Merge "bootstrap-bridge: use abstracted hostname"

2022-10-24 03:33:55 +00:00 · 2022-10-24 03:33:55 +00:00 · 45cf47b221
commit 45cf47b221
parent aff9fe43b0 04a129c328
3 changed files with 30 additions and 8 deletions
--- a/playbooks/bootstrap-bridge.yaml
+++ b/playbooks/bootstrap-bridge.yaml
@ -1,4 +1,18 @@
- hosts: bridge.openstack.org:!disabled
+# NOTE: This is included from two paths to setup the bridge/bastion
+# host in different circumstances:
+#
+# 1) Gate tests -- here Zuul is running this on the executor against
+#    ephemeral nodes.  It uses the "bastion" group as defined in the
+#    system-config-run jobs.
+#
+# 2) Production -- here we actually run against the real bastion host.
+#    The host is dynamically added in opendev/base-jobs before this
+#    runs, and put into a group called "bastion".
+#
+# In both cases, the "bastion" group has one entry, which is the
+# bastion host to run against.
+
+- hosts: bastion[0]:!disabled
  name: "Bridge: bootstrap the bastion host"
  become: true
  tasks:
@ -53,6 +67,14 @@
            content: '{{ _root_rsa_key_dict | to_nice_json }}'
            dest: '/home/zuul/root-rsa-key.json'

+        - name: Save abstracted inventory file
+          copy:
+            content: |
+                {{ inventory_hostname }}
+                [bastion]
+                {{ inventory_hostname }}
+            dest: '/home/zuul/bastion-inventory.ini'
+
    - name: Make ansible log directory
      file:
        path: '/var/log/ansible'
@ -68,11 +90,10 @@
      environment:
        ROOT_RSA_KEY: '{{ "-e @/home/zuul/root-rsa-key.json" if root_rsa_key is defined else "" }}'
        # In production "install-ansible" has setup ansible to point
-        # to the system-config inventory which has bridge in it.  In
-        # the gate, bridge is ephemeral and we haven't yet built the
-        # inventory to use for testing (that is done in
-        # zuul/run-base.yaml).  Pass the hostname -- the playbook uses
-        # the local connection.
-        BRIDGE_INVENTORY: '{{ "-ibridge.openstack.org," if root_rsa_key is defined else "" }}'
+        # to the system-config inventory which has the bastion group
+        # in it.  In the gate, bridge is ephemeral and we haven't yet
+        # built the inventory to use for testing (that is done in
+        # zuul/run-base.yaml).  Use this constructed inventory.
+        BRIDGE_INVENTORY: '{{ "-i/home/zuul/bastion-inventory.ini" if root_rsa_key is defined else "" }}'
        ANSIBLE_ROLES_PATH: '/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles'
      no_log: true
--- a/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
+++ b/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
@ -1,4 +1,4 @@
- hosts: bridge.openstack.org
+- hosts: bastion[0]
  connection: local
  tasks:
    - name: Install root keys
--- a/playbooks/zuul/run-production-bootstrap-bridge.yaml
+++ b/playbooks/zuul/run-production-bootstrap-bridge.yaml
@ -3,6 +3,7 @@
    - name: Add bridge.o.o to inventory for playbook
      add_host:
        name: bridge.openstack.org
+        groups: 'bastion'
        ansible_python_interpreter: python3
        ansible_user: zuul
        # Without setting ansible_host directly, mirror-workspace-git-repos