In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
Puppet board has replaced puppet dashboard. Remove reference to puppet
dashboard as it shouldn't be used.
Change-Id: I5eeee2984729ef5d1b883b4762347d19786e28ed
In anticipation of driving puppet over ssh, we need keys on the hosts
and the scripts on the master. Don't turn them on yet, because we want
to be able to do some by-hand testing of the mechanism.
Change-Id: I2c353777e2f8fb5a2e733ce405ba40427ce901e5
Zuul should use a dedicated ssh key rather than piggy backing off of the
jenkins ssh key. This change makes this distinction clear and removes
one zuul use of the jenkins ssh key that is not necessary.
Change-Id: I74c811a8bf94838b285791e158f4e468513eaa3e
Switch all jenkins proposal jobs to a dedicated user with dedicated
credentials. This is being done to be more flexible and secure when it
comes to managing the scripts that make proposals to gerrit.
Change-Id: I2dbdd530bf5b64c14207f645512a1eb319681166
Make it easier to deploy jenkins masters by using snakeoil certs on
numbered jenkins masters. This also simplifies the process of replacing
certs as make-ssl-cert can easily regenerate snakeoil certs for us.
Change-Id: I4966b1e502e0edf4f6fad25f06b9bacca25c5951
Add two puppet hiera variables to override defaults for
openstackid-dev in site.pp to access remote user profile database
(mysql_user, db_name). Now we can use the following
mysql parameters for connection:
- openstackid_dev_ss_mysql_host: mysql host
- openstackid_dev_ss_mysql_password: password for mysql account
- openstackid_dev_ss_mysql_user: user name of mysql account
- openstackid_dev_ss_db_name: database name
Change-Id: Ied0e3918d117c13ef53763461242e5380f0bab00
SERVER: Invalid relationship: File[/var/lib/jenkins/hudson.plugins.gearman.GearmanPluginConfig.xml] { require => Class[Zuul] }, because Class[Zuul]doesn't seem to be in the catalog
This reverts commit 2a9cd677e4eb6a60787ebc73bd8fd9e1b6f26b34
Run it whenever there is a change to the YAML channel config.
The script will ensure everyone listed in global has those perms
and anyone else found with access on a channel will be left as-is
except that their access will be limited to the relevant mask.
Move it and the previous change to add a permission checking
script into a new module, 'accessbot'.
Support SSL in both scripts.
Add a 1 second sleep in the check script to avoid flood protection.
Add all known channels to the channel config.
Closes-Bug: 1190296
Change-Id: I5072cb56ae83a70f4fa955362b8db909b2956d70
This moves git01.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: I84a3b2710edd96087a29735ca26863c75eb5023d
This moves git02.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: I8d0cc04ac6429a7780020242c9cc1ff2f0126b6e
This moves git03.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: Id4ab17d959fb6b7ab959fffca061b2c246a73b79
This moves git04.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: Ib15fe65bfd7e8099ae7ec1f4c9b08a15c4a7956e
Now that the new elasticsearch cluster members are joined, we need
to move the primary discover node from elasticsearch.openstack.org
to one of the new servers before we can remove it from service.
Change-Id: I79fe4e2154def6b0404b6620601f4a02b63fee8a
Kibana seems to be the only module using this list, and by default
it will try to query any nodes in this list even if they've been
pulled from service. Preemptively remove them from its configuration
so that it will continue to perform queries correctly.
Change-Id: Iecdc3414dec7ed2816b5a68a3398b0643fccaf31
Once the git repositories on git05 are replicated from
review.openstack.org and confirmed in sync, merge this to add it to
the farm.
Change-Id: I6bc87957ff9ba7983c48ce156ab7658a9ab8a5ad
Add the actual elasticsearch module and associated parameters to the
new worker nodes, and put them in the node and discovery lists.
Change-Id: I0b55e4c5c8a3f0864dab2b2bf7f498b65bc20fd2
Temporarily leave the old node names in place with an override to
16g heap size, but pass the openstack_project default of 30g into
the elasticsearch module as a new variable. Also don't actually
configure the new servers to install and run elasticsearch yet,
since there are manual steps needed to prep the additional block
devices on them.
Change-Id: I9fca2115c8996ae2f1a6c605bcdf16a8b6342a24
Implements: blueprint openid-oauth2-infra-implementation-puppet-script
Prepares a raw server with all software stack needed to run
openstackid project:
* installs PHP
* installs Apache
* installs Redis Server
* creates a initial environment configuration for laravel application
(using *.erb templates)
Change-Id: If6216da0d70a45609076e8111a67055dbc87c9e4
The following items were missing from an automated zuul install:
* A pre-populated known hosts file
* The git user/email for creating commits (.gitconfig existed
on zuul.o.o, but switch to using zuul's config file instead).
Also, make sure that the mergers specify the zuul server as the
gearman server address rather than localhost.
Change-Id: I47a473f60c4b5b2daaa910aa61cdf6e0c6fe1528
Remove obsolete config options from zuul module.
The server and merger classes are constructed so that they
may coexist on a single server. Also, the init section is
constructed so that it will install everything needed for
both services but without activating them (leaving maximum
flexibility for the operator).
Change-Id: I7b86fbbe4611c5edfb463a0a6944e0717f664188
This brings in the puppetdb module via install_modules.sh and
creates a new class, openstack_project::puppetdb. It was modeled
on openstack_project::puppetmaster. Note that this will not enable
puppetdb to participate in the Puppet ecosystem yet. An additional
class will have to be added to the master:
class { 'puppetdb::master::config':
puppetdb_server => 'puppetdb',
}
I will leave this out of this change so we can bring up puppetdb in
stages.
This paves the way for puppetboard to be brought online.
Change-Id: I8194372bd31e08f12a815fd04dcdf338565ed911
The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound
ssh-based replication is currently just kinda there by hand. Add management
of the files there.
Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522
Closes-Bug: 1209464
