Use zuul checkouts of ansible roles from other repos

We have two standalone roles, puppet and cloud-launcher, but we
currently install them with galaxy so depends-on patches don't
work. We also install them every time we run anything, even if
we don't need them for the playbook in question.

Add two roles, one to install a set of ansible roles needed by
the host in question, and the other to encapsulate the sequence
of running puppet, which now includes installing the puppet
role, installing puppet, disabling the puppet agent and then
running puppet.

As a followup, we'll do the same thing with the puppet modules,
so that we arent' cloning and rsyncing ALL of the puppet modules
all the time no matter what.

Change-Id: I69a2e99e869ee39a3da573af421b18ad93056d5b
changes/82/724682/6
Monty Taylor 2 years ago
parent 1b126ef48a
commit 4b9d1a88bd
  1. 41
      .zuul.yaml
  2. 2
      inventory/groups.yaml
  3. 2
      playbooks/group_vars/cloud-launcher.yaml
  4. 2
      playbooks/group_vars/puppet.yaml
  5. 8
      playbooks/remote_puppet_afs.yaml
  6. 4
      playbooks/remote_puppet_else.yaml
  7. 1
      playbooks/roles/install-ansible-roles/README.rst
  8. 4
      playbooks/roles/install-ansible-roles/defaults/main.yaml
  9. 9
      playbooks/roles/install-ansible-roles/tasks/main.yaml
  10. 8
      playbooks/roles/install-ansible/tasks/main.yaml
  11. 12
      playbooks/roles/run-puppet/README.rst
  12. 9
      playbooks/roles/run-puppet/tasks/main.yaml
  13. 16
      playbooks/run_cloud_launcher.yaml
  14. 4
      playbooks/service-codesearch.yaml
  15. 4
      playbooks/service-eavesdrop.yaml
  16. 4
      playbooks/service-nodepool.yaml
  17. 7
      roles.yaml

@ -1112,6 +1112,7 @@
description: |
Run the playbook for an eavesdrop server.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
requires: accessbot-container-image
@ -1152,12 +1153,15 @@
- name: codesearch01.openstack.org
label: ubuntu-xenial
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
files:
- playbooks/install-ansible.yaml
- playbooks/service-codesearch.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/sync-project-config
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
@ -1210,10 +1214,16 @@
label: ubuntu-bionic
- name: lists.openstack.org
label: ubuntu-xenial
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- playbooks/install-ansible.yaml
- modules/openstack_project/manifests/lists.pp
- playbooks/host_vars/lists.openstack.org.yaml
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- roles/exim
vars:
run_playbooks:
@ -1238,8 +1248,9 @@
- name: nb04.opendev.org
label: ubuntu-bionic
required-projects:
- openstack/project-config
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
host-vars:
nl01.openstack.org:
host_copy_output:
@ -1261,6 +1272,9 @@
- playbooks/group_vars/nodepool.yaml
- playbooks/group_vars/nodepool-builder.yaml
- playbooks/group_vars/nodepool-launcher.yaml
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/configure-openstacksdk/
- playbooks/roles/nodepool
- playbooks/templates/clouds/
@ -2080,7 +2094,6 @@
files:
- inventory/
- roles/
- roles.yaml
- install_modules.sh
- modules.env
- playbooks/install-ansible.yaml
@ -2228,6 +2241,9 @@
- playbooks/host_vars/nb
- playbooks/host_vars/nl
- playbooks/group_vars/nodepool
- playbooks/group_vars/puppet
- playbooks/roles/install-ansible-roles/
- playbooks/roles/run-puppet/
- playbooks/roles/configure-kubectl/
- playbooks/roles/configure-openstacksdk/
- playbooks/roles/install-docker/
@ -2483,6 +2499,7 @@
parent: infra-prod-service-base
description: Run service-codesearch.yaml playbook.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
vars:
@ -2492,6 +2509,8 @@
- playbooks/install-ansible.yaml
- playbooks/service-codesearch.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/sync-project-config
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
@ -2504,6 +2523,7 @@
parent: infra-prod-service-base
description: Run service-eavesdrop.yaml playbook.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
dependencies:
@ -2523,6 +2543,8 @@
- playbooks/run-accessbot.yaml
- playbooks/group_vars/eavesdrop.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/zuul-user
- playbooks/roles/install-docker
- playbooks/roles/puppet-install/
@ -2555,11 +2577,17 @@
vars:
playbook_name: remote_puppet_afs.yaml
infra_prod_ansible_forks: 1
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- inventory/
- playbooks/remote_puppet_afs.yaml
- playbooks/group_vars/afs
- playbooks/group_vars/mirror-update
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
- playbooks/roles/vos-release/
@ -2573,12 +2601,18 @@
vars:
playbook_name: remote_puppet_else.yaml
infra_prod_ansible_forks: 50
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- hiera/
- inventory/
- playbooks/remote_puppet_else.yaml
- playbooks/group_vars/
- playbooks/host_vars/
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
- modules/
@ -2591,6 +2625,9 @@
vars:
playbook_name: run_cloud_launcher.yaml
infra_prod_ansible_forks: 1
required-projects:
- opendev/ansible-role-cloud-launcher
- opendev/system-config
dependencies:
- name: infra-prod-service-bridge
soft: true

