diff --git a/bootstrap.yml b/bootstrap.yml
deleted file mode 100644
index fefaacc..0000000
--- a/bootstrap.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# file: bootstrap.yml
-- hosts: infra
- user: ubuntu
- sudo: true
- roles:
- - { role: set_hostnames }
-
-- hosts: meta-infra_type_puppetmaster
- user: ubuntu
- sudo: true
- roles:
- - { role: install_required_packages }
- - { role: clone_system_config }
- - { role: branch_system_config }
- - { role: install_puppet_and_modules }
- - { role: configure_puppetmaster }
- - { role: generate_puppet_certificates }
diff --git a/bootstrap_puppet_infra_nodes.yml b/bootstrap_puppet_infra_nodes.yml
new file mode 100644
index 0000000..b01e589
--- /dev/null
+++ b/bootstrap_puppet_infra_nodes.yml
@@ -0,0 +1,7 @@
+---
+# file: bootstrap_puppet_infra_nodes.yml
+- hosts: infra:!meta-infra_type_puppetmaster
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: bootstrap_puppet_infra_nodes }
diff --git a/bootstrap_puppetmaster.yml b/bootstrap_puppetmaster.yml
new file mode 100644
index 0000000..e9a58dd
--- /dev/null
+++ b/bootstrap_puppetmaster.yml
@@ -0,0 +1,7 @@
+---
+# file: bootstrap_puppetmaster.yml
+- hosts: meta-infra_type_puppetmaster
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: bootstrap_puppetmaster }
diff --git a/common.yml b/common.yml
new file mode 100644
index 0000000..ab33f54
--- /dev/null
+++ b/common.yml
@@ -0,0 +1,7 @@
+---
+# file: set_hostnames.yml
+- hosts: infra
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: common }
diff --git a/deploy_hiera.yml b/deploy_hiera.yml
new file mode 100644
index 0000000..93b57c0
--- /dev/null
+++ b/deploy_hiera.yml
@@ -0,0 +1,7 @@
+---
+# file: deploy_hiera.yml
+- hosts: meta-infra_type_puppetmaster
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: deploy_hiera }
diff --git a/deploy_site_pp.yml b/deploy_site_pp.yml
new file mode 100644
index 0000000..f2234de
--- /dev/null
+++ b/deploy_site_pp.yml
@@ -0,0 +1,6 @@
+---
+# file: deploy_site_pp.yml
+- hosts: localhost
+ connection: local
+ roles:
+ - { role: deploy_site_pp }
diff --git a/gerrit.yml b/gerrit.yml
new file mode 100644
index 0000000..e69de29
diff --git a/group_vars/all.yml b/group_vars/all.yml
new file mode 100644
index 0000000..c2435a0
--- /dev/null
+++ b/group_vars/all.yml
@@ -0,0 +1,4 @@
+---
+system_config_repo_url: git@github.com:rcarrillocruz/system-config.git
+system_config_repo_https_url: https://github.com/rcarrillocruz/system-config.git
+system_config_branch: infra_config
diff --git a/infra_config.yml b/infra_config.yml
index 0460da4..768a3bb 100644
--- a/infra_config.yml
+++ b/infra_config.yml
@@ -1,5 +1,5 @@
---
-infra_config:
+infra_servers:
- name: puppetdb.infra.test.rcarrillocruz.cloud
image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
flavor: standard.small
diff --git a/jenkins.yml b/jenkins.yml
new file mode 100644
index 0000000..e69de29
diff --git a/nodepool.yml b/nodepool.yml
new file mode 100644
index 0000000..e69de29
diff --git a/provision.yml b/provision.yml
deleted file mode 100644
index 931d2ff..0000000
--- a/provision.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# file: provision.yml
-- hosts: localhost
- connection: local
- roles:
- - { role: provision }
diff --git a/provision_infra_servers.yml b/provision_infra_servers.yml
new file mode 100644
index 0000000..cea731d
--- /dev/null
+++ b/provision_infra_servers.yml
@@ -0,0 +1,6 @@
+---
+# file: provision_infra_servers.yml
+- hosts: localhost
+ connection: local
+ roles:
+ - { role: provision_infra_servers }
diff --git a/roles/bootstrap/defaults/main.yaml b/roles/bootstrap/defaults/main.yaml
deleted file mode 100644
index 5d40c39..0000000
--- a/roles/bootstrap/defaults/main.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-system_config_repo_url: https://git.openstack.org/openstack-infra/system-config
diff --git a/roles/bootstrap/tasks/branch_system_config.yml b/roles/bootstrap/tasks/branch_system_config.yml
deleted file mode 100644
index 9f95daa..0000000
