The fallback value for sysadmins was was admins in some places
and admin in others. However, re: jeblair:
The fallback value for sysadmins should be "[]", which is actually the
default value. Configuring the mail system to send root's mail to an
account called 'admin' which may or may not exist and if it does exist
may send mail to root is not a good idea.
The default of [] will deliver root's mail normally.
Change-Id: Iaeca86ef135b6a3210541618d48caf4058dc7966
site.pp and groups.pp update for groups portal. To make it alive
we need to do the following preliminary tasks:
- create remote database in trove for groups
- add hiera variables similar to groups-dev
- launch the instance with those manifests
Change-Id: I91d7b35ad9aabc2237d5516918fa6ce8d92ee5af
We don't really use the salt infrastructure that we set up, which means
it's cruft. Go ahead and admit that we don't use it and remove it from
our systems.
Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110
Instead of a shell script looping over ssh calls, use a simple
ansible playbook. The benefit this gets is that we can then also
script ad-hoc admin tasks either via playbooks or on the command
line. We can also then get rid of the almost entirely unused
salt infrastructure.
Change-Id: I53112bd1f61d94c0521a32016c8a47c8cf9e50f7
Associate an OS with each node defined in site.pp so that the puppet
apply test will only test nodes apprapriate to the node the test
is running on.
Fix remaining errors related to this test, and make it vote.
Also, start running the centos6 version regularly
(which is still non-voting).
Change-Id: I26722dce15589c982af5de36f8ccf42666d29f2b
Configure to use the read only swift creds that pair up with the read
write creds used to push the files.
Change-Id: I53252b3ed0d596b3fe36caef179f253bde1739cb
This change modifies install_puppet.sh to accept a --three option
setting it to install the latest puppet available. It also creates
a node definition for the puppetmaster.o.o node, the new 3 master,
and the master of the future. Changes were made to various classes
to allow the pinning to version 2.x to be turned off.
Change-Id: I805d6dc50b9de0d8a99cf818d22d06c2dea6090a
Put the variables defined in manifests/site.pp at the top of the file so
that they are in a known location after running csplit in test.sh and we
can prepend them to the puppet-apply top files.
A better solution would be to move this data into hiera, but this is not
sensitive data, so a move to hiera should wait until we a have solution
for a public hiera data repo separate from the private hiera data.
Change-Id: I509a8266462dfdf53e1727938e4fb043241166b6
Add elasticsearch07 node. Move the elasticsearch discover node to
elasticsearch02 instead of 01 as we are moving away from 01 as part of
the 07 addition.
Change-Id: I2aa857ec4984ae1fc2f8e27f437f8ecc61d24fbd
Our Elasticsearch nodes need cinder volumes attached to them prior to
being puppeted. Make the regex for the elasticsearch nodes in site.pp
match only existing nodes so that new nodes can be created and have
their volumes attached before proper puppeting.
Change-Id: If12c67174315b8480998148e1325de59ecdba372
This patch removes the drush make site building function from
groups-dev instance, and now directly fetch release tarballs from
http://tarballs.openstack.org/groups repository. With an advanced
multi-slot deployment architecture it prevents the typical Drupal
WSOD issues that randomly caused site malfunction when a request
arrived during installation. It also simplifies the
deployment steps using the standard drush aliases and
drush-dsd extension and supports local configuration variables
in local_settings.php file.
Change-Id: I73976a60e080d15b6f513db79fee46bcf468e302
We have fallen behind on our ability to index all the things. Logstash
itself appears to be the current bottleneck. Add four more nodes to help
combat the backlog.
Change-Id: I9d5a7474a801c58c1e8933b264172e72f2d0bb86
The test.sh script is not currently being run in any jobs, this change
removes the redundant validation code that's also in the puppet-syntax
job and creates a puppet-apply-test job that runs the test.sh script.
Running `puppet apply --noop` requires sudo, otherwise it will give
errors about refusing to run commands as other users.
Change-Id: Ie6b278d98390a8a5dd8bb24899c8c4083f5755c9
Turns out that while keystoneclient does not require a tenant_name be
set swiftclient does require it so the fix to not pass a tenant_name to
zuul did not work.
Alex_Gaynor pointed out the reason using the normal tenant_name doesn't
work with Rax object store is that the tenant_name for object store in
Rax is different than the normal tenant_name. Use that different and
correct tenant_name instead.
