Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
stackalytics.openstack.org does not resolve and seems very dead. Remove
its node from site.pp and remove it from the docs to avoid confusion
about what servers we're really managing. We can always add it back when
the time comes to try again.
Change-Id: I733130ebe97ae7e06ca57b3c8e3a8708fcfa069c
The odsreg.openstack.org server was removed from service 2018-01-11,
and should also be cleared from our global site manifest. It was the
only thing utilizing the puppet-odsreg module, so we can take that
out of the modules list as well (that will be retired separately).
Change-Id: Iadfddb3bf57428b928cacaaa672e24c4a1e92058
This is just a zookeeper server now, so doesn't need all these
passwords, a cloud.yaml file or a launcher-esque deployment.
Change-Id: I3cb20d9c8af150ecdc1fb0a16208a774e3fb530f
Generating a openstack-infra specific version of this file was
deprecated with change I6fdc3b622454b069f3ad2cf42da584d8df23a110 when
build logs was moved out of Python logging.
This means (post the depends-on) the file is exactly as kept in
puppet-nodepool. Remove the system-config template and just use that.
Depends-On: https://review.openstack.org/586231
Change-Id: I2db37868be12c146678f1c8934db80050c788540
We need to wrap the hostnames/ips with []s and supply the port numbers
for the files to be effective with paramiko.
Change-Id: Iab12951a828b7c27ef2255137a6bc0b69ca3a770
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I846983e873072c2235a4c49e36f602a47d06cfce
This brings online our 11th zuul-executor, and opens the required
firewall ports.
Change-Id: If0ee569a2d14caeeb912b7382160f47d460650ab
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The refstack puppetry is set up to use snakeoil certs by default which
is great for bootstrapping; however, our production instance has real
certificate issued to it and we shouldn't write that to the snakeoil
cerrt files to avoid confusion.
Specificy refstack specific certificate, key, and intermediate chain
file locations to clean this up and allow us to revert our snakeoil
certs to proper untrusted self signed certs.
Change-Id: Ibbcdd93a2ae38d9063b1f88f90ebdaadcac9b585
Packet Host and Platform 9 have generously agreed to donate some
compute resources to our testing efforts. Add Nodepool and
Puppetmaster credentials for them.
Change-Id: I705c4204abca060c35a1a417791a67229b78cd02
Apply the review.o.o ssh rsa host key to all of our active zuul servers.
Update the ip addresses in that host key entry to reflect the current
server's IP addrs too.
Change-Id: I147ff0b9547f2cee36d7c56c8f5352ece8a4ec82
This reverts commit c7bb14bba6ec00fff61879154a3f5f143c98767b.
SSH connectivity isn't quite working yet. Revert until we can get that
sorted out.
Change-Id: If2a88a61ed592f927980c71486ed0b7e3cb848d0
Open the firewall port for mirror-update so we can start logging some
stats about AFS partition and volume usage, initially for a grafana
dashboard.
Change-Id: I361e7213ed4b4ed4d3fcc8fdbee06e2fe677934a
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I840b24ebe52c50840180f2dda40a3f8669baa347
We want this more for it's transparent-cache busting effects than
security, but we live in a https world. This starts with self-signed
certificates, which might even be enough as it is really only
developers who are interested in build logs and test images.
Change-Id: Ifd5823ff51de40226c72930c69faf50b677a7dfe
Depends-On: https://review.openstack.org/569007
Alias the zuulci.org and www.zuulci.org typos to the zuul-ci.org
site, now that we serve the domain for them from our nameservers.
The openstack_project::website class will automatically perform a
permanent redirect to the canonical site name.
Change-Id: I02ff1caf874bb1b922afaf9f60eca53c4f53aee6
In an effort to thwart egregious typosquatting, host a zuulci.org
domain which will serve as an alias for the canonical zuul-ci.org.
Change-Id: If878ab310acd513d981fd37e954b0abeb7a7ed76
Depends-On: https://review.openstack.org/568661
All of these servers have been migrated to ubuntu-xenial.