--- a/roles/bootstrap/tasks/branch_system_config.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# Check checked-out branch
-- command: git rev-parse --abbrev-ref HEAD
- args:
- chdir: /opt/system-config/production
- register: checked_out_branch
- ignore_errors: True
-
-# Check whether "infra_config" branch exists or not
-- command: git show-ref "infra_config"
- args:
- chdir: /opt/system-config/production
- register: infra_config_branch
- ignore_errors: True
-
-# If "infra_config" branch exists, switch to it
-- command: git checkout infra_config
- args:
- chdir: /opt/system-config/production
- when: checked_out_branch.stdout != "infra_config" and infra_config_branch.rc == 0
-
-# Create and switch to "infra_config" branch to put non-upstream fixes and values
-- command: git checkout -b infra_config
- args:
- chdir: /opt/system-config/production
- when: infra_config_branch.rc != 0
diff --git a/roles/bootstrap/tasks/clone_system_config.yml b/roles/bootstrap/tasks/clone_system_config.yml
deleted file mode 100644
index 468e4f5..0000000
--- a/roles/bootstrap/tasks/clone_system_config.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# Clone system-config
-- git: repo="{{ system_config_repo_url }}"
- dest=/opt/system-config/production
- version=master
- tags: clone_system_config
diff --git a/roles/bootstrap/tasks/generate_puppet_certificates.yml b/roles/bootstrap/tasks/generate_puppet_certificates.yml
deleted file mode 100644
index cf1e104..0000000
--- a/roles/bootstrap/tasks/generate_puppet_certificates.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# Generate puppet certificates for infra servers
-- name: Generate puppet certificates for infra servers
- command: puppet cert generate "{{ item }}"
- args:
- creates: "/var/lib/puppet/ssl/certs/{{ item }}.pem"
- when: item != inventory_hostname
- with_items: groups['infra']
- tags: generate_puppet_certificates
diff --git a/roles/bootstrap_puppet_infra_nodes/tasks/main.yml b/roles/bootstrap_puppet_infra_nodes/tasks/main.yml
new file mode 100644
index 0000000..6f058a6
--- /dev/null
+++ b/roles/bootstrap_puppet_infra_nodes/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+# Update packages
+- apt: update_cache=yes
+
+# Install puppet
+- apt: name=puppet
+
+# Deploy puppet.conf template
+- template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf
+
+# Run puppet agent to request certificate
+- command: puppet agent --test
+ ignore_errors: True
diff --git a/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2 b/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2
new file mode 100644
index 0000000..cfe6b8e
--- /dev/null
+++ b/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2
@@ -0,0 +1,17 @@
+[main]
+server={{ groups['meta-infra_type_puppetmaster'][0] }}
+certname={{ inventory_hostname }}
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+prerun_command=/etc/puppet/etckeeper-commit-pre
+postrun_command=/etc/puppet/etckeeper-commit-post
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN
+ssl_client_verify_header = SSL_CLIENT_VERIFY
diff --git a/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml b/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml
new file mode 100644
index 0000000..3f9cfd9
--- /dev/null
+++ b/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml
@@ -0,0 +1,8 @@
+---
+# Clone system-config
+- git: repo="{{ system_config_repo_https_url }}"
+ dest=/opt/system-config/production
+ accept_hostkey=True
+ version="{{ system_config_branch }}"
+ force=True
+ tags: clone_system_config
diff --git a/roles/bootstrap/tasks/configure_puppetdb.yml b/roles/bootstrap_puppetmaster/tasks/configure_puppetdb.yml
similarity index 100%
rename from roles/bootstrap/tasks/configure_puppetdb.yml
rename to roles/bootstrap_puppetmaster/tasks/configure_puppetdb.yml
diff --git a/roles/bootstrap/tasks/configure_puppetmaster.yml b/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml
similarity index 64%
rename from roles/bootstrap/tasks/configure_puppetmaster.yml
