system-config/.zuul.yaml
Clark Boylan f7a305afbf Manage opendev.org with LE on all giteas
This catches up gitea02-07 with 01 managing ssl certs with LE.

Change-Id: I06228edca2204c5c57ebc5cb60b9d1308a393058
2019-11-18 12:47:08 -08:00

1183 lines
38 KiB
YAML

- job:
name: puppet-beaker-rspec-puppet-4-infra-system-config
parent: puppet-beaker-rspec-puppet-4-infra
vars:
project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project"
# Image building jobs
- secret:
name: system-config-dockerhub
data:
username: opendevzuul
password: !encrypted/pkcs1-oaep
- FF2mwsdYo4b9QI/kEmeFdZS32I+OJUac2xy4JEQJaIevRK9E3rQ/11cBn7xX6zelA/htY
hENMM1gGTYO8BKgTVNijFfCiVCTYFJ9efsOrSeMdj2aLcq/OkZFeq8gMHAZDv+3qaiggq
hbDmldgSouNahhJByWMsDjYqnItfR8w1dYisNQBkDEJdNW5+Cin5WgHRYv2skui9pjumU
vWHjwLbITLEjb0hwVErggAzvED4x0UjNEMfb6KCpoXeKdlCaI8h1DXVD9RdQ4s1WvUCro
xwl4AIUyCmdtXbqW787PQ4j8BgdOi8RD40ZTSxpoV/bwT+/NrP3Jj2KVYdEKQJimzXnwL
goDclapu9aFrAaqwWSnWCRc7GQptSZ7DBXmA7MsNinBclWHX/chX5k9Q1+XifAhmKJZqP
ovkzEGtmUjTQZFjvuCtFxIWZEGVtGHDmgEkzevgVCeuHDTeIDlkAvA3+TT+/A70zyYdbP
EHOTSSjCU6RSlJxAXjNb5pzKjpeT7PyX2f4/8Zn3JnwTlfPJ0C7qdEYjQ54hbsKynjrpQ
7f6NN9pAeQS1pid5J7oH4f7YaKM78pnhoTxRl3LmeitIlAG+zCpiT4J+se2eG27ep4aUA
bYuO0L+KBosY6DcvEbR9TqkYLPgJuEPi/6SQr9bBOldEspXXAv9msyCB4VMhVU=
- job:
name: system-config-build-image
parent: opendev-build-docker-image
dependencies: opendev-buildset-registry
abstract: true
vars:
docker_mirror_base_url: "http://{{ zuul_site_mirror_fqdn }}/deb-docker"
- job:
name: system-config-upload-image
parent: opendev-upload-docker-image
dependencies: opendev-buildset-registry
abstract: true
secrets:
name: docker_credentials
secret: system-config-dockerhub
pass-to-parent: true
- job:
name: system-config-promote-image
parent: opendev-promote-docker-image
abstract: true
secrets:
name: docker_credentials
secret: system-config-dockerhub
pass-to-parent: true
# Jinja-init jobs
- job:
name: system-config-build-image-jinja-init
description: Build a jinja-init image.
parent: system-config-build-image
vars: &jinja-init_vars
docker_images:
- context: docker/jinja-init
target: jinja-init
repository: opendevorg/jinja-init
files: &jinja-init_files
- docker/jinja-init/.*
- job:
name: system-config-upload-image-jinja-init
description: Build and upload a jinja-init image.
parent: system-config-upload-image
vars: *jinja-init_vars
files: *jinja-init_files
- job:
name: system-config-promote-image-jinja-init
description: Promote a previously published jinja-init image to latest.
parent: system-config-promote-image
vars: *jinja-init_vars
files: *jinja-init_files
# Gitea-init jobs
- job:
name: system-config-build-image-gitea-init
description: Build a gitea-init image.
parent: system-config-build-image
vars: &gitea-init_vars
docker_images:
- context: docker/gitea-init
target: gitea-init
repository: opendevorg/gitea-init
files: &gitea-init_files
- docker/gitea-init/.*
- job:
name: system-config-upload-image-gitea-init
description: Build and upload a gitea-init image.
parent: system-config-upload-image
vars: *gitea-init_vars
files: *gitea-init_files
- job:
name: system-config-promote-image-gitea-init
description: Promote a previously published gitea-init image to latest.
