This manages the clouds.yaml files in ansible so that we can get them
updated automatically on bridge.openstack.org (which does not puppet).
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Depends-On: https://review.openstack.org/598378
Change-Id: I2071f2593f57024bc985e18eaf1ffbf6f3d38140
In order to talk to limestone clouds we need to configure a custom CA.
Do this in ansible instead of puppet.
A followup should add writing out clouds.yaml files.
Change-Id: I355df1efb31feb31e039040da4ca6088ea632b7e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
We copied this over from puppetmaster, but let's manage it in ansible.
The key has been renamed in host_vars on bridge.openstack.org already.
Change-Id: Ia102dbe2ae2836880092b8997cb99135f5197b00
We have a bunch of this handled now in ansible, so remove the old stuff.
Remove puppetmaster group management files. It's confusing for there to
be two files. Remove the old one.
Remove mqtt config. This isn't really a thing currently, and we're
eyeing running things from zuul anyway, so no need to port to ansible.
Change-Id: I8b64d21eadcc4a08bd5e5440fc5f756ae5bcd46b
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
stackalytics.openstack.org does not resolve and seems very dead. Remove
its node from site.pp and remove it from the docs to avoid confusion
about what servers we're really managing. We can always add it back when
the time comes to try again.
Change-Id: I733130ebe97ae7e06ca57b3c8e3a8708fcfa069c
The odsreg.openstack.org server was removed from service 2018-01-11,
and should also be cleared from our global site manifest. It was the
only thing utilizing the puppet-odsreg module, so we can take that
out of the modules list as well (that will be retired separately).
Change-Id: Iadfddb3bf57428b928cacaaa672e24c4a1e92058
This is just a zookeeper server now, so doesn't need all these
passwords, a cloud.yaml file or a launcher-esque deployment.
Change-Id: I3cb20d9c8af150ecdc1fb0a16208a774e3fb530f
Generating a openstack-infra specific version of this file was
deprecated with change I6fdc3b622454b069f3ad2cf42da584d8df23a110 when
build logs was moved out of Python logging.
This means (post the depends-on) the file is exactly as kept in
puppet-nodepool. Remove the system-config template and just use that.
Depends-On: https://review.openstack.org/586231
Change-Id: I2db37868be12c146678f1c8934db80050c788540
We need to wrap the hostnames/ips with []s and supply the port numbers
for the files to be effective with paramiko.
Change-Id: Iab12951a828b7c27ef2255137a6bc0b69ca3a770
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I846983e873072c2235a4c49e36f602a47d06cfce
This brings online our 11th zuul-executor, and opens the required
firewall ports.
Change-Id: If0ee569a2d14caeeb912b7382160f47d460650ab
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The refstack puppetry is set up to use snakeoil certs by default which
is great for bootstrapping; however, our production instance has real
certificate issued to it and we shouldn't write that to the snakeoil
cerrt files to avoid confusion.
Specificy refstack specific certificate, key, and intermediate chain
file locations to clean this up and allow us to revert our snakeoil
certs to proper untrusted self signed certs.
Change-Id: Ibbcdd93a2ae38d9063b1f88f90ebdaadcac9b585
Packet Host and Platform 9 have generously agreed to donate some
compute resources to our testing efforts. Add Nodepool and
Puppetmaster credentials for them.
Change-Id: I705c4204abca060c35a1a417791a67229b78cd02
Apply the review.o.o ssh rsa host key to all of our active zuul servers.
Update the ip addresses in that host key entry to reflect the current
server's IP addrs too.
Change-Id: I147ff0b9547f2cee36d7c56c8f5352ece8a4ec82
This reverts commit c7bb14bba6ec00fff61879154a3f5f143c98767b.
SSH connectivity isn't quite working yet. Revert until we can get that
sorted out.
Change-Id: If2a88a61ed592f927980c71486ed0b7e3cb848d0
Open the firewall port for mirror-update so we can start logging some
stats about AFS partition and volume usage, initially for a grafana
dashboard.