rename to roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml
index 6d2b082..73d9557 100644
--- a/roles/bootstrap/tasks/configure_puppetmaster.yml
+++ b/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml
@@ -9,7 +9,7 @@
# Puppet apply the puppetmaster manifest
- command: >
puppet apply --modulepath='/opt/system-config/production/modules:/etc/puppet/modules'
- -e 'class {"openstack_project::puppetmaster"':' puppetdb => false }'
+ -e 'class {"openstack_project::puppetmaster"':'
+ puppetmaster_server => "{{ inventory_hostname }}",
+ puppetdb => false }'
tags: puppet_apply
-
-- copy: src=puppetmaster.pp dest=/opt/system-config/production/modules/openstack_project/manifests
diff --git a/roles/bootstrap/tasks/install_puppet_and_modules.yml b/roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml
similarity index 100%
rename from roles/bootstrap/tasks/install_puppet_and_modules.yml
rename to roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml
diff --git a/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml b/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml
new file mode 100644
index 0000000..3bf2a61
--- /dev/null
+++ b/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml
@@ -0,0 +1,3 @@
+---
+# Install git
+- apt: name=git
diff --git a/roles/bootstrap_puppetmaster/tasks/main.yml b/roles/bootstrap_puppetmaster/tasks/main.yml
new file mode 100644
index 0000000..52e50f4
--- /dev/null
+++ b/roles/bootstrap_puppetmaster/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- include: install_required_packages.yml
+- include: clone_system_config.yml
+- include: install_puppet_and_modules.yml
+- include: configure_puppetmaster.yml
diff --git a/roles/bootstrap/tasks/install_required_packages.yml b/roles/common/tasks/main.yml
similarity index 100%
rename from roles/bootstrap/tasks/install_required_packages.yml
rename to roles/common/tasks/main.yml
diff --git a/roles/deploy_hiera/files/generate_hiera_common.py b/roles/deploy_hiera/files/generate_hiera_common.py
new file mode 100644
index 0000000..7873995
--- /dev/null
+++ b/roles/deploy_hiera/files/generate_hiera_common.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+
+import yaml
+import paramiko
+import StringIO
+
+KEY_LENGTH = 2048
+HIERA_SSH_PARAMS = ['puppetmaster_root_rsa_key']
+HIERA_COMMON_YAML_FILE = '/etc/puppet/hieradata/production/common.yaml'
+
+out = StringIO.StringIO()
+d = {}
+
+for h in HIERA_SSH_PARAMS:
+ k = paramiko.RSAKey.generate(KEY_LENGTH)
+ k.write_private_key(out)
+ d[h] = out.getvalue()
+
+with open(HIERA_COMMON_YAML_FILE, "w") as f:
+ yaml.safe_dump(d, f, explicit_start=True, default_flow_style=False)
diff --git a/roles/deploy_hiera/tasks/main.yml b/roles/deploy_hiera/tasks/main.yml
new file mode 100644
index 0000000..2931da0
--- /dev/null
+++ b/roles/deploy_hiera/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+# Update apt cache
+- apt: update_cache=yes
+
+# Install python-paramiko
+- apt: name=python-paramiko
+
+- file: path=/etc/puppet/hieradata state=directory
+
+- file: path=/etc/puppet/hieradata/production state=directory
+
+- file: path=/etc/puppet/hieradata/production/fqdn state=directory
+
+# Generate hiera common.yaml values
+- script: generate_hiera_common.py creates=/etc/puppet/hieradata/production/common.yaml
diff --git a/roles/deploy_site_pp/tasks/clone_system_config_locally.yml b/roles/deploy_site_pp/tasks/clone_system_config_locally.yml
new file mode 100644
index 0000000..3159b21
--- /dev/null
+++ b/roles/deploy_site_pp/tasks/clone_system_config_locally.yml
@@ -0,0 +1,8 @@
+---
+# Clone system-config locally in the command machine
+- git: repo="{{ system_config_repo_url }}"
+ dest=/tmp/infra-ansible/system-config/production
+ version="{{ system_config_branch }}"
+ accept_hostkey=True
+ force=True
+ tags: clone_system_config_locally
diff --git a/roles/deploy_site_pp/tasks/commit_push.yml b/roles/deploy_site_pp/tasks/commit_push.yml
new file mode 100644
index 0000000..4e93206
--- /dev/null
+++ b/roles/deploy_site_pp/tasks/commit_push.yml