parent: system-config-promote-image
vars: *gitea-init_vars
files: *gitea-init_files
# Gitea jobs
- job:
name: system-config-build-image-gitea
description: Build a gitea image.
parent: system-config-build-image
vars: &gitea_vars
docker_images:
- context: docker/gitea
target: gitea
repository: opendevorg/gitea
- context: docker/gitea
target: gitea-openssh
repository: opendevorg/gitea-openssh
# Duplicate in the run-gitea job
files: &gitea_files
- docker/gitea/.*
- job:
name: system-config-upload-image-gitea
description: Build and upload a gitea image.
parent: system-config-upload-image
vars: *gitea_vars
files: *gitea_files
- job:
name: system-config-promote-image-gitea
description: Promote a previously published gitea image to latest.
parent: system-config-promote-image
vars: *gitea_vars
files: *gitea_files
# Haproxy-statsd jobs
- job:
name: system-config-build-image-haproxy-statsd
description: Build a haproxy-statsd image.
parent: system-config-build-image
vars: &haproxy-statsd_vars
docker_images:
- context: docker/haproxy-statsd
repository: opendevorg/haproxy-statsd
# Duplicate in the run-gitea job
files: &haproxy-statsd_files
- docker/haproxy-statsd/.*
- job:
name: system-config-upload-image-haproxy-statsd
description: Build and upload a haproxy-statsd image.
parent: system-config-upload-image
vars: *haproxy-statsd_vars
files: *haproxy-statsd_files
- job:
name: system-config-promote-image-haproxy-statsd
description: Promote a previously published haproxy-statsd image to latest.
parent: system-config-promote-image
vars: *haproxy-statsd_vars
files: *haproxy-statsd_files
# Gerrit 2.13 jobs
- job:
name: system-config-build-image-gerrit-2.13
description: Build a gerrit 2.13 image.
parent: system-config-build-image
vars: &gerrit_vars_2_13
docker_images:
# The 2.13 image doesn't build from source, but from existing war file
- context: docker/gerrit/2.13
repository: opendevorg/gerrit
path: /home/zuul/src/opendev.org/opendev/system-config
tags:
- 2.13
files: &gerrit_files_2_13
- docker/gerrit/2.13/.*
- job:
name: system-config-upload-image-gerrit-2.13
description: Build and upload a gerrit 2.13 image.
parent: system-config-upload-image
vars: *gerrit_vars_2_13
files: *gerrit_files_2_13
- job:
name: system-config-promote-image-gerrit-2.13
description: Promote a previously published gerrit 2.13 image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_13
files: *gerrit_files_2_13
# Gerrit 2.15 jobs
- job:
name: system-config-build-image-gerrit-2.15
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_2_15
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-2.15
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-2.15
vars: &gerrit_vars_2_15
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.15
files: &gerrit_files_2_15
- docker/bazel/.*
- docker/gerrit/base/.*
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-2.15
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_2_15
vars: *gerrit_vars_2_15
files: *gerrit_files_2_15
- job:
name: system-config-promote-image-gerrit-2.15
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_15
files: *gerrit_files_2_15
# Gerrit 2.16 jobs
- job:
name: system-config-build-image-gerrit-2.16
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_2_16
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/codemirror-editor
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-2.16
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-2.16
vars: &gerrit_vars_2_16
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 2.16
gerrit_additional_plugins:
- codemirror-editor
files: &gerrit_files_2_16
- docker/bazel/.*
- docker/gerrit/base/.*
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-2.16
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_2_16
vars: *gerrit_vars_2_16
files: *gerrit_files_2_16
- job:
name: system-config-promote-image-gerrit-2.16
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_2_16
files: *gerrit_files_2_16
# Gerrit 3.0 jobs
- job:
name: system-config-build-image-gerrit-3.0
description: Build a gerrit image.
