diff --git a/.zuul.yaml b/.zuul.yaml index ce2df731fb..659e297185 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -4,24 +4,12 @@ vars: project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project" -- job: - name: puppet-beaker-rspec-infra-centos-7-system-config - parent: puppet-beaker-rspec-centos-7-infra - vars: - project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project" - - job: name: puppet-beaker-rspec-puppet-4-infra-system-config parent: puppet-beaker-rspec-puppet-4-infra vars: project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project" -- job: - name: puppet-beaker-rspec-puppet-4-centos-7-infra-system-config - parent: puppet-beaker-rspec-puppet-4-infra - vars: - project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project" - # Image building jobs - secret: name: system-config-dockerhub @@ -274,20 +262,6 @@ files: - roles/.* -- job: - name: system-config-zuul-role-integration-centos-7 - parent: system-config-zuul-role-integration - nodeset: - nodes: - - name: base - label: centos-7 - - name: puppet4 - label: centos-7 - groups: - - name: puppet3 - nodes: - - base - - job: name: system-config-zuul-role-integration-trusty parent: system-config-zuul-role-integration @@ -340,14 +314,12 @@ name: system-config-zuul-role-integration check: jobs: - - system-config-zuul-role-integration-centos-7 - system-config-zuul-role-integration-trusty - system-config-zuul-role-integration-xenial - system-config-zuul-role-integration-bionic - system-config-zuul-role-integration-debian-stable gate: jobs: - - system-config-zuul-role-integration-centos-7 - system-config-zuul-role-integration-trusty - system-config-zuul-role-integration-xenial - system-config-zuul-role-integration-bionic @@ -392,13 +364,9 @@ label: ubuntu-xenial - name: bionic label: ubuntu-bionic - - name: centos7 - label: centos-7 host-vars: trusty: ansible_python_interpreter: python2 - centos7: - ansible_python_interpreter: python2 files: - .zuul.yaml - playbooks/.* @@ -659,9 +627,7 @@ - tox-linters - legacy-system-config-puppet-syntax-3 - puppet-beaker-rspec-infra-system-config - - puppet-beaker-rspec-infra-centos-7-system-config - puppet-beaker-rspec-puppet-4-infra-system-config - - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config - system-config-run-base - system-config-run-base-ansible-devel: voting: false @@ -688,9 +654,7 @@ - tox-linters - legacy-system-config-puppet-syntax-3 - puppet-beaker-rspec-infra-system-config - - puppet-beaker-rspec-infra-centos-7-system-config - puppet-beaker-rspec-puppet-4-infra-system-config - - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config - system-config-run-base - system-config-run-dns - system-config-run-eavesdrop diff --git a/inventory/groups.yaml b/inventory/groups.yaml index 9db862e258..cd88214227 100644 --- a/inventory/groups.yaml +++ b/inventory/groups.yaml @@ -36,8 +36,6 @@ groups: firehose: firehose[0-9]*.open*.org futureparser: - ask*.open*.org - - git.openstack.org - - git[0-9]*.openstack.org - lists*.open*.org - ze[0-9]*.open*.org - zk[0-9]*.open*.org @@ -46,10 +44,6 @@ groups: gerrit: - review-dev[0-9]*.open*.org - review[0-9]*.open*.org - git-loadbalancer: - - git.openstack.org - git-server: - - git[0-9]*.openstack.org gitea: - gitea[0-9]*.opendev.org gitea-lb: @@ -110,8 +104,6 @@ groups: - etherpad[0-9]*.open*.org - files[0-9]*.open*.org - firehose[0-9]*.open*.org - - git[0-9]*.openstack.org - - git.openstack.org - grafana[0-9]*.open*.org - graphite*.open*.org - groups-dev*.open*.org diff --git a/inventory/openstack.yaml b/inventory/openstack.yaml index 517cbb27c7..e584ec1783 100644 --- a/inventory/openstack.yaml +++ b/inventory/openstack.yaml @@ -236,69 +236,6 @@ all: cloud: openstackci-vexxhost region_name: sjc1 public_v4: 38.108.68.22 - git.openstack.org: - ansible_host: 2001:4800:7819:103:be76:4eff:fe04:77e6 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.130.246.85 - public_v6: 2001:4800:7819:103:be76:4eff:fe04:77e6 - git01.openstack.org: - ansible_host: 2001:4800:7819:105:be76:4eff:fe05:e834 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.130.243.237 - public_v6: 2001:4800:7819:105:be76:4eff:fe05:e834 - git02.openstack.org: - ansible_host: 2001:4800:7819:105:be76:4eff:fe05:df62 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.130.243.109 - public_v6: 2001:4800:7819:105:be76:4eff:fe05:df62 - git03.openstack.org: - ansible_host: 2001:4800:7817:101:be76:4eff:fe05:f6f1 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 67.192.247.197 - public_v6: 2001:4800:7817:101:be76:4eff:fe05:f6f1 - git04.openstack.org: - ansible_host: 2001:4800:7817:101:be76:4eff:fe05:f6eb - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 67.192.247.180 - public_v6: 2001:4800:7817:101:be76:4eff:fe05:f6eb - git05.openstack.org: - ansible_host: 2001:4800:7815:105:be76:4eff:fe04:8cab - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 23.253.69.135 - public_v6: 2001:4800:7815:105:be76:4eff:fe04:8cab - git06.openstack.org: - ansible_host: 2001:4800:7818:104:be76:4eff:fe05:17ef - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.239.132.223 - public_v6: 2001:4800:7818:104:be76:4eff:fe05:17ef - git07.openstack.org: - ansible_host: 2001:4800:7815:102:be76:4eff:fe04:dba8 - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 23.253.94.84 - public_v6: 2001:4800:7815:102:be76:4eff:fe04:dba8 - git08.openstack.org: - ansible_host: 2001:4800:7819:104:be76:4eff:fe04:374d - location: - cloud: openstackci-rax - region_name: DFW - public_v4: 104.239.146.131 - public_v6: 2001:4800:7819:104:be76:4eff:fe04:374d grafana01.openstack.org: ansible_host: 2001:4800:7817:104:be76:4eff:fe04:7e4e location: diff --git a/manifests/site.pp b/manifests/site.pp index 9e3f3311a0..986dba4d21 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -414,63 +414,6 @@ node /^firehose\d+\.open.*\.org$/ { } } -# CentOS machines to load balance git access. -# Node-OS: centos7 -node /^git(-fe\d+)?\.open.*\.org$/ { - $group = "git-loadbalancer" - class { 'openstack_project::git': - balancer_member_names => [ - 'git01.openstack.org', - 'git02.openstack.org', - 'git03.openstack.org', - 'git04.openstack.org', - 'git05.openstack.org', - 'git06.openstack.org', - 'git07.openstack.org', - 'git08.openstack.org', - ], - balancer_member_ips => [ - '104.130.243.237', - '104.130.243.109', - '67.192.247.197', - '67.192.247.180', - '23.253.69.135', - '104.239.132.223', - '23.253.94.84', - '104.239.146.131', - ], - } -} - -# CentOS machines to run cgit and git daemon. Will be -# load balanced by git.openstack.org. -# Node-OS: centos7 -node /^git\d+\.open.*\.org$/ { - $group = "git-server" - include openstack_project - class { 'openstack_project::server': } - - class { 'openstack_project::git_backend': - project_config_repo => 'https://opendev.org/openstack/project-config', - vhost_name => 'git.openstack.org', - git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'), - ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('git_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'), - git_zuul_ci_org_ssl_cert_file_contents => hiera('git_zuul_ci_org_ssl_cert_file_contents'), - git_zuul_ci_org_ssl_key_file_contents => hiera('git_zuul_ci_org_ssl_key_file_contents'), - git_zuul_ci_org_ssl_chain_file_contents => hiera('git_zuul_ci_org_ssl_chain_file_contents'), - git_airshipit_org_ssl_cert_file_contents => hiera('git_airshipit_org_ssl_cert_file_contents'), - git_airshipit_org_ssl_key_file_contents => hiera('git_airshipit_org_ssl_key_file_contents'), - git_airshipit_org_ssl_chain_file_contents => hiera('git_airshipit_org_ssl_chain_file_contents'), - git_starlingx_io_ssl_cert_file_contents => hiera('git_starlingx_io_ssl_cert_file_contents'), - git_starlingx_io_ssl_key_file_contents => hiera('git_starlingx_io_ssl_key_file_contents'), - git_starlingx_io_ssl_chain_file_contents => hiera('git_starlingx_io_ssl_chain_file_contents'), - behind_proxy => true, - selinux_mode => 'enforcing' - } -} - # A machine to drive AFS mirror updates. # Node-OS: xenial node /^mirror-update\d*\.open.*\.org$/ { diff --git a/modules/openstack_project/manifests/git.pp b/modules/openstack_project/manifests/git.pp deleted file mode 100644 index 1be7200e52..0000000000 --- a/modules/openstack_project/manifests/git.pp +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2013 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Class to configure haproxy to serve git on a CentOS node. -# -# == Class: openstack_project::git -class openstack_project::git ( - $balancer_member_names = [], - $balancer_member_ips = [], - $selinux_mode = 'enforcing' -) { - class { 'openstack_project::server': } - - if ($::osfamily == 'RedHat') { - class { 'selinux': - mode => $selinux_mode - } - } - - package { 'socat': - ensure => present, - } - - package { 'lsof': - ensure => present, - } - - class { 'haproxy': - enable => true, - global_options => { - 'log' => '127.0.0.1 local0', - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats user root group root mode 0600 level admin' - }, - defaults_options => { - 'log' => 'global', - 'stats' => 'enable', - 'option' => 'redispatch', - 'retries' => '3', - 'timeout' => [ - 'http-request 10s', - 'queue 1m', - 'connect 10s', - 'client 2m', - 'server 2m', - 'check 10s', - ], - 'maxconn' => '8000', - }, - } - # The three listen defines here are what the world will hit. - haproxy::listen { 'balance_git_http': - ipaddress => [$::ipaddress, $::ipaddress6], - ports => ['80'], - mode => 'tcp', - collect_exported => false, - options => { - 'balance' => 'leastconn', - 'option' => [ - 'tcplog', - ], - }, - } - haproxy::listen { 'balance_git_https': - ipaddress => [$::ipaddress, $::ipaddress6], - ports => ['443'], - mode => 'tcp', - collect_exported => false, - options => { - 'balance' => 'leastconn', - 'option' => [ - 'tcplog', - ], - }, - } - haproxy::listen { 'balance_git_daemon': - ipaddress => [$::ipaddress, $::ipaddress6], - ports => ['9418'], - mode => 'tcp', - collect_exported => false, - options => { - 'maxconn' => '256', - 'backlog' => '256', - 'balance' => 'leastconn', - 'option' => [ - 'tcplog', - ], - 'timeout' => [ - 'client 15m', - 'server 15m', - ], - }, - } - haproxy::balancermember { 'balance_git_http_member': - listening_service => 'balance_git_http', - server_names => $balancer_member_names, - ipaddresses => $balancer_member_ips, - ports => '8080', - } - haproxy::balancermember { 'balance_git_https_member': - listening_service => 'balance_git_https', - server_names => $balancer_member_names, - ipaddresses => $balancer_member_ips, - ports => '4443', - } - haproxy::balancermember { 'balance_git_daemon_member': - listening_service => 'balance_git_daemon', - server_names => $balancer_member_names, - ipaddresses => $balancer_member_ips, - ports => '29418', - options => 'maxqueue 512', - } - - exec { 'haproxy_allow_bind_ports': - # If bool is already set don't set it again - onlyif => 'bash -c \'getsebool haproxy_connect_any | grep -q off\'', - command => 'setsebool -P haproxy_connect_any 1', - path => '/bin:/usr/sbin', - before => Service['haproxy'], - } - - # TODO(mordred) We should get this haproxy stuff ported to ansible ASAP. - # Ansible is the one installing rsyslog. - file { '/etc/rsyslog.d/haproxy.