Idea #22865
open
Planning for ansible installer to replace salt for deploying tordo
Description
- Deploys using the Ansible playbook in the main branch
- Runs Ansible directly on Jenkins node ?
- Needs to handle Let's Encrypt
- One-time migration playbook from Salt to Ansible
Updated by Brett Smith 10 months ago
- Blocked by Feature #22924: Ansible installer sets up and uses certs from Let's Encrypt added
Updated by Brett Smith 10 months ago
- Blocked by Feature #22923: Migration path from Salt to Ansible installer added
Updated by Brett Smith 10 months ago
Peter Amstutz wrote:
- Runs Ansible directly on Jenkins node ?
I can't tell whether this means ci.arvados.org or the new #22438 server.
One thing that might affect a decision: the installer will need to have access to the entire tordo config.yml, including the PostgreSQL password, system root token, etc. I'm not sure whether ci.arvados.org currently has analogous access. If it doesn't, I can definitely see an argument for not giving it that, provided we have a more secure alternative like a second limited-access Jenkins server.
- Needs to handle Let's Encrypt
- One-time migration playbook from Salt to Ansible
These are #22924 and #22923, respectively. They can be done independently and I think we should consider them both basically blockers for a "deploy to tordo via Ansible" Jenkins job.
Updated by Peter Amstutz 10 months ago
I think what we want to do is have the end of the an arvados CI pipeline run somehow signal to the ansible jenkins that it is time to redeploy tordo. This will maintain separation of concerns.
As discussed the planning is done and the tickets are written.
Updated by Brett Smith 9 months ago
- Target version deleted (
Development 2025-07-09)
Updated by Brett Smith 9 months ago
- Related to Idea #18337: Easier install using Ansible added