opendev
/
system-config
Code Issues Proposed changes

Use zuul checkouts of ansible roles from other repos

Browse Source 
We have two standalone roles, puppet and cloud-launcher, but we
currently install them with galaxy so depends-on patches don't
work. We also install them every time we run anything, even if
we don't need them for the playbook in question.

Add two roles, one to install a set of ansible roles needed by
the host in question, and the other to encapsulate the sequence
of running puppet, which now includes installing the puppet
role, installing puppet, disabling the puppet agent and then
running puppet.

As a followup, we'll do the same thing with the puppet modules,
so that we arent' cloning and rsyncing ALL of the puppet modules
all the time no matter what.

Change-Id: I69a2e99e869ee39a3da573af421b18ad93056d5b
changes/82/724682/6
Monty Taylor 3 years ago
parent 1b126ef48a
commit 4b9d1a88bd
17 changed files with 96 additions and 41 deletions
Show Stats Download Patch File Download Diff File

41
.zuul.yaml
Unescape View File

@ -1112,6 +1112,7 @@
description: |
Run the playbook for an eavesdrop server.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
requires: accessbot-container-image
@ -1152,12 +1153,15 @@
- name: codesearch01.openstack.org
label: ubuntu-xenial
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
files:
- playbooks/install-ansible.yaml
- playbooks/service-codesearch.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/sync-project-config
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
@ -1210,10 +1214,16 @@
label: ubuntu-bionic
- name: lists.openstack.org
label: ubuntu-xenial
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- playbooks/install-ansible.yaml
- modules/openstack_project/manifests/lists.pp
- playbooks/host_vars/lists.openstack.org.yaml
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- roles/exim
vars:
run_playbooks:
@ -1238,8 +1248,9 @@
- name: nb04.opendev.org
label: ubuntu-bionic
required-projects:
- openstack/project-config
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
host-vars:
nl01.openstack.org:
host_copy_output:
@ -1261,6 +1272,9 @@
- playbooks/group_vars/nodepool.yaml
- playbooks/group_vars/nodepool-builder.yaml
- playbooks/group_vars/nodepool-launcher.yaml
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/configure-openstacksdk/
- playbooks/roles/nodepool
- playbooks/templates/clouds/
@ -2080,7 +2094,6 @@
files:
- inventory/
- roles/
- roles.yaml
- install_modules.sh
- modules.env
- playbooks/install-ansible.yaml
@ -2228,6 +2241,9 @@
- playbooks/host_vars/nb
- playbooks/host_vars/nl
- playbooks/group_vars/nodepool
- playbooks/group_vars/puppet
- playbooks/roles/install-ansible-roles/
- playbooks/roles/run-puppet/
- playbooks/roles/configure-kubectl/
- playbooks/roles/configure-openstacksdk/
- playbooks/roles/install-docker/
@ -2483,6 +2499,7 @@
parent: infra-prod-service-base
description: Run service-codesearch.yaml playbook.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
vars:
@ -2492,6 +2509,8 @@
- playbooks/install-ansible.yaml
- playbooks/service-codesearch.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/sync-project-config
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
@ -2504,6 +2523,7 @@
parent: infra-prod-service-base
description: Run service-eavesdrop.yaml playbook.
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
- openstack/project-config
dependencies:
@ -2523,6 +2543,8 @@
- playbooks/run-accessbot.yaml
- playbooks/group_vars/eavesdrop.yaml
- playbooks/group_vars/puppet.yaml
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/zuul-user
- playbooks/roles/install-docker
- playbooks/roles/puppet-install/
@ -2555,11 +2577,17 @@
vars:
playbook_name: remote_puppet_afs.yaml
infra_prod_ansible_forks: 1
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- inventory/
- playbooks/remote_puppet_afs.yaml
- playbooks/group_vars/afs
- playbooks/group_vars/mirror-update
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
- playbooks/roles/vos-release/
@ -2573,12 +2601,18 @@
vars:
playbook_name: remote_puppet_else.yaml
infra_prod_ansible_forks: 50
required-projects:
- opendev/ansible-role-puppet
- opendev/system-config
files:
- hiera/
- inventory/
- playbooks/remote_puppet_else.yaml
- playbooks/group_vars/
- playbooks/host_vars/
- playbooks/group_vars/puppet
- playbooks/roles/run-puppet/
- playbooks/roles/install-ansible-roles/
- playbooks/roles/puppet-install/
- playbooks/roles/disable-puppet-agent/
- modules/
@ -2591,6 +2625,9 @@
vars:
playbook_name: run_cloud_launcher.yaml
infra_prod_ansible_forks: 1
required-projects:
- opendev/ansible-role-cloud-launcher
- opendev/system-config
dependencies:
- name: infra-prod-service-bridge
soft: true

2
inventory/groups.yaml
Unescape View File

@ -28,6 +28,8 @@ groups:
# backup-server:
# - backup[0-9]*.opendev.org
cacti: cacti[0-9]*.open*.org
cloud-launcher:
- bridge.openstack.org
codesearch:
- codesearch[0-9]*.open*.org
control-plane-clouds:

