We have one global variable that is used in two places.
By removing it, we can more easily split site.pp into
per-service manifest files, and ultimately we should be
deriving this from groups['elasticsearch'] anyway.
Change-Id: I1d794b269847da85778f71e816359953af9b31e0
Migration plan:
* add zk* to emergency
* copy data files on each node to a safe place for DR backup
* make a json data backup: zk-shell localhost:2181 --run-once 'mirror / json://!tmp!zookeeper-backup.json/'
* manually run a modified playbook to set up the docker infra without starting containers
* rolling restart; for each node:
* stop zk
* split data and log files and move them to new locations
* remove zk packages
* start zk containers
* remove from emergency; land this change.
Change-Id: Ic06c9cf9604402aa8eb4bb79238021c14c5d9563
This should be mostly a no-op - but we will need to do a shutdown
in emergency mode.
Tell the gerrit role to not run compose up when run as part of
remote_puppet_git.
Change-Id: Id45376c2697656a12afeacf317b6f26c85c08dad
We previously had two manually issued certs (one each for opendev.org
and openstack.org) but now have a single cert with all the appropriate
names in it automatically issued by LE. Use this new cert before the old
one expires.
Change-Id: I635d2bfd820fe138ee951833dd66f157b2b7c097
Removed all variables related to Silverstripe
Dependency
Change-Id: Ib5e6834686c4952dd8e7220a31abe71a9278e397
Signed-off-by: smarcet <smarcet@gmail.com>
wiki, status, and single node ci should all run on xenial now. Switch
their testing to xenial from trusty.
Change-Id: I3a0c2faa47f2ec17809e3845c7226173188def63
The review-dev service playbook should do everything now that
the puppet did. Update how we're running things.
Change-Id: I70303c48328ea6713c24bf9c6f63d4808d30b95c
This provisions the cert but does not use it yet. We will do the
switchover once the cert is confirmed to be in place.
Depends-On: https://review.opendev.org/701819
Change-Id: I04fee48b9a79758527d8f9e8128c0fa915cd133e
We were setting the cert file contents to the paths rather than updating
the paths to point at the new LE certs. Fix this by setting the _file
vars which update the path.
This includes a partial revert of the previous change to not switch
git.zuul-ci.org over to LE as we haven't provisioned an LE cert for it
yet.
Change-Id: I41c2aa1d03afba4ebf6378e9abf8276154666df7
This switches the zuul-ci.org/zuulci.org vhost to use newly issued
letsencrypt certs. It also does the same for git.zuul-ci.org, which
is a different vhost. Since that vhost is tied into a configuration
which can't accept cert file paths (only content), adjust it to use
the newer "website" manifest pattern which can.
Change-Id: I0cd0407754466327147917390c578da336e61269
With the move to object storage, we no longer have predictable
hosting locations for draft builds of opendev/storyboard-webclient
changes. Switch the OAuth and CORS ACLs in the storyboard
configuration on storyboard-dev.openstack.org to allow webclient
builds hosted anywhere, as there should be nothing sensitive we need
to protect in that StoryBoard deployment.
While here, tighten up the same ACLs for production StoryBoard to
just allow its local webclient deployment, reducing the risk of
cross-site scripting attacks.
Depends-On: https://review.opendev.org/691034
Change-Id: Ie4f5eb49a864848cfa95a3e956e6dbfa122fbb1d
This is the base url that will be used for log reporting.
Depends-On: https://review.opendev.org/675655
Change-Id: Ia92a34e9ed506931e0d736ac034f60f4f7c381fc
This removes the groups servers from our inventory as well as our
manifests/modules. We don't run the groups service anymore as many
groups migrated to meetup.com independent of us and the others have
transitioned there.
Change-Id: I7cb76611e6d30e7189821923f36a38dec9ea7241
This reverts commit 0d370a285b09bd28c5b1cdfc6b89d2997f67da5d.
Fixed by https://github.com/containers/skopeo/pull/653 so safe to
merge this once a new build appears in the PPA.