parent: system-config-build-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: &gerrit_projects_3_0
- name: gerrit.googlesource.com/gerrit
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/codemirror-editor
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/commit-message-length-validator
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/delete-project
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/download-commands
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/gitiles
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/hooks
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/its-base
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/its-storyboard
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/javamelody
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/plugin-manager
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/replication
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/reviewnotes
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/singleusergroup
override-checkout: stable-3.0
- name: gerrit.googlesource.com/plugins/webhooks
override-checkout: stable-3.0
vars: &gerrit_vars_3_0
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- 3.0
gerrit_additional_plugins:
- codemirror-editor
- delete-project
- gitiles
- plugin-manager
- webhooks
files: &gerrit_files_3_0
- docker/bazel/.*
- docker/gerrit/base/.*
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-3.0
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run: playbooks/zuul/gerrit/repos.yaml
required-projects: *gerrit_projects_3_0
vars: *gerrit_vars_3_0
files: *gerrit_files_3_0
- job:
name: system-config-promote-image-gerrit-3.0
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_3_0
files: *gerrit_files_3_0
# Gerrit master jobs
- job:
name: system-config-build-image-gerrit-master-base
description: |
Build a gerrit image.
This job has no files matchers so it can be used in other repos.
parent: system-config-build-image
pre-run:
- playbooks/zuul/gerrit/repos.yaml
- playbooks/zuul/gerrit/jgit.yaml
required-projects: &gerrit_projects_master
- opendev/system-config
- gerrit.googlesource.com/jgit
- gerrit.googlesource.com/gerrit
- gerrit.googlesource.com/plugins/checks
- gerrit.googlesource.com/plugins/codemirror-editor
- gerrit.googlesource.com/plugins/commit-message-length-validator
- gerrit.googlesource.com/plugins/delete-project
- gerrit.googlesource.com/plugins/download-commands
- gerrit.googlesource.com/plugins/gitiles
- gerrit.googlesource.com/plugins/hooks
- gerrit.googlesource.com/plugins/its-base
- gerrit.googlesource.com/plugins/its-storyboard
- gerrit.googlesource.com/plugins/javamelody
- gerrit.googlesource.com/plugins/plugin-manager
- gerrit.googlesource.com/plugins/replication
- gerrit.googlesource.com/plugins/reviewnotes
- gerrit.googlesource.com/plugins/singleusergroup
- gerrit.googlesource.com/plugins/webhooks
vars: &gerrit_vars_master
zuul_work_dir: src/opendev.org/opendev/system-config
docker_images:
- context: docker/gerrit/bazel
repository: opendevorg/gerrit
path: /home/zuul/src/gerrit.googlesource.com/gerrit
tags:
- master
gerrit_additional_plugins:
- checks
- codemirror-editor
- delete-project
- gitiles
- plugin-manager
- webhooks
- job:
name: system-config-build-image-gerrit-master
description: |
Build a gerrit image.
This job is used in system-config.
parent: system-config-build-image-gerrit-master-base
files: &gerrit_files_master
- docker/bazel/.*
- docker/gerrit/base/.*
- docker/gerrit/bazel/.*
- playbooks/zuul/gerrit/.*
- job:
name: system-config-upload-image-gerrit-master
description: Build and upload a gerrit image.
parent: system-config-upload-image
pre-run:
- playbooks/zuul/gerrit/repos.yaml
- playbooks/zuul/gerrit/jgit.yaml
required-projects: *gerrit_projects_master
vars: *gerrit_vars_master
files: *gerrit_files_master
- job:
name: system-config-promote-image-gerrit-master
description: Promote a previously published gerrit image to latest.
parent: system-config-promote-image
vars: *gerrit_vars_master
files: *gerrit_files_master
# python-builder jobs
- job:
name: system-config-build-image-python-builder
description: Build a python-builder image.
parent: system-config-build-image
vars: &python-builder_vars
docker_images:
- context: docker/python-builder
repository: opendevorg/python-builder
files: &python-builder_files
- docker/python-base/.*
- docker/python-builder/.*
- job:
name: system-config-upload-image-python-builder
description: Build and upload a python-builder image.
parent: system-config-upload-image
vars: *python-builder_vars
files: *python-builder_files
- job:
name: system-config-promote-image-python-builder
description: Promote a previously published python-builder image to latest.
parent: system-config-promote-image
vars: *python-builder_vars
files: *python-builder_files
# python-base jobs
- job:
name: system-config-build-image-python-base
description: Build a python-base image.
parent: system-config-build-image
vars: &python-base_vars
docker_images:
- context: docker/python-base
repository: opendevorg/python-base
files: &python-base_files
- docker/python-base/.*
- docker/python-builder/.*
- job:
name: system-config-upload-image-python-base
description: Build and upload a python-base image.
