This will run the ua tool to attach an UA token and to enable the
esm-infra repos. We also update unattended upgrades to auto pull
security updates from the ESM repos.
Change-Id: Ifb487d12df7b799d5fd2973d56741e0757bc4d4f
With a pure javascript plugin, dropping a new file in the plugins/
directory and reloading the page is sufficient to see changes.
However, with .jar plugins (as zuul-summary-plugin now is) you need to
actually issue a reload, which requires the included permissions.
Enable it dev mode, which is where you'll very likely be trying to
iterate development with a change to a plugin. I don't think it's
really that dangerous for production, but traditionally it's been off
there so let's leave it like that.
While we're here, write out a little script to help you quickly deploy
a new .jar of the plugin when we're testing.
Change-Id: I57fa18755f8a8168da12c48f1f38d272da1c6599
We were using a loop index which meant for our cluster size of three we
would always assign server.1 through server.3. Unfortunately, as we
replace servers we may add notes with a myid value >3 which breaks when
we try to assign serverids in this way.
Fix it by using the calculation for myid in the peer listing.
Change-Id: Icf770c75cf3a84420116f47ad691d9f06191fb65
For reasons explained in [1] Debian's lsb_release.py on bullseye is
falling back to probing "apt-cache policy"
When (as currently), stretch is the testing release,
/etc/debian_version contains "stretch/sid", as shipped by
base-files. It is therefore impossible to rely on that file to
differentiate between a host running testing or unstable without
asking apt what is actually preferred when installing packages
(through parsing `apt-cache policy`). That's how `lsb-release --
codename` returns "sid" _xor_ "stretch".
The problem is, this parses the output of "apt-cache policy" which
fails for two reasons; firsly we have cleared out all the cache files,
so our hosts return anything until "apt-get update" is run, but
secondly because our mirrors do not have a "label" that matches in
this code at [2]
e.g. what we get out of "apt-cache policy" is
500 https://mirror.dfw.rax.opendev.org/debian bullseye/main amd64 Packages
release o=Debian,n=bullseye,c=main,b=amd64
origin mirror.dfw.rax.opendev.org
which is missing a "l=" field to make this parsing recognise it as a
valid source.
The label is set by reprepro [3]
Label
This optional field is simply copied into the Release files.
Add a label to make our mirrors look more like regular mirrors.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845651
[2] https://sources.debian.org/src/lsb/11.1.0/lsb_release.py/#L191
[3] https://manpages.debian.org/stretch/reprepro/reprepro.1.en.html
Change-Id: Id705acbb3a01f43ae635a24fa3c24d0a05bdaa16
We are doing this so that we can cleanup the private network + floating
IP setup that the existing mirror does. Once this new mirror is up and
happy we can cname to it and then clean up the old mirror and its
networking config. We do this in order to save an IP that the current
private network router is consuming.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/787628
Change-Id: I50c311087c6c28726e36913c7e081f3b3d0ee049
This adds the new inmotion cloud to clouds.yaml files and the cloud
launcher config. This cloud is running on an openstack as a service
platform so we have quite a bit of freedom to make changes here within
the resource limitations if necessary.
Change-Id: I2aed6dffde4a1d6e3044c4bd8df4ca60065ae1ea
The current loop here uses the ansible_host value of the ZK servers,
which we have set to the IPv4 address in the inventory.
nb03 is constantly dropping out of ZK; for the record the logs record:
2021-04-21 05:56:15,151 WARNING kazoo.client: Connection dropped: socket connection error: Connection reset by peer
2021-04-21 05:56:15,151 WARNING kazoo.client: Transition to CONNECTING
2021-04-21 05:56:15,151 INFO kazoo.client: Zookeeper connection lost
2021-04-21 05:56:15,152 INFO kazoo.client: Connecting to 23.253.90.246(23.253.90.246):2281, use_ssl: True
2021-04-21 05:56:15,176 INFO kazoo.client: Zookeeper connection established, state: CONNECTED
and this happens every few minutes. This cloud does IPv4 behind a NAT
and it seems very likely this is related.
So the primary motivation here is to see if using IPv6 clears this up,
giving us some datapoints. However I think that our other nodepool
hosts should all be fine to use ZK over IPv6. However, I think in the
gate we may have cases where hosts don't have IPv6 addresses, so this
looks for the v6 address and if not found, falls back to the current
ansible_host behaviour.
Change-Id: Ifde86ddd632662f36bcbe2a0dc99660f06b01ac3
We will be rotating zk01-03.openstack.org out and replacing them with
zk04-06.opendev.org. This is the first change in that process which puts
zk04 into the rotation. This should only be landed when operators are
ready to manually stop zookeeper on zk03 (which is being replaced by
zk04 in this change).
Change-Id: Iea69130f6b3b2c8e54e3938c60e4a3295601c46f
Add a variable to configure upload-workers for nodepool-builder
daemons.
