From 8607ff7d8134c143ce5a50a2ae9937eecaf84a7e Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 23 Jun 2021 15:45:17 +1000 Subject: [PATCH] review02: move out of staging group This moves review02 out of the review-staging group and into the main review group. At this point, review01.openstack.org is inactive so we can remove all references to openstack.org from the groups. We update the system-config job to run against a focal production server, and remove the unneeded rsync setup used to move data. This additionally enables replication; this should be a no-op when applied as part of the transition process is to manually apply this, so that DNS setup can pull zone changes from opendev.org. It also switches to the mysql connector, as noted inline we found some issues with mariadb. Note backups follow in a separate step to avoid doing too much at once, hence dropping the backup group from the testing list. Change-Id: I7ee3e3051ea8f3237fd5f6bf1dcc3e5996c16d10 --- inventory/service/groups.yaml | 7 +-- .../host_vars/review02.opendev.org.yaml | 58 ++++++++++++++++++- .../roles/gerrit/templates/secure.config.j2 | 5 +- .../test-fixtures/results.yaml | 3 +- playbooks/service-review.yaml | 22 +------ .../zuul/templates/group_vars/review.yaml.j2 | 1 + testinfra/test_gerrit.py | 2 +- zuul.d/system-config-run.yaml | 6 +- 8 files changed, 72 insertions(+), 32 deletions(-) diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 7b4d34bea7..25ae54a5ce 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -53,7 +53,7 @@ groups: ethercalc: ethercalc*.open*.org etherpad: etherpad[0-9]*.open*.org gerrit: - - review[0-9]*.open*.org + - review[0-9]*.opendev.org gitea: - gitea[0-9]*.opendev.org gitea-lb: @@ -95,7 +95,7 @@ groups: - nb[0-9]*.opendev.org - openstackid[0-9]*.openstack.org - refstack[0-9]*.openstack.org - - review[0-9]*.open*.org + - review[0-9]*.opendev.org - review-test.opendev.org - static[0-9]*.opendev.org - storyboard[0-9]*.opendev.org @@ -172,12 +172,11 @@ groups: registry: - insecure-ci-registry[0-9]*.opendev.org review: - - review[0-9]*.open*.org + - review[0-9]*.opendev.org # This group disables operations like project-managment and # replication. It is intended for staging new production servers. review-staging: - review-test.opendev.org - - review02.opendev.org static: - static[0-9]*.opendev.org status: diff --git a/inventory/service/host_vars/review02.opendev.org.yaml b/inventory/service/host_vars/review02.opendev.org.yaml index 8c8d9ede1b..f444a3e16b 100644 --- a/inventory/service/host_vars/review02.opendev.org.yaml +++ b/inventory/service/host_vars/review02.opendev.org.yaml @@ -1,4 +1,60 @@ -gerrit_replication: [] +gerrit_replication: + - name: 'gitea01' + url: 'ssh://git@gitea01.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea02' + url: 'ssh://git@gitea02.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea03' + url: 'ssh://git@gitea03.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea04' + url: 'ssh://git@gitea04.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea05' + url: 'ssh://git@gitea05.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea06' + url: 'ssh://git@gitea06.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea07' + url: 'ssh://git@gitea07.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' + - name: 'gitea08' + url: 'ssh://git@gitea08.opendev.org:222/' + authGroup: 'Anonymous Users' + replicationDelay: '1' + replicatePermissions: false + mirror: true + threads: '4' gerrit_storyboard_url: https://storyboard.openstack.org gerrit_vhost_name: review.opendev.org gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543 diff --git a/playbooks/roles/gerrit/templates/secure.config.j2 b/playbooks/roles/gerrit/templates/secure.config.j2 index dc0ed39b94..88d7a64742 100644 --- a/playbooks/roles/gerrit/templates/secure.config.j2 +++ b/playbooks/roles/gerrit/templates/secure.config.j2 @@ -4,7 +4,10 @@ {% endif %} {% if gerrit_reviewdb_database_type == 'mariadb_container' %} [accountPatchReviewDb] - url = jdbc:mariadb://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }} +# NOTE(ianw) 2021-07-19 : the mariadb connector throws errors because +# it doesn't seem to handle duplicate key detection. Investigation +# upstream TBC. + url = jdbc:mysql://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }} {% endif %} [auth] registerEmailPrivateKey = {{ gerrit_email_private_key }} diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml index 41d0c15c91..6182cf636f 100644 --- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml +++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml @@ -32,8 +32,7 @@ results: - letsencrypt - mirror - review01.openstack.org: - - borg-backup + review02.opendev.org: - gerrit - letsencrypt - review diff --git a/playbooks/service-review.yaml b/playbooks/service-review.yaml index 7505c63f35..1c550aa69c 100644 --- a/playbooks/service-review.yaml +++ b/playbooks/service-review.yaml @@ -5,34 +5,16 @@ - install-docker - gerrit -# NOTE(ianw) 2021-03-30 : This is just temporary to facilitate bulk -# data transfer of data between the old and new server. -- hosts: "review01.openstack.org" - name: Setup remote gerrit - tasks: - - name: Install rrsync - shell: - cmd: | - mkdir /home/gerrit2/bin/ - gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /home/gerrit2/bin/rrsync - chmod a+x /home/gerrit2/bin/rrsync - creates: '/home/gerrit2/bin/rrsync' - - - name: Install review02.opendev.org copying key - authorized_key: - user: gerrit2 - state: present - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz' - key_options: 'command="/home/gerrit2/bin/rrsync -ro /home/gerrit2",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty' - # NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in # vexxhost which is currently unresolved. This pins the ipv6 config # and ensures we don't listen to RA's. See: # http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html # https://launchpad.net/bugs/1844712 +# We do not want this to be created when we are testing gerrit. - hosts: "review02.opendev.org" tasks: - name: Install RA rejection + when: gerrit_under_test is not defined or not gerrit_under_test copy: dest: '/etc/netplan/50-cloud-init.yaml' owner: 'root' diff --git a/playbooks/zuul/templates/group_vars/review.yaml.j2 b/playbooks/zuul/templates/group_vars/review.yaml.j2 index 90f5182e59..d20361d456 100644 --- a/playbooks/zuul/templates/group_vars/review.yaml.j2 +++ b/playbooks/zuul/templates/group_vars/review.yaml.j2 @@ -99,3 +99,4 @@ gerrit_storyboard_token: 52514e74-4b8f-4d6d-a29a-a6262f97578a gerrit_email_private_key: wjpkxebohgbid6rpuwpfrYsouxpgseluqir6yupppBczoezj gerrit_rest_token_private_key: A83fAC8x72wxcu gerrit_container_image: "docker.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.2') }}" +gerrit_under_test: true diff --git a/testinfra/test_gerrit.py b/testinfra/test_gerrit.py index 118ce93d4e..f57cc61637 100644 --- a/testinfra/test_gerrit.py +++ b/testinfra/test_gerrit.py @@ -18,7 +18,7 @@ from selenium.common.exceptions import TimeoutException import time testinfra_hosts = [ - 'review01.openstack.org', + 'review02.opendev.org', ] diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index 5240255426..967de7684e 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -811,8 +811,8 @@ nodes: - name: bridge.openstack.org label: ubuntu-bionic - - name: review01.openstack.org - label: ubuntu-xenial + - name: review02.opendev.org + label: ubuntu-focal required-projects: - openstack/project-config - opendev/system-config @@ -822,7 +822,7 @@ - playbooks/service-review.yaml run_test_playbook: playbooks/test-review.yaml host-vars: - review01.openstack.org: + review02.opendev.org: host_copy_output: '/home/gerrit2/review_site/etc': logs '/home/gerrit2/review_site/logs': logs