review02: move out of staging group

This moves review02 out of the review-staging group and into the main
review group.  At this point, review01.openstack.org is inactive so we
can remove all references to openstack.org from the groups.  We update
the system-config job to run against a focal production server, and
remove the unneeded rsync setup used to move data.

This additionally enables replication; this should be a no-op when
applied as part of the transition process is to manually apply this,
so that DNS setup can pull zone changes from opendev.org.

It also switches to the mysql connector, as noted inline we found some
issues with mariadb.

Note backups follow in a separate step to avoid doing too much at
once, hence dropping the backup group from the testing list.

Change-Id: I7ee3e3051ea8f3237fd5f6bf1dcc3e5996c16d10
changes/63/797563/6
Ian Wienand 1 year ago committed by Clark Boylan
parent 73ce0a7d7b
commit 8607ff7d81
  1. 7
      inventory/service/groups.yaml
  2. 58
      inventory/service/host_vars/review02.opendev.org.yaml
  3. 5
      playbooks/roles/gerrit/templates/secure.config.j2
  4. 3
      playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
  5. 22
      playbooks/service-review.yaml
  6. 1
      playbooks/zuul/templates/group_vars/review.yaml.j2
  7. 2
      testinfra/test_gerrit.py
  8. 6
      zuul.d/system-config-run.yaml

@ -53,7 +53,7 @@ groups:
ethercalc: ethercalc*.open*.org
etherpad: etherpad[0-9]*.open*.org
gerrit:
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
@ -95,7 +95,7 @@ groups:
- nb[0-9]*.opendev.org
- openstackid[0-9]*.openstack.org
- refstack[0-9]*.openstack.org
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
- review-test.opendev.org
- static[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
@ -172,12 +172,11 @@ groups:
registry:
- insecure-ci-registry[0-9]*.opendev.org
review:
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
# This group disables operations like project-managment and
# replication. It is intended for staging new production servers.
review-staging:
- review-test.opendev.org
- review02.opendev.org
static:
- static[0-9]*.opendev.org
status:

@ -1,4 +1,60 @@
gerrit_replication: []
gerrit_replication:
- name: 'gitea01'
url: 'ssh://git@gitea01.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea02'
url: 'ssh://git@gitea02.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea03'
url: 'ssh://git@gitea03.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea04'
url: 'ssh://git@gitea04.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea05'
url: 'ssh://git@gitea05.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea06'
url: 'ssh://git@gitea06.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea07'
url: 'ssh://git@gitea07.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea08'
url: 'ssh://git@gitea08.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
gerrit_storyboard_url: https://storyboard.openstack.org
gerrit_vhost_name: review.opendev.org
gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543

@ -4,7 +4,10 @@
{% endif %}
{% if gerrit_reviewdb_database_type == 'mariadb_container' %}
[accountPatchReviewDb]
url = jdbc:mariadb://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
# NOTE(ianw) 2021-07-19 : the mariadb connector throws errors because
# it doesn't seem to handle duplicate key detection. Investigation
# upstream TBC.
url = jdbc:mysql://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
{% endif %}
[auth]
registerEmailPrivateKey = {{ gerrit_email_private_key }}

@ -32,8 +32,7 @@ results:
- letsencrypt
- mirror
review01.openstack.org:
- borg-backup
review02.opendev.org:
- gerrit
- letsencrypt
- review

@ -5,34 +5,16 @@
- install-docker
- gerrit
# NOTE(ianw) 2021-03-30 : This is just temporary to facilitate bulk
# data transfer of data between the old and new server.
- hosts: "review01.openstack.org"
name: Setup remote gerrit
tasks:
- name: Install rrsync
shell:
cmd: |
mkdir /home/gerrit2/bin/
gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /home/gerrit2/bin/rrsync
chmod a+x /home/gerrit2/bin/rrsync
creates: '/home/gerrit2/bin/rrsync'
- name: Install review02.opendev.org copying key
authorized_key:
user: gerrit2
state: present
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz'
key_options: 'command="/home/gerrit2/bin/rrsync -ro /home/gerrit2",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
# NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in
# vexxhost which is currently unresolved. This pins the ipv6 config
# and ensures we don't listen to RA's. See:
# http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html
# https://launchpad.net/bugs/1844712
# We do not want this to be created when we are testing gerrit.
- hosts: "review02.opendev.org"
tasks:
- name: Install RA rejection
when: gerrit_under_test is not defined or not gerrit_under_test
copy:
dest: '/etc/netplan/50-cloud-init.yaml'
owner: 'root'

@ -99,3 +99,4 @@ gerrit_storyboard_token: 52514e74-4b8f-4d6d-a29a-a6262f97578a
gerrit_email_private_key: wjpkxebohgbid6rpuwpfrYsouxpgseluqir6yupppBczoezj
gerrit_rest_token_private_key: A83fAC8x72wxcu
gerrit_container_image: "docker.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.2') }}"
gerrit_under_test: true

@ -18,7 +18,7 @@ from selenium.common.exceptions import TimeoutException
import time
testinfra_hosts = [
'review01.openstack.org',
'review02.opendev.org',
]

@ -811,8 +811,8 @@
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: review01.openstack.org
label: ubuntu-xenial
- name: review02.opendev.org
label: ubuntu-focal
required-projects:
- openstack/project-config
- opendev/system-config
@ -822,7 +822,7 @@
- playbooks/service-review.yaml
run_test_playbook: playbooks/test-review.yaml
host-vars:
review01.openstack.org:
review02.opendev.org:
host_copy_output:
'/home/gerrit2/review_site/etc': logs
'/home/gerrit2/review_site/logs': logs

Loading…
Cancel
Save