2.2 KiB
- title
Bridge
Bridge
Bridge is a bastion host that is the starting point for ops operations in OpenTelekomCloudEco. It is the server from which Ansible is run, and contains decrypted secure information such as passwords. The bridge server contains all of the ansible playbooks as well as the scripts to create new servers.
Sensitive information like passwords is stored encrypted in the private git and are pulled by the bridge host on a cron basis.
At a Glance
- Projects
- Bugs
- Resources
Ansible Hosts
In OTC Eco, all host configuration is done via ansible playbooks.
Adding a node
In principle hosts in the inventory (inventory/base/hosts.yaml) contain required variables so that playbooks are able to provision the infrastructure. This is not yet implemented for all hosts/systems.
Running Ansible on Nodes
Each service that has been migrated fully to Ansible has its own playbook in :git_file:`playbooks named service_{ service_name }.yaml`.
Because the playbooks are normally run by zuul, to run them manually, first run the utility disable-ansible as root. That will touch the file /home/zuul/DISABLE-ANSIBLE. We use the utility to avoid mistyping the lockfile name. Then make sure no jobs are currently executing ansible. Ensure that /home/zuul/src/github.com/opentelekomcloud-infra/system-config is in the appropriate state, then run:
cd /home/zuul/src/github.com/opentelekomcloud-infra/system-config
ansible-playbook --limit="$HOST:localhost" playbooks/service-$SERVICE.yamlas root, where $HOST is the host you want to run puppet on. The :localhost is important as some of the plays depend on performing a task on the localhost before continuing to the host in question, and without it in the limit section, the tasks for the host will have undefined values.
When done, don't forget to remove /home/zuul/DISABLE-ANSIBLE
Disabling Ansible on Nodes
In the case of needing to disable the running of ansible on a node, it's a simple matter of adding an entry to the ansible inventory "disabled" group.