Remove dependency from system-config

Instead of reusing system-config, just use Hiera as ENC

README.md

@@ -3,7 +3,7 @@ Instructions
 
 1. Run ``bash setup_env.sh``
 2. Run ``source /opt/stack/ansible/hacking/env-setup``
+3. Source your OpenStack cloud environment variables rc file
 3. Run ``cp infra_config.yml.sample infra_config.yml``
 4. Edit infra_config.yml and put your environment values
-5. Run ``ansible-playbook -i <ansible repo folder>/plugins/inventory/openstack.py -e "@infra_config.yml" provision_infra_servers.yml``
-6. Run ``ansible-playbook -i <ansible repo folder>/plugins/inventory/openstack.py -e "@infra_config.yml" site.yml``
+5. Run ``bash run.sh``

bootstrap_gerrit.yml

@@ -1,8 +1,8 @@
 ---
-# file: pre_puppet_gerrit.yml
+# file: boostrap_gerrit.yml
 - hosts: meta-infra_type_gerrit
   gather_facts: no
   user: ubuntu
   sudo: true
   roles:
-    - { role: pre_puppet_gerrit }
+    - { role: bootstrap_gerrit }

bootstrap_puppet_infra_nodes.yml

@@ -1,7 +1,6 @@
 ---
 # file: bootstrap_puppet_infra_nodes.yml
 - hosts: infra:!meta-infra_type_puppetmaster
-  gather_facts: no
   user: ubuntu
   sudo: true
   roles:

deploy_hiera.yml

@@ -1,8 +0,0 @@
----
-# file: deploy_hiera.yml
-- hosts: meta-infra_type_puppetmaster
-  gather_facts: no
-  user: ubuntu
-  sudo: true
-  roles:
-    - { role: deploy_hiera }

deploy_system_config.yml

@@ -1,7 +0,0 @@
----
-# file: deploy_system_config.yml
-- hosts: localhost
-  gather_facts: no
-  connection: local
-  roles:
-    - { role: deploy_system_config }

group_vars/all.yml

@@ -1,2 +1 @@
 ---
-system_config_branch: infra_config

post_puppet_gerrit.yml

@@ -1,8 +0,0 @@
----
-# file: post_puppet_gerrit.yml
-- hosts: meta-infra_type_gerrit
-  gather_facts: no
-  user: ubuntu
-  sudo: true
-  roles:
-    - { role: post_puppet_gerrit }

post_puppet_jenkins.yml

@@ -1,8 +0,0 @@
----
-# file: post_puppet_jenkins.yml
-- hosts: meta-infra_type_jenkins
-  gather_facts: no
-  user: ubuntu
-  sudo: true
-  roles:
-    - { role: post_puppet_jenkins }

requirements.txt

@@ -1,3 +1,4 @@
 shade
 shade-ansible
 jinja2
+docker-py

roles/bootstrap_gerrit/tasks/main.yml

@@ -8,6 +8,8 @@
 
 - apt: name=python-mysqldb state=present
 
+- apt: name=haveged state=present
+
 - mysql_db: name=reviewdb state=present
 
 - service: name=mysql state=running enabled=yes

roles/bootstrap_puppet_infra_node/tasks/main.yml

@@ -1,22 +1,26 @@
 ---
-# Update packages
-- apt: update_cache=yes 
+- name: Get deb package for Puppetlabs repository
+  get_url: >
+    url=https://apt.puppetlabs.com/puppetlabs-release-{{ansible_distribution_release}}.deb
+    dest=/tmp/puppetlabs-release-{{ansible_distribution_release}}.deb
 
-# Download install_puppet.sh from system-config
-- get_url: 
-    url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_puppet.sh
-    dest=/tmp/install_puppet.sh
+- name: Install Puppetlabs repository deb package
+  apt: deb=/tmp/puppetlabs-release-{{ansible_distribution_release}}.deb
 
-# Install puppet
-- command: bash -x /tmp/install_puppet.sh
-  tags: install_puppet
+- name: Install Puppet package after updating cache
+  apt: name=puppet update_cache=yes
 
-# Deploy puppet.conf template
-- template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf
+- name: Deploy /etc/puppet.conf template
+  template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf
 