Change-Id: I858eee79d084016b6b71eec46a6118d78f68cafa
Pin skopeo back to 0.1.36-1~dev~ubuntu16.04.2~ppa14 which is before
the code that changed the required capabilities, breaking the use of
skopeo from inside of bubblewrap.
Change-Id: Ibf3000d87772d02b7325315cfeed078716e0d7bf
There are many references to review.openstack.org, and while the
redirect should work, we can also go ahead and fix them.
Change-Id: I28f398796a6392a3dffea1d25cfe2ae3a36a3589
The server has been removed, remove it from inventory.
While we're here, s/graphite.openstack.org/graphite.opendev.org/'
... it's a CNAME redirect but we might as well clean up.
Change-Id: I36c951c85316cd65dde748b1e50ffa2e058c9a88
We have replaced the cgit farm with a gitea farm. Stop managing the cgit
farm. This removes testing for centos7 as these were our only centos7
nodes.
Depends-On: https://review.opendev.org/654549
Change-Id: Ia48ff10cb88d51f609e8b28de176c72f7a9ee24f
There's a bunch in here. This is mostly big-ticket things and test
fixes. Also, change the README to rst - because why is it markdown?
Depends-On: https://review.opendev.org/654005
Change-Id: I21e5017011e1111b4d7a9e4bf0ea6b10f5dd8c1b
This is part of the opendev git hosting transition. We do this on
review.opendev.org/review.openstack.org and not files.openstack.org so
that ssh connections continue to work. This will need to be applied
during the maintenance window.
This also updates the canonical urls and logo.
Change-Id: I5bf4dcd6835e379fcdd2d55393c5a844578074a9
Grafana has moved to a new package repo [1] and the apt-get update
step is failing on the current host.
The first version of puppet-grafana that has this update is 6.0.0;
this is two years later than the current version we're using so
... yeah. It does not work with puppet3, so only run apply test with
puppet4.
It looks like upstream has moved from camptocamp/archive to
voxpupuli/archive so the comment is no longer required.
[1] https://grafana.com/blog/2019/01/05/moving-to-packages.grafana.com/
Change-Id: Ibab0ed6799563ba0f9674ef1ea575c6ac5d60341
This enables the SSL site for graphite.opendev.org
Change-Id: Ifa9e4864a9b2bad4a9e94ad1312f9e1d05b8aef3
Depends-On: https://review.openstack.org/651686
We've been upgrading many of our nodes to xenial from trusty. Remove the
manifests/site.pp trusty test flags from nodes that don't run on trusty
any longer.
Change-Id: I2ee9754d8b30f120d375cb6ff554c107f4a750d5
We were previously creating zuul status backups for http and https
endpoints. We really only need them for the https endpoint. Additionally
backup our kata-containers tenant.
Depends-On: https://review.openstack.org/642896
Change-Id: I35a58b2faf3234aa0f3c04e5a682c8f9f9111898
Currently there are no plans to integrate the existing wiki services
into OpenDev, so for clarity we're limiting the inventory globbing
and global site manifest node regular expressions to the
openstack.org domain specifically.
Change-Id: Ifdc86f7cc5d6a865e1d5f76828ad8b52f2ee75fe
As part of the move to Gitea, we're creating compatibility redirects
from our old Cgit and Git HTTP backend sites to opendev.org. This
introduces Apache vhosts for each of git.airshipit.org,
git.openstack.org, git.starlingx.io and git.zuul-ci.org which all
serve the same docroot on the files.openstack.org server. This
docroot houses a single .htaccess file with the relevant redirect
rules.
Change-Id: I729fe39bcbe0a0cae237e9036ed8fa980f897e68
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Task: #29705
This is part of the work to upgrade our afs nodes to xenial. We will run
on puppet tests on xenial against the afs node defs.
Change-Id: Ifcfc2d33d600ad8630408c0080a3bde02df3167a
We have replaced health.openstack.org with health01.openstack.org
(CNAMEd to by health.openstack.org). Remove reference to the old server.
Note that this updates references to health01.openstack.org to use the
full openstack.org to make it clear that this is not an opendev service.
Change-Id: Ifa21dc4a82258974857da2a843f67c5234736c47
