Since I53cb63ffa4ae50575d4fa37b24323ad13ec1bac3 some puppet runs are
failing because system-config:playbooks/roles/set-hostname moved to
roles/set-hostname and became a symlink. rsync refuses to overwrite
the directory with a symlink because it seems to not be empty, because
we never removed the files in it.
Handle the possibility of things moving around like this by
specifying delete so old files are cleared out.
Finally set manifest_base dir ownership and mode to address linter E208.
Depends-On: https://review.opendev.org/762181
Change-Id: I249d713214d8383a3ccfe1a400404cbdcb97dcc6
rsyncing the puppet modules can be super chatty and not super
interesting. Add a flag to turn it off.
Change-Id: I7206955aeb335adafb8625c89d8b8a70078d666c
When we're logging inside of ansible, turning off ansi colors can
be nice. Especially inside of Zuul.
Change-Id: I719ebb106fbb31795cc02c9504507bdae607bcdd
Newer ansible (2.7) is far more picky about always blocks being a part
of block blocks. This means you cannot have a set of when conditions
apply to a standalone always block. Fix our use of this by putting our
always block in the run puppet block then move the always tasks into a
block of their own with a condition set.
Change-Id: I50988b6b312e4d00b73ca4454e0420913d4ae181
On a bare system, bridge.o.o will be trying to rsync /opt/system-config/
to /opt/system-config/production - but if /opt/system-config doesn't
exist on the remote host, the rsync will fail. Make sure we create the
directory.
Change-Id: Id56a537fe2352c099b81559eb4032138ba108bed
In order to support the layouts being different on the management server
and the remote nodes, we need to also be able to override the location
of the link that gets made. Add a variable that defaults to the old
value.
Change-Id: I7434c1b1a9d79f04b3e872e750057d69490e80e0
We have it currently hardcoded that the manifests on the management
server are going to have an environment path. Add a variable to allow
override of that idea.
Change-Id: I226c030332ff93c3ee74650c7ab725994971f007
Needed-By: https://review.openstack.org/592763
If we set puppet_version as an inventory variable, then we can drive
behavior from that variable, including updating puppet. Add the ability
to set it here. A followup change in system-config will start setting
it, but starting off it should be a no-op.
Change-Id: I773ba3a2137b62ae2b3440dd02b3cdfb2099a62d
Infra has adopted the approach of indenting lists an extra level
instead of starting their '-' at the same level as the parent element.
Additionally, Infra uses .yaml extensions instead of .yml extensions.
This role predates Infra having enough ansible to have opinions, so
update it to match current practice.
Also, while we're in there, update when clauses that have an 'and' in
them to just use the list form of when, and change 'include:' to
'include_tasks:'.
Change-Id: Icbeaf99c4d103091ee094e2fa219d7e16229b998
ansible-role-puppet attempts to infer where it should copy hieradata
from based on puppet3 or puppet4. However, for hosts that are not
running puppet themselves this isn't going to work very well. Allow a
user to set mgmt_hieradata explicity.
Change-Id: Ie533da9af71ab84ce6e95dc63ceb8426740f53a3
We are already organizing our hiera content basically the same way as
ansible needs for variables to be provided. If we reorganize the
directories slightly (to be coordinated with dirs on puppetmaster)
then we can have a single directory do double-duty.
Change-Id: I6ac90a7439ed8a5d9433d9526f37e44668b360ff
This requires we get the magical symlink between hieradata in
/opt/system-config to line up with the actual on disk environment
specific hiera location which differs between puppet 3 and 4.
Change-Id: Id4d7a0af72efddb758d94c6437bb1c331d12f406
This patch ensures that hiera data and puppet modules, and puppet config
are copied to the right directory depending on the current puppet
version. Since it's possible for the ansible management server and the
managed nodes to have different puppet versions, we need to account for
the possibility that the source and destination paths might be
different. We also don't need to hardcode the various config paths in
config or manage environments since we're using the defaults and
hardcoding them would make them incorrect for one or the other puppet
versions.
