This will allow Kolla to run Ubuntu/arm64 CI jobs.
https://review.opendev.org/701121 fails without it.
Change-Id: Ia697fa4ceb8bfb0ee879e167a3b9d7c4b2e50807
Ceph Nautilus is released and the official mirror
is available. This adds the Ceph Nautilus mirror
so we can sync it for Stretch and Bionic.
Based on the same change that was done when Mimic
was released [1]
[1] https://review.opendev.org/#/c/571989/
Change-Id: I9424d1f4df58acde8ea70dc16283d4de89189bae
Sharing an updates file between the Debian and Ubuntu reprepro runs
causes some warnings, and is generally just unclean. They use
different release naming and repositories, so should just have
separate updates files to track them (they're already separate on
the server, they were just being copied from the same source file in
the module).
While here, remove the label and suite parameters from the Debian
reprepro distribution templates, as they're unnecessary and
potentially confusing (job nodes should never be relying on the
suite names as they change at the next release).
Also allow signatures from subkeys of the listed keys to be
sufficient to verify the debian-security mirror's release files,
like we do for the debian mirror.
Change-Id: Id0ff476864f936bbd7c4637f3dc9e2c219c6e465
This change adds a proxy config for quay which should assist
us when gating using images provided by the publically
available registry.
Change-Id: I971705e59724e70bd9d42a6920cf4f883556f673
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This is a follow on to I67870f6d439af2d2a63a5048ef52cecff3e75275 to do
the same for files.openstack.org (as
http://files.openstack.org/mirror/logs/ is a handy central place to
point people at)
Change-Id: I07c707d45ab3e3c6f87460b3346efd7026467c56
This change adds a proxy config for registry.access.redhat which should
assist us when gating using images provided by the publically available
registry.
Change-Id: Ica7477d63659610de852d305a63f3e78d0dd8c4f
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This reverts commit b3ce1c52dc7ca455ffd94ea07d8a4fb1b6905fa8.
It removed the AFS mirror at the same time it added the proxy,
but jobs don't know to look for the proxy since it's on a
totally different TCP port.
Change-Id: I87cc03eb3322bd7b093dd6fe798aadb48f319805
To deal with puppet scoping fun we evaluate the template for our
files.o.o website vhosts in the context of the website define and not in
the context of httpd::vhost.
Change-Id: I90bb881eb6ad78cede3a8a2548e1dfcf24e1160b
It doesn't seem like this is used anymore. Let's remove it before
we update the rest of this, so that we don't have to, you know,
update abandoned things.
Change-Id: I1c3708021046a428da82eaa843961091915ba4af
Tumbleweed is only rarely used in the openStack CI, so mirroring it
fully is not worth the time/space overhead. a caching proxy
should be good enough. Add it to the directories to clean up
and remove the older entries because they will no longer be
matching.
Change-Id: I987da098cf4a7330cdec8da9ae3cfbff2f330bf8
There are many references to review.openstack.org, and while the
redirect should work, we can also go ahead and fix them.
Change-Id: I28f398796a6392a3dffea1d25cfe2ae3a36a3589
The server has been removed, remove it from inventory.
While we're here, s/graphite.openstack.org/graphite.opendev.org/'
... it's a CNAME redirect but we might as well clean up.
Change-Id: I36c951c85316cd65dde748b1e50ffa2e058c9a88
This is part of the opendev git hosting transition. We do this on
review.opendev.org/review.openstack.org and not files.openstack.org so
that ssh connections continue to work. This will need to be applied
during the maintenance window.
This also updates the canonical urls and logo.
Change-Id: I5bf4dcd6835e379fcdd2d55393c5a844578074a9
This created confusion when updating configs to handle journald. Remove
the unused files and update docs to point at the proper config location.
Change-Id: Ifd8d8868b124b72a86cf7b5acb30480e72b903ed
In implementing the library to consume the service-types data, it became
clear that the behavior could be much more consistent across
implementations if we set cache-control headers. This allows a combined
ETag and time-based approach, so that the data will only be fetched if
it has a stale etag, but it will only be checked for staleness once a
week. Since the data in question is expected to change only rarely, and
then only in additive ways, this should allow pervassive use of the data
without significant cost to the API consumer.
Change-Id: I6de3c79e22fdea9bf70fd725447ca7141af80b50
This is a follow-on to I39cb9dc0aa52cf5b20545baf4acacc21c5459f2a; as
buster has no backports we need to skip this in the reprepro
configuration. It's a bit hacky, but we can revert when it is
available.