Reduce our defaults for nb03 to see if we can get more reliable
uploads.
Change-Id: I819bdd262c7118cbde4e6ffdc12aa3ac64569a96
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
Change-Id: I7ebd54f566f8d6f940a921b38139b54a9c4569d8
This handles planet.openstack.org and redirects it to the
opendev.org/openstack/planet-openstack repo, where we will put a
README and the OPML file of the last state as we deprecate this
service.
Change-Id: If141aca5efbdbe60c91ceefaa4e05c98cd0ba5bb
This matches the proposal in https://review.opendev.org/785972
It's safe to merge now (secret storage on bridge is updated) and get
ahead of the curve. It's harmless to add unused items.
Change-Id: I942ef5f95f9f1afe39b7d9a044276bfb338d6760
When we added Apache as a filtering proxy on our Gitea backends in
order to more easily mitigate resource starvation, we did not set
any tuning to tell it when to recycle worker processes. As a result,
backends may continue serving requests with workers which pre-date
certificate rotation. This problem has also become more broadly
prevalent throughout our services with the introduction of Let's
Encrypt's 3-month certificate expirations as compared to our
previous 2-year certificates.
Add the same MaxConnectionsPerChild tuning to our Gitea backend
proxies as we use for our static sites and mirror servers.
Change-Id: I77d89385178a30f7dc5d04bedd0ab3772865c09f
The sync to our new ORD replica has completed and we're back to the
typical vos release cadence for this volume again.
This reverts commit 542c898021af20f4ad48fa04b78b65c8f6fff0b6.
Change-Id: I4bb2ddcc46c6c56c7124acc52dce6a60da1662b2
We're in progress replicating the AFS volume for tarballs to a
remote location for added redundancy, but this is blocking updates
of all the read-only replicas until it completes and we're unsure
how long that will take. In the meantime, serve content from the
writeable path instead of the read-only replica path so we're not
stuck with outdated content on the site.
Change-Id: I6e0333bdb9717a724fd29adffc3df6e6c5da1558
Starting in bullseye, Debian's security suite will add -security to
dist codenames, meaning we have stretch, buster, and
bullseye-security entries. Looks inconsistent, but is actually
correct.
Change-Id: I34806145f099868c2cdd95893b69cb1f4915f56f
Call `reprepro export` to always recreate indices, even for empty
dists. This is sort of a shotgun approach, local testing on the
server indicates it increases total time of a noop update by ~5.5
minutes for the "debian" repo, which is by far the worst case of
anything we mirror.
If this proves problematic, we can engineer a more targeted solution
to check for empty dists and only export those.
Change-Id: I7e39e427e1941f055fae0408e4c1f2a2f2b35547
The OpenEdge cloud has been offline for five months, initially
disabled in I4e46c782a63279d9c18ff4ba2944c15b3027114b, so go ahead
and clean up lingering references. If it is restored later, this can
be reverted fairly easily.
Depends-On: https://review.opendev.org/783989
Depends-On: https://review.opendev.org/783990
Change-Id: I544895003344bc8202363993b52f978e1c07d061
This doesn't install of Focal; moving forward we'll either use H2 or a
container database. Just remove this package for now.
Change-Id: I69cdcdddc1ba0e0cf4ef5f8ba705bcd3a2afa689
This was missed during recent updates; this UserList needs to be on
all servers to allow bos, vos and backup commands.
Update the documentation to reflect the centralised copy.
Change-Id: I8ada3d5035bb7ef77b19ce6aaffb48335974a124
review02.opendev.org is a much larger replacement server for review01
provided by Vexxhost. It is up and running, with gerrit2 volume
attached and DNS entries.
This adds it to the staging group with no replication and a local h2
database configured for initial bringup. There's quite a bit to
consider for full migration, but this will let us start experimenting.
Change-Id: I3638a5c0c7028dcc800ada42431b75395cff0c42
This moves the haproxy containers to syslog with tags that will get
each container's output filtered into /var/log/containers.
Change-Id: I65294baec3c092ede5ee97856d8d879174b0d8d4
The dstat-logger service puts a lot of info into the syslog/journal.
The --output command to write CSV files doesn't appear to suppress the
console output, and I can't see a flag to make it do that. So
redirect the stdout to /dev/null.
Change-Id: Ib99f8199ebc3c9d89c2b3aa92dff5ff298d03e45
With our increased ability to test in the gate, there's not much use
for review-dev any more. Remove references.
Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
Now that the update-bug script no longer tries to update bug
assignments, it's possible to run it on patchset-created events
again. Go back to doing that until someone has time to build a
suitable replacement for it.
This partially reverts commit
1ccf5e68e51815479381a941fd9cf4f469498c6d.
Change-Id: Idf589eb818d208d65d1f1430ddec962b015165c0
Depends-On: https://review.opendev.org/782538
