opendev/system-config
Code Issues Proposed changes

Merge "Abstract name of bastion host for testing path"

Browse Source
This commit is contained in:
ianw.admin 2022-10-24 02:07:55 +00:00 committed by Gerrit Code Review
commit aff9fe43b0
11 changed files with 94 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
inventory/service/host_vars/bridge.openstack.org.yaml → inventory/service/group_vars/bastion.yaml
View File

8
inventory/service/groups.yaml
View File

@ -15,6 +15,10 @@ groups:
- afsdb*.open*.org
- afs[0-9]*.open*.org
- static[0-9]*.opendev.org
# bastion group should should only have one entry because we assume
# groups['bastion'][0] is the bastion host name in several places.
bastion:
- bridge.openstack.org
borg-backup:
- etherpad[0-9]*.opendev.org
- gitea01.opendev.org
@ -41,11 +45,11 @@ groups:
certcheck:
- cacti[0-9]*.open*.org
cloud-launcher:
- bridge.openstack.org
- bridge*.open*.org
codesearch:
- codesearch[0-9]*.opendev.org
control-plane-clouds:
- bridge.openstack.org
- bridge*.open*.org
disabled: []
dns:
- adns*.opendev.org

4
playbooks/roles/sync-project-config/tasks/main.yaml
View File

@ -3,9 +3,9 @@
path: '{{ project_config_dest }}'
state: directory
- name: Update from master
- name: Update from master on bastion host
when: infra_prod_run_from_master|bool
delegate_to: bridge.openstack.org
delegate_to: '{{ groups["bastion"][0] }}'
git:
repo: https://opendev.org/openstack/project-config
dest: '{{ project_config_src }}'

2
playbooks/service-bridge.yaml
View File

@ -1,4 +1,4 @@
- hosts: bridge.openstack.org:!disabled
- hosts: bastion:!disabled
name: "Bridge: configure the bastion host"
roles:
- iptables

2
playbooks/test-update-zuul-description.yaml
View File

@ -1,4 +1,4 @@
- hosts: "bridge.openstack.org:!disabled"
- hosts: bastion:!disabled
tasks:
- name: Modify Zuuls description
lineinfile:

4
playbooks/zuul/run-base-post.yaml
View File

@ -28,7 +28,7 @@
- include_role:
name: stage-output
- hosts: bridge.openstack.org
- hosts: bastion
tasks:
- name: Set log directory
set_fact:
@ -69,7 +69,7 @@
zuul:
artifacts:
- name: ARA report
url: "bridge.openstack.org/ara-report/"
url: '{{ groups["bastion"][0] }}/ara-report/'
- name: Collect ansible configuration
synchronize:

16
playbooks/zuul/run-base.yaml
View File

@ -5,7 +5,7 @@
cloud_launcher_disable_job: true
# setup opendev CA
- hosts: bridge.openstack.org
- hosts: bastion[0]
become: true
tasks:
- name: Make temporary dir for CA generation
@ -57,9 +57,9 @@
creates: '{{ item.file }}'
loop:
- file: '/etc/opendev-ca/ca.key'
content: '{{ hostvars["bridge.openstack.org"]["_opendev_ca_key"]["content"] }}'
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_key"]["content"] }}'
- file: '/etc/opendev-ca/ca.crt'
content: '{{ hostvars["bridge.openstack.org"]["_opendev_ca_certificate"]["content"] }}'
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
- name: Install and trust certificate
shell:
@ -67,7 +67,7 @@
cp /etc/opendev-ca/ca.crt /usr/local/share/ca-certificates/opendev-infra-ca.crt
update-ca-certificates
- hosts: bridge.openstack.org
- hosts: bastion[0]
become: true
tasks:
- name: Write inventory on bridge
@ -115,6 +115,7 @@
loop:
- group_vars/all.yaml
- group_vars/adns.yaml
- group_vars/bastion.yaml
- group_vars/eavesdrop.yaml
- group_vars/nodepool.yaml
- group_vars/ns.yaml
@ -136,7 +137,6 @@
- group_vars/zuul-merger.yaml
- group_vars/zuul-scheduler.yaml
- group_vars/zuul-web.yaml
- host_vars/bridge.openstack.org.yaml
- host_vars/codesearch01.opendev.org.yaml
- host_vars/etherpad01.opendev.org.yaml
- host_vars/letsencrypt01.opendev.org.yaml
@ -185,7 +185,7 @@
name: encrypt-logs
vars:
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
encrypt_logs_artifact_path: 'bridge.openstack.org/ansible'
encrypt_logs_artifact_path: '{{ groups["bastion"][0] }}/ansible'
encrypt_logs_download_script_path: '/var/log/ansible'
- name: Run test playbook
@ -216,7 +216,7 @@
zuul:
artifacts:
- name: Screenshots
url: "bridge.openstack.org/screenshots"
url: '{{ groups["bastion"][0] }}/screenshots'
- name: Allow PBR's git calls to operate in system-config, despite not owning it
command: git config --global safe.directory /home/zuul/src/opendev.org/opendev/system-config
@ -240,4 +240,4 @@
zuul:
artifacts:
- name: testinfra results
url: "bridge.openstack.org/test-results.html"
url: '{{ groups["bastion"][0] }}/test-results.html'

2
playbooks/zuul/templates/gate-groups.yaml.j2
View File

@ -6,7 +6,7 @@ groups:
- bionic-docker
certcheck:
- bridge.openstack.org
- bridge[0-9]*.open*.org
letsencrypt:
- letsencrypt01.opendev.org

0
playbooks/zuul/templates/host_vars/bridge.openstack.org.yaml.j2 → playbooks/zuul/templates/group_vars/bastion.yaml.j2
View File