parent: system-config-upload-image
vars: *python-base_vars
files: *python-base_files
- job:
name: system-config-promote-image-python-base
description: Promote a previously published python-base image to latest.
parent: system-config-promote-image
vars: *python-base_vars
files: *python-base_files
# bazel jobs
- job:
name: system-config-build-image-bazel
description: Build a bazel image.
parent: system-config-build-image
vars: &bazel_vars
docker_images:
- context: docker/bazel
repository: opendevorg/bazel
files: &bazel_files
- docker/bazel/.*
- job:
name: system-config-upload-image-bazel
description: Build and upload a bazel image.
parent: system-config-upload-image
vars: *bazel_vars
files: *bazel_files
- job:
name: system-config-promote-image-bazel
description: Promote a previously published bazel image to latest.
parent: system-config-promote-image
vars: *bazel_vars
files: *bazel_files
# gerrit-base jobs
- job:
name: system-config-build-image-gerrit-base
description: Build a gerrit-base image.
parent: system-config-build-image
required-projects: &gerrit_base_projects
- opendev/jeepyb
vars: &gerrit-base_vars
docker_images:
- context: docker/gerrit/base
repository: opendevorg/gerrit-base
path: /home/zuul/src/opendev.org/opendev/jeepyb
files: &gerrit-base_files
- docker/gerrit/base/.*
- job:
name: system-config-upload-image-gerrit-base
description: Build and upload a gerrit-base image.
parent: system-config-upload-image
required-projects: *gerrit_base_projects
vars: *gerrit-base_vars
files: *gerrit-base_files
- job:
name: system-config-promote-image-gerrit-base
description: Promote a previously published gerrit-base image to latest.
parent: system-config-promote-image
required-projects: *gerrit_base_projects
vars: *gerrit-base_vars
files: *gerrit-base_files
# Role integration jobs. These test the top-level generic roles/*
# under Zuul. The range of platforms should be the same as those for
# openstack-zuul-jobs.
#
# NOTE(ianw): 2018-08 have left off Fedora & OpenSUSE because
# no roles currently run on them.
- job:
name: system-config-zuul-role-integration
description: |
Test roles provided by system-config with Zuul
abstract: true
parent: base
run: roles-test/base.yaml
files:
- roles/.*
- job:
name: system-config-zuul-role-integration-xenial
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-xenial
- name: puppet4
label: ubuntu-xenial
groups:
- name: puppet3
nodes:
- base
- name: openafs
nodes:
- base
- job:
name: system-config-zuul-role-integration-bionic
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: ubuntu-bionic
groups:
- name: puppet5
nodes:
- base
- name: openafs
nodes:
- base
- job:
name: system-config-zuul-role-integration-debian-stable
parent: system-config-zuul-role-integration
nodeset:
nodes:
- name: base
label: debian-stretch
groups:
- name: openafs
nodes:
- base
- project-template:
name: system-config-zuul-role-integration
check:
jobs:
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
gate:
jobs:
- system-config-zuul-role-integration-xenial
- system-config-zuul-role-integration-bionic
- system-config-zuul-role-integration-debian-stable
- job:
name: system-config-run
description: |
Run the "base" playbook for system-config hosts.
This is a parent job designed to be inherited.
