From 04a129c328e295b7f45c9805d0fd1433ecea3db4 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 12 Oct 2022 14:23:23 +1100 Subject: [PATCH] bootstrap-bridge: use abstracted hostname The prior change Iffb462371939989b03e5d6ac6c5df63aa7708513 added the "bastion" group for system-config-run-* jobs, and the dependent change here adds the bridge host to the "bastion" group when it is dynamically added in opendev/base-jobs. This playbook can thus refer to the bastion group, rather than having to hardcode the hostname. This should have no affect in production as it all still refers to the existing bridge.openstack.org; but will make it easier to switch in the (near) future. Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/861026 Change-Id: Icc52d2544afc1faf519a036cda94a3cae10448ee --- playbooks/bootstrap-bridge.yaml | 35 +++++++++++++++---- ...oduction-bootstrap-bridge-add-rootkey.yaml | 2 +- .../zuul/run-production-bootstrap-bridge.yaml | 1 + 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/playbooks/bootstrap-bridge.yaml b/playbooks/bootstrap-bridge.yaml index 648d660327..794656350c 100644 --- a/playbooks/bootstrap-bridge.yaml +++ b/playbooks/bootstrap-bridge.yaml @@ -1,4 +1,18 @@ -- hosts: bridge.openstack.org:!disabled +# NOTE: This is included from two paths to setup the bridge/bastion +# host in different circumstances: +# +# 1) Gate tests -- here Zuul is running this on the executor against +# ephemeral nodes. It uses the "bastion" group as defined in the +# system-config-run jobs. +# +# 2) Production -- here we actually run against the real bastion host. +# The host is dynamically added in opendev/base-jobs before this +# runs, and put into a group called "bastion". +# +# In both cases, the "bastion" group has one entry, which is the +# bastion host to run against. + +- hosts: bastion[0]:!disabled name: "Bridge: bootstrap the bastion host" become: true tasks: @@ -53,6 +67,14 @@ content: '{{ _root_rsa_key_dict | to_nice_json }}' dest: '/home/zuul/root-rsa-key.json' + - name: Save abstracted inventory file + copy: + content: | + {{ inventory_hostname }} + [bastion] + {{ inventory_hostname }} + dest: '/home/zuul/bastion-inventory.ini' + - name: Make ansible log directory file: path: '/var/log/ansible' @@ -68,11 +90,10 @@ environment: ROOT_RSA_KEY: '{{ "-e @/home/zuul/root-rsa-key.json" if root_rsa_key is defined else "" }}' # In production "install-ansible" has setup ansible to point - # to the system-config inventory which has bridge in it. In - # the gate, bridge is ephemeral and we haven't yet built the - # inventory to use for testing (that is done in - # zuul/run-base.yaml). Pass the hostname -- the playbook uses - # the local connection. - BRIDGE_INVENTORY: '{{ "-ibridge.openstack.org," if root_rsa_key is defined else "" }}' + # to the system-config inventory which has the bastion group + # in it. In the gate, bridge is ephemeral and we haven't yet + # built the inventory to use for testing (that is done in + # zuul/run-base.yaml). Use this constructed inventory. + BRIDGE_INVENTORY: '{{ "-i/home/zuul/bastion-inventory.ini" if root_rsa_key is defined else "" }}' ANSIBLE_ROLES_PATH: '/home/zuul/src/opendev.org/opendev/system-config/playbooks/roles' no_log: true diff --git a/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml b/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml index f41c4f9315..ab44d63ab9 100644 --- a/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml +++ b/playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml @@ -1,4 +1,4 @@ -- hosts: bridge.openstack.org +- hosts: bastion[0] connection: local tasks: - name: Install root keys diff --git a/playbooks/zuul/run-production-bootstrap-bridge.yaml b/playbooks/zuul/run-production-bootstrap-bridge.yaml index 9c20e4af57..73ddd84bd5 100644 --- a/playbooks/zuul/run-production-bootstrap-bridge.yaml +++ b/playbooks/zuul/run-production-bootstrap-bridge.yaml @@ -3,6 +3,7 @@ - name: Add bridge.o.o to inventory for playbook add_host: name: bridge.openstack.org + groups: 'bastion' ansible_python_interpreter: python3 ansible_user: zuul # Without setting ansible_host directly, mirror-workspace-git-repos