Put the variables defined in manifests/site.pp at the top of the file so
that they are in a known location after running csplit in test.sh and we
can prepend them to the puppet-apply top files.
A better solution would be to move this data into hiera, but this is not
sensitive data, so a move to hiera should wait until we a have solution
for a public hiera data repo separate from the private hiera data.
Change-Id: I509a8266462dfdf53e1727938e4fb043241166b6
Add elasticsearch07 node. Move the elasticsearch discover node to
elasticsearch02 instead of 01 as we are moving away from 01 as part of
the 07 addition.
Change-Id: I2aa857ec4984ae1fc2f8e27f437f8ecc61d24fbd
Our Elasticsearch nodes need cinder volumes attached to them prior to
being puppeted. Make the regex for the elasticsearch nodes in site.pp
match only existing nodes so that new nodes can be created and have
their volumes attached before proper puppeting.
Change-Id: If12c67174315b8480998148e1325de59ecdba372
This patch removes the drush make site building function from
groups-dev instance, and now directly fetch release tarballs from
http://tarballs.openstack.org/groups repository. With an advanced
multi-slot deployment architecture it prevents the typical Drupal
WSOD issues that randomly caused site malfunction when a request
arrived during installation. It also simplifies the
deployment steps using the standard drush aliases and
drush-dsd extension and supports local configuration variables
in local_settings.php file.
Change-Id: I73976a60e080d15b6f513db79fee46bcf468e302
We have fallen behind on our ability to index all the things. Logstash
itself appears to be the current bottleneck. Add four more nodes to help
combat the backlog.
Change-Id: I9d5a7474a801c58c1e8933b264172e72f2d0bb86
The test.sh script is not currently being run in any jobs, this change
removes the redundant validation code that's also in the puppet-syntax
job and creates a puppet-apply-test job that runs the test.sh script.
Running `puppet apply --noop` requires sudo, otherwise it will give
errors about refusing to run commands as other users.
Change-Id: Ie6b278d98390a8a5dd8bb24899c8c4083f5755c9
Turns out that while keystoneclient does not require a tenant_name be
set swiftclient does require it so the fix to not pass a tenant_name to
zuul did not work.
Alex_Gaynor pointed out the reason using the normal tenant_name doesn't
work with Rax object store is that the tenant_name for object store in
Rax is different than the normal tenant_name. Use that different and
correct tenant_name instead.
Change-Id: I13d6b8dfc190d35178e7fc979d7feb58e7e1f8dd
This change adds credentials as set up by fungi (2014-04-05T03:16:46)
http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-04-05.log
This allows zuul to send signed URL's for workers to push files to on
a per-job basis.
This change will require a zuul restart, not just a reload!
Note this is unreverts the revert in
c1b98eaff618b8c739cc02f089ef6fe6c02cbcc3 but is slightly edited hence
the lack of a proper revert commit. The reason for the revert has been
debugged and was due to rax identity service not providing a catalog
entry for swift when a tenant name is provided.
Change-Id: I04d3207002f7422b9851515ee88a74b19dd2f248
This is a dedicated IRC channel for discussion
about Operating System container support in
OpenStack. The members of the OpenStack
Containers Team will idle in this channel:
https://wiki.openstack.org/wiki/Teams/Containers
Change-Id: I9ec77969f926e8ced912ce194f7d6fae6a0e2e4d
This reverts commit 176f15cd48ceea7e990fc61362875a23524f963a.
Puppet and zuul aren't ready for this. The swift client throws an
exception. We need to restart zuul to fix a more pressing issue hence
this revert. Will debug when able to.
Change-Id: Ie4487d84b7f1495c7ec6fd31e4b5b90d6699a31d
The patch to add nodepool to jenkins-dev (https://review.openstack.org/#/c/57333)
did not work.
There were a few issues with it:
1. jenkins-dev.pp was passing literal strings to the nodepool module, instead it
should be passing in the variables.
2. jenkins-dev.pp was calling ::nodepool but puppet seems to think that it wants
::openstack_project::nodepool due to puppet's scoping weirdness :(
3. The script to build nodepool machines needed the jenkins_dev_ssh_key.
Fixes to above issues:
1. This is trivial, just passed the variables thru instead of literal strings.
2. The nodepool.pp module is renamed to nodepool_prod.pp to prevent the scoping problem.
3. We use the dev jenkins ssh key with dev nodepool by allowing the nodepool module
to pass arbitrary env settings through the defaults file.
Change-Id: Id91053212f088079ff1b0f06ebdce5c381f5cd19
In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
Puppet board has replaced puppet dashboard. Remove reference to puppet
dashboard as it shouldn't be used.
Change-Id: I5eeee2984729ef5d1b883b4762347d19786e28ed
In anticipation of driving puppet over ssh, we need keys on the hosts
and the scripts on the master. Don't turn them on yet, because we want
to be able to do some by-hand testing of the mechanism.
Change-Id: I2c353777e2f8fb5a2e733ce405ba40427ce901e5
Zuul should use a dedicated ssh key rather than piggy backing off of the
jenkins ssh key. This change makes this distinction clear and removes
one zuul use of the jenkins ssh key that is not necessary.
Change-Id: I74c811a8bf94838b285791e158f4e468513eaa3e
Switch all jenkins proposal jobs to a dedicated user with dedicated
credentials. This is being done to be more flexible and secure when it
comes to managing the scripts that make proposals to gerrit.
Change-Id: I2dbdd530bf5b64c14207f645512a1eb319681166
Make it easier to deploy jenkins masters by using snakeoil certs on
numbered jenkins masters. This also simplifies the process of replacing
certs as make-ssl-cert can easily regenerate snakeoil certs for us.
Change-Id: I4966b1e502e0edf4f6fad25f06b9bacca25c5951
Add two puppet hiera variables to override defaults for
openstackid-dev in site.pp to access remote user profile database
(mysql_user, db_name). Now we can use the following
mysql parameters for connection:
- openstackid_dev_ss_mysql_host: mysql host
- openstackid_dev_ss_mysql_password: password for mysql account
- openstackid_dev_ss_mysql_user: user name of mysql account
- openstackid_dev_ss_db_name: database name
Change-Id: Ied0e3918d117c13ef53763461242e5380f0bab00
SERVER: Invalid relationship: File[/var/lib/jenkins/hudson.plugins.gearman.GearmanPluginConfig.xml] { require => Class[Zuul] }, because Class[Zuul]doesn't seem to be in the catalog
This reverts commit 2a9cd677e4eb6a60787ebc73bd8fd9e1b6f26b34
Run it whenever there is a change to the YAML channel config.
The script will ensure everyone listed in global has those perms
and anyone else found with access on a channel will be left as-is
except that their access will be limited to the relevant mask.
Move it and the previous change to add a permission checking
script into a new module, 'accessbot'.
Support SSL in both scripts.
Add a 1 second sleep in the check script to avoid flood protection.
Add all known channels to the channel config.
Closes-Bug: 1190296
Change-Id: I5072cb56ae83a70f4fa955362b8db909b2956d70
This moves git01.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: I84a3b2710edd96087a29735ca26863c75eb5023d
This moves git02.openstack.org to a new server, but should not be
merged until the old one is gracefully offlined in haproxy and the
new one is in sync with Gerrit replication and has been thoroughly
tested.
Change-Id: I8d0cc04ac6429a7780020242c9cc1ff2f0126b6e
