review02: move out of staging group

This moves review02 out of the review-staging group and into the main
review group.  At this point, review01.openstack.org is inactive so we
can remove all references to openstack.org from the groups.  We update
the system-config job to run against a focal production server, and
remove the unneeded rsync setup used to move data.

This additionally enables replication; this should be a no-op when
applied as part of the transition process is to manually apply this,
so that DNS setup can pull zone changes from opendev.org.

It also switches to the mysql connector, as noted inline we found some
issues with mariadb.

Note backups follow in a separate step to avoid doing too much at
once, hence dropping the backup group from the testing list.

Change-Id: I7ee3e3051ea8f3237fd5f6bf1dcc3e5996c16d10

inventory/service/groups.yaml

@@ -53,7 +53,7 @@ groups:
   ethercalc: ethercalc*.open*.org
   etherpad: etherpad[0-9]*.open*.org
   gerrit:
-    - review[0-9]*.open*.org
+    - review[0-9]*.opendev.org
   gitea:
     - gitea[0-9]*.opendev.org
   gitea-lb:
@@ -95,7 +95,7 @@ groups:
     - nb[0-9]*.opendev.org
     - openstackid[0-9]*.openstack.org
     - refstack[0-9]*.openstack.org
-    - review[0-9]*.open*.org
+    - review[0-9]*.opendev.org
     - review-test.opendev.org
     - static[0-9]*.opendev.org
     - storyboard[0-9]*.opendev.org
@@ -172,12 +172,11 @@ groups:
   registry:
     - insecure-ci-registry[0-9]*.opendev.org
   review:
-    - review[0-9]*.open*.org
+    - review[0-9]*.opendev.org
   # This group disables operations like project-managment and
   # replication.  It is intended for staging new production servers.
   review-staging:
     - review-test.opendev.org
-    - review02.opendev.org
   static:
     - static[0-9]*.opendev.org
   status:

inventory/service/host_vars/review02.opendev.org.yaml

@@ -1,4 +1,60 @@
-gerrit_replication: []
+gerrit_replication:
+  - name: 'gitea01'
+    url: 'ssh://git@gitea01.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea02'
+    url: 'ssh://git@gitea02.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea03'
+    url: 'ssh://git@gitea03.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea04'
+    url: 'ssh://git@gitea04.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea05'
+    url: 'ssh://git@gitea05.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea06'
+    url: 'ssh://git@gitea06.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea07'
+    url: 'ssh://git@gitea07.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
+  - name: 'gitea08'
+    url: 'ssh://git@gitea08.opendev.org:222/'
+    authGroup: 'Anonymous Users'
+    replicationDelay: '1'
+    replicatePermissions: false
+    mirror: true
+    threads: '4'
 gerrit_storyboard_url: https://storyboard.openstack.org
 gerrit_vhost_name: review.opendev.org
 gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543

playbooks/roles/gerrit/templates/secure.config.j2

@@ -4,7 +4,10 @@
 {% endif %}
 {% if gerrit_reviewdb_database_type == 'mariadb_container' %}
 [accountPatchReviewDb]
-	url = jdbc:mariadb://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
+# NOTE(ianw) 2021-07-19 : the mariadb connector throws errors because
+# it doesn't seem to handle duplicate key detection.  Investigation
+# upstream TBC.
+	url = jdbc:mysql://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
 {% endif %}
 [auth]
 	registerEmailPrivateKey = {{ gerrit_email_private_key }}

playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml

@@ -32,8 +32,7 @@ results:
     - letsencrypt
     - mirror
 
-  review01.openstack.org:
-    - borg-backup
+  review02.opendev.org:
     - gerrit
     - letsencrypt
     - review

playbooks/service-review.yaml

@@ -5,34 +5,16 @@
     - install-docker
     - gerrit
 
-# NOTE(ianw) 2021-03-30 : This is just temporary to facilitate bulk
-# data transfer of data between the old and new server.
-- hosts: "review01.openstack.org"
-  name: Setup remote gerrit
-  tasks:
-    - name: Install rrsync
-      shell:
-        cmd: |
-            mkdir /home/gerrit2/bin/
-            gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /home/gerrit2/bin/rrsync
-            chmod a+x /home/gerrit2/bin/rrsync
-        creates: '/home/gerrit2/bin/rrsync'
-
-    - name: Install review02.opendev.org copying key
-      authorized_key:
-        user: gerrit2
-        state: present
-        key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz'
-        key_options: 'command="/home/gerrit2/bin/rrsync -ro /home/gerrit2",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
-
 # NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in
 # vexxhost which is currently unresolved. This pins the ipv6 config
 # and ensures we don't listen to RA's.  See:
 #  http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html
 #  https://launchpad.net/bugs/1844712
+# We do not want this to be created when we are testing gerrit.
 - hosts: "review02.opendev.org"
   tasks:
     - name: Install RA rejection
+      when: gerrit_under_test is not defined or not gerrit_under_test
       copy:
         dest: '/etc/netplan/50-cloud-init.yaml'
         owner: 'root'

playbooks/zuul/templates/group_vars/review.yaml.j2

@@ -99,3 +99,4 @@ gerrit_storyboard_token: 52514e74-4b8f-4d6d-a29a-a6262f97578a
 gerrit_email_private_key: wjpkxebohgbid6rpuwpfrYsouxpgseluqir6yupppBczoezj
 gerrit_rest_token_private_key: A83fAC8x72wxcu
 gerrit_container_image: "docker.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.2') }}"
+gerrit_under_test: true

testinfra/test_gerrit.py

@@ -18,7 +18,7 @@ from selenium.common.exceptions import TimeoutException
 import time
 
 testinfra_hosts = [
-    'review01.openstack.org',
+    'review02.opendev.org',
 ]
 
 

zuul.d/system-config-run.yaml

@@ -811,8 +811,8 @@
       nodes:
         - name: bridge.openstack.org
           label: ubuntu-bionic
-        - name: review01.openstack.org
-          label: ubuntu-xenial
+        - name: review02.opendev.org
+          label: ubuntu-focal
     required-projects:
       - openstack/project-config
       - opendev/system-config
@@ -822,7 +822,7 @@
         - playbooks/service-review.yaml
       run_test_playbook: playbooks/test-review.yaml
     host-vars:
-      review01.openstack.org:
+      review02.opendev.org:
         host_copy_output:
           '/home/gerrit2/review_site/etc': logs
           '/home/gerrit2/review_site/logs': logs