Merge "Reference bastion through prod_bastion group"

changes/60/864060/1
Zuul 3 months ago committed by Gerrit Code Review
commit 3b60679d6b

@ -15,10 +15,8 @@ groups:
- afsdb*.open*.org
- afs[0-9]*.open*.org
- static[0-9]*.opendev.org
# bastion group should should only have one entry because we assume
# groups['bastion'][0] is the bastion host name in several places.
bastion:
- bridge01.opendev.org
- bridge*.opendev.org
borg-backup:
- etherpad[0-9]*.opendev.org
- gitea01.opendev.org

@ -12,7 +12,7 @@
# In both cases, the "bastion" group has one entry, which is the
# bastion host to run against.
- hosts: bastion[0]:!disabled
- hosts: prod_bastion[0]:!disabled
name: "Bridge: bootstrap the bastion host"
become: true
tasks:

@ -1,7 +1,7 @@
- name: Add bastion host to inventory for production playbook
add_host:
name: 'bridge01.opendev.org'
groups: 'bastion'
groups: 'prod_bastion'
ansible_python_interpreter: python3
ansible_user: zuul
# Without setting ansible_host directly, mirror-workspace-git-repos

@ -28,7 +28,7 @@
- include_role:
name: stage-output
- hosts: bastion
- hosts: prod_bastion[0]
tasks:
- name: Set log directory
set_fact:
@ -69,7 +69,7 @@
zuul:
artifacts:
- name: ARA report
url: '{{ groups["bastion"][0] }}/ara-report/'
url: '{{ groups["prod_bastion"][0] }}/ara-report/'
- name: Collect ansible configuration
synchronize:

@ -5,7 +5,7 @@
cloud_launcher_disable_job: true
# setup opendev CA
- hosts: bastion[0]
- hosts: prod_bastion[0]
become: true
tasks:
- name: Make temporary dir for CA generation
@ -57,9 +57,9 @@
creates: '{{ item.file }}'
loop:
- file: '/etc/opendev-ca/ca.key'
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_key"]["content"] }}'
content: '{{ hostvars[groups["prod_bastion"][0]]["_opendev_ca_key"]["content"] }}'
- file: '/etc/opendev-ca/ca.crt'
content: '{{ hostvars[groups["bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
content: '{{ hostvars[groups["prod_bastion"][0]]["_opendev_ca_certificate"]["content"] }}'
- name: Install and trust certificate
shell:
@ -67,7 +67,7 @@
cp /etc/opendev-ca/ca.crt /usr/local/share/ca-certificates/opendev-infra-ca.crt
update-ca-certificates
- hosts: bastion[0]
- hosts: prod_bastion[0]
become: true
tasks:
- name: Write inventory on bridge
@ -185,7 +185,7 @@
name: encrypt-logs
vars:
encrypt_logs_files: '{{ _run_playbooks_logs.files | map(attribute="path") | list }}'
encrypt_logs_artifact_path: '{{ groups["bastion"][0] }}/ansible'
encrypt_logs_artifact_path: '{{ groups["prod_bastion"][0] }}/ansible'
encrypt_logs_download_script_path: '/var/log/ansible'
- name: Run test playbook
@ -216,7 +216,7 @@
zuul:
artifacts:
- name: Screenshots
url: '{{ groups["bastion"][0] }}/screenshots'
url: '{{ groups["prod_bastion"][0] }}/screenshots'
- name: Allow PBR's git calls to operate in system-config, despite not owning it
command: git config --global safe.directory /home/zuul/src/opendev.org/opendev/system-config
@ -240,4 +240,4 @@
zuul:
artifacts:
- name: testinfra results
url: '{{ groups["bastion"][0] }}/test-results.html'
url: '{{ groups["prod_bastion"][0] }}/test-results.html'

@ -1,4 +1,4 @@
- hosts: bastion[0]
- hosts: prod_bastion[0]
connection: local
tasks:
- name: Install root keys

@ -2,7 +2,7 @@
roles:
- add-bastion-host
- hosts: bastion[0]
- hosts: prod_bastion[0]
tasks:
- name: Encrypt log
when: infra_prod_playbook_encrypt_log|default(False)

@ -2,7 +2,7 @@
roles:
- add-bastion-host
- hosts: bastion[0]
- hosts: prod_bastion[0]
tasks:
- name: Run the production playbook and capture logs
block:

@ -59,7 +59,7 @@
currently in use.
nodeset:
nodes:
- &bridge_node_x86 { name: bridge01.opendev.org, label: ubuntu-jammy }
- &bridge_node_x86 { name: bridge99.opendev.org, label: ubuntu-jammy }
- name: xenial
label: ubuntu-xenial
- name: bionic
@ -81,7 +81,7 @@
# bridge node. This node will then run a nested Ansible to
# test the production playbooks -- *that* Ansible has a
# "bastion" group too
- &bastion_group { name: bastion, nodes: [ bridge01.opendev.org ] }
- &bastion_group { name: prod_bastion, nodes: [ bridge99.opendev.org ] }
files:
- tox.ini
- playbooks/
@ -138,7 +138,7 @@
Run the "base" playbook on ARM64.
nodeset:
nodes:
- &bridge_node_arm64 { name: bridge01.opendev.org, label: ubuntu-jammy-arm64 }
- &bridge_node_arm64 { name: bridge99.opendev.org, label: ubuntu-jammy-arm64 }
- name: bionic
label: ubuntu-bionic-arm64
- name: focal
@ -228,7 +228,7 @@
# Make sure this test runs acme.sh
letsencrypt_self_generate_tokens: False
host-vars:
bridge01.opendev.org:
bridge99.opendev.org:
host_copy_output:
'/var/lib/certcheck': logs
letsencrypt01.opendev.org:
@ -967,7 +967,7 @@
'/etc/hosts': logs
'/etc/zuul/zuul.conf': logs
'/var/log/zuul/debug.log': logs
bridge01.opendev.org:
bridge99.opendev.org:
host_copy_output:
'/etc/hosts': logs
zuul-lb01.opendev.org:

Loading…
Cancel
Save