@@ -0,0 +1,9 @@
+---
+- command: git commit -a -m "deploy_site_pp commit from infra-ansible"
+ args:
+ chdir: /tmp/infra-ansible/system-config/production
+ ignore_errors: True
+
+- command: git push origin {{ system_config_branch }}
+ args:
+ chdir: /tmp/infra-ansible/system-config/production
diff --git a/roles/deploy_site_pp/tasks/create_temp_folder.yml b/roles/deploy_site_pp/tasks/create_temp_folder.yml
new file mode 100644
index 0000000..a976931
--- /dev/null
+++ b/roles/deploy_site_pp/tasks/create_temp_folder.yml
@@ -0,0 +1,2 @@
+---
+- file: path=/tmp/infra-ansible state=directory
diff --git a/roles/deploy_site_pp/tasks/generate_site_pp.yml b/roles/deploy_site_pp/tasks/generate_site_pp.yml
new file mode 100644
index 0000000..96ce1be
--- /dev/null
+++ b/roles/deploy_site_pp/tasks/generate_site_pp.yml
@@ -0,0 +1,3 @@
+---
+# Generate site.pp
+- template: src=site.pp.j2 dest=/tmp/infra-ansible/system-config/production/manifests/site.pp
diff --git a/roles/deploy_site_pp/tasks/main.yml b/roles/deploy_site_pp/tasks/main.yml
new file mode 100644
index 0000000..6148144
--- /dev/null
+++ b/roles/deploy_site_pp/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- include: create_temp_folder.yml
+- include: clone_system_config_locally.yml
+- include: generate_site_pp.yml
+- include: commit_push.yml
diff --git a/roles/deploy_site_pp/templates/site.pp.j2 b/roles/deploy_site_pp/templates/site.pp.j2
new file mode 100644
index 0000000..6b6824c
--- /dev/null
+++ b/roles/deploy_site_pp/templates/site.pp.j2
@@ -0,0 +1,150 @@
+#
+# Top-level variables
+#
+# There must not be any whitespace between this comment and the variables or
+# in between any two variables in order for them to be correctly parsed and
+# passed around in test.sh
+#
+
+#
+# Default: should at least behave like an openstack server
+#
+node default {
+ class { 'openstack_project::server':
+ sysadmins => hiera('sysadmins', []),
+ }
+}
+
+#
+# Long lived servers:
+#
+node 'review-dev.openstack.org' {
+ class { 'openstack_project::review_dev':
+ project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
+ github_oauth_token => hiera('gerrit_dev_github_token', 'XXX'),
+ github_project_username => hiera('github_dev_project_username', 'username'),
+ github_project_password => hiera('github_dev_project_password', 'XXX'),
+ mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'),
+ mysql_password => hiera('gerrit_dev_mysql_password', 'XXX'),
+ email_private_key => hiera('gerrit_dev_email_private_key', 'XXX'),
+ contactstore_appsec => hiera('gerrit_dev_contactstore_appsec', 'XXX'),
+ contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey', 'XXX'),
+ ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents', 'XXX'),
+ ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents', 'XXX'),
+ ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents', 'XXX'),
+ ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents', 'XXX'),
+ ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents', 'XXX'),
+ ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents', 'XXX'),
+ lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key', 'XXX'),
+ lp_sync_token => hiera('gerrit_dev_lp_access_token', 'XXX'),
+ lp_sync_secret => hiera('gerrit_dev_lp_access_secret', 'XXX'),
+ sysadmins => hiera('sysadmins', []),
+ }
+}
+
+node '{{ groups['meta-infra_type_jenkins'][0] }}' {
+ $group = "jenkins"
+ class { 'openstack_project::jenkins':
+ project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
+ jenkins_jobs_password => hiera('jenkins_jobs_password', 'XXX'),
+ jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
+ ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+ ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
+ ssl_chain_file => '',
+ sysadmins => hiera('sysadmins', []),
+ zmq_event_receivers => ['{{ groups['meta-infra_type_nodepool'][0] }}'],
+ }
+}
+
+node '{{ groups['meta-infra_type_puppetmaster'][0] }}' {
+ class { 'openstack_project::puppetmaster':
+ root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'),
