16935 Commits

Author SHA1 Message Date
Zuul
14450f58e2 Merge "Set MaxConnectionsPerChild 8192 for Gitea backends" 2021-04-09 02:13:34 +00:00
Zuul
b5f3f7ef49 Merge "zuul-summary-status : handle SKIPPED and ERROR jobs" 2021-04-09 02:08:58 +00:00
Jeremy Stanley
c4be87753f Set MaxConnectionsPerChild 8192 for Gitea backends
When we added Apache as a filtering proxy on our Gitea backends in
order to more easily mitigate resource starvation, we did not set
any tuning to tell it when to recycle worker processes. As a result,
backends may continue serving requests with workers which pre-date
certificate rotation. This problem has also become more broadly
prevalent throughout our services with the introduction of Let's
Encrypt's 3-month certificate expirations as compared to our
previous 2-year certificates.

Add the same MaxConnectionsPerChild tuning to our Gitea backend
proxies as we use for our static sites and mirror servers.

Change-Id: I77d89385178a30f7dc5d04bedd0ab3772865c09f
2021-04-07 15:38:35 +00:00
Zuul
5e6cfa7472 Merge "Run update-bug on patchset-created again" 2021-04-06 21:23:14 +00:00
Zuul
7fa5073946 Merge "Have audit-users.py write out serialized data" 2021-04-02 17:19:34 +00:00
Zuul
691708f668 Merge "Revert "Temporarily serve tarballs site from AFS R+W vols"" 2021-04-02 17:08:18 +00:00
Jeremy Stanley
4bd752f222 Revert "Temporarily serve tarballs site from AFS R+W vols"
The sync to our new ORD replica has completed and we're back to the
typical vos release cadence for this volume again.

This reverts commit 542c898021af20f4ad48fa04b78b65c8f6fff0b6.

Change-Id: I4bb2ddcc46c6c56c7124acc52dce6a60da1662b2
2021-04-02 14:46:14 +00:00
Zuul
0d5a00d739 Merge "Clean up OpenEdge configuration" 2021-04-01 18:43:31 +00:00
Jeremy Stanley
542c898021 Temporarily serve tarballs site from AFS R+W vols
We're in progress replicating the AFS volume for tarballs to a
remote location for added redundancy, but this is blocking updates
of all the read-only replicas until it completes and we're unsure
how long that will take. In the meantime, serve content from the
writeable path instead of the read-only replica path so we're not
stuck with outdated content on the site.

Change-Id: I6e0333bdb9717a724fd29adffc3df6e6c5da1558
2021-04-01 14:10:56 +00:00
Jeremy Stanley
2d33597b03 Correct debian-security repo codename for bullseye
Starting in bullseye, Debian's security suite will add -security to
dist codenames, meaning we have stretch, buster, and
bullseye-security entries. Looks inconsistent, but is actually
correct.

Change-Id: I34806145f099868c2cdd95893b69cb1f4915f56f
2021-03-31 21:30:16 +00:00
Jeremy Stanley
08af9a5ab8 Explicitly create empty reprepro dists
Call `reprepro export` to always recreate indices, even for empty
dists. This is sort of a shotgun approach, local testing on the
server indicates it increases total time of a noop update by ~5.5
minutes for the "debian" repo, which is by far the worst case of
anything we mirror.

If this proves problematic, we can engineer a more targeted solution
to check for empty dists and only export those.

Change-Id: I7e39e427e1941f055fae0408e4c1f2a2f2b35547
2021-03-31 19:26:43 +00:00
Jeremy Stanley
fd98a1750d Clean up OpenEdge configuration
The OpenEdge cloud has been offline for five months, initially
disabled in I4e46c782a63279d9c18ff4ba2944c15b3027114b, so go ahead
and clean up lingering references. If it is restored later, this can
be reverted fairly easily.

Depends-On: https://review.opendev.org/783989
Depends-On: https://review.opendev.org/783990
Change-Id: I544895003344bc8202363993b52f978e1c07d061
2021-03-31 01:42:36 +00:00
Zuul
b0ff8c64bb Merge "review01.openstack.org: add key for gerrit data copying" 2021-03-31 00:30:35 +00:00
Zuul
9331c59029 Merge "dstat-logger: redirect stdout to /dev/null" 2021-03-30 23:57:29 +00:00
Zuul
ff6d7cc8b2 Merge "launch-node : cap to 8gb swap" 2021-03-30 23:57:15 +00:00
Ian Wienand
60f3554dcd review01.openstack.org: add key for gerrit data copying
Adding this key allows us to safely rsync data in a R/O fashion from
the production server to the new server and will be useful as we
deploy review02.opendev.org.  The key is hard-coded for one on the new
server.

