system-config/playbooks/zuul/run-base.yaml
Monty Taylor bbe8086726 Use LE certs for Apache
We're getting LE certs for the hosts now, use them in the apache
config. Also add the redirects.

Change-Id: I67d33b4c542182a2474ac0d2416357541b1c3a47
2020-02-13 10:31:59 -06:00

116 lines
4.6 KiB
YAML

- import_playbook: ../bridge.yaml
vars:
root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}"
ansible_cron_disable_job: true
cloud_launcher_disable_job: true
- hosts: bridge.openstack.org
become: true
tasks:
- name: Write inventory on bridge
include_role:
name: write-inventory
vars:
write_inventory_dest: /etc/ansible/hosts/inventory.yaml
write_inventory_exclude_hostvars:
- ansible_user
- ansible_python_interpreter
- name: Set up /opt/system-config repo
git:
repo: /home/zuul/src/opendev.org/opendev/system-config
dest: /opt/system-config
force: yes
# TODO: the next two tasks are update-system-config.yaml and
# should be removed or refactored out of here to a shared
# location.
- name: Clone puppet modules to /etc/puppet/modules
command: ./install_modules.sh
args:
chdir: /opt/system-config
- name: Install ansible roles to /etc/ansible/roles
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r roles.yaml
args:
chdir: /opt/system-config
- name: Add groups config for test nodes
template:
src: "templates/gate-groups.yaml.j2"
dest: "/etc/ansible/hosts/gate-groups.yaml"
- name: Update ansible.cfg to use job inventory
ini_file:
path: /etc/ansible/ansible.cfg
section: defaults
option: inventory
value: /etc/ansible/hosts/inventory.yaml,/opt/system-config/inventory/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
- name: Update ansible.cfg to use yamlgroup plugin
ini_file:
path: /etc/ansible/ansible.cfg
section: defaults
option: inventory_plugins
value: /opt/system-config/playbooks/roles/install-ansible/files/inventory_plugins
- name: Update ansible.cfg to configure inventory plugins
ini_file:
path: /etc/ansible/ansible.cfg
section: inventory
option: enable_plugins
value: yamlgroup,yaml,advanced_host_list,ini
- name: Make host_vars directory
file:
path: "/etc/ansible/hosts/host_vars"
state: directory
- name: Make group_vars directory
file:
path: "/etc/ansible/hosts/group_vars"
state: directory
- name: Write hostvars files
vars:
bastion_ipv4: "{{ nodepool['public_ipv4'] }}"
bastion_ipv6: "{{ nodepool['public_ipv6'] }}"
bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
iptables_test_public_tcp_ports: [19885]
template:
src: "templates/{{ item }}.j2"
dest: "/etc/ansible/hosts/{{ item }}"
loop:
- group_vars/all.yaml
- group_vars/adns.yaml
- group_vars/nodepool.yaml
- group_vars/ns.yaml
- group_vars/registry.yaml
- group_vars/gitea.yaml
- group_vars/gitea-lb.yaml
- group_vars/letsencrypt.yaml
- group_vars/registry.yaml
- group_vars/review.yaml
- group_vars/review-dev.yaml
- group_vars/control-plane-clouds.yaml
- group_vars/afs-client.yaml
- host_vars/bridge.openstack.org.yaml
- host_vars/letsencrypt01.opendev.org.yaml
- host_vars/letsencrypt02.opendev.org.yaml
- host_vars/gitea99.opendev.org.yaml
- host_vars/mirror01.openafs.provider.opendev.org.yaml
- host_vars/mirror-update01.opendev.org.yaml
- host_vars/backup-test01.opendev.org.yaml
- host_vars/backup-test02.opendev.org.yaml
- name: Display group membership
command: ansible localhost -m debug -a 'var=groups'
- name: Run base.yaml
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/base.yaml
- name: Run bridge service playbook
command: ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/playbooks/service-bridge.yaml
- name: Run playbook
when: run_playbooks is defined
loop: "{{ run_playbooks }}"
command: "ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ item }}"
- name: Run test playbook
when: run_test_playbook is defined
shell: "ANSIBLE_ROLES_PATH=/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/opendev.org/opendev/system-config/{{ run_test_playbook }}"
- name: Run testinfra to validate configuration
include_role:
name: tox
vars:
tox_envlist: testinfra
# This allows us to run from external projects (like testinfra
# itself)
zuul_work_dir: src/opendev.org/opendev/system-config