There are no diffs in the template files between v1.14.5 and v1.14.6.
This should be a safe update.
Upstream indicates bugfixes around cancelling batched file catting as
well as security updates around jwt and auth.
Change-Id: I2799c62bb3f1fb5e62fc6e3773ec8b9a38ceddfa
This appears to give a unicode error; but also looking at the access
patterns it seems to serve no good purpose but to be a target for
bots and other odd behaviour. Block it from apache.
Change-Id: I3a9d4a0161eef34ffe39cf4feb9ab2af561684ca
We had an image promote failure for python-base:3.8. Due to docker
hub making it very difficult to know if old tags have been cleaned up we
are not sure that reenqueing the previous chagne to zuul will do the
right thing. It may downgrade the latest tag on some of our images. To
avoid any confusion over what is latest we just have zuul build new
images and promote them again.
Change-Id: Iaa859396030f1110b43788e73e9644a97e2ada9b
Upstream stable-3.2 and stable-3.3 branches have been fixed to allow us
to use the mariadb jdbc connector. The previous change has updated our
images to ensure they include this fix. We can now update the config to
use the mariadb connector.
Change-Id: I43ac20d601ff88e42f0d20387fc6ad8842ab8244
We upstreamed fixes for the mariadb jdbc connector and users being able
to orphan their accounts through accidental deletion of their openid
external ids. These fixes are now present in both the stable-3.2 and
stable-3.3 branches of gerrit. We should rebuild these images to ensure
our images include the fixes.
Note that stable-3.4 does not yet include these fixes but should in
time.
We will update our jdbc connection url in a followup change as we don't
auto update our images. This way we can ensure that the new image is
ready to go before updating that config.
Change-Id: Id23215ddfb3bd4424109e77ecd3480ed2375431d
Previously we were hacking the gitea web ui to transfer repo ownership
and to rename repos within an org. We believe this was necessary because
there was no REST API ability to do this. Now we have the ability to do
this via the REST API and in addition a new Gitea release will break our
web ui hijacking.
Update the project renaming playbook to use the REST API as it is
simpler to use and should be more reliable over time as it is versioned.
Change-Id: Idd8326a4891df6bdd47422e2a73880aa053380f5
We are looking ahead to rebuilding a number of our images for services
like Zuul, Gerrit, and Gitea to do things like check zuul v5 efforts,
fix gerrit bugs, and upgrade gitea to a new version. Ensuring that we
have an up to date base platform seems like a good idea as a result.
Change-Id: I4262b8aa1759eaae85e5429c5a5097397152afa5
The bot is supposed to create the filesystem director for the room
path when joining, but it may have done so with a relative path
instead of the full path that is actually used for logging.
Change-Id: I8c9c19a12eb2b85797ade75358859dc06b81b0b6
Mailman's newlist command helpfully prompts on the TTY waiting for
the user to press enter so that a message will be sent to the list
admin containing the initial configuration password or ctrl-C to
abort notifying. Unfortunately, Ansible's command tasks look enough
like an interactive TTY to confuse newlist into thinking it should
do the same when orchestrated. Pass an empty stdin as part of the
task to work around this.
We didn't encounter the issue in our test jobs, because we avoid
sending notifications by passing newlist a --quiet option which
skips that step, and thus the problematic prompting behavior we
observed in production deployment.
Change-Id: I345bda61802f93a52386b7d3057163e30f0e1b65
This tests that we can rename both the project and the org the project
lives in. Should just add a bit more robustness to our testing.
Change-Id: I0914e864c787b1dba175e0fabf6ab2648a554d16
According to upstream gitea nodejs 16 has broken them and there isn't
much they can do other than using nodejs 14 for the moment. Use 14 in
our image builds to keep our dockerfile buildable.
See https://github.com/go-gitea/gitea/issues/16604 for more info.
Change-Id: I143c3e67f354d220614136905e8b598cd6d2ad61
Thin runs the new matrix-eavesdrop bot on the eavesdrop server.
It will write logs out to the limnoria logs directory, which is mounted
inside the container.
Change-Id: I867eec692f63099b295a37a028ee096c24109a2e
It would be useful to test our rename playbook against gitea and gerrit
when we make changes to these related playbooks, roles, and docker
images. To do this we need to converge our test and production setups
for gerrit a bit more. We create an openstack-project-creator account in
the test gerrit to match prod and we have rename_repos.yaml talk to
localhost for gerrit ssh commands.
With that done we can run the rename_repos.yaml playbook from
test-gitea.yaml and test-gerrit.yaml to help ensure the playbook
functions as expected against these services.
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Change-Id: I49ffaf86828e87705da303f40ad4a86be030c709
Add Bullsye testing, and also rename the "stable" jobs to codenames to
be clearer about what is being tested.
Change-Id: If2d31481f2e455b58729d581799ba752020fb3d1
It appears quay is now returning their own domain in their blob
redirects. We currently don't cache it so in order for it to work we
need to add cdn01.quay.io and cdn02.quay.io to the proxy config
Change-Id: I2b603d6a5d057e388d473f71bfbaf822d65dd4e1
This is a small update to gitea after the previous update. This is
relatively recent and since we had tested the prior upgrade I figured we
can do this as a followup. None of the template files seem to have
deltas between 1.14.4 and 1.14.5 which means if 1.14.4 deploys sanely
then I expect this one will too.
Change-Id: I4472d5973d8104a63f16092a2804fabd3e9fa954
After I replace the docker packages some services I thought would come
back did not.
Lodegit seems to be an oversight, add restart always.
Also make sure the ZK containers start themselves.
I believe with Gerrit we've made the choice to not start automatically
due to the general high-touch nature of restarts. Keep the database
consistent and remove the auto restart there.
Change-Id: I98fa3055ac269564ed96570df0700b2aad24e4d2
With our system-config-run gerrit/review jobs we have much less need
for a dedicated server to stage changes on. Remove in prepartion of
server cleanup.
Change-Id: I9430f7a2432324a184e3a4f7e41f9e5150c0200c
This trims out old Fedora and SLES content from our yum-puppetlabs repo.
I think that Fedora might not be used at all but we can clean that up in
a followon as we get a better grasp of how this is used.
Change-Id: I53a9b6cb529f0d3e3822864aca7725a222c78113
