1991 Commits

Author SHA1 Message Date
Wes Wilson
bdb6e7b8f8 Update ICLA to reference OpenInfra
Change-Id: Ifc9feaefcd64bb2e6ca060b5bd3aac5ed6345f9c
2021-10-07 13:17:12 -07:00
Jeremy Stanley
c80c6eeda9 Revert "Switch Fedora mirror to mirrors.mit.edu"
This reverts commit aa5623982fbecb4958ee90ab7ddc54d6d0d49747.

The MIT mirror seems to now be missing Fedora 34 indices, but the
one we were using before at UH looks just fine now.

Change-Id: I59649ea93cc1ce13715096dcd0b8f828ce6b6724
2021-09-30 03:09:50 +00:00
Clark Boylan
c9d6b4d248 Use fullchain.cer on graphite for nginx
Nginx doesn't seem to support explcit intermedate cert chains [0] and we
need to supply all of the certs together in a single file. Thankfully
acme.sh does this and calls it the fullchain.cer file. Use that in the
nginx config for graphite to fix issues with ssl verification to this
service.

[0] http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Change-Id: I318fb92a30c1593c2a2e4cb37496b16f17472f1d
2021-09-29 15:18:10 -07:00
Zuul
bb0f135b5b Merge "GC/pack gitea repos every other day" 2021-09-28 21:35:57 +00:00
Zuul
bcb437237a Merge "gerrit: host logo in static files" 2021-09-27 16:54:19 +00:00
Zuul
64d0939da2 Merge "gerrit: copy static files directly into container image" 2021-09-27 16:54:16 +00:00
Zuul
7e030a32df Merge "Use Apache to serve a local OpenDev logo on paste" 2021-09-21 23:28:04 +00:00
Jeremy Stanley
1a227489e2 Use Apache to serve a local OpenDev logo on paste
In order to avoid unnecessary browser requests to other sites,
install a copy of the OpenDev logo on the Lodgeit server and serve
it from there rather than pointing at one served from Gitea.

Change-Id: I4c3678a1de8ca4a41cd0c64aab71b2e0e25373af
2021-09-21 20:28:29 +00:00
Clark Boylan
522afa85cc GC/pack gitea repos every other day
Previously we were doing this weekly. Gerrit does this daily. "Split"
the difference and do gitea every other day.

We have noticed that replication to gitea can be slow at times. One idea
is that the less packed repos on the gitea side may make negotiating the
updates slower. Pack more often to see if this helps.

Change-Id: I8961007dce3e448bfdbf1c5f3e8dfc5ec8eb82fb
2021-09-21 08:32:15 -07:00
Zuul
fc75255ea9 Merge "gerrit: copy theme plugin from plugins/" 2021-09-21 15:13:09 +00:00
Zuul
02705bf73a Merge "lodgeit: use logo from system-config assets" 2021-09-21 14:28:18 +00:00
Zuul
57d2e67a5c Merge "Run daily backups of nodepool zk image data" 2021-09-20 17:34:28 +00:00
Ian Wienand
f19e41e893 gerrit: host logo in static files
Instead of using the opendev.org/... logo file, host a copy from
gerrit's static location and use that.  This isolates us from changes
to the way gitea serves its static assets.

Change-Id: I8ffb47e636a59e5ecc3919cc7a16d93de3eae08d
2021-09-17 12:35:12 +10:00
Ian Wienand
227839e8ad gerrit: copy static files directly into container image
Copy static files directly into the container image instead of
managing them dynamically with Ansible.

Change-Id: I0ebe40ad2a97e87b00137af7c93a3ffa84929a2e
2021-09-17 12:35:12 +10:00
Ian Wienand
e8c456926c lodgeit: use logo from system-config assets
This currently uses a file served from gitea's staic assets; to
isolate us from changes to gitea's file layout switch this to use the
canonical file directly from system-config/assets.

Change-Id: Ibf67040af2b0a18261621a120ee26c78020e3ace
2021-09-17 12:35:12 +10:00
Ian Wienand
791d09be46 gerrit: copy theme plugin from plugins/
This is a minor refactor to make a follow-on that copies static files
more logical.

Change-Id: Id31106a875926dd4eca31972b1fc52a1cd0b67bd
2021-09-17 12:35:12 +10:00
Clark Boylan
a1cf5b3f6f Run daily backups of nodepool zk image data
This does local backups of the nodepool zk image image data to
/var/log/nodepool on the nodepool-builders. These hosts don't get
offsite backups but we run mutliple redundant servers. This data isn't
critical as we can start from scratch, but may be useful if we don't
want to go through all that trouble.