-# Set puppet service running
-- service: name=puppet enabled=yes state=started
+- name: Start puppet agent service
+  service: name=puppet enabled=yes state=started
 
-# Run puppet agent to request certificate
-- command: puppet agent --test
-  ignore_errors: True
+- name: Enable puppet agent, as it is disabled upon installation
+  command: puppet agent --enable
+
+- name: Install pip from Ubuntu (some classes do not install it properly)
+  apt: name=python-pip
+
+- name: Run puppet agent to apply configuration
+  puppet:

roles/bootstrap_puppetmaster/files/generate_hiera_common.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+
+import paramiko
+import random
+import string
+import StringIO
+import yaml
+
+KEY_LENGTH = 2048
+HIERA_SSH_PARAMS = [('puppetmaster_root_rsa_key', 'puppetmaster_root_rsa_pub_key'),
+                    ('jenkins_ssh_private_key', 'jenkins_ssh_public_key'),
+                    ('zuul_ssh_private_key_contents', 'zuul_ssh_public_key_contents'),
+                    ('gerrit_ssh_rsa_key_contents', 'gerrit_ssh_rsa_pubkey_contents'),
+                    ('gerrit_project_ssh_rsa_key_contents', 'gerrit_project_ssh_rsa_pubkey_contents')]
+HIERA_PASSWORD_PARAMS = ['jenkins_jobs_password', 'gerrit_mysql_password']
+HIERA_COMMON_YAML_FILE = '/etc/puppet/hieradata/production/common.yaml'
+
+d = {}
+
+for h in HIERA_SSH_PARAMS:
+    out = StringIO.StringIO()
+    k = paramiko.RSAKey.generate(KEY_LENGTH)
+    k.write_private_key(out)
+    d[h[0]] = out.getvalue()
+    d[h[1]] = k.get_name() + ' ' + k.get_base64()
+    out.close()
+
+for h in HIERA_PASSWORD_PARAMS:
+    d[h] = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(12))
+
+
+with open(HIERA_COMMON_YAML_FILE, "w") as f:
+    yaml.safe_dump(d, f, explicit_start=True, default_flow_style=False)

roles/bootstrap_puppetmaster/files/hiera.yaml

@@ -0,0 +1,8 @@
+---
+:hierarchy:
+  - "fqdn/%{::fqdn}"
+  - common
+:backends:
+  - yaml
+:yaml:
+  :datadir: '/etc/puppet/hieradata/%{environment}'

roles/bootstrap_puppetmaster/files/site.pp

@@ -0,0 +1 @@
+hiera_include('classes', [])

roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml

@@ -1,15 +0,0 @@
----
-# Install puppetmaster packages
-- apt: name={{ item }} state=installed
-  with_items:
-    - puppetmaster-passenger
-    - hiera
-    - hiera-puppet
-
-# Puppet apply the puppetmaster manifest
-- command: > 
-    puppet apply --modulepath='/opt/system-config/production/modules:/etc/puppet/modules'
-    /opt/system-config/production/manifests/site.pp
-  tags: puppet_apply
-
-- service: name=puppet enabled=yes state=started

roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml

@@ -1,8 +0,0 @@
----
-# Install puppet
-- command: bash /opt/system-config/production/install_puppet.sh
-  tags: install_puppet
-
-# Install puppet modules
-- command: bash /opt/system-config/production/install_modules.sh
-  tags: install_puppet_modules

