run-production-playbook: return encrypted logs

Based on the changes in I5b9f9dd53eb896bb542652e8175c570877842584,
enable returning encrypted log artifacts for the codesearch production
job, as an initial test.

Change-Id: I9bd4ed0880596968000b1f153c31df849cd7fa8d
changes/47/829147/3
Ian Wienand 12 months ago
parent ccf00b7673
commit 7b22badf6a

@ -1,3 +1,4 @@
# NOTE(ianw): 2022-02-16 : comment to trigger prod run
- hosts: "codesearch:!disabled"
name: "Configure codesearch"
roles:

@ -26,6 +26,40 @@
always:
- name: Encrypt log
when: infra_prod_playbook_encrypt_log
block:
- name: Create temp dir for download script
tempfile:
state: directory
register: _download_tmpdir
- name: Encrypt logs
include_role:
name: encrypt-logs
vars:
encrypt_logs_files:
- '/var/log/ansible/{{ playbook_name }}.log'
# Artifact in root directory
encrypt_logs_artifact_path: ''
encrypt_logs_download_script_path: '{{ _download_tmpdir.path }}'
- name: Return logs
synchronize:
src: '{{ item[0] }}'
dest: '{{ item[1] }}'
mode: pull
verify_host: true
loop:
- [ '{{ zuul.executor.log_root }}/{{ playbook_name }}.log.gpg }}', '/var/log/ansible/{{ playbook_name }}.log.gpg' ]
- [ '{{ zuul.executor.log_root }}/download-gpg-logs.sh }}', '{{ _download_tmpdir.path }}/download-logs.sh }}' ]
- name: Remove tmpdir
file:
path: '{{ _download_tmpdir.path }}'
state: absent
# Not using normal zuul job roles as bridge.openstack.org is not a
# test node with all the normal bits in place.
- name: Collect log output

@ -506,6 +506,7 @@
description: Run service-codesearch.yaml playbook.
vars:
playbook_name: service-codesearch.yaml
infra_prod_playbook_encrypt_log: True
files:
- docker/hound/
- inventory/base

Loading…
Cancel
Save