+ sysadmins => hiera('sysadmins', []),
+ version => '3.6.',
+ puppetmaster_server => '{{ groups['meta-infra_type_puppetmaster'][0] }}',
+ puppetdb => false,
+ }
+}
+
+node 'puppetdb.openstack.org' {
+ class { 'openstack_project::puppetdb':
+ sysadmins => hiera('sysadmins', []),
+ }
+}
+
+node 'nodepool.openstack.org' {
+ class { 'openstack_project::nodepool_prod':
+ project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
+ mysql_password => hiera('nodepool_mysql_password', 'XXX'),
+ mysql_root_password => hiera('nodepool_mysql_root_password', 'XXX'),
+ nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'),
+ sysadmins => hiera('sysadmins', []),
+ statsd_host => 'graphite.openstack.org',
+ jenkins_api_user => hiera('jenkins_api_user', 'username'),
+ jenkins_api_key => hiera('jenkins_api_key', 'XXX'),
+ jenkins_credentials_id => hiera('jenkins_credentials_id', 'XXX'),
+ rackspace_username => hiera('nodepool_rackspace_username', 'username'),
+ rackspace_password => hiera('nodepool_rackspace_password', 'XXX'),
+ rackspace_project => hiera('nodepool_rackspace_project', 'project'),
+ hpcloud_username => hiera('nodepool_hpcloud_username', 'username'),
+ hpcloud_password => hiera('nodepool_hpcloud_password', 'XXX'),
+ hpcloud_project => hiera('nodepool_hpcloud_project', 'project'),
+ tripleo_username => hiera('nodepool_tripleo_username', 'username'),
+ tripleo_password => hiera('nodepool_tripleo_password', 'XXX'),
+ tripleo_project => hiera('nodepool_tripleo_project', 'project'),
+ }
+}
+
+node /^zm\d+\.openstack\.org$/ {
+ $group = "zuul-merger"
+ class { 'openstack_project::zuul_merger':
+ gearman_server => 'zuul.openstack.org',
+ gerrit_server => 'review.openstack.org',
+ gerrit_user => 'jenkins',
+ gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'),
+ zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'),
+ sysadmins => hiera('sysadmins', []),
+ }
+}
+
+node 'zuul-dev.openstack.org' {
+ class { 'openstack_project::zuul_dev':
+ project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
+ gerrit_server => 'review-dev.openstack.org',
+ gerrit_user => 'jenkins',
+ gerrit_ssh_host_key => hiera('gerrit_dev_ssh_rsa_pubkey_contents', 'XXX'),
+ zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents', 'XXX'),
+ url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
+ zuul_url => 'http://zuul-dev.openstack.org/p',
+ sysadmins => hiera('sysadmins', []),
+ statsd_host => 'graphite.openstack.org',
+ gearman_workers => [
+ 'jenkins.openstack.org',
+ 'jenkins01.openstack.org',
+ 'jenkins02.openstack.org',
+ 'jenkins03.openstack.org',
+ 'jenkins04.openstack.org',
+ 'jenkins05.openstack.org',
+ 'jenkins06.openstack.org',
+ 'jenkins07.openstack.org',
+ 'jenkins-dev.openstack.org',
+ ],
+ }
+}
+
+node 'pypi.slave.openstack.org' {
+ include openstack_project
+ class { 'openstack_project::pypi_slave':
+ pypi_username => 'openstackci',
+ pypi_password => hiera('pypi_password', 'XXX'),
+ jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
+ jenkinsci_username => hiera('jenkins_ci_org_user', 'username'),
+ jenkinsci_password => hiera('jenkins_ci_org_password', 'XXX'),
+ mavencentral_username => hiera('mavencentral_org_user', 'username'),
+ mavencentral_password => hiera('mavencentral_org_password', 'XXX'),
+ puppet_forge_username => hiera('puppet_forge_username', 'username'),
+ puppet_forge_password => hiera('puppet_forge_password', 'XXX'),
+ }
+}
+
+# vim:sw=2:ts=2:expandtab:textwidth=79
diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml
deleted file mode 100644
index 0f86183..0000000
--- a/roles/provision/tasks/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-- include: create_openstack_instances.yml
diff --git a/roles/provision_infra_servers/defaults/main.yaml b/roles/provision_infra_servers/defaults/main.yaml
new file mode 100644
index 0000000..ea7c5ea
--- /dev/null
+++ b/roles/provision_infra_servers/defaults/main.yaml
@@ -0,0 +1,32 @@
+---
+infra_servers:
