run-production-playbook: return encrypted logs

Based on the changes in I5b9f9dd53eb896bb542652e8175c570877842584, enable returning encrypted log artifacts for the codesearch production job, as an initial test. Change-Id: I9bd4ed0880596968000b1f153c31df849cd7fa8d
12 months ago · 7b22badf6a
parent ccf00b7673
commit 7b22badf6a
3 changed files with 36 additions and 0 deletions
--- a/playbooks/service-codesearch.yaml
+++ b/playbooks/service-codesearch.yaml
@ -1,3 +1,4 @@
+# NOTE(ianw): 2022-02-16 : comment to trigger prod run
 - hosts: "codesearch:!disabled"
  name: "Configure codesearch"
  roles:
--- a/playbooks/zuul/run-production-playbook.yaml
+++ b/playbooks/zuul/run-production-playbook.yaml
@ -26,6 +26,40 @@

      always:

+        - name: Encrypt log
+          when: infra_prod_playbook_encrypt_log
+          block:
+
+            - name: Create temp dir for download script
+              tempfile:
+                state: directory
+              register: _download_tmpdir
+
+            - name: Encrypt logs
+              include_role:
+                name: encrypt-logs
+              vars:
+                encrypt_logs_files:
+                  - '/var/log/ansible/{{ playbook_name }}.log'
+                # Artifact in root directory
+                encrypt_logs_artifact_path: ''
+                encrypt_logs_download_script_path: '{{ _download_tmpdir.path }}'
+
+            - name: Return logs
+              synchronize:
+                src: '{{ item[0] }}'
+                dest: '{{ item[1] }}'
+                mode: pull
+                verify_host: true
+              loop:
+                - [ '{{ zuul.executor.log_root }}/{{ playbook_name }}.log.gpg }}', '/var/log/ansible/{{ playbook_name }}.log.gpg' ]
+                - [ '{{ zuul.executor.log_root }}/download-gpg-logs.sh }}', '{{ _download_tmpdir.path }}/download-logs.sh }}' ]
+
+            - name: Remove tmpdir
+              file:
+                path: '{{ _download_tmpdir.path }}'
+                state: absent
+
        # Not using normal zuul job roles as bridge.openstack.org is not a
        # test node with all the normal bits in place.
        - name: Collect log output
--- a/zuul.d/infra-prod.yaml
+++ b/zuul.d/infra-prod.yaml
@ -506,6 +506,7 @@
    description: Run service-codesearch.yaml playbook.
    vars:
      playbook_name: service-codesearch.yaml
+      infra_prod_playbook_encrypt_log: True
    files:
      - docker/hound/
      - inventory/base