system-config/playbooks/zuul/run-production-playbook.yaml

- hosts: localhost
  tasks:
    - name: Add bridge.o.o to inventory
      add_host:
        name: bridge.openstack.org
        ansible_python_interpreter: python3
        ansible_user: zuul
        # Without setting ansible_host directly, mirror-workspace-git-repos
        # gets sad because if delegate_to localhost and with add_host that
        # ends up with ansible_host being localhost. 
        ansible_host: bridge.openstack.org
        ansible_port: 22

- hosts: localhost
  tasks:
    - name: Add bridge.o.o hostkey to known hosts
      known_hosts:
        name: bridge.openstack.org
        key: "bridge.openstack.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxRzDkWvvVQtsLTAqAwedRWA84/42KKVdFS0QP8lZFsMpgTXUhjipJ7VcFun5gM87tnt0J71rlN+ospBh0/1wfp2jASEskUyGhXAa5xHjnJN7veUyW+AggEosK/OTunvZgf54p1sQg45Sq/uCjc0Ua0fRMOq2o5z/mgpl6rSjLOlWi9wKA/6axnUbs9w4iD5esyBQ+VcISSJOTqhAo/3UG0NwCU+6Ggwwhg0nl5iCMpQfq4A207IbJ72MkJzlQgW3edsRb5POzdZcGxkTYvVdP3kgHP4Bof3MFFZjBUMz6SuRQyNV5poysMtbtlO0SvgAJNhXr6Vn0GA9XhqFP6+HT"

- hosts: bridge.openstack.org
  tasks:
    - name: Make sure a manaul maint isn't going on
      wait_for:
        path: /home/zuul/DISABLE-ANSIBLE
        state: absent
        sleep: 10
        timeout: 3600 # Wait for an hour before bailing

    - name: Synchronize src repos to workspace directory.
      include_role:
        name: prepare-workspace-git

    - name: Should we run from master
      set_fact:
        infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}"

    - name: Update from master
      when: infra_prod_run_from_master|bool
      git:
        repo: https://opendev.org/opendev/system-config
        dest: /home/zuul/src/opendev.org/opendev/system-config
        force: yes

    - name: Run the production playbook and capture logs
      block:

      - name: Log a playbook start header
        become: yes
        shell: 'echo "Running {{ ansible_date_time.iso8601 }}: ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }}" > /var/log/ansible/{{ playbook_name }}.log'

      - name: Run specified playbook on bridge.o.o and redirect output
        become: yes
        shell: 'ansible-playbook -v -f {{ infra_prod_ansible_forks }} /home/zuul/src/opendev.org/opendev/system-config/playbooks/{{ playbook_name }} >> /var/log/ansible/{{ playbook_name }}.log'

      always:

        # Not using normal zuul job roles as bridge.openstack.org is not a
        # test node with all the normal bits in place.
        - name: Collect log output
          synchronize:
            dest: "{{ zuul.executor.log_root }}/{{ playbook_name }}.log"
            mode: pull
            src: "/var/log/ansible/{{ playbook_name }}.log"
            verify_host: true
          when: infra_prod_playbook_collect_log

        - name: Return playbook log artifact to Zuul
          when: infra_prod_playbook_collect_log
          zuul_return:
            data:
              zuul:
                artifacts:
                  - name: "Playbook Log"
                    url: "{{ playbook_name }}.log"
                    metadata:
                      type: text

        # If we aren't publishing logs through zuul then keep a set on
        # bridge directly.
        - name: Rename playbook log on bridge
          when: not infra_prod_playbook_collect_log
          become: yes
          copy:
            remote_src: yes
            src: "/var/log/ansible/{{ playbook_name }}.log"
            dest: "/var/log/ansible/{{ playbook_name }}.log.{{ ansible_date_time.iso8601 }}"

        - name: Cleanup old playbook logs on bridge
          when: not infra_prod_playbook_collect_log
          become: yes
          shell: |
            find /var/log/ansible -name '{{ playbook_name }}.log.*' -type f -mtime 30 -delete