In order to support ansible copying split-out hiera files from the
master to the nodes, we need to support group files in addition to just
fqdn and common files.
Change-Id: I0732cc8521bc5f6588f5de286f874a69ef45ab14
Add ask.openstack.org to openstack-infra. Setup an all-in-one
askbot site based on existing deployment, including apache,
redis,apache solr,postgresql. See askbot.rst for further
details. Refactored to depend on vamsee's puppet solr module.
Depends-On: Iffe07d3a34087cb15151787bc683208425a27594
Change-Id: I36504eac7b953c3cce3e21a3559ac95b1bc12da7
So that we can include slices of zuul status data via Javascript at
https://review.openstack.org/ we also need it to be served via HTTPS
to match or else browsers will balk at it. Note that this does not
stop serving via HTTP or redirect it in any way, it is merely a
secondary means of obtaining the same data.
Change-Id: I1a11c990ea83e00550a0564ac1cf9d5d883db97d
Depends-On: I9799f39bf170f660bcbc17719937e1e87b68ac4a
Moved $hostname and $cors_allowed_origins into the top
level module, so that they may be set on a per-host basis.
Change-Id: I9859c903d0075493d230e433d68e0471f019140a
StoryBoard now only permits a finite list of authorized oauth clients,
which are based on the domain host. This adds the necessary configuration
elements to the OpenStack StoryBoard manifest.
Change-Id: Ia7d34e9b80399ffa9e4229d6cc7035061c41dffc
Depends-on: I29495a0b640c3ca097cca8c17349df5cc42388de
Update the time from the default 2hrs to 4hrs. Some jobs now take
longer than 2 hours to run and this also allows time for testing
when a node is in hold.
Depends-On: I73758f04ed8dfb0e5227eac55505c9bc01c540df
Change-Id: I9e76ccdd9735e6042744f237ceb9af9b9d570f76
People are starting to move from precise to trusty, and the module
is supposed to support both now.
Change-Id: I9bf92d799a1460b61e8abb853a79707dd502ee52
Depends-On: I70d814a5eaefea5a3fb6a47bc215f4ab64be884f
The zuul.o.o layout.yaml is set to trigger on comments from the
'jenkins' user. Changing the gerrit user to match the one used
by zuul.o.o to llow us to maintain a similar layout.yaml for
zuul-dev.o.o
Change-Id: Idc5b668a9e8187f7127bcf1bebdacf99d38a57e7
Gerrit 2.9 has some newer dependencies we need from Ubuntu Trusty,
so in preparation for the upgrade go ahead and begin testing our
puppet manifest with that transition in mind.
Change-Id: I1a31e2e5d432df4ca08673238f7b8fceefb19201
The zuul user on zuul-dev.o.o could not connect to review-dev.o.o because the
/home/zuul/.ssh/known_hosts file did not get created. This causes zuul-merger
to fail because it needs that to clone repos from review-dev.o.o. This change
passes the gerrit public key from review-dev.o.o so that puppet can create the
known_hosts file.
Change-Id: Iae5d63cc7fd01dc68e4eef96a29bccda6f047eb3
The review-dev.openstack.org server is now running on Ubuntu Trusty,
so test its manifest accordingly.
Change-Id: I1267a99ca997fd393f5950709cce9c0207281516
Depends-On: Iac6ab2c731175d62c2bfc58a52adafc61e25963a
The nodepool.openstack.org server is now running on Ubuntu Trusty,
so test its manifest accordingly.
Change-Id: I08784812c28838233bcbc0ed6a80e8aa81b1568b
Now that paste.openstack.org is using a local MySQL database,
unnecessary parameters are removed from the manifests. This should
only be approved after the maintenance to start using the local
database has concluded.
Change-Id: Icc63a6a08e3ee36fbc6fde207542b9e3647fb4cf
Due to performance problems with the current Trove backend, add a
MySQL database locally on paste.openstack.org for later use.