Change-Id: I361e7213ed4b4ed4d3fcc8fdbee06e2fe677934a
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I840b24ebe52c50840180f2dda40a3f8669baa347
We want this more for it's transparent-cache busting effects than
security, but we live in a https world. This starts with self-signed
certificates, which might even be enough as it is really only
developers who are interested in build logs and test images.
Change-Id: Ifd5823ff51de40226c72930c69faf50b677a7dfe
Depends-On: https://review.openstack.org/569007
Alias the zuulci.org and www.zuulci.org typos to the zuul-ci.org
site, now that we serve the domain for them from our nameservers.
The openstack_project::website class will automatically perform a
permanent redirect to the canonical site name.
Change-Id: I02ff1caf874bb1b922afaf9f60eca53c4f53aee6
In an effort to thwart egregious typosquatting, host a zuulci.org
domain which will serve as an alias for the canonical zuul-ci.org.
Change-Id: If878ab310acd513d981fd37e954b0abeb7a7ed76
Depends-On: https://review.openstack.org/568661
All of these servers have been migrated to ubuntu-xenial.
Change-Id: Ib5f08879ecce5d26bdaed2d34e8b537be54c25c5
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Now that volumes have been attached to review01.o.o, allow puppet
to finish the gerrit configuration.
Change-Id: I710bb46f0daf5494c7b3f7ccbe5adbb6dcde153d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Infracloud is sadly deceased. The upside is we can delete a lot of code
we don't need anymore. This patch removes infracloud nodes from
site.pp so that the puppet-apply test no longer bothers to validate
them, removes the infracloud modules from modules.env so that we don't
bother to install those modules in puppet-apply and puppet functional
tests, and removes the infracloud-specific data from the public hiera.
Additionally stop the puppetmaster from trying to run the infracloud
ansible playbook and finally remove the chocolate region from nodepool's
clouds.yaml (vanilla was already done).
This patch leaves the run_infracloud.sh script and the
infracloud-specific ansible playbooks as well as the infracloud
manifests in the openstack_project puppet module. It's possible those
tools could come in handy in the future if we ever have another
infracloud, and leaving those tools in place doesn't add confusion about
which hosts are actually active nor does it leave cruft that gets
unnecessarily tested.
Change-Id: Ic760cc55f8e17fa7f39f2dd0433f5560aa8e2d65
In order to provide useful URLs in E-mail notifications, set the
default_url for the openstack_project::storyboard class.
Change-Id: I70cc33e73b3cff6855270d46e1dd40940221b0d1
Depends-On: https://review.openstack.org/555237
Since we re-enabled the websockets port in change
Id9bb77ef9a2ac70eec74db4ea64423b5d6351a06 things having quite stable.
Connections to mosquitto over websockets hasn't crashed. Since things
have been stable this commit unblocks the tls websockets port for
firehose.o.o and switches it to the standard 443 for https instead of
the default 8080 we were using before. This should enable websites
trying to use the firehose over websockets from https server.
Change-Id: I1b08eabf22f5345a9b4ebfae5d3dab08270efbf9
The web related settings are relevant to zuul::web, not to zuul. Add
them here.
Change-Id: I7160826b9213f0c629374051f7c7043b553e00ed
Depends-On: https://review.openstack.org/557084
The referenced key has been added to hiera.
Change-Id: Id94db69498c462cb97c3721e96a645e5192a0b97
Depends-On: https://review.openstack.org/555968
Story: 2001382
Task: 6092
Copy/pasta from puppetmaster.o.o meant that we tried to put and use
the certificate in /etc/openstack/ which is not a thing on nodepool
nodes.
Fix that to be the right location and update the nodepool clouds.yaml.
Change-Id: Ib9c17a58fc2aa9ad5eb9091a6a3fd23ff5825731
Rather then creating per fqdn hiera entries for secrets, move to use a
group. This avoids the need to duplicate data.
Change-Id: I2208343b5281f70fc0850c0fe4e85038a53ed189
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