Change-Id: I13d6b8dfc190d35178e7fc979d7feb58e7e1f8dd
This change adds credentials as set up by fungi (2014-04-05T03:16:46)
http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-04-05.log
This allows zuul to send signed URL's for workers to push files to on
a per-job basis.
This change will require a zuul restart, not just a reload!
Note this is unreverts the revert in
c1b98eaff618b8c739cc02f089ef6fe6c02cbcc3 but is slightly edited hence
the lack of a proper revert commit. The reason for the revert has been
debugged and was due to rax identity service not providing a catalog
entry for swift when a tenant name is provided.
Change-Id: I04d3207002f7422b9851515ee88a74b19dd2f248
This is a dedicated IRC channel for discussion
about Operating System container support in
OpenStack. The members of the OpenStack
Containers Team will idle in this channel:
https://wiki.openstack.org/wiki/Teams/Containers
Change-Id: I9ec77969f926e8ced912ce194f7d6fae6a0e2e4d
This reverts commit 176f15cd48ceea7e990fc61362875a23524f963a.
Puppet and zuul aren't ready for this. The swift client throws an
exception. We need to restart zuul to fix a more pressing issue hence
this revert. Will debug when able to.
Change-Id: Ie4487d84b7f1495c7ec6fd31e4b5b90d6699a31d
The patch to add nodepool to jenkins-dev (https://review.openstack.org/#/c/57333)
did not work.
There were a few issues with it:
1. jenkins-dev.pp was passing literal strings to the nodepool module, instead it
should be passing in the variables.
2. jenkins-dev.pp was calling ::nodepool but puppet seems to think that it wants
::openstack_project::nodepool due to puppet's scoping weirdness :(
3. The script to build nodepool machines needed the jenkins_dev_ssh_key.
Fixes to above issues:
1. This is trivial, just passed the variables thru instead of literal strings.
2. The nodepool.pp module is renamed to nodepool_prod.pp to prevent the scoping problem.
3. We use the dev jenkins ssh key with dev nodepool by allowing the nodepool module
to pass arbitrary env settings through the defaults file.
Change-Id: Id91053212f088079ff1b0f06ebdce5c381f5cd19
In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
Puppet board has replaced puppet dashboard. Remove reference to puppet
dashboard as it shouldn't be used.
Change-Id: I5eeee2984729ef5d1b883b4762347d19786e28ed
In anticipation of driving puppet over ssh, we need keys on the hosts
and the scripts on the master. Don't turn them on yet, because we want
to be able to do some by-hand testing of the mechanism.
Change-Id: I2c353777e2f8fb5a2e733ce405ba40427ce901e5
Zuul should use a dedicated ssh key rather than piggy backing off of the
jenkins ssh key. This change makes this distinction clear and removes
one zuul use of the jenkins ssh key that is not necessary.
Change-Id: I74c811a8bf94838b285791e158f4e468513eaa3e
Switch all jenkins proposal jobs to a dedicated user with dedicated
credentials. This is being done to be more flexible and secure when it
comes to managing the scripts that make proposals to gerrit.
Change-Id: I2dbdd530bf5b64c14207f645512a1eb319681166
Make it easier to deploy jenkins masters by using snakeoil certs on
numbered jenkins masters. This also simplifies the process of replacing
certs as make-ssl-cert can easily regenerate snakeoil certs for us.
Change-Id: I4966b1e502e0edf4f6fad25f06b9bacca25c5951
Add two puppet hiera variables to override defaults for
openstackid-dev in site.pp to access remote user profile database
(mysql_user, db_name). Now we can use the following
mysql parameters for connection:
- openstackid_dev_ss_mysql_host: mysql host
- openstackid_dev_ss_mysql_password: password for mysql account
- openstackid_dev_ss_mysql_user: user name of mysql account
- openstackid_dev_ss_db_name: database name
Change-Id: Ied0e3918d117c13ef53763461242e5380f0bab00
SERVER: Invalid relationship: File[/var/lib/jenkins/hudson.plugins.gearman.GearmanPluginConfig.xml] { require => Class[Zuul] }, because Class[Zuul]doesn't seem to be in the catalog
This reverts commit 2a9cd677e4eb6a60787ebc73bd8fd9e1b6f26b34
