Upgrading across versions like 10.3 to 10.4 apparently takes some
care and shouldn't be done accidentally.
Change-Id: I42e6cbd780dca965d2e0e33ba594cdb5fab21d4b
We want to trigger ansible runs on bridge.o.o from zuul jobs. First
iteration of this tried to login as root but this is not allowed by our
ssh config. That config seems reasonable so we add a zuul user instead
which we can ssh in as then run things as root from zuul jobs. This
makes use of our existing user management system.
Change-Id: I257ebb6ffbade4eb645a08d3602a7024069e60b3
This will make sure that the latest relevant images are in the
local image storage, and therefore, will cause docker-compose up
to recreate containers when the images are updated.
Change-Id: Ic6f0bc8c8aea5b5c16501f4ab5d3095fb70c0ff7
Ansible task execution can be a bit slow - so the noop case where
we don't end up doing anything can still be costly. Instead, put
the when on the loop call, which will apply to each iteration of
the loop, not running the loop itself. This way we should only
include_tasks if we need to.
In order for the utility playbook to keep working, we also run all
of the iterations of the loop if gitea_always_update is true. This
will make a sync run take a long time but be comprehensive.
Change-Id: Ib60c736d46d8253e603de097eb80bc84b3366310
We normally only do project settings when we create the project.
Add a playbook we can use to do a manual sync from project-config.
Change-Id: I5260f2de697420a01d796acc3128be00705a53ee
This is 404ing. It's not strictly needed for the moment, let's
come back to it.
This reverts commit 266b2dd3fc4bcbe2416f77f34540705a6ba6cdde.
Change-Id: Id9ab3c233753025d7a01eb4664ecee6d102bbf19
If, for some reason, a repo gets created via gerrit replication
instead of via the api, the default branch setting can be incorrectly
inferred. While we're setting things, just set master to be the default
branch everywhere.
Change-Id: I388afe670221bd8ec28fbba71041ab460e66411b
This uses the form post approach also used in repo renaming. There
is no official REST API for this yet, so the form post values were
taken from what the web ui does.
We should submit a patch upstream to get an actual api call for this.
Run it idempotently, submitting the settings for every repo every time.
Change-Id: I9265837039df962e85f11d16419e043fb9a56ff8
We are currently attempting to create repos which already exist. This
fails.
The reason for this is we set the gitea_org_repos fact for each org
overriding the last org. This means only the last org processed has any
projects in this list. We then check against this list when creating
projects so that we only create projects if they aren't in the list.
Meaning any project for repos not in the last org attempts to get
recreated.
We can address this by keeping a global list of repos regardless of org
then checking against that.
An alternative solution would be to process projects for each org
separately. Or to have gitea give us the global list so we don't have to
build it ourselves.
Change-Id: Id9a480634918dad2160a4e040a41ce6226ae67d8
Switch to a heredoc for the gitea sql_statement so that we don't have to
figure out multiple levels of "" quoting.
Change-Id: I734640936a9d15d03026fc3b05b5fbc221957b94
Go ahead and actually clone project-config on bridge, because
we're going to read the projects.yaml file with a lookup. Because
it's a local action, not a remote action.
Change-Id: I77454bcb10b797ce5b48018caef7fecb31947b97
We need to make sure repos are created in gitea before gerrit so
that we can safely create to gerrit and have it replicate.
Change-Id: If3efc7ed0d7995f1ef6f52cd2eefb9260193e020
Story: 2004627
Task: 29703
This adds a script that will wrap emacs with gpg-agent when editing the
secrets file. This avoids issues with rogue gpg-agents running on the
system.
Change-Id: Ic3cc73b5c25eab2ede41d8ca05b5695b817973d9
When launching a new server we should make sure that all available
package updates are installed before we reboot the server. This way we
get available security updates applied to things like our kernel.
This change adds a new playbook that runs the unattended-upgrade command
on debuntu servers. Will need to add support for other platforms in a
followup change.
Change-Id: Idc88dc33afdd209c388452493e6a7f5731fa0974
This runs an haproxy which is strikingly similar to the one we
currently run for git.openstack.org, but it is run in a docker
container.
Change-Id: I647ae8c02eb2cd4f3db2b203d61a181f7eb632d2
When setting up hosts for testing in CI, configure the docker
mirrors before running the base playbook.
Change-Id: I172ae87156238fa6a07414c74e1ca17df1a30257
To allow Exim to perform outbound delivery for the production
StoryBoard service without choking on sender verification, add
storyboard.openstack.org to its local_domains list.
Change-Id: I2d380ead26319269819026acb2e1b175774a6c77
It's not necessary to install an empty config file, and doing so
will prevent us from using other roles to configure mirrors on
test hosts.
Change-Id: I3d7eb615f1e297fde2d693b5fc64bc6e691e2c22
The builders actually produce a range of interesting stats on the
images they build; allow them to actually send them.
Change-Id: If40df406d505a4d37a6fc72b44d0acb5c6d7e7dd
The current code runs k8s-on-openstack's ansible in an ansible
task. This makes debugging failures especially difficult.
Instead, move the prep task to update-system-config, which will
ensure the repo is cloned, and move the post task to its own
playbook. The cinder storage class k8s action can be removed from
this completely as it's handled in the rook playbook.
Then just run the k8s-on-openstack playbook as usual, but without
the cd first so that our normal ansible.cfg works.
Change-Id: I6015e58daa940914d46602a2cb64ecac5d59fa2e