Change-Id: I227876afafcb48715324ca35afdc0bff2492b29a
2021-03-31 09:33:55 +11:00
Ian Wienand
75ecf2cfbf gerrit: remove mysql-client-core-5.7 package
This doesn't install of Focal; moving forward we'll either use H2 or a
container database.  Just remove this package for now.

Change-Id: I69cdcdddc1ba0e0cf4ef5f8ba705bcd3a2afa689
2021-03-30 13:09:39 +11:00
Zuul
27d58d3b57 Merge "Add review02.opendev.org" 2021-03-30 00:48:54 +00:00
Zuul
39d8010055 Merge "openafs-server-config: install UserList" 2021-03-29 23:43:07 +00:00
Zuul
0800f4040e Merge "Upgrade gitea to 1.13.6" 2021-03-29 23:42:59 +00:00
Ian Wienand
ce7ef6536a openafs-server-config: install UserList
This was missed during recent updates; this UserList needs to be on
all servers to allow bos, vos and backup commands.

Update the documentation to reflect the centralised copy.

Change-Id: I8ada3d5035bb7ef77b19ce6aaffb48335974a124
2021-03-30 09:49:53 +11:00
Zuul
3180086559 Merge "Rename refstack group variables" 2021-03-29 21:33:02 +00:00
Clark Boylan
a08f65632f Upgrade gitea to 1.13.6
This picks up a variety of bug fixes and ensures we're keeping up.
The diff of the template files we modify between gitea v1.13.1, v1.13.4,
and v1.13.6 is empty. The diff between our modifications at v1.13.4
looks about how I would expect (implying that v1.13.6 is also fine).
Reviews should double check though.

We also add in setup for the system-config repo on the test gitea as
this will give us something to look at for verification purposes.

Change-Id: Idb3568a9d287a2d46d568ab7d8d3a7108739d23e
2021-03-29 11:03:59 -07:00
Zuul
d9723fda95 Merge "reprepo debian : fix line-ending" 2021-03-29 11:01:05 +00:00
Zuul
62ea8d1289 Merge "reprepro: add dist for Ubuntu UCA Wallaby" 2021-03-29 05:44:07 +00:00
Ian Wienand
9457b010f8 reprepo debian : fix line-ending
reprepro warns about lack of a trailing newline

Change-Id: I01c0cc2104cb1b3891ea55b6e4a3eab63885331a
2021-03-29 16:41:26 +11:00
Zuul
0d673fcc29 Merge "Remove gem mirroring puppet" 2021-03-29 05:30:29 +00:00
Zuul
fff346ea32 Merge "Add Debian Bullseye to the reprepro config" 2021-03-29 05:30:21 +00:00
Ian Wienand
32c6ba7c2b Remove gem mirroring puppet
It looks like we missed these in cleanups for the old puppet-managed
mirror-update server (I5f82139c981c2716f568b15b118690e943b02d52).
These are unused.

Change-Id: Ia79920a7567d73d311f37d73e10c1396d09ddf93
2021-03-29 14:47:45 +11:00
Ian Wienand
8541605595 Stop mirroring Fedora 31
Nodes were stopped with I0dde34ab005f48ac521d91e407ac437d3cec965f

Change-Id: Ib9cbc3f5388e668923ff7eadb3e81703875f64c0
2021-03-29 11:55:14 +11:00
Ian Wienand
525d5d1c19 Add review02.opendev.org
review02.opendev.org is a much larger replacement server for review01
provided by Vexxhost.  It is up and running, with gerrit2 volume
attached and DNS entries.

This adds it to the staging group with no replication and a local h2
database configured for initial bringup.  There's quite a bit to
consider for full migration, but this will let us start experimenting.

Change-Id: I3638a5c0c7028dcc800ada42431b75395cff0c42
2021-03-26 14:53:31 +11:00
Ian Wienand
2e629bfb96 launch-node : cap to 8gb swap
If you're donated a really nice, big server from a friendly provider
like Vexxhost, you need to cap the amount of swap you make or you fill
up the entire root disk.

Change-Id: Ide965f7df8db84a6bbfe3294c9c5b85f0dd7367f
2021-03-25 16:34:15 +11:00
Ian Wienand
d0f2e12f85 dstat-logger: redirect stdout to /dev/null
The dstat-logger service puts a lot of info into the syslog/journal.
The --output command to write CSV files doesn't appear to suppress the
console output, and I can't see a flag to make it do that.  So
redirect the stdout to /dev/null.

