Note we depends on the DNS updates so that LE cert provisioning works
on the first pass.
Depends-On: https://review.opendev.org/668929
Change-Id: I953938b77bfce67be0cb55af5cf4bd64044100f4
Add the new mirror-update server as a follow-on to
I525ac18b55f0e11b0a541b51fa97ee5d6512bf70.
Also ensure that the new mirror server isn't in the puppet groups by
only matching the openstack.org one.
Also remove from the afsadmin group. This group is only used for
keytabs stored on bridge.o.o. I don't think that we need group for
the keytabs -- a keytab should only ever be in use on one host at a
time, so we are better off keeping the keytabs in a specific host_var
for the host they are used on, rather than being in a group and
possibly deployed on servers where they are not used.
Depends-On: https://review.opendev.org/668610
Change-Id: Icda92bb234adc00f6718c1c656e8f069ce2704c4
This mirror will be manually configured with kafs (see
https://review.opendev.org/623974). This should be a nice distant
geographic counterpoint to the IAD RAX server.
This will need to be manually configured with a custom kernel for now,
but fixes are making their way upstream and this host will be
converted when available.
Depends-On: https://review.opendev.org/667529
Change-Id: I6a22933029c096c781c93c33e6edf03bf59223c9
We add the new host so that it will get configured as a gitea backend
server. We exclude this server from the list of gitea hosts to configure
git repos on because we want to recover its DB from one of the other
sibling nodes first. This should preserve the http redirects for us.
Once we have the db recovered we can enable replication from gerrit then
readd this host to the haproxy load balancer.
Change-Id: Ia2a98e5ded43cad044db36ca8d0da5a96277afee
Note we don't fully remove it from cacti and hiera and so on because we
are replacing this server and we just want ansible to ignore the old
gitea06 for a bit while we bootstrap the new server.
Change-Id: Iaa89e77c055d8099a7d3d511723782fead43ce74
Fix for I0e55d2c575427e404709e78d0c7a10a974117ac4 ... how this passed
gate testing to be determined ...
Change-Id: I834411ef2dee458ae15fb99a3c88b6d2fee4cf1e
This removes the groups servers from our inventory as well as our
manifests/modules. We don't run the groups service anymore as many
groups migrated to meetup.com independent of us and the others have
transitioned there.
Change-Id: I7cb76611e6d30e7189821923f36a38dec9ea7241
This is an initial host for testing opendev.org mirrors
Change-Id: I26b9ed1e21e2111f48bc7ecc384880c274eed213
Depends-On: https://review.opendev.org/660235
We're not really using/maintaining this at the moment. Before we do
put it back in production, we're likely to simply rebuild it from
scratch.
Change-Id: I469f00e90903a010f2cec45031b049556eb268a2
The server has been removed, remove it from inventory.
While we're here, s/graphite.openstack.org/graphite.opendev.org/'
... it's a CNAME redirect but we might as well clean up.
Change-Id: I36c951c85316cd65dde748b1e50ffa2e058c9a88
We have replaced the cgit farm with a gitea farm. Stop managing the cgit
farm. This removes testing for centos7 as these were our only centos7
nodes.
Depends-On: https://review.opendev.org/654549
Change-Id: Ia48ff10cb88d51f609e8b28de176c72f7a9ee24f
The Xenial-based wiki-dev02.openstack.org server will replace
Trusty-based wiki-dev01 once completed. Include it in the inventory
so configuration management can be applied before the CNAME RR for
wiki-dev is changed to refer to it.
Change-Id: I4bc08c3e204219bcc99c51f3154d89813a6d55ab
We have replaced health.openstack.org with health01.openstack.org
(CNAMEd to by health.openstack.org). Remove reference to the old server.
Note that this updates references to health01.openstack.org to use the
full openstack.org to make it clear that this is not an opendev service.
Change-Id: Ifa21dc4a82258974857da2a843f67c5234736c47
This is a new Xenial server to replace our old Trusty server. Note we
keep this server in the openstack domain as it is a fairly openstack
specific service in its current setup.
Change-Id: Ie1f068847f22ddabc52b3e9203a790c2ac17ae20
This reverts commit 0cddc2ae9b23a6d44ff6e0761c70126dc0923970.
This server is going to remain in the openstack.org domain.
Change-Id: I0d5a4f1e07d9782085bdbe875f466c564b1c681c
This adds a new xenial health api server to our inventory. This server
will be used to replace the old trusty health.openstack.org server.