Change-Id: I7d150df9c0d9566ef2d32167cea535e29822cfa2
2021-09-16 14:12:08 -07:00
Clark Boylan
f1bcb6a586 Set a gerrit replication timeout of 15 minutes
We are seeing that replication tasks occasionally sit around forever and
have had to take manual intervention. One theory is that this is related
to networking between the gerrit server and the gitea servers. We don't
set maxRetries which means replication should be retried infinitely
which means if we hit the timeout we should try again. 15 minutes was
sort of arbitrarily chosen as ~twice the time it takes to clone a large
repo like nova.

Change-Id: Iec2536ad149a2e625a1f0107b9fcee3079493607
2021-09-15 16:25:04 -07:00
Clark Boylan
6c115cf29e Add support for Ubuntu Focal to our mailman ansible
This switch testing of lists.openstack.org to Focal and we make a CGI
env var update to accomodate newer mailman.

Specifically newer mailman's CGI scripts filter env vars that it will
pass through. We were setting MAILMAN_SITE_DIR to vhost our mailman
installs with apache2, but that doesn't pass the filter and is removed.
HOST is passed through so we update our scripts, apache vhost configs,
exim, and init scripts to use the HOST env var instead.

Change-Id: I5c8c70c219669e37b7b75a61001a2b7f7bb0bb6c
2021-09-13 09:10:00 -07:00
Zuul
7a90a92ebb Merge "gitea: add some screenshots to testing" 2021-09-07 16:57:45 +00:00
Ian Wienand
1dde7628e8 gitea: add some screenshots to testing
Change-Id: Id13fdd8ffbca1b0cd19858419d68f012e33f3ba8
2021-09-07 08:59:46 +10:00
Zuul
300982c6c1 Merge "Accomodate zuul's new key management system" 2021-09-01 15:56:40 +00:00
Zuul
da558e10c3 Merge "Introduce iweb cloud configs" 2021-08-31 23:38:46 +00:00
Mathieu Gagné
d518f8c02c Introduce iweb cloud configs
INAP mtl01 region is now owned by iWeb. This updates the cloud launcher
to use the new name and instructs the mirror in this cloud to provision
ssl certs for the old inap and new iweb names as well as updating
clouds.yaml files.

Change-Id: I1256a2e24df1c79dea06716ae4dfbcfe119c13f8
2021-08-31 13:42:22 -07:00
Jeremy Stanley
2fbf6d9e7a Stop managing OpenStackID servers
The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.

OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.

Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
2021-08-31 19:53:13 +00:00
Jeremy Stanley
cefd919686 Update OpenSUSE mirror source
The rsync mirror we were relying on ended up incomplete on a recent
sync, causing all OpenSUSE 15 jobs to fail updating the package
lists. Switch to an alternative that seems to have all the same
things for which we used the previous one.

Change-Id: I661bdbfcbc766966793cd64d7f21201879d3dbaa
2021-08-25 20:10:59 +00:00
Zuul
74713e4d31 Merge "borg-backup: randomise time on a per-server basis" 2021-08-24 20:22:08 +00:00
Zuul
821c9a40f3 Merge "Preserve zuul executor SIGTERM behavior" 2021-08-23 23:34:32 +00:00
Clark Boylan
43e1dce889 Preserve zuul executor SIGTERM behavior
There is a change (the depends on) to modify how zuul executors handle
SIGTERM. Update our executor config to preserve the old behavior of
stopping the instance immediately rather than doing a graceful stop.

If we need to we can still request graceful stops directly using the
graceful stop command.

Depends-On: https://review.opendev.org/c/zuul/zuul/+/804464/
Change-Id: I76a2646a13a71d190be265354de18468bc93184c
2021-08-23 10:03:41 -07:00
Zuul
6d49588b59 Merge "Test a gerrit 3.2 -> 3.3 upgrade" 2021-08-23 17:01:55 +00:00
Tristan Cacqueray
6c1a40b180 Update gerritbot-matrix version to fix a message typo
This version fixed an issue introduced with the behalf of feature
where an extra space was added in "proposed :" where it should be
"proposed:".

