The sync to our new ORD replica has completed and we're back to the
typical vos release cadence for this volume again.
This reverts commit 542c898021af20f4ad48fa04b78b65c8f6fff0b6.
Change-Id: I4bb2ddcc46c6c56c7124acc52dce6a60da1662b2
We're in progress replicating the AFS volume for tarballs to a
remote location for added redundancy, but this is blocking updates
of all the read-only replicas until it completes and we're unsure
how long that will take. In the meantime, serve content from the
writeable path instead of the read-only replica path so we're not
stuck with outdated content on the site.
Change-Id: I6e0333bdb9717a724fd29adffc3df6e6c5da1558
This reverts commit b0d5658b2c88a98d164af150774d4ac2707a1a9f.
Don't merge until static site read-only replicas are updating
regularly again.
Change-Id: I84afc1a2a8e86e16d478d6b0bb306d178b6e7e53
We're severely backlogged on AFS volume replication, and may be
looking at a week or more before we're caught back up. In the
meantime, serve content from the writeable path instead of the
read-only replica path so we're not stuck with outdated content on
our static sites.
Change-Id: If0c772d72af20aa1210ea3fae7e960fad4689678
A copy of the filter used for our Gitea farm, this same activity has
been showing up on our tarballs.opendev.org site as well which is
consuming available connection slots for all vhosts on the static
server.
This is implemented as a macro so that it can be included into
additional vhosts, and put into a separate role so that it can be
added to all playbooks which need it. A subsequent change will add
it to the Gitea servers, eliminating the redundant copy there.
Change-Id: Ic2020b753076209f7708f76744fdf746bf933bd9
We don't need to keep using the old Apache 2.2 Satisfy ACL primitive
because we are now running Apache 2.4 everywhere. Stick to Require
as it simplifies understanding of ACLs by being consistent.
Change-Id: Ib2f7ea1909b9798279efc77a42b632e7129bd1d0
We found a couple of projects that were initially moved under "x/" but
then moved back under "openstack/" later. The original scripts didn't
take this into account (I5bf2ddf09b3df71a3428a8a0c535b131ecbc0bca has
been updated to note this).
The affected projects have been moved back manually on AFS, and this
corrects the website redirects.
Change-Id: I59ba05923ec5aa1ca8fed337b6384064b3038836
When moving unofficial repositories out of the openstack git
namespace, compute-hyperv was included because it was not under the
governance of any official team or SIG. Later the OpenStack
Winstackers team adopted it and we moved it back into the openstack
git namespace.
More recently, when moving and redirecting tarballs site
content/URLs based on the original git namespace moves, we failed to
take into account that this project had moved back into the
openstack git namespace. Undo the redirect, and then the old
tarballs will be moved manually to match.
Change-Id: I208d3196ac38ccfbad6269a75848339c95e08c2b
This matches the file, which got lost in my original script because I
didn't quote a $. Also add some quotes for better grouping.
Change-Id: I335e89616f093bdd2f0599b1ea1125ec642515ba
When we moved projects out of openstack/ into opendev/ we didn't also
move their tarballs.
This redirects affected old directories to their new per-tenant home.
See I5bf2ddf09b3df71a3428a8a0c535b131ecbc0bca for info on how this
list was generated.
Change-Id: Ib545a772ecfce475c1007f04c5b5145d375dae23
We've noticed that our static sites will semi-regularly have
problems due to stale SSL certs served by Apache workers which
predate the latest certificate replacement and haven't terminated
(graceful restart only ends the running workers once they have no
remaining connections). Limit the impact of this by recycling
workers automatically after a reasonable (large) number of
connections.
This implementation is shamelessly stolen from that used in
Ic377f48d1a5a3eecbcb183327c9255134c4364ab for our mirror sites.
Change-Id: I2e5c0bdf012184ebbfccb086b967008bf12582ab
Co-Authored-By: Clark Boylan <clark.boylan@gmail.com>
The Airship project is continuously publishing documentation to AFS,
so serve that volume with a corresponding vhost on the static01
server. Also add it to the list of volumes for periodic vos release.
Change-Id: I718963533d9e8596d44d451b5e930314d699fa28
Depends-On: https://review.opendev.org/706599
After the big OpenDev rename, these repos got renamed again. Update the
redirects for git.airshipit.org and git.starlingx.io to point to the
current location.
Update test_static.py for this, change the test repo since
airship-in-a-bottle was first renamed to in-a-bottle and later to
airship-in-a-bottle.
Change-Id: I71b786cd528aac9ae68464618db02e22cd4c0b5b
zuul and nodepool now life in opendev, avoid double redirects and
redirect directly to final location.
Change-Id: Ia55d76b24f07ec64cb55055955c4549f3706a95b
This adds a simple periodic job that runs against static.opendev.org and
produces opendev reports. To start we don't publish these reports
publicly so that we can double check their contents first. Assuming that
all goes well we'll be able to apply this to all of our
static.opendev.org hosted sites and publish these reports through the
zuul logging system.
Change-Id: I66705808d435c16bf0da6989296c896099964aaa
Story: 2007387
This site was never used nor published, it can be killed according to QA
PTL.
codesearch returns no matches for it in any docs.
Keep the occurence in manifests/static.pp, this will get deleted
as part of https://review.opendev.org/710388.
Change-Id: I3c0d3b567a3eccb959dc903f169197e4581f1e13
The content for many projects has moved but the legacy redirects were
not updated, update to current location.
