If a cloud is setup to use server groups, then select it based on the
group we pass via the CLI.
Change-Id: I2662af9daa39024a306d6e60eb8c71a450b67701
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This allow us to start managing updates on windmill deployments.
Change-Id: Iacfa1f59e1e0da97c354c81f0c9d3ae0bd2c8cda
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This is because we are now hosting the roles on opendev.org/windmill.
Change-Id: Icdef724140607862782b37b5d300525deb27c1d5
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Clone directly from opendev.org now, and avoide redirects. This also
fixes gate jobs.
Change-Id: I4c3f028cdf435ca9f388cecf7ffee3a1a5be0374
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We're not able to land a fix due to cross-project dependencies. For now,
don't gate on windmill testing. Once fixed, we'll revert this.
Change-Id: I36631cddd6384324d6ffbe9ff70f24e057355f92
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is helpful to install haveged so we don't run out of entropy.
Change-Id: I6c89b9d618a53f822ae8a9edb0528ac710f19da7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is helpful to enable email services by default, so we can get
notified of issues.
Change-Id: I326c4cdc1cc326904e12338a3ed96b2c59a4cc06
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This check will check windmill_root_users, if they have an email
address, include them in root user forward file for external
notifications.
Change-Id: Ib27b6d23823b477664c413915bf3d5dcf0908294
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
When we bootstrap a server, properly setup /etc/hosts.
Change-Id: I265205f290d3fdc06d0b38aedaba9616cbe32520
Depends-On: https://review.openstack.org/648424
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This is helpful to ensure as we create more windmill_users, they will
use the range under 3000. But new services will be created above 3000.
Change-Id: Ib40fdcc6d255cd66b4d95bd4fee9dd18c98fddd3
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This does not provide rolling restart support, the user should use
--limit properly here.
Change-Id: Id2c3453e67407053454b30d1241f03295b96394b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We now support both an ip / dns address for iptables_allowed_hosts. As a
result we replaced hostname with address.
Change-Id: Ia1accc226ca2ecdafeec4d45ad9296b6fc42b254
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Until the migration for opendev is finished, should be a few weeks, it
doesn't make sense to create new repos to only be moved. For now, we can
source this code in tree, then properly create a new external repo.
Change-Id: If61428718687b903e4b846e76f07bdd399e22134
Depends-On: https://review.openstack.org/645297
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is possible for our windmill-config directory to have another
inventory file. In an effort to stop ansible from picking more then one,
we can force the inventory we want.
Change-Id: Iaf543f0fea3a2f247205b382e86af61d1c321aa4
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
TIL: sudo doesn't exist on Fedora, it is wheel.
Change-Id: I417afa2d871e8f7de49be6a7b02e1ccd1e10bcef
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We now have windmill_users, which is all the users in the system. And
windmill_root_users indicate which users should be considered root.
Change-Id: I2f2240a9fef36372f5aa0642bcc7a1b5403bf60b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is possible that we don't have ansible_hostname in hostvars, but all
hosts in the inventory will have inventory_hostname.
Change-Id: Id15c321dd86ce6cc47e90569327bea0f98b7ef43
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This attempts to manage the SSH host keys of all the hosts in the
inventory. The idea here is each host in the inventory will add a
ansible_ssh_host_key_ecdsa_public variable, then when we first run our
bastion playbook we'll properly populate the local known_hosts file each
time.
Change-Id: I26e328192a7127086e514dc62a27cb946a77440b
Depends-On: https://review.openstack.org/643408
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We didn't properly setup the openstack connection with region
informaiton.
Change-Id: I6daf47f404ef5c8f651168832a61db5196767075
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We now are able to use the default path from ansible (~/.ansible/roles).
Change-Id: If2d2712bc01ea8fcaaa3ad80f48b98abe73f0561
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This didn't actually work as expected, and because our testing was
broken we never caught the failure.
Change-Id: Ic59ef3b9401bebf46150da35aca7eaf659c0a526
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This allows for us to managed multiple project roles in a single
location.
Change-Id: Ice1a40d7ba1a177f2ba6c2ebff123e7186e54087
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It makes a little more sense to have our users role enable no password
for the sudo group.
Change-Id: Ibcba8b2d927dd630d8c9deeeaf5ae162ec5b1aa2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This tries to solve the chicken / egg issue of bootstrapping ansible on
our bastion nodes. Since we use ansible to launch all our servers, we
can add an additional check here to properly configure ansible on our
bastion node so we can then run ansible directly from it.
Change-Id: I38904738068435a2efaa5af7283fcbabbdc1628d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Every host now requires a group, this is mostly because of how our
windmill playbooks are written.
Change-Id: Ia1f54ac6b43e70d5e3474a333343f3ed707b4d7d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This adds the ability for users to boot a server on openstack then
bootstrap the server for ansible, then windmill. There is a fair bit of
assumptions here, but this is a good first start.
Change-Id: Iae2cf70975ba9ad621401db609849b4ebb8efe5d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We'll need to be able to manage the gear service, add playbooks for it.
Change-Id: Ic44f9d00a59dbf158ea2e50474d5c89ed1d9d557
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
If a host is added to the disabled group, we shouldn't be running
commands on that host.
Change-Id: I4fa62fb6668162d2c824b85c061a2e43915c1162
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We can use import_playbook to first stop then start services.
Change-Id: Ifb9434ff9163ebbf48221e7d83a019a855771a67
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This allows to install the ansible dependency if we want to run a
playbook.
Change-Id: Ia5ea5604331b739fe12e3103c4f645e221285af3
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This the initial framework for testing, plus playbook to stop / start /
restart zuul.
Change-Id: Ic941dc8517591c7487c1d901ff7cf2ebb7e7e3ff
Signed-off-by: Paul Belanger <pabelanger@redhat.com>