Change-Id: I60e231f23999d0af9c899a30822c71702befb2bd
For our git redirect virtualhosts, allow the full set of mod_rewrite
directives. These are entirely under our static control, so should
be safe.
Change-Id: Ia9c12ccc42ea157ebc4e3060841f1ab2d13008a3
As part of the move to Gitea, we're creating compatibility redirects
from our old Cgit and Git HTTP backend sites to opendev.org. This
introduces Apache vhosts for each of git.airshipit.org,
git.openstack.org, git.starlingx.io and git.zuul-ci.org which all
serve the same docroot on the files.openstack.org server. This
docroot houses a single .htaccess file with the relevant redirect
rules.
Change-Id: I729fe39bcbe0a0cae237e9036ed8fa980f897e68
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Task: #29705
The current static-https-redirect.vhost config doesn't allow publishing
a .htaccess file in order to setup redirects. We do use redirects on
sites that share data over both http and https.
This change enables the same options for static https sites.
The motivation is to allow release.o.o to use .htacces to provide
static, human friendly URLs for constraints that persist after branch
deletion in the openstack/requirements Repo.
See: http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002682.html
Note: in that discussion I tested with RewriteRule but Redirect work and
that is what I'm proposing.
Change-Id: I4d3abd46eb15d5e116c832e7393ec1ec4cb6866b
Our proxy was always returning 404 on content blobs because the
CDN part of the proxy was not matching since it appeared after
a greedier match.
Change-Id: Ie88a0e1f554922f6328809b3d96266cc7a20152b
This sets our testing to test pbx manifest on xenial and adds a hiera
group called pbx to the servers so we can properly do servernames with
digits and have common config in hiera.
Change-Id: I8c3096d18fe318c6ca206203de0ac984c8934566
With the move to Puppet 4, vhost config templates fail to find
relative references to class parameters within a vhost resource
scope. Be explicit about the scope for the auth_openid parameter in
the survey class from within its associated vhost config template so
that it will be correctly found.
Change-Id: I7c769849449b304193e3eb41d129364817d7db1f
Newer pip sets cache-control: max-age=0 on requests for pypi indexes.
This tells the proxy cache not to serve the index content from the
cache. Unfortauntely this then means we fail to get this data which
could be cached if we can't talk to the backend for some reason.
By default pypi seems to set a 600 second max-age on these indexes which
should be far better than not caching at all. So set the config to have
apache ignore client side max-age and other cache disabling directives.
Change-Id: I2da7006dcd8a8f4212f5e766ef35ba7b98177ed0
OpenStack Ansible uses this repo to install LXC on CentOS as they
do not ship with the distribution packages.
They're not so reliable so its' good to get them monitored.
Change-Id: I011c7a0455e4853e582ed437204e94b6bcc73b3f
This manages the clouds.yaml files in ansible so that we can get them
updated automatically on bridge.openstack.org (which does not puppet).
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Depends-On: https://review.openstack.org/598378
Change-Id: I2071f2593f57024bc985e18eaf1ffbf6f3d38140
cbs.centos.org contains some repositories that TripleO project is
interested to pull packages from, having a mirror would ensure more
stability in the gate.
Change-Id: I6337b73703c3cecab714a2fa2de3884c96f1216a
This is just a zookeeper server now, so doesn't need all these
passwords, a cloud.yaml file or a launcher-esque deployment.
Change-Id: I3cb20d9c8af150ecdc1fb0a16208a774e3fb530f
Generating a openstack-infra specific version of this file was
deprecated with change I6fdc3b622454b069f3ad2cf42da584d8df23a110 when
build logs was moved out of Python logging.
This means (post the depends-on) the file is exactly as kept in
puppet-nodepool. Remove the system-config template and just use that.
Depends-On: https://review.openstack.org/586231
Change-Id: I2db37868be12c146678f1c8934db80050c788540
To avoid the cost of converting nodepool image from qcow2 to raw on
compute nodes, just upload raw images (not qcow2).
Change-Id: I325af734f843fc618a40ca992a0086ffb1c21cfd
Depends-On: https://review.openstack.org/585838
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
There is a bug in sdk that is being fixed that causes auth discovery to
work improperly. Setting auth_type to password works around it.
Change-Id: Id8e8fe82827987660c4dc64bd9cf3d65ffd20cf4