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - source => 'puppet:///modules/openstack_project/git/rsyslog.haproxy.conf', - } - - # haproxy statsd - - package { 'python2-statsd': - ensure => present, - } - - file { '/usr/local/bin/haproxy-statsd.py': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/openstack_project/git/haproxy-statsd.py', - notify => Service['haproxy-statsd'], - require => Package['python2-statsd'], - } - - file { '/etc/default/haproxy-statsd': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/openstack_project/git/haproxy-statsd.default', - require => File['/usr/local/bin/haproxy-statsd.py'], - notify => Service['haproxy-statsd'], - } - - file { '/etc/systemd/system/haproxy-statsd.service': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - source => 'puppet:///modules/openstack_project/git/haproxy-statsd.service', - require => File['/etc/default/haproxy-statsd'], - notify => Service['haproxy-statsd'], - } - - service { 'haproxy-statsd': - provider => systemd, - enable => true, - require => File['/etc/systemd/system/haproxy-statsd.service'], - } -} diff --git a/modules/openstack_project/manifests/git_backend.pp b/modules/openstack_project/manifests/git_backend.pp deleted file mode 100644 index 7f631a3138..0000000000 --- a/modules/openstack_project/manifests/git_backend.pp +++ /dev/null @@ -1,303 +0,0 @@ -# Copyright 2013 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Class to configure cgit on a CentOS node. -# -# == Class: openstack_project::git_backend -class openstack_project::git_backend ( - $vhost_name = $::fqdn, - $git_gerrit_ssh_key = '', - $ssl_cert_file_contents = '', - $ssl_key_file_contents = '', - $ssl_chain_file_contents = '', - $git_zuul_ci_org_ssl_cert_file_contents = '', - $git_zuul_ci_org_ssl_key_file_contents = '', - $git_zuul_ci_org_ssl_chain_file_contents = '', - $git_airshipit_org_ssl_cert_file_contents = '', - $git_airshipit_org_ssl_key_file_contents = '', - $git_airshipit_org_ssl_chain_file_contents = '', - $git_starlingx_io_ssl_cert_file_contents = '', - $git_starlingx_io_ssl_key_file_contents = '', - $git_starlingx_io_ssl_chain_file_contents = '', - $behind_proxy = false, - $project_config_repo = '', - $selinux_mode = 'enforcing', -) { - - package { 'lsof': - ensure => present, - } - - class { 'project_config': - url => $project_config_repo, - } - - include jeepyb - include pip - - if ($::osfamily == 'RedHat') { - class { 'selinux': - mode => $selinux_mode - } - } - - class { '::cgit': - vhost_name => $vhost_name, - ssl_cert_file => "/etc/pki/tls/certs/${vhost_name}.pem", - ssl_key_file => "/etc/pki/tls/private/${vhost_name}.key", - ssl_chain_file => '/etc/pki/tls/certs/intermediate.pem', - ssl_cert_file_contents => $ssl_cert_file_contents, - ssl_key_file_contents => $ssl_key_file_contents, - ssl_chain_file_contents => $ssl_chain_file_contents, - behind_proxy => $behind_proxy, - cgitrc_settings => { - 'clone-prefix' => 'https://git.openstack.org', - 'commit-filter' => '/usr/local/bin/commit-filter.sh', - 'css' => '/static/openstack.css', - 'favicon' => '/static/favicon.ico', - 'logo' => '/static/openstack.svg', - 'root-title' => 'OpenStack git repository browser', - 'max-repo-count' => 2500, - 'robots' => 'index', - }, - manage_cgitrc => true, - selinux_mode => $selinux_mode - } - - ::cgit::site { 'git.zuul-ci.org': - cgit_vhost_name => 'git.zuul-ci.org', - ssl_cert_file => "/etc/pki/tls/certs/git.zuul-ci.org.pem", - ssl_key_file => "/etc/pki/tls/private/git.zuul-ci.org.key", - ssl_chain_file => '/etc/pki/tls/certs/git.zuul-ci.org.intermediate.pem', - ssl_cert_file_contents => $git_zuul_ci_org_ssl_cert_file_contents, - ssl_key_file_contents => $git_zuul_ci_org_ssl_key_file_contents, - ssl_chain_file_contents => $git_zuul_ci_org_ssl_chain_file_contents, - behind_proxy => $behind_proxy, - cgitrc_settings => { - 'clone-prefix' => 'https://git.zuul-ci.org', - 'commit-filter' => '/usr/local/bin/commit-filter.sh', - 'css' => '/cgit-data/cgit.css', - 'favicon' => '/cgit-data/favicon.ico', - 'logo' => '/cgit-data/cgit.png', - 'root-title' => 'Zuul git repository browser', - 'max-repo-count' => 2500, - 'robots' => 'index', - 'include' => '/etc/cgitrepos_git.zuul-ci.org', - }, - manage_cgitrc => true, - cgitrc_path => '/etc/cgitrc_git.zuul-ci.org', - local_git_dir => '/var/lib/git-alias/git.zuul-ci.org', - cgitdir => '/var/www/cgit_git.zuul-ci.org', - staticfiles => '/var/www/cgit_git.zuul-ci.org/static', - selinux_mode => $selinux_mode - } - - ::cgit::site { 'git.airshipit.org': - cgit_vhost_name => 'git.airshipit.org', - ssl_cert_file => "/etc/pki/tls/certs/git.airshipit.org.pem", - ssl_key_file => "/etc/pki/tls/private/git.airshipit.org.key", - ssl_chain_file => '/etc/pki/tls/certs/git.airshipit.org.intermediate.pem', - ssl_cert_file_contents => $git_airshipit_org_ssl_cert_file_contents, - ssl_key_file_contents => $git_airshipit_org_ssl_key_file_contents, - ssl_chain_file_contents => $git_airshipit_org_ssl_chain_file_contents, - behind_proxy => $behind_proxy, - cgitrc_settings => { - 'clone-prefix' => 'https://git.airshipit.org', - 'commit-filter' => '/usr/local/bin/commit-filter.sh', - 'css' => '/cgit-data/cgit.css', - 'favicon' => '/cgit-data/favicon.ico', - 'logo' => '/cgit-data/cgit.png', - 'root-title' => 'Airship git repository browser', - 'max-repo-count' => 2500, - 'robots' => 'index', - 'include' => '/etc/cgitrepos_git.airshipit.org', - }, - manage_cgitrc => true, - cgitrc_path => '/etc/cgitrc_git.airshipit.org', - local_git_dir => '/var/lib/git-alias/git.airshipit.org', - cgitdir => '/var/www/cgit_git.airshipit.org', - staticfiles => '/var/www/cgit_git.airshipit.org/static', - selinux_mode => $selinux_mode - } - - ::cgit::site { 'git.starlingx.io': - cgit_vhost_name => 'git.starlingx.io', - ssl_cert_file => "/etc/pki/tls/certs/git.starlingx.io.pem", - ssl_key_file => "/etc/pki/tls/private/git.starlingx.io.key", - ssl_chain_file => '/etc/pki/tls/certs/git.starlingx.io.intermediate.pem', - ssl_cert_file_contents => $git_starlingx_io_ssl_cert_file_contents, - ssl_key_file_contents => $git_starlingx_io_ssl_key_file_contents, - ssl_chain_file_contents => $git_starlingx_io_ssl_chain_file_contents, - behind_proxy => $behind_proxy, - cgitrc_settings => { - 'clone-prefix' => 'https://git.starlingx.io', - 'commit-filter' => '/usr/local/bin/commit-filter.sh', - 'css' => '/cgit-data/cgit.css', - 'favicon' => '/cgit-data/favicon.ico', - 'logo' => '/cgit-data/cgit.png', - 'root-title' => 'StarlingX git repository browser', - 'max-repo-count' => 2500, - 'robots' => 'index', - 'include' => '/etc/cgitrepos_git.starlingx.io', - }, - manage_cgitrc => true, - cgitrc_path => '/etc/cgitrc_git.starlingx.io', - local_git_dir => '/var/lib/git-alias/git.starlingx.io', - cgitdir => '/var/www/cgit_git.starlingx.io', - staticfiles => '/var/www/cgit_git.starlingx.io/static', - selinux_mode => $selinux_mode - } - - # We don't actually use these variables in this manifest, but jeepyb - # requires them to exist. - $local_git_dir = '/var/lib/git' - $ssh_project_key = '' - - file { '/home/cgit/.ssh/': - ensure => directory, - owner => 'cgit', - group => 'cgit', - mode => '0700', - require => User['cgit'], - } - - ssh_authorized_key { 'gerrit-replication-2014-04-25': - ensure => present, - user => 'cgit', - type => 'ssh-rsa', - key => $git_gerrit_ssh_key, - require => File['/home/cgit/.ssh/'] - } - ssh_authorized_key { '/home/cgit/.ssh/authorized_keys': - ensure => absent, - user => 'cgit', - } - - file { '/home/cgit/projects.yaml': - ensure => present, - owner => 'cgit', - group => 'cgit', - mode => '0444', - source => $::project_config::jeepyb_project_file, - require => $::project_config::config_dir, - replace => true, - } - - exec { 'create_cgitrepos': - command => 'create-cgitrepos', - path => '/bin:/usr/bin:/usr/local/bin', - require => [ - File['/home/cgit/projects.yaml'], - User['zuul'], - Class['jeepyb'], - ], - subscribe => File['/home/cgit/projects.yaml'], - refreshonly => true, - } - - cron { 'mirror_repack': - ensure => absent, - user => 'cgit', - } - - cron { 'mirror_gitgc': - user => 'cgit', - hour => '4', - minute => '7', - command => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" gc \;', - environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', - require => User['cgit'], - } - - file { '/var/www/cgit/static/openstack.svg': - ensure => present, - source => 'puppet:///modules/openstack_project/openstack.svg', - require => File['/var/www/cgit/static'], - } - - file { '/var/www/cgit/static/favicon.ico': - ensure => present, - source => 'puppet:///modules/openstack_project/status/favicon.ico', - require => File['/var/www/cgit/static'], - } - - file { '/var/www/cgit/static/openstack.css': - ensure => present, - source => 'puppet:///modules/openstack_project/git/openstack.css', - require => File['/var/www/cgit/static'], - } - - file { '/usr/local/bin/commit-filter.sh': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - source => 'puppet:///modules/openstack_project/git/commit-filter.sh', - } - - user { 'zuul': - ensure => present, - home => '/home/zuul', - shell => '/bin/bash', - gid => 'zuul', - managehome => true, - require => Group['zuul'], - } - - group { 'zuul': - ensure => present, - } - - file {'/home/zuul': - ensure => directory, - owner => 'zuul', - group => 'zuul', - mode => '0755', - require => User['zuul'], - } - - file { '/var/lib/git/zuul': - ensure => directory, - owner => 'zuul', - group => 'zuul', - mode => '0755', - require => [ - User['zuul'], - File['/var/lib/git'], - ] - } - - file { '/home/zuul/.ssh': - ensure => directory, - owner => 'zuul', - group => 'zuul', - mode => '0700', - require => User['zuul'], - } - - file { '/home/zuul/.ssh/authorized_keys': - ensure => absent, - } - - cron { 'mirror_gitgc_zuul': - user => 'zuul', - weekday => '0', - hour => '4', - minute => '7', - command => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" git gc \;', - environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', - require => User['zuul'], - } - -} diff --git a/playbooks/remote_puppet_else.yaml b/playbooks/remote_puppet_else.yaml index 32a4547c66..1180d2e56f 100644 --- a/playbooks/remote_puppet_else.yaml +++ b/playbooks/remote_puppet_else.yaml @@ -1,4 +1,4 @@ -- hosts: 'puppet:!review:!git-server:!zuul-scheduler:!afs:!afsdb:!puppetmaster*:!disabled' +- hosts: 'puppet:!review:!zuul-scheduler:!afs:!afsdb:!puppetmaster*:!disabled' name: "Puppet-else: run puppet on all other servers" strategy: free roles: diff --git a/playbooks/remote_puppet_git.yaml b/playbooks/remote_puppet_git.yaml index b97cd5990d..2e08cbf42f 100644 --- a/playbooks/remote_puppet_git.yaml +++ b/playbooks/remote_puppet_git.yaml @@ -10,15 +10,6 @@ force: yes register: gitinfo -- hosts: "git-server:!disabled" - name: "Puppet-git: Run puppet on the git servers" - strategy: free - max_fail_percentage: 1 - roles: - - role: puppet - facts: - project_config_ref: "{{ hostvars.localhost.gitinfo.after }}" - - hosts: "gitea:!disabled" name: "Create repos on gitea servers" strategy: free