# Make sure only one run of a system-config playbook happens at a time - semaphore: name: infra-prod-playbook max: 1 - job: name: infra-prod-playbook parent: otc-infra-prod-base description: | Run specified playbook against productions hosts. This is a parent job designed to be inherited to enabled CD deployment of our infrastructure. Set playbook_name to specify the playbook relative to /home/zuul/src/github.com/opentelekomcloud-infra/system-config/playbooks on bridgeXX.eco.tsi-dev.otc-service.com. abstract: true semaphore: infra-prod-playbook run: playbooks/zuul/run-production-playbook.yaml post-run: playbooks/zuul/run-production-playbook-post.yaml required-projects: - opentelekomcloud-infra/system-config vars: infra_prod_ansible_forks: 10 infra_prod_playbook_collect_log: false infra_prod_playbook_encrypt_log: true nodeset: nodes: [] - job: name: infra-prod-bootstrap-bridge parent: otc-infra-prod-setup-keys description: | Configure the bastion host (bridge) This job does minimal configuration on the bastion host (bridge.openstack.org) to allow it to run system-config playbooks against our production hosts. It sets up Ansible on the host. Note that this is separate to infra-prod-service-bridge; bridge in it's role as the bastion host actaully runs that against itself; it includes things not strictly needed to make the host able to deploy system-config. run: playbooks/zuul/run-production-bootstrap-bridge.yaml required-projects: - name: github.com/stackmon/ansible-collection-apimon override-checkout: main - name: github.com/opentelekomcloud/ansible-collection-cloud override-checkout: main - name: github.com/opentelekomcloud/ansible-collection-gitcontrol override-checkout: main - name: opendev.org/openstack/ansible-collections-openstack override-checkout: main files: - playbooks/boostrap-bridge.yaml - playbooks/zuul/run-production-bootstrap-bridge.yaml - playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml - playbooks/roles/install-ansible/ - playbooks/roles/root-keys/ - inventory/service/host_vars/bridge.eco.tsi-dev.otc-service.com.yaml - inventory/base/hosts.yaml - inventory/service/group_vars/bastion.yaml vars: install_ansible_collections: - namespace: opentelekomcloud name: apimon repo: stackmon/ansible-collection-apimon - namespace: opentelekomcloud name: cloud repo: opentelekomcloud/ansible-collection-cloud - namespace: opentelekomcloud name: gitcontrol repo: opentelekomcloud/ansible-collection-gitcontrol - namespace: openstack name: cloud repo: openstack/ansible-collections-openstack git_provider: opendev.org install_ansible_requirements: - hvac - job: name: infra-prod-base parent: infra-prod-playbook description: Run the base playbook everywhere. vars: playbook_name: base.yaml infra_prod_ansible_forks: 50 files: - inventory/ - inventory/service/host_vars/ - inventory/service/group_vars/ - playbooks/base.yaml - playbooks/roles/base/ - job: name: infra-prod-service-base parent: infra-prod-playbook description: Base job for most service playbooks. abstract: true irrelevant-files: - inventory/service/group_vars/zuul.yaml - job: name: infra-prod-base-ext parent: infra-prod-service-base description: Run base-ext.yaml playbook. vars: playbook_name: base-ext.yaml files: - inventory/ - playbooks/base-ext.yaml - playbooks/roles/base/audit/ - job: name: infra-prod-service-bridge parent: infra-prod-service-base description: Run service-bridge.yaml playbook. vars: playbook_name: service-bridge.yaml files: - inventory/ - playbooks/service-bridge.yaml - inventory/service/host_vars/bridge.eco-tsi-dev.otc-service.com.yaml - playbooks/roles/logrotate/ - playbooks/roles/edit-secrets-script/ - playbooks/roles/install-kubectl/ - playbooks/roles/firewalld/ - playbooks/roles/configure-kubectl/ - playbooks/roles/configure-openstacksdk/ - playbooks/templates/clouds/ - job: name: infra-prod-service-x509-cert parent: infra-prod-service-base description: Run x509-certs.yaml playbook. vars: playbook_name: x509-certs.yaml files: - inventory/ - playbooks/x509-certs.yaml - playbooks/roles/x509_cert - job: name: infra-prod-service-gitea parent: infra-prod-service-base description: Run service-gitea.yaml playbook. vars: playbook_name: service-gitea.yaml files: - inventory/ - playbooks/service-gitea.yaml - playbooks/roles/gitea/ - job: name: infra-prod-gitea-sync parent: infra-prod-service-base description: Run sync-gitea-data.yaml playbook vars: playbook_name: sync-gitea-data.yaml files: - playbooks/sync-gitea-data.yaml - job: name: infra-prod-service-acme-ssl parent: infra-prod-service-base description: Run acme-certs.yaml playbook. vars: playbook_name: acme-certs.yaml files: - inventory/ - playbooks/acme-certs.yaml - playbooks/roles/acme - job: name: infra-prod-service-vault parent: infra-prod-service-base description: Run service-vault.yaml playbook. vars: playbook_name: service-vault.yaml files: - inventory/ - playbooks/service-vault.yaml - playbooks/roles/hashivault - job: name: infra-prod-install-cce parent: infra-prod-service-base description: Install cloud CCE clusters vars: playbook_name: cloud-cce.yaml files: - inventory/service/group_vars/cloud-launcher.yaml - playbooks/cloud-cce.yaml - playbooks/roles/cloud_cce