This created confusion when updating configs to handle journald. Remove
the unused files and update docs to point at the proper config location.
Change-Id: Ifd8d8868b124b72a86cf7b5acb30480e72b903ed
This change will convert kdc03 to a master from a hot standby and will
remove kdc01 from management.
Cutover plan:
Disable kdc01 in ansible emergeny file
Stop run-kprop cron on kdc01
Stop kadmind on kdc01
Execute run-kprop.sh on kdc01
Merge this change
Wait for puppet to convert kdc03 to the master
Confirm that run-kprop works from kdc03 to kdc04
Update dns records as documented in our kerberos docs
Test kadmin works
Delete old kdc01 server
Change-Id: Ib14b11fa1f0a6bc11b0f615ce5b6f6be214b5629
This new Xenial server is being added as a kerberos standby node but
will be used to replace kdc01 as the master once fully configured and
happy as a standby. This replaces the old trusty server.
Note that the server wasn't added to opendev.org as we don't have a
kerberos realm for that domain so that would be a separate activity for
the future.
Change-Id: I4cc5fcd7504c98a7bcd9dc4f2ad57bb5bf8b54bd
Update the docs, test flags, cacti entries, and inventory for our new
pbx server. We have replaced the old Trusty node with a Xenial node.
Change-Id: Ifb1e156afbcb38474cbc9f0bc78ae45fdd74444b
This change describes the shared github administrator account.
This is inspired by I0c61f192a6b5164af7babde5c99e5ee2b77a652c. As
described there, this allows for admins to have private accounts in
the organisation, but requires that 2FA be turned on. If people wish
to keep this as a single account which they do "real" work with
(commits, etc) that is probably OK, but add a note that you'll end up
with a lot of mostly irrelevant stuff in your feeds.
Change-Id: Ic408250571133796b4b4639715fe8d01f91898f2
There are a bunch of places where the narrative text say things like
"jenkins runs jobs". This hasn't been true for a while and it's getting
less true.
Left third-party and running-your-own alone because those are
instructions for other people to do things - and we are not yet at the
point where we are suggesting anyone do their things like we do our
things.
The devstack-gate document describes an old deprecated system, but the
system is still in use (sadly) so it was mostly left intact. A warning
was added so that people would be clear that it was deprecated.
Also removed the logstash client config file. It's the only change in
here that actually affects running code and became unnecessary when it
was switched to geard with Ie3f814e6d3278d87f2a20a72e40b6b92217684fc
Change-Id: Iaf2128c3f953976180c71cb599fcbff7bc06c28a
Bandersnatch mirroring has been disabled since
I88a838cb28fee3bd16b2b0a26e614ac5c2f23241 which is currently almost 6
months ago. Since then we have been running a reverse caching proxy.
Although bandersnatch served us well, it seems pypi has become
impractical to mirror locally. This is partially due to 2TB volume
limitations of OpenAFS and partially due to us not having a sane way
to filter large, frequently updating packages. With the reverse proxy
working there are no plans to restore our local mirror.
Retire the references to it before we clean up the AFS volumes.
Change-Id: Ia23828328dd859bbf26f95735c1c2e99c573d10e
We've only been using nodepool.o.o as a zookeeper server for the past
year or so. Last week we transitioned to a three node zookeeper cluster
and stopped using nodepool.o.o. This server has since been deleted.
This is the last bit of cleanup to remove it from config management.
Change-Id: I9d0363393ed20ee59f40b210ea14fb105a492e20
Add some details about how we integrate a new cloud into the
ecosystem. I feel like this is an appropriate level of detail given
we're dealing with clueful admins who just need a rough guide on what
to do and can fill in the gaps.
Fix up the formatting a bit while we're here.
Change-Id: Iba3440e67ab798d5018b9dffb835601bb5c0c6c7
Add info on how to kinit and aklog if not using Debuntu deb.conf to set
the correct realm and cell settings.
Change-Id: I80a698649f03863b73399873cf190fda4fa41776
This will allow us to create new nameservers in the opendev.org
domain. We will replace the existing servers once these are
bootstrapped.
Some lines are commented pending server creation.
Change-Id: If71e3f87a9d7a83d80cff053874c84411b248515
This ate a good chunk of my day before a more AFS-savvy colleague
pointed out that a mountpoint within a volume is just a special kind
of file record and so needed the parent volume released before it
would appear in the read-only path.
Change-Id: Ic3d717d70c8bf2548447550472a52849dd85ffd3
Much of this document was stale since putting Zuul v3 into
production. Attempt to bring it up to our current state.
Change-Id: I1b9d665cbf5ca88917d6e0361a6b16026b2ad6c6
Now that we've retired the old puppetmaster server and moved the
master keychain to the new bridge server we're faced with a much
newer release of GnuPG. This change updates various commands to
their modern option equivalents and attempts to adjust the sample
output to more closely resemble what administrators will see when
following the process.
Change-Id: Ic5eaa646786c2b7fa9ade9e42026f9ea5be40c56
We do not use pypi-mirror anymore, there's also no usage of pypimirror
in jeepyb. Remove the now obsolete module.
Related change: https://review.openstack.org/597370/
Change-Id: I13423bf55eac57da18449852e2102c9633d595bb
Fix indents of some pages, the wrong indent let to gray bars besides
them.
Also, fix a typo and add some markup.
Change-Id: I6e7126ef7b782b376efcc7c6d69c6de9a504ddb5
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.
Update the linters jobs to look for roles in the top level
Update the Role documentation to explain what the split in roles is
about.
Change-Id: I6b49d2a4b120141b3c99f5f1e28c410da12d9dc3
Since we're building out roles in system-config now, generate
documentation. We look in roles/* and playbook/roles/* (follow-on
changes will split things up between the two).
Correct the reference names in the exim documentation to avoid
warnings and failure.
This also revealed a single unicode character in the exim readme
(which caused prior versions of zuul-sphinx to barf). For fun, see if
you can find it!
Depends-On: https://review.openstack.org/#/c/579474/
Change-Id: I243a96bbd6d09560f8aa80b6345b90039422547a
We don't run a cloud anymore and don't use these. With the cfg
management update effort, it's unlikely we'd use them in the form they
are in even if we did get more hardware and decide to run a cloud again.
Remove them for clarity.
Change-Id: I88f58fc7f2768ad60c5387eb775a340cac2c822a
We have a bunch of this handled now in ansible, so remove the old stuff.
Remove puppetmaster group management files. It's confusing for there to
be two files. Remove the old one.
Remove mqtt config. This isn't really a thing currently, and we're
eyeing running things from zuul anyway, so no need to port to ansible.
Change-Id: I8b64d21eadcc4a08bd5e5440fc5f756ae5bcd46b
The production directory is a relic from the puppet environment concept,
which we do not use. Remove it.
The puppet apply tests run puppet locally, where the production
environment is still needed, so don't update the paths in the
tools/prep-apply.sh.
Depends-On: https://review.openstack.org/592946
Change-Id: I82572cc616e3c994eab38b0de8c3c72cb5ec5413
