We've stopped relying on jeepyb's track-upstream feature, so stop
installing the entrypoint script and cease running its cronjob.
Depends-On: https://review.opendev.org/799123
Change-Id: I0d6edcc34f25e6bfe2bc41d328ac76618b59f62d
I tripped over this during recent afs fileserver reboots. Note it in the
docs so that we are aware of this in the future when doing maintenance.
Change-Id: Iac20fa6b9ec17f1eb69c50bc8f5736b34967fd83
Noticed this when doing some afs maintenance. We want the bos status of
fileservers when rebooting those servers not the status of the db
servers.
Change-Id: I30f6a2320487c302fda2ffe300daa1d91c7dec45
We're happy for teams to manage their individual IRC channel access
lists through our accessbot configuration if they want, so explain
the situations in which they might choose to add channel ops or
admins, and the differences between them.
Change-Id: I4ae4463fe5017176d2d93cbaac6820fe11350899
The openstack-security mailing list is officially closing, and wants
future attempts at posting to end up on openstack-discuss instead:
http://lists.openstack.org/pipermail/openstack-security/2021-June/006077.html
This was also the only remaining user of the notify-impact Gerrit
hook, so we can stop installing/running it.
Change-Id: Id60b781beb072366673b32326e32fd79637c1219
The IRC bot nick registration process had Freenode-specific examples
and references, so switch those to reflect we're now using OFTC.
Also the weechat command-line syntax was outdated and did not work
with newer versions of the client, so fix that.
Change-Id: I74b60e997b32cc51e8db6e5b7a76d6f281dfc211
The troubleshooting section of our IRC doc had examples specific to
Freenode, update those. Further, drop the bit about /etc/hosts on
eavesdrop, since OFTC offers an IPv4-only round-robin name we can
use directly in our meetbot configuration to work around the
TwistedPython+SSL+IPv6 DNS resolution bug without resorting to
hard-coding addresses on the server.
Change-Id: I7ac1542dcd0a4f088b8c475756338851994f5433
OFTC doesn't have a server-side remove command (I can't find
evidence that it even works on Freenode though I only bothered to
test on OFTC to confirm). Update this section of our IRC document
accordingly.
Change-Id: I6b7838327f0d4ea3ea8c3697fc784657bb2a64ff
Some syntax and available commands on OFTC differ from Freenode,
adjust them were necessary. In particular, setting the channel topic
through ChanServ isn't quite the same any longer.
Change-Id: Id24afc16f7f46476ef761132c9c9a7b491eda47f
In order to accommodate the different permissions model on OFTC,
some changes were made to accessbot and its data structures. Correct
our documentation to reflect that.
Change-Id: I7a2c4201507dff2640b1506b885126d458b063a4
There is no join forwarding in OFTC's network, so instead let's just
update channel topics and possibly set entry messages to let people
know when a channel has moved. In order to be considerate of the
network operators, remember to drop the old unused channel
registrations after a while.
Change-Id: Icbcc9b780ae3a2d1c19d2591158a9d36d0407582
We're moving to OFTC and this tries to capture the various types of
updates for bots and docs we'll need to do. I don't expect this to
be complete, but adds some good reminder for a few things we don't
want to miss.
Change-Id: I09f4c7aa1a2eb8cd167439d58ab4222f5e63a4b1
This cleans up ask-staging which hasn't been a thing in a log time.
We remove some puppet stubs for nodepool builders (they are all ansible
now).
We also cleanup the inventory file to remove corvustest, lists-dev,
pbx, mirror-update*.openstack.org (is opendev.org now), and sort the
LE list.
Change-Id: I8da025640e16bf6e8aca1eb6ec7799d26bd03f12
We have shifted over to using ansible for managing the listservs.
This also updates our service docs to point at the corret ansible and
not puppet.
Change-Id: I76f01ff1479c5af0a502a060aac2baa1ab622b21
Recent work has concluded adding OpenStack Release Manager
permissions explicitly to all openstack/ namespace projects with the
addition of inheritance from openstack/meta-config in their
individual ACLs. This made the earlier Release Manager permissions
in our global configuration redundant, so it's being removed. The
cleanup is done by hand due to how global configuration is managed
in Gerrit's All-Projects metaproject, but we're updating our
documentation to reflect it.
While here, clean up obsolete references to API-Projects inheritance
and stable/.* branch permissions which we've not applied for some
years now.
Change-Id: Ib9314f7a1deb3d343eb2d9b476064de41186f57a
GnuPG 2.3.0 (2021-04-07) switched the default key algorithm to
ed25519/cv25519. Even though we're not currently using such a new
release, this is a good signal that we should start doing the same
for our artifact signing keys. Thankfully our current GPG version on
bridge can create them using the --expert option, so document the
slight changes to the required commands and update the example
output to more closely match its new behavior.
While we're here, the version we're using also autogenerates
revocation certificates. Take advantage of that to slightly simplify
our key generation instructions.
Change-Id: Ibb1c5ae8c540713e1c39d0000497c6b8b89b67c8
The Limesurvey service hosted at survey.openstack.org was a beta
which saw limited use. The platform it runs on, Xenial, is now EOL
from Ubuntu/Canonical and in order to upgrade to a newer
distribution release we would need to rewrite all the configuration
management (the version of Puppet supported by newer Ubuntu is not
backward-compatible with what we've been running).
If a similar service becomes interesting to users of our
collaboratory in the future, it will need to be reintroduced with
freshly written configuration management anyway. The old configs and
documentation remain in our Git history should anyone wish to use
them as inspiration.
Change-Id: I59b419cf112d32f20084ab93eb6f2417a7f93fdb
We will be rotating zk01-03.openstack.org out and replacing them with
zk04-06.opendev.org. This is the first change in that process which puts
zk04 into the rotation. This should only be landed when operators are
ready to manually stop zookeeper on zk03 (which is being replaced by
zk04 in this change).
Change-Id: Iea69130f6b3b2c8e54e3938c60e4a3295601c46f
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
Change-Id: I7ebd54f566f8d6f940a921b38139b54a9c4569d8
This was missed during recent updates; this UserList needs to be on
all servers to allow bos, vos and backup commands.
Update the documentation to reflect the centralised copy.
Change-Id: I8ada3d5035bb7ef77b19ce6aaffb48335974a124
With our increased ability to test in the gate, there's not much use
for review-dev any more. Remove references.
Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
These have been replaced with new focal .opendev.org hosts. Note we
don't want to land this until we successfully transitioned from one set
of hosts to another.
Change-Id: I385a74c8a093f5baebb0d4858127c7595be191c0
This adds the new focal nodepool launchers replacements for nl02-04 to
our inventory. This will configure them with an idle configuration. We
then confirm they are happy running in an idle state then switch over
the config from the old to new servers.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/780982
Change-Id: Iea645925caaeee6f498aa690c4f2c848f6899317
This server is no longer running a nodepool launcher and can be removed
from the inventory so that we can delete it. Next up we'll replace
02-04.
Change-Id: Ia71b9b616bde1018cd4ce3b8c882fba02677165d
This adds a role and related testing to manage our Kerberos KDC
servers, intended to replace the puppet modules currently performing
this task.
This role automates realm creation, initial setup, key material
distribution and replica host configuration. None of this is intended
to run on the production servers which are already setup with an
active database, and the role should be effectively idempotent in
production.
Note that this does not yet switch the production servers into the new
groups; this can be done in a separate step under controlled
conditions and with related upgrades of the host OS to Focal.
Change-Id: I60b40897486b29beafc76025790c501b5055313d
