Upstream likes building the settings file into the image, but that's
less exciting, let's bind-mount ours in.
Depends-On: https://review.opendev.org/717491/
Change-Id: Ia1894d884ef2a84e1282345b77fe07bf8898f367
We are starting over with the container nodepool host, and also moving
it to "nb04" to avoid any possibility of conflicting with the
short-hostname of nb01.openstack.org.
Story: #2007407
Task: #39064
Depends-On: https://review.opendev.org/713575
Depends-On: https://review.opendev.org/713571
Change-Id: I18ab9834ad4da201774e0abef56f618cd7839d36
This adds the Open Edge (formerly Fortnebula) CI mirror.
Change-Id: I1ccf2a602f8a41e00bc64a9516a326cc07d9b254
Depends-On: https://review.opendev.org/711787
Sister change for Ia5caff34d3fafaffc459e7572a4eef6bd94422ea and
removing earlier references to the mirror server in preparation for
building and adding the new one.
Change-Id: I7d506be85326835d5e77a0c9c461f2d457b1dfd3
This adds a mirror to the new airship citycloud region. Add the host to
the inventory and add necessary host vars for LE setup.
Depends-On: https://review.opendev.org/706573
Change-Id: I33cefe914911b4f5ce5e09e0329ba48e039ede64
Due to persistent, unresolved network issues between the London and US
cloud (that don't appear to happen the other way), we have decided on
a hard Brexit for nb03.o.o and started a new server in the US cloud :)
Change-Id: I6557a9f272351578216bc525b6ddaffcf625f9f3
Add a new review-dev server on the opendev domain with LE support
enabled.
Depends-On: https://review.opendev.org/705661
Change-Id: Ie32124cd617e9986602301f230e83bb138524fdf
Add this host for serving content from AFS.
The
_acme-challenge.governance.openstack.org
_acme-challenge.security.openstack.org
CNAMES should be in place for creating the certificates (added with
Ie1b92f06b71aa6069fe831b26ba1cc272ce4562c).
Also add a cert for the base server (static.opendev.org) since we
added the DNS entries for it.
Change-Id: I55e0ac7487b02f9a816ac486ed01b73f82b391a5
Story: #2006598
Task: #37757
Depends-On: https://review.opendev.org/704469
We are replacing the inap mirror with an bigger instance. The reason for
this is our cinder volume throughput hasn't been quick enough and mgagne
says that we'll get the best performance via local disk. In order to
host the caches we have on local disk we need a bigger root device which
means a bigger flavor.
Change-Id: Id7e641e3b62400f4e1181ef6763a51b9d1e9068c
This server is a replacement for the .openstack.org version, which no
longer exists.
Depends-On: https://review.opendev.org/690767
Change-Id: I0d2eeb609219ad96db39d1d59b99ae376419df0e
In order to confirm configuration management is working cleanly for
wiki-dev.openstack.org deployments, a new wiki-dev03 has been built
and the old wiki-dev02 deleted. These are not production hosts so
this change can be merged at any time. DNS has also been updated for
them accordingly.
Change-Id: I61ae138b10d51caef2cdd26ca8adaf9d59728ac8
This is a new backup server for use with the roles in
I9bf74df351e056791ed817180436617048224d2c
Restrict the puppet group to only the openstack.org servers as this
new server doesn't need puppet.
Depends-On: https://review.opendev.org/674549
Change-Id: Ia8e2e01f579ed9475830c159bf266b63bed52c36
Networking got weird on the previous host so we rebuilt this one going
back to networking we expect to work (FIPs and all that). This updates
the inventory so that we configure the host properly.
Change-Id: I0dcdbc9efdd330d66b57da0b01d23dd3d747f79b
Add new IP addresses to inventory for the rebuilds, but don't
reactivate them in the haproxy pools yet (they're already excluded
from the repository creation task).
Change-Id: I1e3fc1ba56015eeab2c6256b3f90188ecabf23cc
Add the gitea05.opendev.org server into the haproxy pools now that
it's been seeded with current data. Switch the create repos task
disable list from 05 to 07 and 08, and remove 07 and 08 from the
Ansible inventory and comment them out in the haproxy pools in
preparation for replacement.
To the casual observer it may appear gitea06 is being skipped, but
it was replaced first out of sequence due to filesystem corruption
during the PTG. The increased performance of the 75% of the nodes
which have already been replaced means we can get by doing the final
25% at the same time (so two servers at once).
Change-Id: Ia49157c16582b7ed0dbef3eb9d07bf7f1d4450b9
The fortnebula mirror is being rebuilt while the environment there
is under some refactoring. The old mirror isn't reachable any longer
so removing it from our inventory while adding its replacement
should be safe.
Also update the letsencrypt playbooks for the new name.
Change-Id: I789248e4216f4cf059ccc5b071c2a784f9c629e9
Add new IP addresses to inventory for the rebuild, but don't
reactivate it in the haproxy pools yet (it's already excluded from
the repository creation task).
