system-config/playbooks/zuul/run-base.yaml

- import_playbook: ../bootstrap-bridge.yaml
  vars:
    root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa', rstrip=False) }}"
    ansible_cron_disable_job: true
    cloud_launcher_disable_job: true

- hosts: prod_bastion[0]
  become: true
  tasks:
    - name: Write inventory on bridge
      include_role:
        name: write-inventory
      vars:
        write_inventory_dest: /home/zuul/src/github.com/opentelekomcloud-infra/system-config/inventory/base/gate-hosts.yaml
        write_inventory_exclude_hostvars:
          - ansible_user
          - ansible_python_interpreter
        write_inventory_additional_hostvars:
          public_v4: nodepool.private_ipv4
          public_v6: nodepool.public_ipv6
    - name: Add groups config for test nodes
      template:
        src: "templates/gate-groups.yaml.j2"
        dest: "/etc/ansible/hosts/gate-groups.yaml"
    - name: Update ansible.cfg to use job inventory
      ini_file:
        path: /etc/ansible/ansible.cfg
        section: defaults
        option: inventory
        value: /home/zuul/src/github.com/opentelekomcloud-infra/system-config/inventory/base/gate-hosts.yaml,/home/zuul/src/github.com/opentelekomcloud-infra/system-config/inventory/service/groups.yaml,/etc/ansible/hosts/gate-groups.yaml
    - name: Make host_vars directory
      file:
        path: "/etc/ansible/hosts/host_vars"
        state: directory
    - name: Make group_vars directory
      file:
        path: "/etc/ansible/hosts/group_vars"
        state: directory
    - name: Write hostvars files
      vars:
        bastion_ipv4: "{{ nodepool['private_ipv4'] }}"
        bastion_ipv6: "{{ nodepool['private_ipv6'] | default('') }}"
        bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}"
        firewalld_test_ports_enable:
          # Zuul web console
          - 19885/tcp
          # selenium
          # - 4444/tcp
      template:
        src: "templates/{{ item }}.j2"
        dest: "/etc/ansible/hosts/{{ item }}"
      loop:
        - group_vars/all.yaml
        - group_vars/bastion.yaml
        - group_vars/control-plane-clouds.yaml
        - group_vars/ssl_certs.yaml
        - group_vars/apimon.yaml
        - group_vars/apimon-clouds.yaml
        - group_vars/apimon-inst1.yaml
        - group_vars/statsd.yaml
        - group_vars/graphite.yaml
        - group_vars/memcached.yaml
        - group_vars/alerta.yaml
        - group_vars/gitea.yaml
        - group_vars/keycloak.yaml
        - group_vars/grafana.yaml
        - group_vars/proxy.yaml
        - group_vars/k8s-controller.yaml
        - host_vars/bridge.eco.tsi-dev.otc-service.com.yaml
        - host_vars/epmon.centos-stream.yaml
        - host_vars/epmon.focal.yaml
        - host_vars/hc1.eco.tsi-dev.otc-service.com.yaml
        - host_vars/le1.yaml
        - host_vars/proxy1.centos-stream.yaml
        - host_vars/zk.centos-stream.yaml
    - name: Display group membership
      command: ansible localhost -m debug -a 'var=groups'
    - name: Run base.yaml
      shell: "set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/github.com/opentelekomcloud-infra/system-config/playbooks/base.yaml 2>&1 | tee /var/log/ansible/base.yaml.log"
      args:
        executable: /bin/bash
    - name: Run bridge service playbook
      shell: "set -o pipefail && ansible-playbook -v /home/zuul/src/github.com/opentelekomcloud-infra/system-config/playbooks/service-bridge.yaml 2>&1 | tee /var/log/ansible/service-bridge.yaml.log"
      args:
        executable: /bin/bash
    - name: Run playbook
      when: run_playbooks is defined
      loop: "{{ run_playbooks }}"
      shell: "set -o pipefail && ansible-playbook -f 50 -v /home/zuul/src/github.com/opentelekomcloud-infra/system-config/{{ item }} 2>&1 | tee /var/log/ansible/{{ item | basename }}.log"
      args:
        executable: /bin/bash
    - name: Run test playbook
      when: run_test_playbook is defined
      shell: "set -o pipefail && ANSIBLE_ROLES_PATH=/home/zuul/src/github.com/opentelekomcloud-infra/system-config/playbooks/roles ansible-playbook -v /home/zuul/src/github.com/opentelekomcloud-infra/system-config/{{ run_test_playbook }} 2>&1 | tee /var/log/ansible/{{ run_test_playbook | basename }}.log"
      args:
        executable: /bin/bash

    - name: Generate testinfra extra data fixture
      set_fact:
        testinfra_extra_data:
          zuul_job: '{{ zuul.job }}'
          zuul: '{{ zuul }}'

    - name: Write out testinfra extra data fixture
      copy:
        content: '{{ testinfra_extra_data | to_nice_yaml(indent=2) }}'
        dest: '/home/zuul/testinfra_extra_data_fixture.yaml'

    - name: Make screenshots directory
      file:
        path: '/var/log/screenshots'
        state: directory

    - name: Return screenshots artifact
      zuul_return:
        data:
          zuul:
            artifacts:
              - name: Screenshots
                url: "{{ groups['prod_bastion'][0] }}/screenshots"

    - name: Allow PBR's git calls to operate in system-config, despite not owning it
      command: git config --global safe.directory /home/zuul/src/github.com/opentelekomcloud-infra/system-config

    - name: Run and collect testinfra
      block:
        - name: Run testinfra to validate configuration
          include_role:
            name: tox
          vars:
            tox_envlist: testinfra
            # This allows us to run from external projects (like testinfra
            # itself)
            tox_environment:
              TESTINFRA_EXTRA_DATA: '/home/zuul/testinfra_extra_data_fixture.yaml'
            zuul_work_dir: src/github.com/opentelekomcloud-infra/system-config
      always:
        - name: Return testinfra report artifact
          zuul_return:
            data:
              zuul:
                artifacts:
                  - name: testinfra results
                    url: "{{ groups['prod_bastion'][0] }}/test-results.html"