This doesn't install of Focal; moving forward we'll either use H2 or a
container database. Just remove this package for now.
Change-Id: I69cdcdddc1ba0e0cf4ef5f8ba705bcd3a2afa689
This was missed during recent updates; this UserList needs to be on
all servers to allow bos, vos and backup commands.
Update the documentation to reflect the centralised copy.
Change-Id: I8ada3d5035bb7ef77b19ce6aaffb48335974a124
This picks up a variety of bug fixes and ensures we're keeping up.
The diff of the template files we modify between gitea v1.13.1, v1.13.4,
and v1.13.6 is empty. The diff between our modifications at v1.13.4
looks about how I would expect (implying that v1.13.6 is also fine).
Reviews should double check though.
We also add in setup for the system-config repo on the test gitea as
this will give us something to look at for verification purposes.
Change-Id: Idb3568a9d287a2d46d568ab7d8d3a7108739d23e
review02.opendev.org is a much larger replacement server for review01
provided by Vexxhost. It is up and running, with gerrit2 volume
attached and DNS entries.
This adds it to the staging group with no replication and a local h2
database configured for initial bringup. There's quite a bit to
consider for full migration, but this will let us start experimenting.
Change-Id: I3638a5c0c7028dcc800ada42431b75395cff0c42
The dstat-logger service puts a lot of info into the syslog/journal.
The --output command to write CSV files doesn't appear to suppress the
console output, and I can't see a flag to make it do that. So
redirect the stdout to /dev/null.
Change-Id: Ib99f8199ebc3c9d89c2b3aa92dff5ff298d03e45
Create a review-staging group so we can bring up a new server but
avoid running the project-management steps on it.
Change-Id: I93d2a36edcd58a48a36031f0692be3273a36f07c
With our increased ability to test in the gate, there's not much use
for review-dev any more. Remove references.
Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
In today's weird corner-case issue; when running under cron,
SHELL=/bin/sh ... which doesn't really matter (this script is run
under #!/bin/bash) *except* that "sudo -s" is obeying SHELL and
consequently the in-line script here fails under cron, but not when
run interactively. Just set SHELL=/bin/bash for consistency.
Change-Id: Ic8584b90fea8382f7a7d294b98a0a3689bfc981b
We found a bug in master which will prevent us from merging a fix;
downgrade the scheduler to 4.1.0 to get that in.
Change-Id: Ie9ad75177ab58b34e20cafab496ba7af6f082551
When we cleaned up the puppet in
I6b6dfd0f8ef89a5362f64cfbc8016ba5b1a346b3 we renamed the group
s/refstack-docker/refstack/ but didn't move the variables and some
other references too.
Change-Id: Ib07d1e9ede628c43b4d5d94b64ec35c101e11be8
This reverts commit f64b935778074191337672c739978975ee4eda68.
There must be more required to make this work.
Change-Id: I21e1d45fabca10ee93e7c87449fc15f3fd691b8b
This switches desktop clients to using xmpp over websockets instead of
BOSH. The mobile clients continue to use BOSH. Apparently this provides
better performance and is the default expectation of the upstream docker
images. We had disabled it prior to get back to a working state when we
weren't setting this variable at all.
After looking at configs on the docker images I expect that enabling
this explicitly will work (the problem before was we neither enabled nor
disabled it and the images can't handle that case). If that isn't the
case we can always revert.
Change-Id: I59c9fe75a0860782beb8864ff3bd9622b35381c1
This removes an unused letsencrypt dir bind mount for jitsi-meet web
that was causing confusion (we run letsencrypt out of band and put the
certs in the correct dir so we don't need this specific bind mount).
We also remove the now unused config.js config file from the role.
We stop managing the default nginx config and instead rely on the
container provided template. To properly configure http redirects we
set the ENABLE_HTTP_REDIRECT flag in the env var file.
Finally we update the README file with a bit more info on how this all
works.