abstract: true
pre-run: playbooks/zuul/run-base-pre.yaml
run: playbooks/zuul/run-base.yaml
post-run: playbooks/zuul/run-base-post.yaml
vars:
install_ansible_ara_enable: true
zuul_copy_output: "{{ copy_output | combine(host_copy_output | default({})) }}"
stage_dir: "{{ ansible_user_dir }}/zuul-output"
copy_output:
'/var/log/syslog': logs_txt
'/var/log/messages': logs_txt
'/var/log/docker': logs
host-vars:
bridge.openstack.org:
host_copy_output:
'{{ zuul.project.src_dir }}/junit.xml': logs
- job:
name: system-config-run-base
parent: system-config-run
description: |
Run the "base" playbook on each of the node types
currently in use.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: trusty
label: ubuntu-trusty
- name: xenial
label: ubuntu-xenial
- name: bionic
label: ubuntu-bionic
files:
- playbooks/.*
- roles/.*
- testinfra/.*
- job:
name: system-config-run-base-ansible-devel
parent: system-config-run-base
description: |
Run the base playbook with the latest ansible
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
- name: github.com/philpep/testinfra
- name: openstack/openstacksdk
- name: recordsansible/ara
# NOTE(ianw): 2019-06-11 pinned to stable branch until we handle 1.0
# http://lists.openstack.org/pipermail/openstack-infra/2019-June/006400.html
override-checkout: stable/0.x
vars:
bridge_ansible_name: '{{ ansible_user_dir}}/src/github.com/ansible/ansible'
bridge_ansible_version: null
bridge_openstacksdk_name: '{{ ansible_user_dir }}/src/opendev.org/openstack/openstacksdk'
bridge_openstacksdk_version: null
bridge_ara_name: '{{ ansible_user_dir}}/src/opendev.org/recordsansible/ara'
bridge_ara_version: null
- job:
name: system-config-run-eavesdrop
parent: system-config-run
description: |
Run the playbook for an eavesdrop server.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: eavesdrop01.openstack.org
label: ubuntu-xenial
files:
- playbooks/bridge.yaml
- playbooks/group_vars/eavesdrop.yaml
- testinfra/test_eavesdrop.py
vars:
run_playbooks:
- playbooks/remote_puppet_else.yaml
- job:
name: system-config-run-letsencrypt
parent: system-config-run
description: |
Run the playbook for letsencrypt key acquisition
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: adns-letsencrypt.opendev.org
label: ubuntu-bionic
- name: letsencrypt01.opendev.org
label: ubuntu-bionic
- name: letsencrypt02.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
- playbooks/service-letsencrypt.yaml
host-vars:
letsencrypt01.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
letsencrypt02.opendev.org:
host_copy_output:
'/var/log/acme.sh': logs
files:
- playbooks/bridge.yaml
- playbooks/group_vars/letsencrypt.yaml
- playbooks/roles/letsencrypt.*
- job:
name: system-config-run-lists
parent: system-config-run
description: |
Run the playbook for a list server.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: lists.openstack.org
label: ubuntu-xenial
files:
- playbooks/bridge.yaml
- modules/openstack_project/manifests/lists.pp
- playbooks/host_vars/lists.openstack.org.yaml
- roles/exim
vars:
run_playbooks:
- playbooks/remote_puppet_else.yaml
- job:
name: system-config-run-nodepool
parent: system-config-run
description: |
Run the playbook for nodepool.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: nl01.openstack.org
label: ubuntu-xenial
- name: nb01.openstack.org
label: ubuntu-xenial
vars:
run_playbooks:
- playbooks/service-nodepool.yaml
- playbooks/remote_puppet_else.yaml
files:
- playbooks/bridge.yaml
- playbooks/group_vars/nodepool.yaml
- playbooks/group_vars/nodepool-builder.yaml
- playbooks/group_vars/nodepool-launcher.yaml
- playbooks/roles/configure-openstacksdk/
- playbooks/templates/clouds/
- testinfra/test_nodepool.py
- job:
name: system-config-run-dns
parent: system-config-run
description: |
Run the playbook for dns.
required-projects:
- opendev/zone-opendev.org
- opendev/zone-zuul-ci.org
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: adns1.opendev.org
label: ubuntu-bionic
- name: ns1.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
host-vars:
adns1.opendev.org:
host_copy_output:
'/etc/bind/named.conf': logs
'/var/lib/bind/zones': logs
files:
- playbooks/bridge.yaml
- playbooks/group_vars/adns.yaml
- playbooks/group_vars/dns.yaml
- ^playbooks/host_vars/(ad)?ns\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/adns.yaml.j2
- playbooks/zuul/templates/group_vars/ns.yaml.j2
- playbooks/roles/master-nameserver/
- playbooks/roles/nameserver/
- testinfra/test_adns.py
- testinfra/test_ns.py
- job:
name: system-config-run-backup
parent: system-config-run
description: |
Run the playbook for backup configuration
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: backup01.region.provider.opendev.org
label: ubuntu-bionic
- name: backup-test01.opendev.org
label: ubuntu-bionic
- name: backup-test02.opendev.org
label: ubuntu-xenial
vars:
run_playbooks:
- playbooks/service-backup.yaml
files:
- playbooks/bridge.yaml
- playbooks/roles/backup.*
- playbooks/zuul/templates/host_vars/backup.*
- testinfra/test_backups.py
- job:
name: system-config-run-mirror
parent: system-config-run
description: |
Run the playbook for a mirror node
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: mirror01.openafs.provider.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-letsencrypt.yaml
- playbooks/service-mirror.yaml
files:
- playbooks/bridge.yaml
- roles/
- playbooks/group_vars/mirror_opendev.yaml
- playbooks/roles/mirror/
- playbooks/roles/letsencrypt.*
- playbooks/service-letsencrypt.yaml
- playbooks/service-mirror.yaml
- playbooks/zuul/templates/group_vars/mirror_opendev.yaml.j2
- testinfra/test_mirror.py
host-vars:
mirror.region.provider.opendev.org:
host_copy_output:
'/var/log/apache2/': logs
- job:
name: system-config-run-mirror-update
parent: system-config-run
description: |
Run the playbook for a mirror update node
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: mirror-update01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-mirror-update.yaml
files:
- playbooks/bridge.yaml
- roles/
- playbooks/roles/mirror-update/
- playbooks/service-mirror-update.yaml
- testinfra/test_mirror-update.py
- job:
name: system-config-run-docker-registry
parent: system-config-run
description: |
Run the playbook for the docker registry.