roles/bootstrap_puppetmaster/tasks/main.yml

@@ -1,4 +1,64 @@
 ---
-- include: rsync_system_config.yml
-- include: install_puppet_and_modules.yml
-- include: configure_puppetmaster.yml
+- name: Install required packages
+  apt: name={{ item }} state=installed
+  with_items:
+    - puppet
+    - puppetmaster-passenger
+    - puppetmaster
+    - python-paramiko
+
+- name: Download install_modules.sh script
+  get_url: >
+    url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_modules.sh
+    dest=/tmp/install_modules.sh
+
+- name: Download modules.env file required by install_modules.sh
+  get_url: >
+    url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/modules.env
+    dest=/tmp/modules.env
+
+- name: Run install_modules.sh to install all openstack-infra Puppet modules
+  command: bash /tmp/install_modules.sh
+
+- name: Deploy /etc/puppet.conf template
+  template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf
+
+- name: Copy top-level site.pp to /etc/puppet/manifests
+  copy: src=site.pp dest=/etc/puppet/manifests
+
+- name: Create /etc/puppet/hieradata folder
+  file: path=/etc/puppet/hieradata state=directory
+
+- name: Create /etc/puppet/hieradata/production folder
+  file: path=/etc/puppet/hieradata/production state=directory
+
+- name: Create /etc/puppet/hieradata/production/fqdn folder
+  file: path=/etc/puppet/hieradata/production/fqdn state=directory
+
+- name: Copy hiera.yaml to /etc/puppet/
+  copy: src=hiera.yaml dest=/etc/puppet
+
+- name: Run generate_hiera_common.py to populate common.yaml
+  script: generate_hiera_common.py
+
+- name: Deploy Gerrit server template for hiera
+  template: >
+    src=gerrit.yaml.j2 
+    dest=/etc/puppet/hieradata/production/fqdn/{{ groups['meta-infra_type_gerrit'][0] }}.yaml
+
+- name: Deploy Zuul server template for hiera
+  template: >
+    src=zuul.yaml.j2 
+    dest=/etc/puppet/hieradata/production/fqdn/{{ groups['meta-infra_type_zuul'][0] }}.yaml
+
+- name: Start puppet agent service
+  service: name=puppet enabled=yes state=started
+
+- name: Start puppet agent
+  service: name=puppetmaster enabled=yes state=started
+
+- name: Enable puppet agent, as it is disabled upon installation
+  command: puppet agent --enable
+
+- name: Run puppet agent to apply configuration
+  puppet:

roles/bootstrap_puppetmaster/tasks/rsync_system_config.yml

@@ -1,6 +0,0 @@
----
-- file: path=/opt/system-config state=directory
-
-# Synchronize system-config from local to dest machine
-- synchronize: src=/tmp/infra-ansible/system-config/production dest=/opt/system-config/
-  tags: rsync_system_config

roles/bootstrap_puppetmaster/templates/gerrit.yaml.j2

@@ -0,0 +1,8 @@
+---
+classes:
+  - gerrit
+
+gerrit::mysql_password: "%{hiera('gerrit_mysql_password')}"
+gerrit::gerrit_auth_type: DEVELOPMENT_BECOME_ANY_ACCOUNT
+gerrit::war: http://tarballs.openstack.org/ci/gerrit/gerrit-v2.10.2.23.039a170.war
+gerrit::secondary_index: true

roles/bootstrap_puppetmaster/templates/puppet.conf.j2

@@ -0,0 +1,16 @@
+[main]
+server={{ groups['meta-infra_type_puppetmaster'][0] }}
+certname={{ inventory_hostname }}
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN 
+ssl_client_verify_header = SSL_CLIENT_VERIFY
+autosign = true

roles/bootstrap_puppetmaster/templates/zuul.yaml.j2

@@ -0,0 +1,12 @@
+---
+classes:
+  - project_config
+  - zuul
+  - zuul::server
+
+project_config::url: git://git.openstack.org/openstack-infra/project-config
+zuul::gerrit_server: {{ groups['meta-infra_type_gerrit'][0] }}
+zuul::gerrit_user: gerrit
+zuul::zuul_ssh_private_key: "%{hiera(zuul_ssh_private_key_contents)}"
+zuul::zuul_url: http://{{ groups['meta-infra_type_zuul'][0] }}/p
+zuul::server::layout_dir: "%{::project_config::zuul_layout_dir}"

roles/common/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-# Update packages
-- apt: update_cache=yes
+- name: Update packages 
+  apt: update_cache=yes
 
-# Install git
-- apt: name=git
+- name: Install git package
+  apt: name=git

roles/deploy_system_config/tasks/clone_system_config_locally.yml

@@ -1,29 +0,0 @@
----
-# Clone system-config locally in the command machine
-- git: repo="{{ system_config_repo_url }}"
-       dest=/tmp/infra-ansible/system-config/production
-       version=master
-       accept_hostkey=True
-       force=True
-  tags: clone_system_config_locally
-
-- command: git symbolic-ref --short -q HEAD
-  args:
-    chdir: /tmp/infra-ansible/system-config/production
-  register: checked_out_branch
-
-- command: git show-ref --verify --quiet refs/heads/"{{ system_config_branch }}"
-  args:
-    chdir: /tmp/infra-ansible/system-config/production
-  register: system_config_branch_exists
-  ignore_errors: True
-
-- command: git checkout -b "{{ system_config_branch }}"
-  args:
-    chdir: /tmp/infra-ansible/system-config/production
-  when: system_config_branch_exists|failed
-
-- command: git checkout "{{ system_config_branch }}"
-  args:
-    chdir: /tmp/infra-ansible/system-config/production
-  when: system_config_branch_exists|success and checked_out_branch.stdout != "{{ system_config_branch }}"

roles/deploy_system_config/tasks/commit_changes.yml

@@ -1,5 +0,0 @@
----
-- command: git commit -a -m "deploy_system_config commit from infra-ansible"
-  args:
-    chdir: /tmp/infra-ansible/system-config/production
-  ignore_errors: True

roles/deploy_system_config/tasks/create_temp_folder.yml

@@ -1,2 +0,0 @@
----
-- file: path=/tmp/infra-ansible state=directory

roles/deploy_system_config/tasks/generate_site_pp.yml

@@ -1,3 +0,0 @@
----
-# Generate site.pp
-- template: src=site.pp.j2 dest=/tmp/infra-ansible/system-config/production/manifests/site.pp

roles/deploy_system_config/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- include: create_temp_folder.yml
-- include: clone_system_config_locally.yml
-- include: generate_site_pp.yml
-- include: commit_changes.yml

roles/deploy_system_config/templates/site.pp.j2

@@ -1,146 +0,0 @@
-#
-# Top-level variables
-#
-# There must not be any whitespace between this comment and the variables or
-# in between any two variables in order for them to be correctly parsed and
-# passed around in test.sh
-#
-
-#
-# Default: should at least behave like an openstack server
-#
-node default {
-  class { 'openstack_project::server':
-    sysadmins => hiera('sysadmins', []),
-  }
-}
-
-#
-# Long lived servers:
-#
-node '{{ groups['meta-infra_type_gerrit'][0] }}' {
-  class { 'openstack_project::gerrit':
-    ssl_cert_file                   => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
-    ssl_key_file                    => '/etc/ssl/private/ssl-cert-snakeoil.key',
-    ssl_chain_file                  => '',
-    mysql_host                      => hiera('gerrit_mysql_host', 'localhost'),
-    mysql_password                  => hiera('gerrit_mysql_password', 'XXX'),
-    email_private_key               => hiera('gerrit_email_private_key', 'XXX'),
-    email                           => 'review@infra-ansible.cloud',
-    contactstore                    => false,
-    acls_dir                        => $::project_config::gerrit_acls_dir,
-    notify_impact_file              => $::project_config::gerrit_notify_impact_file,
-    projects_file                   => $::project_config::jeepyb_project_file,
-    ssh_rsa_key_contents            => hiera('gerrit_ssh_rsa_key_contents', 'XXX'),
-    ssh_rsa_pubkey_contents         => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'),
-    ssh_project_rsa_key_contents    => hiera('gerrit_project_ssh_rsa_key_contents', 'XXX'),
-    ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents', 'XXX'),
-    sysadmins                       => hiera('sysadmins', []),
-    database_poollimit                  => '150',
-    container_heaplimit                 => '8g',
-    core_packedgitopenfiles             => '4096',
-    core_packedgitlimit                 => '400m',
-    core_packedgitwindowsize            => '16k',
-    sshd_threads                        => '100',
-    httpd_maxwait                       => '5000min',
-    war                             => 'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.8.4.19.4548330.war',
-    testmode                        => true,
-    replication                     => [
-      {
-        name                 => 'local',
-        url                  => 'file:///opt/lib/git/',
-        replicationDelay     => '1',
-        threads              => '4',
-        mirror               => true,
-      },
-    ],
-  }
-
-  class { 'project_config':
-    url => 'https://git.openstack.org/openstack-infra/project-config',
-  }
-}
-
-node '{{ groups['meta-infra_type_jenkins'][0] }}' {
-  $group = "jenkins"
-  class { 'openstack_project::jenkins':
-    project_config_repo     => 'https://git.openstack.org/openstack-infra/project-config',
-    jenkins_jobs_password   => hiera('jenkins_jobs_password', 'XXX'),
-    jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
-    ssl_cert_file           => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
-    ssl_key_file            => '/etc/ssl/private/ssl-cert-snakeoil.key',
-    ssl_chain_file          => '',
-    sysadmins               => hiera('sysadmins', []),
-    zmq_event_receivers     => ['{{ groups['meta-infra_type_nodepool'][0] }}'],
-  }
-}
-
-node '{{ groups['meta-infra_type_puppetmaster'][0] }}' {
-  class { 'openstack_project::puppetmaster':
-    root_rsa_key        => hiera('puppetmaster_root_rsa_key', 'XXX'),
-    sysadmins           => hiera('sysadmins', []),
-    version             => '3.6.',
-    puppetmaster_server => '{{ groups['meta-infra_type_puppetmaster'][0] }}',
-    puppetdb            => false,
-  }
-}
-
-node 'puppetdb.openstack.org' {
-  class { 'openstack_project::puppetdb':
-    sysadmins => hiera('sysadmins', []),
-  }
-}
-
-node 'nodepool.openstack.org' {
-  class { 'openstack_project::nodepool_prod':
-    project_config_repo      => 'https://git.openstack.org/openstack-infra/project-config',
-    mysql_password           => hiera('nodepool_mysql_password', 'XXX'),
-    mysql_root_password      => hiera('nodepool_mysql_root_password', 'XXX'),
-    nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
-    sysadmins                => hiera('sysadmins', []),
-    statsd_host              => 'graphite.openstack.org',
-    jenkins_api_user         => hiera('jenkins_api_user', 'username'),
-    jenkins_api_key          => hiera('jenkins_api_key', 'XXX'),
-    jenkins_credentials_id   => hiera('jenkins_credentials_id', 'XXX'),
-    rackspace_username       => hiera('nodepool_rackspace_username', 'username'),
-    rackspace_password       => hiera('nodepool_rackspace_password', 'XXX'),
-    rackspace_project        => hiera('nodepool_rackspace_project', 'project'),
-    hpcloud_username         => hiera('nodepool_hpcloud_username', 'username'),
-    hpcloud_password         => hiera('nodepool_hpcloud_password', 'XXX'),
-    hpcloud_project          => hiera('nodepool_hpcloud_project', 'project'),
-    tripleo_username         => hiera('nodepool_tripleo_username', 'username'),
-    tripleo_password         => hiera('nodepool_tripleo_password', 'XXX'),
-    tripleo_project          => hiera('nodepool_tripleo_project', 'project'),
-  }
-}
-
-node /^zm\d+\.openstack\.org$/ {
-  $group = "zuul-merger"
-  class { 'openstack_project::zuul_merger':
-    gearman_server       => 'zuul.openstack.org',
-    gerrit_server        => 'review.openstack.org',
-    gerrit_user          => 'jenkins',
-    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'),
-    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'),
-    sysadmins            => hiera('sysadmins', []),
-  }
-}
-
-node '{{ groups['meta-infra_type_zuul'][0] }}' {
-  class { 'openstack_project::zuul_prod':
-    project_config_repo  => 'https://git.openstack.org/openstack-infra/project-config',
-    gerrit_server        => '{{ groups['meta-infra_type_gerrit'][0]}} ',
-    gerrit_user          => 'jenkins',
-    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'),
-    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'),
-    url_pattern          => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
-    zuul_url             => 'http://{{ groups['meta-infra_type_zuul'][0] }}/p',
-    sysadmins            => hiera('sysadmins', []),
-    statsd_host          => '',
-    gearman_workers      => [
-      '{{ groups['meta-infra_type_jenkins'][0] }}',
-    ],
-  }
-}
-
-# vim:sw=2:ts=2:expandtab:textwidth=79

