jeepyb is installed in the gerrit image because of hook scripts.
To run manage-projects and track-upstream, make wrapper scripts
in /usr/local that runs the commands from in the container image
bind-mounting the appropriate dirs and files into the container.
Change-Id: I7ef1f00e69d4c310d69d83c80ca210e8f340878d
We set core size to 0 and number of files to twice the setting of
core.packedGitOpenFiles. Make gerrit_packed_git_open_files a role
variable so we can jinja the 2x transformation.
Change-Id: I05dbfe1f091e7014c47b0f1ba79f99b51d1a6c30
This is in anticipation of running manage-projects, which wants to
use the dev subdir of project-config when run on dev, but we're
currently not doing anything with that. Point at root or dev as
appropriate. Then we can do a similar thing - probably just
bind-mounting the root or the dev when we docker run for
manage-projects.
Change-Id: Ia13bbb0bf8dbe1f7e7c0f378ba9b41bef3ecd5c1
We install jeepyb and launchpadlib in gerrit-base. Those are
important. We also need to add cgi for gitweb.
The gerrit init command does two things that we don't actually
want it to do at runtime. It extracts the plugins into the
plugins dir, and it downloads the right database library.
We can extract the plugins for it during image creation, and
then we can also download the plugin it would have downloaded.
We can also download the mysql library for it:
https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-2.13/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config
Finally, we tell it to not download or expand anything during
init, because we're running in a container and next time we run
the process that dir isn't going to be there.
Our gerrit integration tests don't depend on our gerrit image builds.
Put in image depends between run-review and gerrit builds.
We also need to depend directly on opendev-buildset-registry.
Add java.security.egd setting to java invocation
This tells java to be secure.
https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for
Add support for setting heap limit properly
The gerrit init script does this based on the value in
container.javaOptions. We could, but then we'd have to
run an entrypoint script. Instead, set the value via
the JAVA_OPTIONS env var setting based on a value from
ansible.
Finally, make gerrit-master image build non-voting
It looks like there might be a real issue, but debugging that
is not important for us at this moment.
Depends-On: https://review.opendev.org/714216
Change-Id: I01e94c10f470fb3c8ddfce7b0e201357e5050679
The Airship project is continuously publishing documentation to AFS,
so serve that volume with a corresponding vhost on the static01
server. Also add it to the list of volumes for periodic vos release.
Change-Id: I718963533d9e8596d44d451b5e930314d699fa28
Depends-On: https://review.opendev.org/706599
We have a need to run ad-hoc commands with the various things
mounted, such as the gerrit init, as well as our friends like
manage-projects. Make a second "service" that doesn't do anything,
but allows us to run "docker-compose run".
Change-Id: Ic9bafe85b90af413c891b969273437be9df6a79f
We don't want to copy static and etc into the static and etc dirs
creating static/static and etc/etc.
It's possible this could also be done with trailing /'s?
Change-Id: I054158a677261743ed67107894e207f7b615ea7f
This should be mostly a no-op - but we will need to do a shutdown
in emergency mode.
Tell the gerrit role to not run compose up when run as part of
remote_puppet_git.
Change-Id: Id45376c2697656a12afeacf317b6f26c85c08dad
For our rollout, we need to be able to run this without actually
running the up.
Also, split out startup tasks so that we can run them from a
dedicated start playbook by themselves.
Change-Id: I08d994e496fbd8d5adbfa1ce344b0ae52f46535c
Gerrit replication plugin is good about retrying replication if its
connectivity to the remote fails. It however thinks everything is happy
if it can connect and push even when gitea-web isn't running.
Make the whole replication system happier by stopping gitea-ssh before
other services and starting it after other services. This way gerrit
should fail to replicate until gitea is ready for it to ssh in.
Change-Id: I3440d8dd8a01a3aaf5d18c9c2ca48e7ead63856f
We are starting over with the container nodepool host, and also moving
it to "nb04" to avoid any possibility of conflicting with the
short-hostname of nb01.openstack.org.
Story: #2007407
Task: #39064
Depends-On: https://review.opendev.org/713575
Depends-On: https://review.opendev.org/713571
Change-Id: I18ab9834ad4da201774e0abef56f618cd7839d36
After the big OpenDev rename, these repos got renamed again. Update the
redirects for git.airshipit.org and git.starlingx.io to point to the
current location.
Update test_static.py for this, change the test repo since
airship-in-a-bottle was first renamed to in-a-bottle and later to
airship-in-a-bottle.
Change-Id: I71b786cd528aac9ae68464618db02e22cd4c0b5b
zuul and nodepool now life in opendev, avoid double redirects and
redirect directly to final location.
Change-Id: Ia55d76b24f07ec64cb55055955c4549f3706a95b
We don't actually need version 3. Mark it as version 2 to keep it
inline with everything else. In general we should only increase
past v2 if we need a specific feature.
Change-Id: Ie243da369ddec30e0eca4805434d572e12c40491
Also - update the test job to use xenial nodes, since that's what
our gerrit servers are. docker-compose in xenial is too old for
version 3 file format - but we didn't get an error in the test
becuase we're running on bionic.
Change-Id: I855c3df241932098c95de84cf9f92383b335702f
There's this apt repo on the servers! It has nova-agent in it,
which we don't use - but there it is. Let's remove it, because
that's just really not what we do.
Change-Id: Id1fd4753a96829d3333ece3785246ad9bb141d54
Currently we deploy the openstacksdk config into ~nodepool/.config on
the container, and then map this directory back to /etc/openstack in
the docker-compose. The config-file still hard-codes the
limestone.pem file to ~nodepool/.config.
Switch the nodepool-builder_opendev group to install to
/etc/openstack, and update the nodepool config file template to use
the configured directory for the .pem path.
Also update the testing paths.
Story: #2007407
Task: #39015
Change-Id: I9ca77927046e2b2e3cee9a642d0bc566e3871515
Remove Fedora 29 from mirroring and purge the content.
The jobs were removed in preparation for
https://review.opendev.org/#/c/712032/ which removed the nodes from
nodepool. So, no job can use Fedora 29 anymore.
Fedora 28 is removed, no need to purge it again.
Change-Id: I59015a880f39b43b57a889b4254353f8c3a557ea
Patch set [1] does not provide updates directory for
Fedora 31 which is required to run CI jobs.
[1] https://review.opendev.org/#/c/712680/
Change-Id: I01b9b50660f3c7a3b4eb05cc8a8c0847f47dc7ee
We rolled out review-dev with podman and it worked fine for us. It
worked less fine for nodepool-builder, although we still might be
able to solve it. Maybe right now isn't the time to do this switch.
Gitea, gitea-lb and zuul-registry all use docker instead of podman.
The only thing running with podman right now is review-dev. We can
do a manual cleanup of podman there before runnign this to keep
things simple:
- stop gerrit service
- uninstall podman and podman-compose
- uninstall podman ppa config
- uninstall pip3
Then let ansible install docker and docker compose up.
Story: #2007407
Task: #39062
Change-Id: I9bf99b18559d49d11ba99a96f02a4a45a4f65a86
Start installing Let's Encrypt SSL certs on static01 for a new
docs.airshipit.org it will be hosting.
Change-Id: Ia5089515cd02d78267827840521cbee4f71ceb0b
This was missing but is part of the required runtime directories for
the container (for now, until we maybe move all this to volumes).
Change-Id: I9e173eb799026520588722caaf60a160abc6b130
Some jobs are using Fedora 29 release, which is deprecated.
Create new mirror with release 31 and wait for changing job
rules.
Change-Id: I418f4c815d337c2b1edd0df1aa065536d992cb62