dependencies: opendev-buildset-registry
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: insecure-ci-registry01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-registry.yaml
host-vars:
insecure-ci-registry01.opendev.org:
host_copy_output:
'/var/registry/auth': logs
'/var/registry/certs': logs
files:
- playbooks/bridge.yaml
- playbooks/group_vars/registry.yaml
- ^playbooks/host_vars/insecure-ci-registry\d+.opendev.org.yaml
- playbooks/zuul/templates/group_vars/registry.yaml.j2
- playbooks/roles/registry/
- testinfra/test_registry.py
- job:
name: system-config-run-gitea
parent: system-config-run
description: |
Run the playbook for the gitea servers.
dependencies: opendev-buildset-registry
timeout: 3600
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: gitea-lb01.opendev.org
label: ubuntu-bionic
- name: gitea99.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-letsencrypt.yaml
- playbooks/service-gitea-lb.yaml
- playbooks/remote_puppet_git.yaml
run_test_playbook: playbooks/test-gitea.yaml
host-vars:
gitea99.opendev.org:
host_copy_output:
'/var/gitea/conf': logs
'/var/gitea/certs': logs
'/var/gitea/logs': logs
gitea-lb01.opendev.org:
host_copy_output:
'/var/haproxy/etc': logs
files:
- playbooks/bridge.yaml
- playbooks/group_vars/gitea.yaml
- playbooks/group_vars/gitea-lb.yaml
- playbooks/host_vars/gitea.*
- playbooks/zuul/templates/group_vars/gitea.yaml.j2
- playbooks/zuul/templates/group_vars/gitea-lb.yaml.j2
- playbooks/roles/gitea/
- playbooks/roles/gitea-git-repos/
- playbooks/roles/haproxy/
- playbooks/roles/letsencrypt-create-certs/handlers/restart_gitea.yaml
- testinfra/test_gitea.py
- testinfra/test_gitea_lb.py
# From gitea_files -- If we rebuild the image, we want to run
# this job as well.
- docker/gitea/.*
# From haproxy-statsd_files -- If we rebuild the image, we want
# to run this job as well.
- docker/haproxy-statsd/.*
- job:
name: system-config-run-zuul-preview
parent: system-config-run
description: |
Run the playbook for the docker registry.
dependencies: opendev-buildset-registry
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: zp01.opendev.org
label: ubuntu-bionic
vars:
run_playbooks:
- playbooks/service-zuul.yaml
files:
- playbooks/bridge.yaml
- playbooks/roles/zuul-preview/
- testinfra/test_zuul_preview.py
- job:
name: infra-prod-playbook
description: |
Run specified playbook against productions hosts.
This is a parent job designed to be inherited to enabled
CD deployment of our infrastructure. Set playbook_name to
specify the playbook relative to
bridge.openstack.org:/opt/system-config/playbooks
abstract: true
run: playbooks/zuul/run-production-playbook.yaml
vars:
ansible_forks: 5
nodeset:
nodes: []
- job:
name: infra-prod-zuul_reconfigure
parent: infra-prod-playbook
description: |
Perform a full Zuul reconfiguration.