Change-Id: Id6cf8230f82464c4466692cac324a1e39ba595af
This change will convert kdc03 to a master from a hot standby and will
remove kdc01 from management.
Cutover plan:
Disable kdc01 in ansible emergeny file
Stop run-kprop cron on kdc01
Stop kadmind on kdc01
Execute run-kprop.sh on kdc01
Merge this change
Wait for puppet to convert kdc03 to the master
Confirm that run-kprop works from kdc03 to kdc04
Update dns records as documented in our kerberos docs
Test kadmin works
Delete old kdc01 server
Change-Id: Ib14b11fa1f0a6bc11b0f615ce5b6f6be214b5629
This new Xenial server is being added as a kerberos standby node but
will be used to replace kdc01 as the master once fully configured and
happy as a standby. This replaces the old trusty server.
Note that the server wasn't added to opendev.org as we don't have a
kerberos realm for that domain so that would be a separate activity for
the future.
Change-Id: I4cc5fcd7504c98a7bcd9dc4f2ad57bb5bf8b54bd
The Xenial replacement for the old openstackid.org server is
openstackid01.openstack.org. Now that it exists, add it to our
Ansible inventory and cacti host list.
Change-Id: I198f02907230655bfc4e374a540648e9f1b7cf5f
Update the docs, test flags, cacti entries, and inventory for our new
pbx server. We have replaced the old Trusty node with a Xenial node.
Change-Id: Ifb1e156afbcb38474cbc9f0bc78ae45fdd74444b
Now that both staging and production storyboard servers are running
on enumerated Xenial servers in opendev.org, remove the old
inventory entry for the production server, clear out testing hints
for trusty and tighten up the inventory globs and node regular
expressions accordingly. Also get them swapped into cacti in place
of the old production server entry.
Change-Id: I5e66abb95751f69a337434e08d09dcc3b107e123
We've booted a new xenial pbx.opendev.org server to replace the
pbx.openstack.org server which was built on trusty. Add it to the
inventory so that things like puppet work.
Change-Id: I783218bdb3252fc8b94af2c167e995c4967fa629
We want our base ansible roles to run on these nodes. However,
k8s-on-openstack manages firewall rules via openstack security
groups, so we don't want to run those there.
There was a discussion about making a minimal set of roles that
are run by default and then a group containing servers that got
the full set ... but that would require a duplicate entry for 99%
of our servers in the inventory, while the "only run a subset" is
the exception case.
Change-Id: I2cbf364305f758cecf11df41398d3d2c05222fda
The Trusty-based storyboard.openstack.org instance is being
replaced by a new Xenial-based storyboard01.opendev.org. Add it to
the inventory so provisioning can continue.
Change-Id: I8c3c4fe0e9e6a86c3294d93d971d69a429aa6bc6
We originally included private_v4 for every server when we converted
from dynamic to static inventory, but don't really have a use for
it. Currently, adding it requires running some additional commands
just to even find out what value to include. Clean out these entries
so people stop feeling compelled to do that for no reason.
Change-Id: If8b4075f7b9b03026d28d3a22bcc55753e66de3d
The old Trusty-based storyboard-dev.openstack.org server has been
replaced by a new Xenial-based storyboard-dev01.opendev.org
instance. As the original is being deleted, remove it from the
inventory and tighten up our hostname match patterns accordingly.
Change-Id: I9805381ebd640c8d5aeb3012e9ebe8448eaf5a3b
The old Trusty-based openstackid-dev server is being replaced by a
new Xenial-based openstackid-dev01 server. Add it to the Ansible
inventory so that provisioning can continue.
Change-Id: I871f055286c591287709e64c3d240171d6b817d0
This is the Xenial replacement for the old Trusty-based
storyboard-dev.openstack.org server. The existing manifest assumed
$::fqdn for several class variables, so explicitly set the vhost
name we want to use there, as it will become a CNAME alias to the
new server.
Change-Id: Ie18125a361165ed2354397bdac206ee4f88a0626
Remove the puppetry for managing nameservers as we now use ansible
configured name servers without puppet.
We will need to follow this up with deletion of the existing
ns*.openstack.org and adns1.openstack.org servers.
Change-Id: Id7ec8fa58c9e37ce94ec71e4562607914e5c3ea4
Remove the Ansible inventory and Puppet global site manifest entries
for the old review.openstack.org and puppetmaster.openstack.org
servers. These have been deleted.
Change-Id: I4bfc6cfe357ad6a499c10455c26ee2fb97713b7d
