_files
# Gerrit jobs
- job:
name: system-config-build-image-gerrit
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-2.15
vars: &gerrit_vars
images:
- context: docker/gerrit
target: gerrit
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.15
build_args:
- BAZEL_OPTS="--local_resources=4096,2.0,1.0"
files: &gerrit_files
- docker/gerrit/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects
vars: *gerrit_vars
files: *gerrit_files
- job:
name: system-config-promote-image-gerrit
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars
files: *gerrit_files
# Role integration jobs. These test the top-level generic roles/*
# under Zuul. The range of platforms should be the same as those for
# openstack-zuul-jobs.
#
# NOTE(ianw): 2018-08 have left off Fedora & OpenSUSE because
# no roles currently run on them.
- job:
name: system-config-zuul-role-integration
description: |
Test roles provided by system-config with Zuul
abstract: true
parent: base
run: roles-test/base.yaml
files:
- roles/.*
- job:
name: system-config-zuul-role-integration-centos-7
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: centos-7
- name: puppet4
label: centos-7
groups:
- name: puppet3
nodes:
- base
- job:
name: system-config-zuul-role-integration-trusty
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-trusty
- name: puppet4
label: ubuntu-trusty
groups:
- name: puppet3
nodes:
- base
- job:
name: system-config-zuul-role-integration-xenial
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-xenial
- name: puppet4
label: ubuntu-xenial
groups:
- name: puppet3
nodes:
- base
- job:
name: system-config-zuul-role-integration-bionic
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-bionic
groups:
- name: puppet5
nodes:
- base
- job:
name: system-config-zuul-role-integration-debian-stable
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: debian-stretch
- project-template:
name: system-config-zuul-role-integration
check:
jobs:
- system-config-zuul-role-integration-centos-7
- system-config-zuul-role-integration-trusty
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
gate:
jobs:
- system-config-zuul-role-integration-centos-7
- system-config-zuul-role-integration-trusty
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
- job:
name: system-config-run
description: |
Run the "base" playbook for system-config hosts.
This is a parent job designed to be inherited.
abstract: true
pre-run: playbooks/zuul/run-base-pre.yaml
run: playbooks/zuul/run-base.yaml
post-run: playbooks/zuul/run-base-post.yaml
vars:
install_ansible_ara_enable: true
- job:
name: system-config-run-base
parent: system-config-run
description: |
Run the "base" playbook on each of the node types
currently in use.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: trusty
label: ubuntu-trusty
- name: xenial
label: ubuntu-xenial
- name: bionic
label: ubuntu-bionic
- name: centos7
label: centos-7
host-vars:
trusty:
ansible_python_interpreter: python2
centos7:
ansible_python_interpreter: python2
files:
- .zuul.yaml
- playbooks/.*
- roles/.*
- testinfra/.*
- job:
name: system-config-run-base-ansible-devel
parent: system-config-run-base
description: |
Run the base playbook with the latest ansible
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
- name: openstack/openstacksdk
- name: openstack/ara
vars:
bridge_ansible_name: '{{ ansible_user_dir}}/src/github.com/ansible/ansible'
bridge_ansible_version: null
bridge_openstacksdk_name: '{{ ansible_user_dir }}/src/git.openstack.org/openstack/openstacksdk'
bridge_openstacksdk_version: null
bridge_ara_name: '{{ ansible_user_dir}}/src/git.openstack.org/openstack/ara'
bridge_ara_version: null
- job:
name: system-config-run-eavesdrop
parent: system-config-run
description: |
Run the playbook for an eavesdrop server.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: eavesdrop01.openstack.org
label: ubuntu-xenial
files:
- .zuul.yaml
- playbooks/group_vars/eavesdrop.yaml
- testinfra/test_eavesdrop.py
- job:
name: system-config-run-nodepool
parent: system-config-run
description: |
Run the playbook for nodepool.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: nl01.openstack.org
label: ubuntu-xenial
- name: nb01.openstack.org
label: ubuntu-xenial
files:
- .zuul.yaml
- playbooks/group_vars/nodepool.yaml
- playbooks/group_vars/nodepool-builder.yaml
- playbooks/group_vars/nodepool-launcher.yaml
- playbooks/roles/configure-openstacksdk/
- playbooks/templates/clouds/
- testinfra/test_nodepool.py
- job:
name: system-config-run-docker
parent: system-config-run
description: |
Test docker installation and setup
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: bionic-docker
label: ubuntu-bionic
files:
- .zuul.yaml
- playbooks/roles/install-docker
- testinfra/test_docker.py
- job:
name: system-config-run-dns
parent: system-config-run
description: |
Run the playbook for dns.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: adns1.opendev.org
label: ubuntu-bionic
- name: ns1.opendev.org
label: ubuntu-bionic
files:
- .zuul.yaml
- playbooks/group_vars/adns.yaml
- playbooks/group_vars/dns.yaml
- ^playbooks/host_vars/(ad)?ns\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/adns.yaml.j2
- playbooks/zuul/templates/group_vars/ns.yaml.j2
- playbooks/roles/master-nameserver/
- playbooks/roles/nameserver/
- testinfra/test_adns.py
- testinfra/test_ns.py
- job:
name: infra-prod-playbook
description: |
Run specified playbook against productions hosts.
This is a parent job designed to be inherited to enabled
CD deployment of our infrastructure. Set playbook_name to
specify the playbook relative to
bridge.openstack.org:/opt/system-config/playbooks
abstract: true
run: playbooks/zuul/run-production-playbook.yaml
vars:
ansible_forks: 5
nodeset:
nodes: []
- job:
name: infra-prod-zuul_reconfigure
parent: infra-prod-playbook
description: |
Perform a full Zuul reconfiguration.
This reloads the tenant config file and clears all configuration
caches.
vars:
playbook_name: zuul_reconfigure.yaml
- project:
templates:
- system-config-zuul-role-integration
- infra-puppet-apply-jobs
- infra-logstash-filter-jobs
- publish-tox-docs-infra
check:
jobs:
- tox-linters
- legacy-system-config-puppet-syntax-3
- puppet-beaker-rspec-infra-system-config
- puppet-beaker-rspec-infra-centos-7-system-config
- puppet-beaker-rspec-puppet-4-infra-system-config
- puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
- system-config-run-base
- system-config-run-base-ansible-devel:
voting: false
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-nodepool
- system-config-run-docker
- system-config-build-image-jinja-init
- system-config-build-image-gitea-init
- system-config-build-image-gitea
- system-config-build-image-gerrit
gate:
jobs:
- tox-linters
- legacy-system-config-puppet-syntax-3
- puppet-beaker-rspec-infra-system-config
- puppet-beaker-rspec-infra-centos-7-system-config
- puppet-beaker-rspec-puppet-4-infra-system-config
- puppet-beaker-rspec-puppet-4-centos-7-infra-system-config
- system-config-run-base
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-nodepool
- system-config-run-docker
- system-config-upload-image-jinja-init
- system-config-upload-image-gitea-init
- system-config-upload-image-gitea
- system-config-upload-image-gerrit
promote:
jobs:
- system-config-promote-image-jinja-init
- system-config-promote-image-gitea-init
- system-config-promote-image-gitea
- system-config-promote-image-gerrit
View Git Blame Copy Permalink