Change-Id: I164f91f9a7942e8c5f059652634ec1078ae41aae
It is possible we want our puppet role to run longer then 30mins,
expose the ability for a user to change it.
Change-Id: Id42ba80a5118a9f93e45619ac6ecc5baa774549a
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
check_mode causes other things that we may want to actually happen
(such as setting up hiera) not to run. This way we can do all of
those but still run puppet in noop.
Change-Id: I32f07a032d28f5c5d04e9eeb50b94f7c0a57ce53
We are running into OOM issues on puppetmaster.o.o and our current
thought process is because we are using connection: local, this is
causing ansible to fork many times over, which is an expensive task.
Change-Id: I3f2646765f0b442f7533aa7be44fc42b1916f172
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We should always upload to puppetboard (even when puppet fails) if the
puppetboard server is defined. This allows puppetboard to learn of both
successful and failed puppet runs.
Change-Id: I62a78200052443997baf549256c78b38bd37f63e
On first runs, this logfile is not going to be found. This
is causing ansible to crash and stop applying puppet in consecutive
nodes.
Add a condition to safely fail, and abort play if no files can
be found.
Change-Id: I22a5ebbcaa603b25920fd638211f3663e81e09b0
Bare variables are deprecated in Ansible now, we should wrap them
in jinja stuff so that the deprecation warning goes away.
Change-Id: Ib2bd6ae508eacaa274c16e08fe3ef384e4700776
We want to report as the puppetmaster, not as the host in question.
Change-Id: I0462a898502ad709e046be76c19c9e11f4617335
Depends-On: I290ad569283390bac2a74a9991331c9e86821ab7
Previously the puppetmaster was creating reports directories. Now that
ansible is in charge, it must do it.
Change-Id: I26e1e2ebd45f0c7d75652f9acb9999aee8a3e40c
So that we can upstream this, make the log output from the puppet
command configurable with a default value being what it was for us
before. As part of that, restore returning stdout and stderr even though
they'll be empty.
Depends-On: I22b1d0e1fb635f2c626d75a11764725c8753bf24
Change-Id: I245ac8c3533cce4a598909c03e1f2ba0f7b06850
Allows ansible-puppet to configure settings for
puppet when manage_config flag is set.
Co-Authored-By: Yolanda Robla <info@ysoft.biz>
Change-Id: I6cb8dff569f2cca8bca7359412d01cc7ec009c54
We need to copy the puppet modules BEFORE we make a link to the
hieradata into the manifest_base directory. Doh.
Change-Id: Ic62f32f50012b9787773fb436ce50a616adf42f7
Although there is no harm in this case, the task in question has a
with_items on a variable that is not set because the previous task did
not run. In this case, it did not run because it's in a block with a
when that did not match - but in the context of a task, when is applied
after with_items and is applied to each with_item, rather than to the
task as a whole. To make the task complete, add a |default() jinja
filter so that the undefined variable is replaced with a defined but
empty value.
Change-Id: I2029b7cac3634a5fe7232f6f823e803e1f4250e6
Turns out we want module.exit_json, not module_exit_json. Oops. Also,
two other small ansible task cleanups found looking at the runs.
Change-Id: I8737d5b1e675bfb89ee1db2f2c434c601d419f5e
It's actually a puppet environment, not a hiera environment. So let's
call it that, otherwise nibalizer will be sad.
Change-Id: I0175596329e9f7eb7a079513bfa17dd18d53b753
Checking for all of the paths in ansible leads to a TON of skipped lines
in the ansible log. That's not good for anybody, and we're already
processing the paths in python - let's do a quick filter to check for
which ones exist before returning them.
Change-Id: Iddf3c56c802598329a18c374cf667a6f165f78ca
Based on some earlier review feedback, add defaults for copy_puppet and
copy_hieradata so that we don't have to check if they are defined. Also,
split the and condition in when to be a list of conditions.
Change-Id: I68bd332bdfae6880b582203161798f709dc45a45
One of the cool shiny new features from ansible 2.0 are "blocks", which
allow you to group like tasks.
Change-Id: If0a7c07140db15c9ae7c1671e6181ac7a4553f25