@ -28,6 +28,8 @@ groups:
# backup-server:
# - backup[0-9]*.opendev.org
cacti: cacti[0-9]*.open*.org
cloud-launcher:
- bridge.openstack.org
codesearch:
- codesearch[0-9]*.open*.org
control-plane-clouds:

@ -0,0 +1,2 @@
ansible_roles:
- cloud-launcher

@ -10,3 +10,5 @@ puppet_color: 'false'
mgmt_hieradata: /etc/ansible/hosts
mgmt_puppet_module_dir: /etc/puppet/modules
puppet_hieradata_link_dest: /opt/system-config/hieradata
ansible_roles:
- puppet

@ -1,14 +1,8 @@
- hosts: "afs:afsdb:!disabled"
name: "Base: install and configure puppet on puppet hosts"
roles:
- puppet-install
- disable-puppet-agent
- hosts: "afs:afsdb:!disabled"
name: "AFS: run puppet on the AFS servers"
strategy: free
roles:
- puppet
- run-puppet
- hosts: "mirror-update:!disabled"
name: "Create key for remote vos release"

@ -2,6 +2,4 @@
name: "Puppet-else: run puppet on all other servers"
strategy: free
roles:
- puppet-install
- disable-puppet-agent
- puppet
- run-puppet

@ -0,0 +1 @@
Install additional Ansible roles from git repos

@ -0,0 +1,4 @@
# Roles to install from source
ansible_roles: []
ansible_role_src_root: /home/zuul
ansible_role_dest: /etc/ansible/roles

@ -0,0 +1,9 @@
- name: Install ansible roles to /etc/ansible/roles
git:
repo: '{{ ansible_role_src_root }}/src/opendev.org/opendev/ansible-role-{{ ansible_role }}'
dest: '/etc/ansible/roles/{{ ansible_role }}'
force: yes
delegate_to: localhost
loop: '{{ ansible_roles }}'
loop_control:
loop_var: ansible_role

@ -111,14 +111,6 @@
src: roles/
dest: /etc/ansible/roles
- name: Copy roles.yaml into /etc/ansible
copy:
src: roles.yaml
dest: /etc/ansible/roles.yaml
- name: Install ansible roles to /etc/ansible/roles
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml
- name: Make sure k8s-on-openstack repo is up to date
git:
repo: https://github.com/infraly/k8s-on-openstack

@ -0,0 +1,12 @@
Run puppet on remote servers
Omnibus role that takes care of installing the puppet role,
installing puppet and then running puppet. Uses include_role
so that the installation of the puppet role can run as the
first task, then the puppet role can be used in a following
task.
.. zuul:rolevar:: manifest
:default: manifests/site.pp
Puppet manifest file to run.

@ -0,0 +1,9 @@
# Use include_role instead of roles: so that we can late-bind the roles list
- include_role:
name: install-ansible-roles
- include_role:
name: puppet-install
- include_role:
name: disable-puppet-agent
- include_role:
name: puppet

@ -1,7 +1,13 @@
- hosts: bridge.openstack.org:!disabled
- hosts: cloud-launcher:!disabled
name: "Cloud-launcher: Run cloud launcher"
gather_facts: false
roles:
- role: cloud-launcher
profiles: '{{ cloud_launcher_profiles }}'
clouds: '{{ cloud_launcher_clouds }}'
tasks:
# Use include_role so that the cloud-launcher role install
# is late-binding
- include_role:
name: install-ansible-roles
- include_role:
name: cloud-launcher
vars:
profiles: '{{ cloud_launcher_profiles }}'
clouds: '{{ cloud_launcher_clouds }}'

@ -3,7 +3,5 @@
strategy: free
roles:
- sync-project-config
- puppet-install
- disable-puppet-agent
- name: puppet
- name: run-puppet
manifest: /opt/system-config/production/manifests/codesearch.pp

@ -6,7 +6,5 @@
- sync-project-config
- install-docker
- accessbot
- puppet-install
- disable-puppet-agent
- name: puppet
- name: run-puppet
manifest: /opt/system-config/production/manifests/eavesdrop.pp

@ -14,9 +14,7 @@
- nodepool-base-legacy
- configure-openstacksdk
- configure-kubectl
- puppet-install
- disable-puppet-agent
- puppet
- run-puppet
- hosts: nodepool-launcher:!disabled
name: "Configure nodepool launchers"

@ -1,7 +0,0 @@
---
- src: git+https://opendev.org/opendev/ansible-role-puppet.git
version: HEAD
name: puppet
- src: git+https://opendev.org/opendev/ansible-role-cloud-launcher.git
version: HEAD
name: cloud-launcher
Loading…
Cancel
Save