194 lines
6.0 KiB
YAML
194 lines
6.0 KiB
YAML
# Make sure only one run of a system-config playbook happens at a time
|
|
- semaphore:
|
|
name: infra-prod-playbook
|
|
max: 1
|
|
|
|
- job:
|
|
name: infra-prod-playbook
|
|
parent: otc-infra-prod-base
|
|
description: |
|
|
Run specified playbook against productions hosts.
|
|
|
|
This is a parent job designed to be inherited to enabled
|
|
CD deployment of our infrastructure. Set playbook_name to
|
|
specify the playbook relative to
|
|
/home/zuul/src/github.com/opentelekomcloud-infra/system-config/playbooks
|
|
on bridgeXX.eco.tsi-dev.otc-service.com.
|
|
abstract: true
|
|
semaphore: infra-prod-playbook
|
|
run: playbooks/zuul/run-production-playbook.yaml
|
|
post-run: playbooks/zuul/run-production-playbook-post.yaml
|
|
required-projects:
|
|
- opentelekomcloud-infra/system-config
|
|
vars:
|
|
infra_prod_ansible_forks: 10
|
|
infra_prod_playbook_collect_log: false
|
|
infra_prod_playbook_encrypt_log: true
|
|
nodeset:
|
|
nodes: []
|
|
|
|
- job:
|
|
name: infra-prod-bootstrap-bridge
|
|
parent: otc-infra-prod-setup-keys
|
|
description: |
|
|
Configure the bastion host (bridge)
|
|
This job does minimal configuration on the bastion host
|
|
(bridge.openstack.org) to allow it to run system-config
|
|
playbooks against our production hosts. It sets up Ansible on
|
|
the host.
|
|
Note that this is separate to infra-prod-service-bridge;
|
|
bridge in it's role as the bastion host actaully runs that
|
|
against itself; it includes things not strictly needed to make
|
|
the host able to deploy system-config.
|
|
run: playbooks/zuul/run-production-bootstrap-bridge.yaml
|
|
required-projects:
|
|
- name: github.com/stackmon/ansible-collection-apimon
|
|
override-checkout: main
|
|
- name: github.com/opentelekomcloud/ansible-collection-cloud
|
|
override-checkout: main
|
|
- name: github.com/opentelekomcloud/ansible-collection-gitcontrol
|
|
override-checkout: main
|
|
- name: opendev.org/openstack/ansible-collections-openstack
|
|
override-checkout: main
|
|
files:
|
|
- playbooks/boostrap-bridge.yaml
|
|
- playbooks/zuul/run-production-bootstrap-bridge.yaml
|
|
- playbooks/zuul/run-production-bootstrap-bridge-add-rootkey.yaml
|
|
- playbooks/roles/install-ansible/
|
|
- playbooks/roles/root-keys/
|
|
- inventory/service/host_vars/bridge.eco.tsi-dev.otc-service.com.yaml
|
|
- inventory/base/hosts.yaml
|
|
- inventory/service/group_vars/bastion.yaml
|
|
vars:
|
|
install_ansible_collections:
|
|
- namespace: opentelekomcloud
|
|
name: apimon
|
|
repo: stackmon/ansible-collection-apimon
|
|
- namespace: opentelekomcloud
|
|
name: cloud
|
|
repo: opentelekomcloud/ansible-collection-cloud
|
|
- namespace: opentelekomcloud
|
|
name: gitcontrol
|
|
repo: opentelekomcloud/ansible-collection-gitcontrol
|
|
- namespace: openstack
|
|
name: cloud
|
|
repo: openstack/ansible-collections-openstack
|
|
git_provider: opendev.org
|
|
install_ansible_requirements:
|
|
- hvac
|
|
|
|
- job:
|
|
name: infra-prod-base
|
|
parent: infra-prod-playbook
|
|
description: Run the base playbook everywhere.
|
|
vars:
|
|
playbook_name: base.yaml
|
|
infra_prod_ansible_forks: 50
|
|
files:
|
|
- inventory/
|
|
- inventory/service/host_vars/
|
|
- inventory/service/group_vars/
|
|
- playbooks/base.yaml
|
|
- playbooks/roles/base/
|
|
|
|
- job:
|
|
name: infra-prod-service-base
|
|
parent: infra-prod-playbook
|
|
description: Base job for most service playbooks.
|
|
abstract: true
|
|
irrelevant-files:
|
|
- inventory/service/group_vars/zuul.yaml
|
|
|
|
- job:
|
|
name: infra-prod-base-ext
|
|
parent: infra-prod-service-base
|
|
description: Run base-ext.yaml playbook.
|
|
vars:
|
|
playbook_name: base-ext.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/base-ext.yaml
|
|
- playbooks/roles/base/audit/
|
|
|
|
- job:
|
|
name: infra-prod-service-bridge
|
|
parent: infra-prod-service-base
|
|
description: Run service-bridge.yaml playbook.
|
|
vars:
|
|
playbook_name: service-bridge.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/service-bridge.yaml
|
|
- inventory/service/host_vars/bridge.eco-tsi-dev.otc-service.com.yaml
|
|
- playbooks/roles/logrotate/
|
|
- playbooks/roles/edit-secrets-script/
|
|
- playbooks/roles/install-kubectl/
|
|
- playbooks/roles/firewalld/
|
|
- playbooks/roles/configure-kubectl/
|
|
- playbooks/roles/configure-openstacksdk/
|
|
- playbooks/templates/clouds/
|
|
|
|
- job:
|
|
name: infra-prod-service-x509-cert
|
|
parent: infra-prod-service-base
|
|
description: Run x509-certs.yaml playbook.
|
|
vars:
|
|
playbook_name: x509-certs.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/x509-certs.yaml
|
|
- playbooks/roles/x509_cert
|
|
|
|
- job:
|
|
name: infra-prod-service-gitea
|
|
parent: infra-prod-service-base
|
|
description: Run service-gitea.yaml playbook.
|
|
vars:
|
|
playbook_name: service-gitea.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/service-gitea.yaml
|
|
- playbooks/roles/gitea/
|
|
|
|
- job:
|
|
name: infra-prod-gitea-sync
|
|
parent: infra-prod-service-base
|
|
description: Run sync-gitea-data.yaml playbook
|
|
vars:
|
|
playbook_name: sync-gitea-data.yaml
|
|
files:
|
|
- playbooks/sync-gitea-data.yaml
|
|
|
|
- job:
|
|
name: infra-prod-service-acme-ssl
|
|
parent: infra-prod-service-base
|
|
description: Run acme-certs.yaml playbook.
|
|
vars:
|
|
playbook_name: acme-certs.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/acme-certs.yaml
|
|
- playbooks/roles/acme
|
|
|
|
- job:
|
|
name: infra-prod-service-vault
|
|
parent: infra-prod-service-base
|
|
description: Run service-vault.yaml playbook.
|
|
vars:
|
|
playbook_name: service-vault.yaml
|
|
files:
|
|
- inventory/
|
|
- playbooks/service-vault.yaml
|
|
- playbooks/roles/hashivault
|
|
|
|
- job:
|
|
name: infra-prod-install-cce
|
|
parent: infra-prod-service-base
|
|
description: Install cloud CCE clusters
|
|
vars:
|
|
playbook_name: cloud-cce.yaml
|
|
files:
|
|
- inventory/service/group_vars/cloud-launcher.yaml
|
|
- playbooks/cloud-cce.yaml
|
|
- playbooks/roles/cloud_cce
|