Change-Id: Ib5f08879ecce5d26bdaed2d34e8b537be54c25c5
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Now that volumes have been attached to review01.o.o, allow puppet
to finish the gerrit configuration.
Change-Id: I710bb46f0daf5494c7b3f7ccbe5adbb6dcde153d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Infracloud is sadly deceased. The upside is we can delete a lot of code
we don't need anymore. This patch removes infracloud nodes from
site.pp so that the puppet-apply test no longer bothers to validate
them, removes the infracloud modules from modules.env so that we don't
bother to install those modules in puppet-apply and puppet functional
tests, and removes the infracloud-specific data from the public hiera.
Additionally stop the puppetmaster from trying to run the infracloud
ansible playbook and finally remove the chocolate region from nodepool's
clouds.yaml (vanilla was already done).
This patch leaves the run_infracloud.sh script and the
infracloud-specific ansible playbooks as well as the infracloud
manifests in the openstack_project puppet module. It's possible those
tools could come in handy in the future if we ever have another
infracloud, and leaving those tools in place doesn't add confusion about
which hosts are actually active nor does it leave cruft that gets
unnecessarily tested.
Change-Id: Ic760cc55f8e17fa7f39f2dd0433f5560aa8e2d65
In order to provide useful URLs in E-mail notifications, set the
default_url for the openstack_project::storyboard class.
Change-Id: I70cc33e73b3cff6855270d46e1dd40940221b0d1
Depends-On: https://review.openstack.org/555237
Since we re-enabled the websockets port in change
Id9bb77ef9a2ac70eec74db4ea64423b5d6351a06 things having quite stable.
Connections to mosquitto over websockets hasn't crashed. Since things
have been stable this commit unblocks the tls websockets port for
firehose.o.o and switches it to the standard 443 for https instead of
the default 8080 we were using before. This should enable websites
trying to use the firehose over websockets from https server.
Change-Id: I1b08eabf22f5345a9b4ebfae5d3dab08270efbf9
The web related settings are relevant to zuul::web, not to zuul. Add
them here.
Change-Id: I7160826b9213f0c629374051f7c7043b553e00ed
Depends-On: https://review.openstack.org/557084
The referenced key has been added to hiera.
Change-Id: Id94db69498c462cb97c3721e96a645e5192a0b97
Depends-On: https://review.openstack.org/555968
Story: 2001382
Task: 6092
Copy/pasta from puppetmaster.o.o meant that we tried to put and use
the certificate in /etc/openstack/ which is not a thing on nodepool
nodes.
Fix that to be the right location and update the nodepool clouds.yaml.
Change-Id: Ib9c17a58fc2aa9ad5eb9091a6a3fd23ff5825731
Rather then creating per fqdn hiera entries for secrets, move to use a
group. This avoids the need to duplicate data.
Change-Id: I2208343b5281f70fc0850c0fe4e85038a53ed189
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This makes the credentials available so nodepool launcher and builder
can use them.
The limestone credentials have been added to hiera for the nodepool
group.
Change-Id: Idb56db19110e6b30f6231869ff278b90caf99f4b
This will allow us to bootstrap a server with gerrit users, then
attach the volumes with hold the git repos for gerrit, then we can
remove this flag and properly puppet the rest of the server.
We also create a 2nd node in site.pp as we need both server to be
online for about 2 weeks, this is to give users enough time to make
firewall changes if needed for the new IP address
Related-to: I9159c941ece4f6928204601b9933d7a953baa2dd
Change-Id: I88826298818a690d4c98b60a9fbf444fba48cef6
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Now that volumes have been attached to review-dev01.o.o, allow puppet
to finish the gerrit configuration.
Change-Id: I392b26fcb3a787dc1a3022b0c3a6d0f9758526f6
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This will allow us to bootstrap a server with gerrit users, then
attach the volumes with hold the git repos for gerrit, then we can
remove this flag and properly puppet the rest of the server.
Change-Id: I9159c941ece4f6928204601b9933d7a953baa2dd
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