6
zuul.d/infra-prod.yaml
View File

@ -53,7 +53,7 @@
- playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
- playbooks/roles/install-ansible/
- playbooks/roles/root-keys/
- inventory/service/host_vars/bridge.openstack.org.yaml
- inventory/service/group_vars/bastion.yaml
- job:
name: infra-prod-base
@ -117,7 +117,7 @@
files:
- inventory/base
- playbooks/service-bridge.yaml
- inventory/service/host_vars/bridge.openstack.org.yaml
- inventory/service/group_vars/bastion.yaml
- playbooks/roles/logrotate/
- playbooks/roles/edit-secrets-script/
- playbooks/roles/install-kubectl/
@ -656,4 +656,4 @@
- opendev/system-config
files:
- playbooks/run_cloud_launcher.yaml
- inventory/service/host_vars/bridge.openstack.org.yaml
- inventory/service/group_vars/bastion.yaml

70
zuul.d/system-config-run.yaml
View File

@ -68,6 +68,20 @@
label: ubuntu-focal
- name: jammy
label: ubuntu-jammy
groups:
# Each job should define this group -- to avoid hard-coding
# the bastion hostname in the job setup, playbooks/tasks refer
# to it only by this group. This should only have one entry
# -- in a couple of places the jobs use the actual hostname
# and assume element [0] here is that hostname.
#
# Note that this shouldn't be confused with the group in
# inventory/service/groups.yaml -- this group contains the
# host that Zuul, running on the executor, will setup as the
# bridge node. This node will then run a nested Ansible to
# test the production playbooks -- *that* Ansible has a
# "bastion" group too
- &bastion_group { name: bastion, nodes: [ bridge.openstack.org ] }
files:
- tox.ini
- playbooks/
@ -90,6 +104,8 @@
label: ubuntu-focal
- name: jammy
label: ubuntu-jammy
groups:
- <<: *bastion_group
required-projects:
- name: github.com/ansible/ansible
override-checkout: devel
@ -129,6 +145,8 @@
label: ubuntu-focal-arm64
- name: jammy
label: ubuntu-jammy-arm64
groups:
- <<: *bastion_group
files:
- playbooks/
- roles/
@ -154,6 +172,8 @@
- <<: *bridge_node_x86
- name: eavesdrop01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -199,6 +219,8 @@
label: ubuntu-bionic
- name: letsencrypt02.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
@ -244,6 +266,8 @@
label: ubuntu-focal
- name: lists.katacontainers.io
label: ubuntu-focal
groups:
- <<: *bastion_group
required-projects:
- opendev/system-config
files:
@ -294,6 +318,8 @@
label: ubuntu-focal
- name: nb01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
required-projects:
- opendev/system-config
- openstack/project-config
@ -339,6 +365,8 @@
label: ubuntu-bionic
- name: ns1.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-nameserver.yaml
@ -375,6 +403,8 @@
label: ubuntu-bionic
- name: borg-backup-jammy.opendev.org
label: ubuntu-jammy
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-borg-backup.yaml
@ -446,6 +476,8 @@
label: ubuntu-bionic
- name: mirror02.openafs.provider.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
- job:
name: system-config-run-mirror-arm64
@ -455,6 +487,8 @@
- <<: *bridge_node_arm64
- name: mirror01.openafs.provider.opendev.org
label: ubuntu-focal-arm64
groups:
- <<: *bastion_group
- job:
name: system-config-run-mirror-update
@ -466,6 +500,8 @@
- <<: *bridge_node_x86
- name: mirror-update99.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-mirror-update.yaml
@ -489,6 +525,8 @@
- <<: *bridge_node_x86
- name: insecure-ci-registry01.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -522,6 +560,8 @@
- <<: *bridge_node_x86
- name: codesearch01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -551,6 +591,8 @@
- <<: *bridge_node_x86
- name: etherpad01.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -579,6 +621,8 @@
label: ubuntu-jammy
- name: gitea99.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
@ -655,6 +699,8 @@
- <<: *bridge_node_x86
- name: grafana01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -683,6 +729,8 @@
- <<: *bridge_node_x86
- name: graphite02.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -711,6 +759,8 @@
- <<: *bridge_node_x86
- name: keycloak01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -738,6 +788,8 @@
label: ubuntu-bionic
- name: jvb01.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -774,6 +826,8 @@
- <<: *bridge_node_x86
- name: paste99.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -801,6 +855,8 @@
- <<: *bridge_node_x86
- name: tracing99.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -825,6 +881,8 @@
- <<: *bridge_node_x86
- name: zk04.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-zookeeper.yaml
@ -850,6 +908,8 @@
- <<: *bridge_node_x86
- name: zp01.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/service-zuul-preview.yaml
@ -878,6 +938,8 @@
label: ubuntu-focal
- name: zuul-lb01.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
@ -946,6 +1008,8 @@
- <<: *bridge_node_x86
- name: review99.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
required-projects:
- openstack/project-config
- opendev/system-config
@ -1026,6 +1090,8 @@
- <<: *bridge_node_x86
- name: static99.opendev.org
label: ubuntu-bionic
groups:
- <<: *bastion_group
vars:
run_playbooks:
- playbooks/letsencrypt.yaml
@ -1056,6 +1122,8 @@
- <<: *bridge_node_x86
- name: refstack01.openstack.org
label: ubuntu-focal
groups:
- <<: *bastion_group
host-vars:
refstack01.openstack.org:
host_copy_output:
@ -1089,6 +1157,8 @@
label: ubuntu-focal
- name: kdc-replica.opendev.org
label: ubuntu-focal
groups:
- <<: *bastion_group
host-vars:
kdc-primary.opendev.org:
host_copy_output: