Merge "infra-prod: split out setup steps"

doc/source/misc-jobs.rst

@@ -15,3 +15,5 @@ Specialized Jobs
 These jobs are not for general use.
 
 .. zuul:autojob:: opendev-infra-prod-base
+.. zuul:autojob:: opendev-infra-prod-setup-src
+.. zuul:autojob:: opendev-infra-prod-setup-keys

playbooks/infra-prod/pre.yaml

@@ -1,59 +1,5 @@
-- hosts: localhost
-  tasks:
-    - name: Add bridge.o.o to inventory
-      add_host:
-        name: bridge.openstack.org
-        ansible_python_interpreter: python3
-        ansible_user: zuul
-        # Without setting ansible_host directly, mirror-workspace-git-repos
-        # gets sad because if delegate_to localhost and with add_host that
-        # ends up with ansible_host being localhost.
-        ansible_host: bridge.openstack.org
-        ansible_port: 22
+- name: Setup keys
+  import_playbook: setup-keys.yaml
 
-- hosts: localhost
-  tasks:
-    - name: Add bridge.o.o hostkey to known hosts
-      known_hosts:
-        name: bridge.openstack.org
-        key: "bridge.openstack.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxRzDkWvvVQtsLTAqAwedRWA84/42KKVdFS0QP8lZFsMpgTXUhjipJ7VcFun5gM87tnt0J71rlN+ospBh0/1wfp2jASEskUyGhXAa5xHjnJN7veUyW+AggEosK/OTunvZgf54p1sQg45Sq/uCjc0Ua0fRMOq2o5z/mgpl6rSjLOlWi9wKA/6axnUbs9w4iD5esyBQ+VcISSJOTqhAo/3UG0NwCU+6Ggwwhg0nl5iCMpQfq4A207IbJ72MkJzlQgW3edsRb5POzdZcGxkTYvVdP3kgHP4Bof3MFFZjBUMz6SuRQyNV5poysMtbtlO0SvgAJNhXr6Vn0GA9XhqFP6+HT"
-
-- hosts: bridge.openstack.org
-  tasks:
-    - name: "Make sure a manaul maint isn't going on"
-      wait_for:
-        path: /home/zuul/DISABLE-ANSIBLE
-        state: absent
-        sleep: 10
-        timeout: 3600 # Wait for an hour before bailing
-
-    - name: "Correct ownership of repos"
-      command: "chown -R zuul:zuul /home/zuul/src"
-      # E303: Skip linting since it triggers on the "chown" command,
-      # but we prefer the shell above
-      tags:
-        - skip_ansible_lint
-      # Ignore the error if the dir doesn't exist
-      ignore_errors: true
-      # Do this as root, because it needs to chown root-owned files
-      become: true
-
-    # This role executes code on the executor, so this needs to be in
-    # a trusted playbook.
-    - name: Synchronize src repos to workspace directory.
-      include_role:
-        name: prepare-workspace-git
-
-    # When running from periodic/hourly we want to explicitly override
-    # to run from the tip of master
-    - name: Should we run from master
-      set_fact:
-        infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}"
-
-    - name: Update from master
-      when: infra_prod_run_from_master|bool
-      git:
-        repo: https://opendev.org/opendev/system-config
-        dest: /home/zuul/src/opendev.org/opendev/system-config
-        force: yes
-        version: master
+- name: Setup source
+  import_playbook: setup-source.yaml

playbooks/infra-prod/setup-keys.yaml

@@ -0,0 +1,18 @@
+- hosts: localhost
+  tasks:
+    - name: Add bridge.o.o to inventory
+      add_host:
+        name: bridge.openstack.org
+        ansible_python_interpreter: python3
+        ansible_user: zuul
+        # Without setting ansible_host directly, mirror-workspace-git-repos
+        # gets sad because if delegate_to localhost and with add_host that
+        # ends up with ansible_host being localhost.
+        ansible_host: bridge.openstack.org
+        ansible_port: 22
+
+    - name: Add bridge.o.o hostkey to known hosts
+      known_hosts:
+        name: bridge.openstack.org
+        key: "bridge.openstack.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxRzDkWvvVQtsLTAqAwedRWA84/42KKVdFS0QP8lZFsMpgTXUhjipJ7VcFun5gM87tnt0J71rlN+ospBh0/1wfp2jASEskUyGhXAa5xHjnJN7veUyW+AggEosK/OTunvZgf54p1sQg45Sq/uCjc0Ua0fRMOq2o5z/mgpl6rSjLOlWi9wKA/6axnUbs9w4iD5esyBQ+VcISSJOTqhAo/3UG0NwCU+6Ggwwhg0nl5iCMpQfq4A207IbJ72MkJzlQgW3edsRb5POzdZcGxkTYvVdP3kgHP4Bof3MFFZjBUMz6SuRQyNV5poysMtbtlO0SvgAJNhXr6Vn0GA9XhqFP6+HT"
+

playbooks/infra-prod/setup-source.yaml

@@ -0,0 +1,39 @@
+- hosts: bridge.openstack.org
+  tasks:
+    - name: "Make sure a manual maintenance isn't going on"
+      wait_for:
+        path: /home/zuul/DISABLE-ANSIBLE
+        state: absent
+        sleep: 10
+        timeout: 3600 # Wait for an hour before bailing
+
+    - name: "Correct ownership of repos"
+      command: "chown -R zuul:zuul /home/zuul/src"
+      # E303: Skip linting since it triggers on the "chown" command,
+      # but we prefer the shell above
+      tags:
+        - skip_ansible_lint
+      # Ignore the error if the dir doesn't exist
+      ignore_errors: true
+      # Do this as root, because it needs to chown root-owned files
+      become: true
+
+    # This role executes code on the executor, so this needs to be in
+    # a trusted playbook.
+    - name: Synchronize src repos to workspace directory.
+      include_role:
+        name: prepare-workspace-git
+
+    # When running from periodic/hourly we want to explicitly override
+    # to run from the tip of master
+    - name: Should we run from master
+      set_fact:
+        infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}"
+
+    - name: Update from master
+      when: infra_prod_run_from_master|bool
+      git:
+        repo: https://opendev.org/opendev/system-config
+        dest: /home/zuul/src/opendev.org/opendev/system-config
+        force: yes
+        version: master

zuul.d/jobs.yaml

@@ -599,3 +599,23 @@
       This is not for general use.
     abstract: true
     pre-run: playbooks/infra-prod/pre.yaml
+
+- job:
+    name: opendev-infra-prod-setup-src
+    description: |
+      A base job for replicating source to OpenDev's bridge.
+
+      This is not for general use.
+    abstract: true
+    pre-run:
+      - playbooks/infra-prod/setup-keys.yaml
+      - playbooks/infra-prod/setup-src.yaml
+
+- job:
+    name: opendev-infra-prod-setup-keys
+    description: |
+      A base job for allowing executors to log into OpenDev's bridge.
+
+      This is not for general use.
+    abstract: true
+    pre-run: playbooks/infra-prod/setup-keys.yaml