+ - name: puppetdb.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: puppetdb
+ - name: puppetmaster.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: puppetmaster
+ - name: zuul.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: zuul
+ - name: jenkins.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: jenkins
+ - name: gerrit.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: gerrit
+ - name: nodepool.infra.test.rcarrillocruz.cloud
+ image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633
+ flavor: standard.small
+ net_name: infra-test-network
+ infra_type: nodepool
diff --git a/roles/provision/tasks/create_openstack_instances.yml b/roles/provision_infra_servers/tasks/main.yml
similarity index 93%
rename from roles/provision/tasks/create_openstack_instances.yml
rename to roles/provision_infra_servers/tasks/main.yml
index 4e0584d..047a775 100644
--- a/roles/provision/tasks/create_openstack_instances.yml
+++ b/roles/provision_infra_servers/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- name: Create OpenStack instances
os_server:
state: present
@@ -16,4 +17,4 @@
meta:
group: infra
infra_type: "{{ item.infra_type }}"
- with_items: infra_config
+ with_items: infra_servers
diff --git a/roles/run_puppet_infra_nodes/tasks/main.yml b/roles/run_puppet_infra_nodes/tasks/main.yml
new file mode 100644
index 0000000..1cadcb2
--- /dev/null
+++ b/roles/run_puppet_infra_nodes/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- command: puppet agent --enable
+
+- command: puppet agent --test
+ ignore_errors: True
diff --git a/roles/set_hostnames/tasks/main.yml b/roles/set_hostnames/tasks/main.yml
index cafb7be..1d0ca93 100644
--- a/roles/set_hostnames/tasks/main.yml
+++ b/roles/set_hostnames/tasks/main.yml
@@ -9,7 +9,7 @@
- name: Add all infra hosts to /etc/hosts
lineinfile: dest=/etc/hosts
- line='{{ hostvars[item].ansible_default_ipv4.address }} {{ item }} {{ item.split('.', 1)[0] }}'
+ line='{{ hostvars[item]['openstack']['private_v4'] }} {{ item }} {{ item.split('.', 1)[0] }}'
insertafter='^127\.0\.0\.1'
state=present
with_items: groups['infra']
diff --git a/roles/sign_infra_nodes_certs/tasks/main.yml b/roles/sign_infra_nodes_certs/tasks/main.yml
new file mode 100644
index 0000000..04f0b4a
--- /dev/null
+++ b/roles/sign_infra_nodes_certs/tasks/main.yml
@@ -0,0 +1,4 @@
+---
+- command: puppet cert sign {{ item }} creates=/var/lib/puppet/ssl/ca/signed/{{ item }}.pem
+ when: item != inventory_hostname
+ with_items: groups['infra']
diff --git a/run_puppet_infra_nodes.yml b/run_puppet_infra_nodes.yml
new file mode 100644
index 0000000..ae2f99d
--- /dev/null
+++ b/run_puppet_infra_nodes.yml
@@ -0,0 +1,7 @@
+---
+# file: run_puppet_infra_nodes
+- hosts: infra:!meta-infra_type_puppetmaster
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: run_puppet_infra_nodes }
diff --git a/set_hostnames.yml b/set_hostnames.yml
new file mode 100644
index 0000000..5408ff2
--- /dev/null
+++ b/set_hostnames.yml
@@ -0,0 +1,7 @@
+---
+# file: set_hostnames.yml
+- hosts: infra
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: set_hostnames }
diff --git a/sign_infra_nodes_certs.yml b/sign_infra_nodes_certs.yml
new file mode 100644
index 0000000..adee7af
--- /dev/null
+++ b/sign_infra_nodes_certs.yml
@@ -0,0 +1,7 @@
+---
+# file: sign_infra_nodes_certs
+- hosts: meta-infra_type_puppetmaster
+ user: ubuntu
+ sudo: true
+ roles:
+ - { role: sign_infra_nodes_certs }
diff --git a/site.yml b/site.yml
index 511a953..3bfffe9 100644
--- a/site.yml
+++ b/site.yml
@@ -1,7 +1,10 @@
---
# file: site.yml
-- include: provision.yml
-- include: bootstrap.yml
-#- include: gerrit
-#- include: jenkins
-#- include: nodepool
+- include: provision_infra_servers.yml
+- include: set_hostnames.yml
+- include: deploy_site_pp.yml
+- include: deploy_hiera.yml
+- include: bootstrap_puppetmaster.yml
+- include: bootstrap_puppet_infra_nodes.yml
+- include: sign_infra_nodes_certs.yml
+- include: run_puppet_infra_nodes.yml
diff --git a/zuul.yml b/zuul.yml
new file mode 100644
index 0000000..e69de29