This reloads the tenant config file and clears all configuration
caches.
vars:
playbook_name: zuul_reconfigure.yaml
- project:
templates:
- system-config-zuul-role-integration
- infra-puppet-apply-jobs
- infra-logstash-filter-jobs
- publish-tox-docs-infra
check:
jobs:
- opendev-buildset-registry:
vars:
docker_mirror_base_url: "http://{{ zuul_site_mirror_fqdn }}/deb-docker"
- tox-linters
- puppet-beaker-rspec-puppet-4-infra-system-config
- system-config-run-base
- system-config-run-base-ansible-devel:
voting: false
- system-config-run-backup
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-lists
- system-config-run-nodepool
- system-config-run-mirror
- system-config-run-mirror-update
- system-config-run-docker-registry
- system-config-run-gitea:
dependencies:
- name: system-config-build-image-gitea
soft: true
- name: system-config-build-image-haproxy-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-build-image-bazel
- system-config-build-image-jinja-init
- system-config-build-image-gitea-init
- system-config-build-image-gitea
- system-config-build-image-gerrit-base:
dependencies:
- name: system-config-build-image-python-builder
soft: true
- system-config-build-image-gerrit-2.13
- system-config-build-image-gerrit-2.15:
dependencies:
- name: system-config-build-image-bazel
soft: true
- name: system-config-build-image-gerrit-base
soft: true
- system-config-build-image-gerrit-2.16:
dependencies:
- name: system-config-build-image-bazel
soft: true
- name: system-config-build-image-gerrit-base
soft: true
- system-config-build-image-gerrit-3.0:
dependencies:
- name: system-config-build-image-bazel
soft: true
- name: system-config-build-image-gerrit-base
soft: true
- system-config-build-image-gerrit-master:
dependencies:
- name: system-config-build-image-bazel
soft: true
- name: system-config-build-image-gerrit-base
soft: true
- system-config-build-image-haproxy-statsd
- system-config-build-image-python-base
- system-config-build-image-python-builder
gate:
jobs:
- opendev-buildset-registry:
vars:
docker_mirror_base_url: "http://{{ zuul_site_mirror_fqdn }}/deb-docker"
- tox-linters
- puppet-beaker-rspec-puppet-4-infra-system-config
- system-config-run-base
- system-config-run-dns
- system-config-run-eavesdrop
- system-config-run-lists
- system-config-run-nodepool
- system-config-run-mirror
- system-config-run-mirror-update
- system-config-run-docker-registry
- system-config-run-gitea:
dependencies:
- name: system-config-upload-image-gitea
soft: true
- name: system-config-upload-image-haproxy-statsd
soft: true
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-upload-image-bazel
- system-config-upload-image-jinja-init
- system-config-upload-image-gitea-init
- system-config-upload-image-gitea
- system-config-upload-image-gerrit-base:
dependencies:
- name: system-config-upload-image-python-builder
soft: true
- system-config-upload-image-gerrit-2.13
- system-config-upload-image-gerrit-2.15:
dependencies:
- name: system-config-upload-image-bazel
soft: true
- name: system-config-upload-image-gerrit-base
soft: true
- system-config-upload-image-gerrit-2.16:
dependencies:
- name: system-config-upload-image-bazel
soft: true
- name: system-config-upload-image-gerrit-base
soft: true
- system-config-upload-image-gerrit-3.0:
dependencies:
- name: system-config-upload-image-bazel
soft: true
- name: system-config-upload-image-gerrit-base
soft: true
- system-config-upload-image-gerrit-master:
dependencies:
- name: system-config-upload-image-bazel
soft: true
- name: system-config-upload-image-gerrit-base
soft: true
- system-config-upload-image-haproxy-statsd
- system-config-upload-image-python-base
- system-config-upload-image-python-builder
promote:
jobs:
- system-config-promote-image-bazel
- system-config-promote-image-jinja-init
- system-config-promote-image-gitea-init
- system-config-promote-image-gitea
- system-config-promote-image-gerrit-base
- system-config-promote-image-gerrit-2.13
- system-config-promote-image-gerrit-2.15
- system-config-promote-image-gerrit-2.16
- system-config-promote-image-gerrit-3.0
- system-config-promote-image-gerrit-master
- system-config-promote-image-haproxy-statsd
- system-config-promote-image-python-base
- system-config-promote-image-python-builder