2
playbooks/group_vars/cloud-launcher.yaml
Unescape View File

@ -0,0 +1,2 @@
ansible_roles:
- cloud-launcher

2
playbooks/group_vars/puppet.yaml
Unescape View File

@ -10,3 +10,5 @@ puppet_color: 'false'
mgmt_hieradata: /etc/ansible/hosts
mgmt_puppet_module_dir: /etc/puppet/modules
puppet_hieradata_link_dest: /opt/system-config/hieradata
ansible_roles:
- puppet

8
playbooks/remote_puppet_afs.yaml
Unescape View File

@ -1,14 +1,8 @@
- hosts: "afs:afsdb:!disabled"
name: "Base: install and configure puppet on puppet hosts"
roles:
- puppet-install
- disable-puppet-agent
- hosts: "afs:afsdb:!disabled"
name: "AFS: run puppet on the AFS servers"
strategy: free
roles:
- puppet
- run-puppet
- hosts: "mirror-update:!disabled"
name: "Create key for remote vos release"

4
playbooks/remote_puppet_else.yaml
Unescape View File

@ -2,6 +2,4 @@
name: "Puppet-else: run puppet on all other servers"
strategy: free
roles:
- puppet-install
- disable-puppet-agent
- puppet
- run-puppet

1
playbooks/roles/install-ansible-roles/README.rst
Unescape View File

@ -0,0 +1 @@
Install additional Ansible roles from git repos

4
playbooks/roles/install-ansible-roles/defaults/main.yaml
Unescape View File

@ -0,0 +1,4 @@
# Roles to install from source
ansible_roles: []
ansible_role_src_root: /home/zuul
ansible_role_dest: /etc/ansible/roles

9
playbooks/roles/install-ansible-roles/tasks/main.yaml
Unescape View File

@ -0,0 +1,9 @@
- name: Install ansible roles to /etc/ansible/roles
git:
repo: '{{ ansible_role_src_root }}/src/opendev.org/opendev/ansible-role-{{ ansible_role }}'
dest: '/etc/ansible/roles/{{ ansible_role }}'
force: yes
delegate_to: localhost
loop: '{{ ansible_roles }}'
loop_control:
loop_var: ansible_role

8
playbooks/roles/install-ansible/tasks/main.yaml
Unescape View File

@ -111,14 +111,6 @@
src: roles/
dest: /etc/ansible/roles
- name: Copy roles.yaml into /etc/ansible
copy:
src: roles.yaml
dest: /etc/ansible/roles.yaml
- name: Install ansible roles to /etc/ansible/roles
command: ansible-galaxy install --roles-path /etc/ansible/roles --force -r /etc/ansible/roles.yaml
- name: Make sure k8s-on-openstack repo is up to date
git:
repo: https://github.com/infraly/k8s-on-openstack

12
playbooks/roles/run-puppet/README.rst
Unescape View File

@ -0,0 +1,12 @@
Run puppet on remote servers
Omnibus role that takes care of installing the puppet role,
installing puppet and then running puppet. Uses include_role
so that the installation of the puppet role can run as the
first task, then the puppet role can be used in a following
task.
.. zuul:rolevar:: manifest
:default: manifests/site.pp
Puppet manifest file to run.

9
playbooks/roles/run-puppet/tasks/main.yaml
Unescape View File

@ -0,0 +1,9 @@
# Use include_role instead of roles: so that we can late-bind the roles list
- include_role:
name: install-ansible-roles
- include_role:
name: puppet-install
- include_role:
name: disable-puppet-agent
- include_role:
name: puppet

16
playbooks/run_cloud_launcher.yaml
Unescape View File

@ -1,7 +1,13 @@
- hosts: bridge.openstack.org:!disabled
- hosts: cloud-launcher:!disabled
name: "Cloud-launcher: Run cloud launcher"
gather_facts: false
roles:
- role: cloud-launcher
profiles: '{{ cloud_launcher_profiles }}'
clouds: '{{ cloud_launcher_clouds }}'
tasks:
# Use include_role so that the cloud-launcher role install
# is late-binding
- include_role:
name: install-ansible-roles
- include_role:
name: cloud-launcher
vars:
profiles: '{{ cloud_launcher_profiles }}'
clouds: '{{ cloud_launcher_clouds }}'

4
playbooks/service-codesearch.yaml
Unescape View File

@ -3,7 +3,5 @@
strategy: free
roles:
- sync-project-config
- puppet-install
- disable-puppet-agent
- name: puppet
- name: run-puppet
manifest: /opt/system-config/production/manifests/codesearch.pp

4
playbooks/service-eavesdrop.yaml
Unescape View File

@ -6,7 +6,5 @@
- sync-project-config
- install-docker
- accessbot
- puppet-install
- disable-puppet-agent
- name: puppet
- name: run-puppet
manifest: /opt/system-config/production/manifests/eavesdrop.pp

4
playbooks/service-nodepool.yaml
Unescape View File

@ -14,9 +14,7 @@
- nodepool-base-legacy
- configure-openstacksdk
- configure-kubectl
- puppet-install
- disable-puppet-agent
- puppet
- run-puppet
- hosts: nodepool-launcher:!disabled
name: "Configure nodepool launchers"

7
roles.yaml
Unescape View File

@ -1,7 +0,0 @@
---
- src: git+https://opendev.org/opendev/ansible-role-puppet.git
version: HEAD
name: puppet
- src: git+https://opendev.org/opendev/ansible-role-cloud-launcher.git
version: HEAD
name: cloud-launcher
Write Preview
Loading…
Cancel
Save