Change-Id: Idc04a95ba157e4d3722c3ea8a703e52c5793976c
Our old nodepool host is going away and nodepool-dev is taking its spot.
Remove nodepool-dev from the firewall rules for the various nodes
nodepool talks too.
Note that this should only be merged after nodepool.openstack.org has
DNS records that point at the new trusty host and the old
nodepool-dev.o.o DNS records have been completely removed.
Change-Id: Ieb13b7dfed0ab44b72615f38eb28bb046222ff6a
Mysql-proxy turns out too unreliable and unstable for use in
production. The packaged version on Ubuntu suffers from a critical DOS
by using telnet. This patch switches from mysql-proxy to simpleproxy,
which is just a tcp proxy to forward incoming port 3306 connections to
the subunit2sql db.
Change-Id: Iffea64aea46cc34969bbaa970e5d91bd0cc05232
Enable the SSL connection for groups.openstack.org, required
by oauth2 authentication of openstackid.org.
New hiera variables:
- groups_site_ssl_cert_file_contents: x509 certificate of the vhost
in pem format.
- groups_site_ssl_key_file_contents: key of x509 cert in pem format.
- groups_site_ssl_chain_file_contents: parent certs of site certificate
Change-Id: Ia266e1ee057467e5149b84f8b5f8be98bf63180f
Implements: blueprint groups-oauth2-authentication
We are going to round robin multiple git.openstack.org frontends. Before
we build new nodes to do that we need to update the site.pp to properlly
configure new nodes with these names.
New name format will be git-frontendXX.openstack.org.
Change-Id: Id7f9405909c91e457270687592948456db3aa420
This commit adds a mysql_proxy module which will setup a read-only
proxy to a mysql db. This also configures a proxy to the subunit2sql
db to run on logstash.o.o to provide read only access to the data in
the database.
Change-Id: I478baca354354347fe50074a8e3b9f66ca890d55
This commit switches the subunit2sql_uri which get's passed into the
config file template to use decomposed values. The advantage of this
is that it enables using subsets of the information elsewhere.
Change-Id: I30b5117c12897fa3a1cb1e2579b4eec59ba57b2b
This will enable puppet forge release of puppet modules
using the release pipeline. See
https://review.openstack.org/134834
for the details.
Change-Id: I7c3004828df34672442d190bb60a8a342cacffd0
We have a new trusty nodepool server spun up that we are not quite ready
to make use of. To ease the transition and to allow testing of this new
server it has DNS records pointing to it with names of
nodepool-dev.openstack.org. Add this name to the firewall rules that
allow nodepool to talk with jenkins, zuul, and graphite.
With this in place we can test it without actually putting the new
server into service.
Change-Id: Ice9fd9ed7a85dad89c5d9dfcb2e2ed5fac2e3512
Extend the Drupal vhost template with ssl capability, and
groups-dev.openstack.org now accepts the following hiera variables for
ssl setup:
- groups_dev_site_ssl_cert_file_contents: x509 certificate of vhost in pem format
- groups_dev_site_ssl_key_file_contents: rsa key of x509 certificate in pem format
- groups_dev_site_ssl_chain_file_contents: trusted chain of parent certificates (optional)
This patch is required for proper openstackid/oauth2 backref communication.
Change-Id: Ia148d1db743fc80bcb675c9ca2906333ef62eff8
Implements: blueprint groups-oauth2-authentication
Previously the subunit2sql worker.pp was including the
logstash::indexer class, but this was really only done for the
/etc/logstash dir which is where the worker puts all it's files. This
commit corrects this by just ensuring the directory exists instead of
importing the other class which includes a lot of other unnecessary
things.
Change-Id: I3f00d1bb443ee0f1b2a8e9d393f46a7e9ebf148a
We have created a new channel for virtual sprints called
openstack-sprint. This patch adds logging.
Please merge after https://review.openstack.org/#/c/133256/
has merged (gives channel permissions to infra).
Change-Id: I284aff251b41e6d03494176c13001ef17812267e