roles/post_puppet_gerrit/tasks/main.yml

@@ -1,26 +0,0 @@
----
-# Enable ssh agent forwarding with sudo
-- lineinfile: dest=/etc/sudoers state=present regexp='^Defaults env_keep\+\=SSH_AUTH_SOCK' line='Defaults env_keep+=SSH_AUTH_SOCK'
-
-- pause: 
-    prompt: | 
-      Please login to "{{ groups['meta-infra_type_gerrit'][0] }}" 
-      with your OpenID, set your user preferences and enter
-      your user account name 
-  register: gerrit_prompt_var
-
-- command: hiera -c /etc/puppet/hiera.yaml zuul_ssh_public_key_contents environment=production
-  delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}"
-  register: zuul_ssh_public_key_contents
-
-- command: hiera -c /etc/puppet/hiera.yaml gerrit_project_ssh_rsa_pubkey_contents environment=production
-  delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}"
-  register: gerrit_project_ssh_rsa_pubkey_contents
-
-- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-group "'Project Bootstrappers'"
-
-- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-group "'Continuous Integration Tools'"
-
-- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-account --group "'Continuous Integration Tools'" --group Administrators --full-name "'Project Creator'" --email creator@infra-ansible."{{ domainname }}" --ssh-key "'{{ gerrit_project_ssh_rsa_pubkey_contents.stdout }}'" openstack-project-creator
-
-- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-account --group "'Continuous Integration Tools'" --group "'Non-Interactive Users'" --full-name "'Zuul'" --email zuul@infra-ansible."{{ domainname }}" --ssh-key "'{{ zuul_ssh_public_key_contents.stdout }}'" jenkins

roles/post_puppet_jenkins/tasks/main.yml

@@ -1,22 +0,0 @@
----
-# Get JJB user password from Hiera
-- command: hiera -c /etc/puppet/hiera.yaml jenkins_jobs_password environment=production
-  delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}"
-  register: jenkins_jobs_password
-  no_log: True
-
-# Download Jenkins CLI
-- get_url: url=http://localhost:8080/jnlpJars/jenkins-cli.jar dest=/tmp/jenkins-cli.jar
-  register: result
-  until: result|success
-  retries: 5
-  delay: 10
-
-# Create JJB user
-- shell: echo 'hpsr=new hudson.security.HudsonPrivateSecurityRealm(false); hpsr.createAccount("gerrig", "{{ jenkins_jobs_password }}")' | java -jar /tmp/jenkins-cli.jar -s http://localhost:8080 groovy =
-  no_log: True
-
-# Trigger jenkins-jobs update in fire&forget mode, since it takes a long time to complete
-- command: jenkins-jobs update /etc/jenkins_jobs/config --delete-old
-  async: 3600
-  poll: 0

roles/set_hostnames/tasks/main.yml

@@ -3,7 +3,8 @@
 # Inspired by: 
 # https://github.com/ansible/ansible/pull/8482)
 # https://gist.github.com/rothgar/8793800
-- hostname: name="{{ inventory_hostname.split('.', 1)[0] }}"
+- name: Set /etc/hostname 
+  hostname: name="{{ inventory_hostname.split('.', 1)[0] }}"
 
 # " lovely lonely double-quote for fixing vim highlighting
 

run.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+ansible-playbook -i hosts provision_infra_servers.yml -e "@infra_config.yml"
+ansible-playbook -i /opt/stack/ansible/contrib/inventory/openstack.py site.yml -e "@infra_config.yml"

run_puppet_infra_nodes.yml

@@ -1,8 +0,0 @@
----
-# file: run_puppet_infra_nodes
-- hosts: infra:!meta-infra_type_puppetmaster
-  gather_facts: no
-  user: ubuntu
-  sudo: true
-  roles:
-    - { role: run_puppet_infra_nodes }

sign_infra_nodes_certs.yml

@@ -1,8 +0,0 @@
----
-# file: sign_infra_nodes_certs
-- hosts: meta-infra_type_puppetmaster
-  gather_facts: no
-  user: ubuntu
-  sudo: true
-  roles:
-    - { role: sign_infra_nodes_certs }

site.yml

@@ -2,12 +2,6 @@
 # file: site.yml
 - include: common.yml
 - include: set_hostnames.yml
-- include: deploy_system_config.yml
-- include: deploy_hiera.yml
 - include: bootstrap_puppetmaster.yml
+- include: bootstrap_gerrit.yml
 - include: bootstrap_puppet_infra_nodes.yml
-- include: sign_infra_nodes_certs.yml
-- include: pre_puppet_gerrit.yml
-- include: run_puppet_infra_nodes.yml
-- include: post_puppet_gerrit.yml
-- include: post_puppet_jenkins.yml