[OpenStack-Infra] replacing puppetmaster.o.o underway - interim procedures for hiera secrets
Monty Taylor
mordred at inaugust.com
Fri Aug 3 19:16:26 UTC 2018
Hey all!
(This really only concerns infra-root folks, so feel free to skip otherwise)
As part of the update configuration management effort, we have spun up a
new host to replace puppetmaster.openstack.org. It is called
bridge.openstack.org. It's running Ubuntu Bionic and has Ansible 2.6
installed on Python 3. (how fancy and future-looking is that?) It has
been configured using only ansible, so puppet is not even installed on it.
The contents of /root on puppetmaster have been synced to /root on brige.
The hiera secrets in /etc/puppet/hieradata have been copied to
/etc/ansible/hosts. fqdn and group directories have been renamed to
host_vars and group_vars. On bridge the 'production' subdirectory has
been removed. This means that the data is in both places, but the local
git repos holding it have diverged a little bit.
Hopefully we'll be able to cut over to running everything from bridge
very soon, but in the meantime - if you need to change any secret hiera
data, it needs to be done on both hosts.
Thanks!
Monty
More information about the OpenStack-Infra
mailing list