Change-Id: Iecb68c9855b5627d25f8bb586b0e6f366f1c80ab
We duplicate the KDC settings over all our kerberos clients. Add
clients to a "kerberos-client" group and set the variables in a group
file.
Change-Id: I25ed5f8c68065060205dfbb634c6558488003a38
This restores useRoomAsSharedDocumentName and openSharedDocumentOnJoin
config settings in our jitsi meet config.js. We had lost these settings
in the recent jitsi meet web container update. To restore them we
provide an alternative settings-config.js template to the container so
that when it generates its configs we get these vars included.
We stop managing the config.js file in /var/jitsi-meet/web to avoid
confusion with ansible replacing configs that may be used then.
Change-Id: I4d2bd77e03812695792cda2abb7f401288186f2c
This adds a program, zookeeper-statsd, which monitors zookeeper
metrics and reports them to statsd. It also adds a container to
run that program. And it runs the container on each of the
ZooKeeper quorum members. And it updates the graphite host to
allow statsd traffic from quorum members. And it updates the
4-letter-word whitelist to allow the mntr command (which is used
to gather metrics) to be issued.
Change-Id: I298f0b13a05cc615d8496edd4622438507fc5423
This starts conferences with participant video muted and it disabled p2p
connections for calls between two participants. We had these settings
before but the recent container image update undid them.
Change-Id: I4152ace083f79116758020fbbcbbb96e39eef9ed
The jitsi meet containers want to generate configuration from the
templates found in /defaults on the container to config files in the
bind mounted /config (/var/jitsi-meet/ on the host side). This means
that the configs ansible is writing to /var/jitsi-meet are complete
ignored and overwritten by the container using its templating system and
env vars.
This is causing us problems because we would like to use a different
etherpad prxoy config in nginx to ensure the Host header is set
properly. To make this happen we bind mount in our own template file so
that the container can template what we want rather than what is found
in the image.
Change-Id: Ifdde66a01bb7e632fc19ca0a512216584f1ea9f0
The PUBLIC_URL is quoted which results in quotes ending up in our config
breaking etherpad base url setting in config.js. We remove the quotes as
they are not necessary.
We also remove the /p/ suffix from ETHERPAD_URL_BASE as this causes the
proxying to send extra /p/s to etherpad which results in problems.
Note these fixes appear to be necessary but are not sufficient to have
working meetpad proxying of etherpad. We also need to fix the nginx
meet.conf proxy settings to send valid Host heads. A followup change
will attempt to address that.
Change-Id: I0f59339a33267468ad5481858507a43cefa0021d
We unforked our jitsi web container and discovered that etherpad doc
embedding was broken. In the process of debugging this the jitsi meet
services on meetpad were restart which pulled in newer configs which
expect ENABLE_XMPP_WEBSOCKET to be enabled by default. Unfortunately
this wasn't quite working for us. Explicitly disabling this seems to
make audio and video calling work again. But doc sharing isn't even
attempted now.
Let's get this fix in as audio and video are important then we'll keep
debugging the etherpad doc sharing problem.
https://github.com/jitsi/docker-jitsi-meet/issues/902 has details from
others that hit this problem.
Note that part of the issue here seems to be that nginx is using the
default configs in the container found at /default and not the configs
we bind mount at /config. This at least seems to be why the proxying for
etherpad documents is broken.
Change-Id: I03fa9d331e6825b3b953a3573c0dd43c7be478a4
This adds a role and related testing to manage our Kerberos KDC
servers, intended to replace the puppet modules currently performing
this task.
This role automates realm creation, initial setup, key material
distribution and replica host configuration. None of this is intended
to run on the production servers which are already setup with an
active database, and the role should be effectively idempotent in
production.
Note that this does not yet switch the production servers into the new
groups; this can be done in a separate step under controlled
conditions and with related upgrades of the host OS to Focal.
Change-Id: I60b40897486b29beafc76025790c501b5055313d