Change-Id: I6c58622aa86a5234cc3e2dca957720be9f6549cd
2021-08-21 18:20:00 +00:00
Zuul
668aa77c9b Merge "Move #zuul from OFTC to Matrix" 2021-08-21 14:57:09 +00:00
Zuul
7f15b58ec5 Merge "Assume gitea reverse proxy" 2021-08-21 13:29:20 +00:00
Zuul
a320e11aeb Merge "Serve matrix well-known files from apache" 2021-08-21 07:12:25 +00:00
James E. Blair
ac1dd4eedd Assume gitea reverse proxy
We now depend on the reverse proxy not only for abuse mitigation but
also for serving .well-known files with specific CORS headers.  To
reduce complexity and avoid traps in the future, make it non-optional.

Change-Id: I54760cb0907483eee6dd9707bfda88b205fa0fed
2021-08-20 22:06:03 -07:00
James E. Blair
2a697f8ecd Serve matrix well-known files from apache
So that we can set the CORS header

Change-Id: I49eab2bda9a6b636a30384f7590c765079d31b20
2021-08-20 22:03:45 -07:00
Tristan Cacqueray
0839fbd223 Update gerritbot-matrix to the latest version for on behalf annotation
This change updates the gerrit-matrix image version.

Change-Id: I56979c11c8b6691d800a23506488e29dbfff9762
2021-08-20 21:57:11 +00:00
James E. Blair
cdbfe6b97e Move #zuul from OFTC to Matrix
Zuul is moving to an unbridged Matrix room.  Remove eavesdrop from
the OFTC room, and add the Matrix room to the two new Matrix bots.

Change-Id: I9bf34c1f67c6dac41c3761f8ccde4d7fa76bbf89
2021-08-20 14:44:44 -07:00
Tristan Cacqueray
690c8ec24e Add matrix term accept instruction
This change adds a missing step to accept matrix term required
to use the identity lookup service.

Change-Id: I4f6ad60d983bfc82342ee7d69659074c91296dc1
2021-08-20 18:06:15 +00:00
Zuul
883111ed08 Merge "Add gerritbot-matrix identity lookup configuration" 2021-08-20 17:43:49 +00:00
Zuul
8ad47150e7 Merge "Stop redirecting for the paste site" 2021-08-19 23:05:27 +00:00
Clark Boylan
aeddc1bf17 Test a gerrit 3.2 -> 3.3 upgrade
We create (a currently test only) playbook that upgrades zuul. This job
then runs through project creation and renaming and testinfra testing on
the upgraded gerrit version.

Future improvements should consider loading state on the old gerrit
install before we upgrade that can be asserted as well.

Change-Id: I364037232cf0e6f3fa150f4dbb736ef27d1be3f8
2021-08-19 13:19:05 -07:00
Jeremy Stanley
e2649a1aba Stop redirecting for the paste site
The pastebinit command-line tool hard-codes an allowed list of
pastebin URLs, one of which is "http://paste.openstack.org" so
redirecting to HTTPS and to other hostnames seems to break it.

It has a specific user-agent, so allow plain HTTP access for this
tool, but redirect others.

Change-Id: Ia7c983986e6e9c08299ded5282a83761448b35bb
2021-08-19 15:21:03 +10:00
Zuul
e4f806f110 Merge "Add additional post project rename reindexing" 2021-08-18 17:20:05 +00:00
Ian Wienand
10007aecde borg-backup: randomise time on a per-server basis
Currently this randomises the minute based on a seed generated from
the backup server name; i.e. all hosts going to a particular backup
server get the same minute.  Use the inventory_hostname of the host
actually being backed up as the seed; this will distribute the backups
over the hour as originally intended.

Change-Id: If25587492e057bed765c91ea759af43293775126
2021-08-18 05:24:57 +10:00
Zuul
805cc31912 Merge "Upgrade etherpad to 1.8.14" 2021-08-13 14:31:21 +00:00
Clark Boylan
5f51af5974 Upgrade etherpad to 1.8.14
This upgrades etherpad to 1.8.14 which will pull in a number of fixes as
well as dropped support for IE.

Change-Id: If9a85d3b606af700da1ab34f1a893d9c3b5f8416
2021-08-12 08:31:54 -07:00
Clark Boylan
630a4531db Add additional post project rename reindexing
If we update group names we should reindex the groups index and I think
that if we update project ACLs we should reindex the project index. Add
these reindexes to the post rename reindexing list. Both should be cheap
compared to the changes reindex.

Change-Id: I7f855c5ad52c072f77d109ae372d93f3fc49c784
2021-08-11 14:59:25 -07:00
Zuul
2927d6f59f Merge "Add more gerrit events for the gerritbot test room" 2021-08-10 23:32:40 +00:00
Zuul
92ead4baa1 Merge "Remove the mysql support from our gerrit role and image" 2021-08-10 23:32:37 +00:00