176 lines
5.7 KiB
YAML
176 lines
5.7 KiB
YAML
- job:
|
|
name: system-config-run
|
|
description: |
|
|
Run the "base" playbook for system-config hosts.
|
|
|
|
This is a parent job designed to be inherited.
|
|
abstract: true
|
|
pre-run: playbooks/zuul/run-base-pre.yaml
|
|
run: playbooks/zuul/run-base.yaml
|
|
post-run: playbooks/zuul/run-base-post.yaml
|
|
vars:
|
|
zuul_copy_output: "{{ copy_output | combine(host_copy_output | default({})) }}"
|
|
stage_dir: "{{ ansible_user_dir }}/zuul-output"
|
|
copy_output:
|
|
'/var/log/syslog': logs_txt
|
|
'/var/log/messages': logs_txt
|
|
'/var/log/docker': logs
|
|
'/var/log/containers': logs
|
|
install_ansible_collections:
|
|
- namespace: opentelekomcloud
|
|
name: apimon
|
|
repo: stackmon/ansible-collection-apimon
|
|
- namespace: opentelekomcloud
|
|
name: cloud
|
|
repo: opentelekomcloud/ansible-collection-cloud
|
|
- namespace: opentelekomcloud
|
|
name: gitcontrol
|
|
repo: opentelekomcloud/ansible-collection-gitcontrol
|
|
- namespace: openstack
|
|
name: cloud
|
|
repo: openstack/ansible-collections-openstack
|
|
git_provider: opendev.org
|
|
required-projects:
|
|
- name: github.com/opentelekomcloud/ansible-collection-cloud
|
|
override-checkout: main
|
|
- name: github.com/stackmon/ansible-collection-apimon
|
|
override-checkout: main
|
|
- name: github.com/opentelekomcloud/ansible-collection-gitcontrol
|
|
override-checkout: main
|
|
- name: opendev.org/openstack/ansible-collections-openstack
|
|
override-checkout: master
|
|
host-vars:
|
|
bridge*.eco.tsi-dev.otc-service.com:
|
|
install_ansible_collections:
|
|
- namespace: opentelekomcloud
|
|
name: apimon
|
|
repo: stackmon/ansible-collection-apimon
|
|
- namespace: opentelekomcloud
|
|
name: cloud
|
|
repo: opentelekomcloud/ansible-collection-cloud
|
|
- namespace: opentelekomcloud
|
|
name: gitcontrol
|
|
repo: opentelekomcloud/ansible-collection-gitcontrol
|
|
- namespace: openstack
|
|
name: cloud
|
|
repo: openstack/ansible-collections-openstack
|
|
git_provider: opendev.org
|
|
host_copy_output:
|
|
'{{ zuul.project.src_dir }}/junit.xml': logs
|
|
'{{ zuul.project.src_dir }}/test-results.html': logs
|
|
'{{ zuul.project.src_dir }}/inventory/base/gate-hosts.yaml': logs
|
|
'/var/log/screenshots': logs
|
|
|
|
- job:
|
|
name: system-config-run-base
|
|
parent: system-config-run
|
|
description: |
|
|
Run the "base" playbook on each of the node types
|
|
currently in use.
|
|
nodeset:
|
|
nodes:
|
|
- &bridge_node_x86 {name: bridge99.eco.tsi-dev.otc-service.com, label: ubuntu-jammy}
|
|
groups:
|
|
# Each job should define this group -- to avoid hard-coding
|
|
# the bastion hostname in the job setup, playbooks/tasks refer
|
|
# to it only by this group. This should only have one entry
|
|
# -- in a couple of places the jobs use the actual hostname
|
|
# and assume element [0] here is that hostname.
|
|
#
|
|
# Note that this shouldn't be confused with the group in
|
|
# inventory/service/groups.yaml -- this group contains the
|
|
# host that Zuul, running on the executor, will setup as the
|
|
# bridge node. This node will then run a nested Ansible to
|
|
# test the production playbooks -- *that* Ansible has a
|
|
# "bastion" group too
|
|
- &bastion_group { name: prod_bastion, nodes: [ bridge99.eco.tsi-dev.otc-service.com ] }
|
|
files:
|
|
- tox.ini
|
|
- playbooks/
|
|
- roles/
|
|
- testinfra/
|
|
|
|
- job:
|
|
name: system-config-run-x509-cert
|
|
parent: system-config-run
|
|
description: |
|
|
Run the playbook for the x509 certificates.
|
|
nodeset:
|
|
nodes:
|
|
- <<: *bridge_node_x86
|
|
groups:
|
|
- <<: *bastion_group
|
|
vars:
|
|
run_playbooks:
|
|
- playbooks/x509-certs.yaml
|
|
files:
|
|
- playbooks/bootstrap-bridge.yaml
|
|
- playbooks/x509-certs.yaml
|
|
- playbooks/roles/x509_cert
|
|
|
|
- job:
|
|
name: system-config-run-acme-ssl
|
|
parent: system-config-run
|
|
description: |
|
|
Run the playbook for the acme-ssl servers.
|
|
nodeset:
|
|
nodes:
|
|
- <<: *bridge_node_x86
|
|
- name: le1
|
|
label: ubuntu-focal
|
|
groups:
|
|
- <<: *bastion_group
|
|
vars:
|
|
run_playbooks:
|
|
- playbooks/acme-certs.yaml
|
|
files:
|
|
- playbooks/bootstrap-bridge.yaml
|
|
- playbooks/acme-ssl.yaml
|
|
- playbooks/roles/acme_create_certs
|
|
- playbooks/roles/acme_request_certs
|
|
- playbooks/roles/acme_install_txt_records
|
|
- playbooks/roles/acme_drop_txt_records
|
|
|
|
- job:
|
|
name: system-config-run-vault
|
|
parent: system-config-run
|
|
description: |
|
|
Run the playbook for the vault servers.
|
|
nodeset:
|
|
nodes:
|
|
- <<: *bridge_node_x86
|
|
- name: vault1.eco.tsi-dev.otc-service.com
|
|
label: ubuntu-focal
|
|
groups:
|
|
- <<: *bastion_group
|
|
vars:
|
|
run_playbooks:
|
|
# We do not want to create CA part of ZK setup, therefore only invoke additional playbook in the test.
|
|
- playbooks/acme-certs.yaml
|
|
- playbooks/service-vault.yaml
|
|
files:
|
|
- playbooks/bootstrap-bridge.yaml
|
|
- playbooks/service-vault.yaml
|
|
- playbooks/roles/hashivault
|
|
|
|
- job:
|
|
name: system-config-run-gitea
|
|
parent: system-config-run
|
|
description: |
|
|
Run the playbook for the gitea servers.
|
|
nodeset:
|
|
nodes:
|
|
- <<: *bridge_node_x86
|
|
- name: gitea.focal
|
|
label: ubuntu-jammy
|
|
groups:
|
|
- <<: *bastion_group
|
|
vars:
|
|
run_playbooks:
|
|
- playbooks/service-gitea.yaml
|
|
files:
|
|
- playbooks/bootstrap-bridge.yaml
|
|
- playbooks/service-gitea.yaml
|
|
- playbooks/roles/gitea/
|
|
- testinfra/test_gitea.py
|