Replace testing group vars with host vars for review02

Previously we had a test specific group vars file for the review Ansible
group. This provided junk secrets to our test installations of Gerrit
then we relied on the review02.opendev.org production host vars file to
set values that are public.

Unfortunately, this meant we were using the production heapLimit value
which is far too large for our test instances leading to the occasionaly
failure:

  There is insufficient memory for the Java Runtime Environment to continue.
  Native memory allocation (mmap) failed to map 9596567552 bytes for committing reserved memory.

We cannot set the heapLimit in the group var file because the hostvar
file overrides those values. To fix this we need to replace the test
specific group var contents with a test specific host var file instead.
To avoid repeating ourselves we also create a new review.yaml group_vars
file to capture common settings between testing and prod. Note we should
look at combining this new file with the gerrit.yaml group_vars.

On the testing side of things we set the heapLimit to 6GB, we change the
serverid value to prevent any unexpected notedb confusion, and we remove
replication config.

Change-Id: Id8ec5cae967cc38acf79ecf18d3a0faac3a9c4b3

inventory/service/group_vars/gerrit.yaml

@@ -1,3 +1,6 @@
+# TODO can we combine this with the review.yaml group vars?
+# the review group seems to be what we use to match in the service-review.yaml
+# playbook which would make it canonical?
 exim_extra_aliases:
   gerrit2: root
 iptables_rules:

inventory/service/group_vars/review.yaml

@@ -0,0 +1,19 @@
+# See TODO in the gerrit.yaml group vars.
+gerrit_vhost_name: review.opendev.org
+gerrit_redirect_vhost: review.openstack.org
+gerrit_storyboard_url: https://storyboard.openstack.org
+# We have to set the letsencrypt_gid to something that isn't 3000
+# to not conflict with gerrit2's gid.
+# Also, on review01.openstack.org, 3001 is openstackwatch and
+# 3002 is github.
+letsencrypt_gid: 3003
+borg_backup_excludes_extra:
+  - /home/gerrit2/.launchpadlib/cache/*
+  - /home/gerrit2/review_site/cache/*
+  - /home/gerrit2/review_site/tmp/*
+  - /home/gerrit2/review_site/index/*
+  # scratch location for admins
+  - /home/gerrit2/tmp/*
+  # live db when used with mariadb_container; dumped by separate job
+  # using mysqldump
+  - /home/gerrit2/reviewdb/*

inventory/service/host_vars/review02.opendev.org.yaml

@@ -63,28 +63,10 @@ gerrit_replication:
     mirror: true
     threads: '4'
     timeout: '900'
-gerrit_storyboard_url: https://storyboard.openstack.org
-gerrit_vhost_name: review.opendev.org
 gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543
-gerrit_redirect_vhost: review.openstack.org
 gerrit_heap_limit: 96g
 letsencrypt_certs:
   review02-opendev-org-main:
     - review.opendev.org
     - review02.opendev.org
     - review.openstack.org
-# We have to set the letsencrypt_gid to something that isn't 3000
-# to not conflict with gerrit2's gid.
-# Also, on review01.openstack.org, 3001 is openstackwatch and
-# 3002 is github.
-letsencrypt_gid: 3003
-borg_backup_excludes_extra:
-  - /home/gerrit2/.launchpadlib/cache/*
-  - /home/gerrit2/review_site/cache/*
-  - /home/gerrit2/review_site/tmp/*
-  - /home/gerrit2/review_site/index/*
-  # scratch location for admins
-  - /home/gerrit2/tmp/*
-  # live db when used with mariadb_container; dumped by separate job
-  # using mysqldump
-  - /home/gerrit2/reviewdb/*

playbooks/zuul/run-base.yaml

@@ -65,7 +65,6 @@
         - group_vars/nodepool-launcher.yaml
         - group_vars/refstack.yaml
         - group_vars/registry.yaml
-        - group_vars/review.yaml
         - group_vars/control-plane-clouds.yaml
         - group_vars/afs-client.yaml
         - group_vars/zuul.yaml
@@ -87,6 +86,7 @@
         - host_vars/mirror-update01.opendev.org.yaml
         - host_vars/paste01.opendev.org.yaml
         - host_vars/refstack01.openstack.org.yaml
+        - host_vars/review02.opendev.org.yaml
     - name: Display group membership
       command: ansible localhost -m debug -a 'var=groups'
     - name: Run base.yaml

playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2

@@ -1,3 +1,4 @@
+# Private vars
 gerrit_ssh_rsa_key_contents: |
   -----BEGIN RSA PRIVATE KEY-----
   MIIEpQIBAAKCAQEAvqQkJUwEGJgqzmOmj2728ikA3Dgl4mzzRiI5zzzLhCLQktL7
@@ -102,3 +103,15 @@ gerrit_launchpad_auth:
   access_token: 'token'
   access_secret: 'secret'
   consumer_key: 'consumer_key'
+
+# Public var overrides for testing.
+# Common entries between prod and testing should live in the review.yaml
+# group vars file if they are not host specific.
+gerrit_replication: []
+gerrit_serverid: a3593e8f-50c5-4336-a802-c2ffa22ba0fa
+gerrit_heap_limit: 6g
+letsencrypt_certs:
+  review02-opendev-org-main:
+    - review.opendev.org
+    - review02.opendev.org
+    - review.openstack.org

zuul.d/infra-prod.yaml

@@ -397,6 +397,7 @@
       - inventory/base
       - playbooks/service-review.yaml
       - inventory/service/group_vars/gerrit.yaml
+      - inventory/service/group_vars/review.yaml
       - inventory/service/host_vars/review01.openstack.org.yaml
       - playbooks/roles/pip3/
       - playbooks/roles/install-docker/

zuul.d/project.yaml

@@ -365,6 +365,7 @@
               - inventory/.*
               - playbooks/manage-projects.yaml
               - inventory/service/group_vars/gerrit.yaml
+              - inventory/service/group_vars/review.yaml
               - inventory/service/group_vars/gitea.yaml
               - inventory/service/host_vars/gitea
               - inventory/service/host_vars/review

zuul.d/system-config-run.yaml

@@ -875,14 +875,14 @@
       - playbooks/service-review.*.yaml
       - playbooks/test-review.yaml
       - playbooks/rename_repos.yaml
+      - inventory/service/group_vars/gerrit.yaml
       - inventory/service/group_vars/review.yaml
-      - inventory/service/host_vars/review\d+.openstack.org.yaml
       - playbooks/roles/pip3/
       - playbooks/roles/install-docker/
       - playbooks/roles/letsencrypt
       - playbooks/roles/gerrit/
       - playbooks/zuul/gerrit/
-      - playbooks/zuul/templates/group_vars/review.yaml.j2
+      - playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2
       - roles/bazelisk-build/
       - testinfra/test_gerrit.py
       - docker/gerrit/