Change-Id: I7030ad35378085b0c45429c272dc24f00d33b2d2
This is a slight divergence from the accepted spec, where we were
going to implement these redirects via a new haproxy instance
(I961456d44a56f2334d3c94ef27e408f27409cd65). We've decided it's
easier to keep them on static.opendev.org
The following sites are configured to redirect to whatever they are
redirecting to now on static.opendev.org:
* devstack.org
* www.devstack.org
* ci.openstack.org
* cinder.openstack.org
* glance.openstack.org
* horizon.openstack.org
* keystone.openstack.org
* nova.openstack.org
* qa.openstack.org
* summit.openstack.org
* swift.openstack.org
As a bonus, they all get a https instance too, which they didn't have
before.
testinfra coverage should be total for this change. I have created
the _acme-challange CNAME records for all the above.
Story: #2006598
Task: #38881
Change-Id: I3f1fc108e7bb1c9500ad4d1a51df13bb4ae00cb9
When converting this from a htaccess file to run in the virtualhost
context, one instance of '^cgit' -> '^/cgit' was missed. Fix it, and
add a coverage test for it to testinfra.
Change-Id: Icc1dae6dce232e69c5cd1cf98b594f562c60d3f2
This creates the redirect sites
git.airshipit.org
git.openstack.org
git.starlingx.io
git.zuul-ci.org
The htaccess rules are put into the main configuration file to avoid
having to create a directory and manage another file. We use a macro
to duplicate the rules and retain the old semantics of the http site
redirecting directly (as opposed to doing a extra 301 to
https://git.openstack.org first). This required adding "/" to the "^"
matches as it now runs in VirtualHost context; no functional change is
intended over the old sites.
This will require _acme-challenge CNAMEs to acme.opendev.org before
being merged.
testinfra is updated to exercise some redirects matching against the
results of the extant sites.
Change-Id: Iaa9d5dc2af3f5f8abc11c2312e4308b50f5fcd2b
files.openstack.org serves a view of /afs/openstack.org/, which is the
same as static.opendev.org. Add a serveralias for it and certificate.
Make static.openstack.org be consistent with opendev by showing the
same thing.
Change-Id: I4c492e3b02554a7c736c015790bd4cd5bb435a43
This moves the creation of a zuul user with the Zuul per-project key
for system-config to a separate role from the static role, so it can
be reused on other hosts.
Change-Id: Ice605b70a2c42d9b85090406216253fec0820f50
This is an alternative to Iccf24a72cf82592bae8c699f9f857aa54fc74f10
which removes the 404 scraping tool. It creates a zuul user and
enables login via the system-config per-project ssh key, and then runs
the 404 scraping script against it periodically.
Change-Id: I30467d791a7877b5469b173926216615eb57d035
The source pattern for the tarballs.openstack.org openstackid
redirect incorrectly included an openstack parent directory. Remove
it, an also make the regex more properly differentiate lack of a
trailing "/" character from a directory name containing openstackid
as a substring (not that there is one, but this serves as a safer
template for future additions).
Change-Id: I705d849d1c10cf91391181aeef72a9f4b495d520
The blanket redirect from tarballs.openstack.org to
tarballs.opendev.org/openstack is only relevant for projects
publishing from the openstack namespace, since our new publication
jobs put content into Git-namespace-specific trees. Start a game of
Whack-a-Mole with the (hopefully few) projects in this situation.
Change-Id: I5d54532ef512df449d62299391d853d30862b7f2
This creates sites to serve
developer.openstack.org
docs.openstack.org
docs.opendev.org
docs.starlingx.io
which are all just static directories underneath /afs/openstack.org/.
This is currently done by files02.openstack.org, but will be better
served in the future by consolidating in ansible configuration on
static.opendev.org.
The following dns entries need to be made before merging to ensure the
certificates are provisioned
_acme-challenge.developer.openstack.org
_acme-challenge.docs.openstack.org
_acme-challenge.docs.opendev.org
_acme-challenge.docs.starlingx.io
Once done, we can merge and then cut-over the main DNS entries as we
like.
Since there are some follow-ons, I have not removed the puppet
configuration from files02.openstack.org. I think it's best we
migrate everything away from that and remove it in one lot.
Change-Id: I459a36f823a8868e6cc09e2b0d85f2fe05d69002
This adds the site to publish from
/afs/openstack.org/project/releases.openstack.org
Change-Id: Ia91deb9a51441ac9974137ed39fc5a185689a11c
Task: #37724
Story: #2006598
If you currently hit https://static.opendev.org you get redirected to
the default site, which is just the first site in alphabetical order,
which happens to be governance.openstack.org.
Add a 00-static.opendev.org.conf file so this is the default site. It
will just serve up the top-level afs directory.
Change-Id: Icdcee962b76545c12e84d4cadb0b60a68cabe38b
The goal is to have ideas located in governance.openstack.org/ideas.
This should do the trick.
Depends-On: https://review.opendev.org/#/c/706319/
Change-Id: I4f4ff5ade85b726048bf8e1df56052e45b5fef56
Add these hosts to static.opendev.org, serving from AFS. Note that
tarballs.openstack.org just redirects to static.opendev.org/openstack.
This should have no effect currently, it will only become live when we
switch DNS.
For more details see the thread at:
http://lists.openstack.org/pipermail/openstack-infra/2020-January/006584.html
Change-Id: Ie56fac17ffaa91ee55be986de636485a58125a02