Change-Id: I36c188992f4787d4e7c5c952eac5fb0bbdc5a627
Add the gitea04.opendev.org server into the haproxy pools now that
it's been seeded with current data. Switch the create repos task
disable list from 04 to 05, and remove 05 from the Ansible inventory
and comment it out in the haproxy pools in preparation for
replacement.
Change-Id: I4cd1fef399e527771a26efee8a39952694f3ce6b
Add new IP addresses to inventory for the rebuild, but don't
reactivate it in the haproxy pools yet (it's already excluded from
the repository creation task).
Change-Id: I8b43c6f9cb41452c7f64862a2b401dc0d1b7ef3d
Add the gitea03.opendev.org server into the haproxy pools now that
it's been seeded with current data. Switch the create repos task
disable list from 03 to 04, and remove 04 from the Ansible inventory
and comment it out in the haproxy pools in preparation for
replacement.
Change-Id: Id5817f8265996862a7e0810b9fb9e3d78be5d066
Add new IP addresses to inventory for the rebuild, but don't
reactivate it in the haproxy pools yet (it's already excluded from
the repository creation task).
Change-Id: Id4076e179bee82b03822f59803865eaa60118334
Add the gitea02.opendev.org server into the haproxy pools now that
it's been seeded with current data. Switch the create repos task
disable list from 02 to 03, and remove 03 from the Ansible inventory
and comment it out in the haproxy pools in preparation for
replacement.
Change-Id: I4b51291311064c60d4bb2d90bec6e5cb90a54f3c
Add new IP addresses to inventory for the rebuild, but don't
reactivate it in the haproxy pools yet. Also switch the exclusion
for 01 to 02 for the repository creation task.
Change-Id: I6c4a437316627a723e6bb6c15fdce86a5e847042
The global inventory is used when launching nodes so if we want to
replace a server we have to remove it from the inventory first. This is
that step for replacing gitea02.
Note that when adding it back for the new server there are some edits to
make to the playbooks as noted in the gitea sysadmin docs.
We do also remove this instance from haproxy as well to prevent unwanted
connections while we flip things over.
Change-Id: I53a3f517d46d046cb59e3185ca19ba3df55d8466
Add new IP addresses to inventory for the rebuild, but don't
reactivate it in the haproxy pools yet.
Note this switches the gitea testing to use a host called gitea99 so
that it doesn't conflict with our changes of the production hosts.
Change-Id: I9779e16cca423bcf514dd3a8d9f14e91d43f1ca3
The global inventory is used when launching nodes so if we want to
replace a server we have to remove it from the inventory first. This is
that step for replacing gitea01.
Note that when adding it back for the new server there are some edits to
make to the playbooks as noted in the gitea sysadmin docs.
We do also remove this instance from haproxy as well to prevent unwanted
connections while we flip things over.
Change-Id: If32405b1302353f1f262a30b7392533f86fec1e4
Note we depends on the DNS updates so that LE cert provisioning works
on the first pass.
Depends-On: https://review.opendev.org/668929
Change-Id: I953938b77bfce67be0cb55af5cf4bd64044100f4
Add the new mirror-update server as a follow-on to
I525ac18b55f0e11b0a541b51fa97ee5d6512bf70.
Also ensure that the new mirror server isn't in the puppet groups by
only matching the openstack.org one.
Also remove from the afsadmin group. This group is only used for
keytabs stored on bridge.o.o. I don't think that we need group for
the keytabs -- a keytab should only ever be in use on one host at a
time, so we are better off keeping the keytabs in a specific host_var
for the host they are used on, rather than being in a group and
possibly deployed on servers where they are not used.
Depends-On: https://review.opendev.org/668610
Change-Id: Icda92bb234adc00f6718c1c656e8f069ce2704c4
This mirror will be manually configured with kafs (see
https://review.opendev.org/623974). This should be a nice distant
geographic counterpoint to the IAD RAX server.
This will need to be manually configured with a custom kernel for now,
but fixes are making their way upstream and this host will be
converted when available.
Depends-On: https://review.opendev.org/667529
Change-Id: I6a22933029c096c781c93c33e6edf03bf59223c9
We add the new host so that it will get configured as a gitea backend
server. We exclude this server from the list of gitea hosts to configure
git repos on because we want to recover its DB from one of the other
sibling nodes first. This should preserve the http redirects for us.
Once we have the db recovered we can enable replication from gerrit then
readd this host to the haproxy load balancer.
Change-Id: Ia2a98e5ded43cad044db36ca8d0da5a96277afee
Note we don't fully remove it from cacti and hiera and so on because we
are replacing this server and we just want ansible to ignore the old
gitea06 for a bit while we bootstrap the new server.
Change-Id: Iaa89e77c055d8099a7d3d511723782fead43ce74
Fix for I0e55d2c575427e404709e78d0c7a10a974117ac4 ... how this passed
gate testing to be determined ...
Change-Id: I834411ef2dee458ae15fb99a3c88b6d2fee4cf1e
This removes the groups servers from our inventory as well as our
manifests/modules. We don't run the groups service anymore as many
groups migrated to meetup.com independent of us and the others have
transitioned there.
Change-Id: I7cb76611e6d30e7189821923f36a38dec9ea7241