Change-Id: Ib99f8199ebc3c9d89c2b3aa92dff5ff298d03e45
2021-03-24 22:23:13 +00:00
Ian Wienand
163d5b6133 Create review-staging group
Create a review-staging group so we can bring up a new server but
avoid running the project-management steps on it.

Change-Id: I93d2a36edcd58a48a36031f0692be3273a36f07c
2021-03-24 11:40:33 +11:00
Ian Wienand
9f11fc5c75 Remove references to review-dev
With our increased ability to test in the gate, there's not much use
for review-dev any more.  Remove references.

Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
2021-03-24 11:40:31 +11:00
Zuul
c164b6f192 Merge "borg-backup-server: set SHELL for verification script" 2021-03-23 22:53:07 +00:00
James E. Blair
e2a141a9fa Revert "Downgrade scheduler to Zuul 4.1.0"
This reverts commit 3e3f86458d50e6c25dff42c8083a5b62e64a6e43.

Bugs should be fixed now.

Change-Id: If4279746074abfa42b8240d4e98dec59ab15d332
2021-03-23 12:12:18 -07:00
Zuul
acf0e00478 Merge "Set up gitea image provides and requires for gating" 2021-03-23 18:29:35 +00:00
Jeremy Stanley
dbcc867cc7 Run update-bug on patchset-created again
Now that the update-bug script no longer tries to update bug
assignments, it's possible to run it on patchset-created events
again. Go back to doing that until someone has time to build a
suitable replacement for it.

This partially reverts commit
1ccf5e68e51815479381a941fd9cf4f469498c6d.

Change-Id: Idf589eb818d208d65d1f1430ddec962b015165c0
Depends-On: https://review.opendev.org/782538
2021-03-23 15:26:10 +00:00
Mark Goddard
0ab854d833 reprepro: add dist for Ubuntu UCA Wallaby
Change-Id: I68357fb8353022c1c808f3a83a3e14da872be6c4
2021-03-23 10:09:36 +00:00
Ian Wienand
86ed1d74dd borg-backup-server: set SHELL for verification script
In today's weird corner-case issue; when running under cron,
SHELL=/bin/sh ... which doesn't really matter (this script is run
under #!/bin/bash) *except* that "sudo -s" is obeying SHELL and
consequently the in-line script here fails under cron, but not when
run interactively.  Just set SHELL=/bin/bash for consistency.

Change-Id: Ic8584b90fea8382f7a7d294b98a0a3689bfc981b
2021-03-23 14:53:56 +11:00
Zuul
aa4f1b4256 Merge "kerberos-kdc: quote some integers to avoid string/int confusion" 2021-03-22 22:56:26 +00:00
James E. Blair
3e3f86458d Downgrade scheduler to Zuul 4.1.0
We found a bug in master which will prevent us from merging a fix;
downgrade the scheduler to 4.1.0 to get that in.

Change-Id: Ie9ad75177ab58b34e20cafab496ba7af6f082551
2021-03-22 13:43:52 -07:00
Clark Boylan
c2d46f4247 Set up gitea image provides and requires for gating
This should ensure that if we have a parent job that updates the gitea
version and a do not merge child job that induces an artificial failure
for zuul hold purposes that we test the correct image in the child job's
changes.

Prior to this we were testing the existing published images, but
provides + requires will give the correct signaling to make the desired
"test new proposed image" behavior happen in the child change builds.

Change-Id: Ie6b827b650e0f32606dc5ec7f4aa0adfeebdeb5e
2021-03-19 10:33:09 -07:00
Ian Wienand
aa94f2d831 Rename refstack group variables
When we cleaned up the puppet in
I6b6dfd0f8ef89a5362f64cfbc8016ba5b1a346b3 we renamed the group
s/refstack-docker/refstack/ but didn't move the variables and some
other references too.

Change-Id: Ib07d1e9ede628c43b4d5d94b64ec35c101e11be8
2021-03-19 16:01:46 +11:00
Zuul
4565c03d78 Merge "Update nodepool launchers to focal in testing" 2021-03-19 00:42:48 +00:00
Zuul
3bb0573f41 Merge "system-config-run-kerberos: run twice" 2021-03-19 00:07:09 +00:00
Zuul
b8874e4f51 Merge "kerberos-kdc: add database backups" 2021-03-19 00:06:59 +00:00
Zuul
eb78355fce Merge "borg-backup-server: fix verification run" 2021-03-19 00:05:49 +00:00
Ian Wienand
9ac0748802 kerberos-kdc: quote some integers to avoid string/int confusion
Change-Id: Ia7ed570c1a10feafcb4824dca10282b8866f5265
2021-03-19 10:37:49 +11:00