review02: move out of staging group

This moves review02 out of the review-staging group and into the main
review group.  At this point, review01.openstack.org is inactive so we
can remove all references to openstack.org from the groups.  We update
the system-config job to run against a focal production server, and
remove the unneeded rsync setup used to move data.

This additionally enables replication; this should be a no-op when
applied as part of the transition process is to manually apply this,
so that DNS setup can pull zone changes from opendev.org.

It also switches to the mysql connector, as noted inline we found some
issues with mariadb.

Note backups follow in a separate step to avoid doing too much at
once, hence dropping the backup group from the testing list.

Change-Id: I7ee3e3051ea8f3237fd5f6bf1dcc3e5996c16d10
This commit is contained in:
Ian Wienand 2021-06-23 15:45:17 +10:00 committed by Clark Boylan
parent 73ce0a7d7b
commit 8607ff7d81
8 changed files with 72 additions and 32 deletions

View File

@ -53,7 +53,7 @@ groups:
ethercalc: ethercalc*.open*.org
etherpad: etherpad[0-9]*.open*.org
gerrit:
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
gitea:
- gitea[0-9]*.opendev.org
gitea-lb:
@ -95,7 +95,7 @@ groups:
- nb[0-9]*.opendev.org
- openstackid[0-9]*.openstack.org
- refstack[0-9]*.openstack.org
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
- review-test.opendev.org
- static[0-9]*.opendev.org
- storyboard[0-9]*.opendev.org
@ -172,12 +172,11 @@ groups:
registry:
- insecure-ci-registry[0-9]*.opendev.org
review:
- review[0-9]*.open*.org
- review[0-9]*.opendev.org
# This group disables operations like project-managment and
# replication. It is intended for staging new production servers.
review-staging:
- review-test.opendev.org
- review02.opendev.org
static:
- static[0-9]*.opendev.org
status:

View File

@ -1,4 +1,60 @@
gerrit_replication: []
gerrit_replication:
- name: 'gitea01'
url: 'ssh://git@gitea01.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea02'
url: 'ssh://git@gitea02.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea03'
url: 'ssh://git@gitea03.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea04'
url: 'ssh://git@gitea04.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea05'
url: 'ssh://git@gitea05.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea06'
url: 'ssh://git@gitea06.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea07'
url: 'ssh://git@gitea07.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea08'
url: 'ssh://git@gitea08.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
gerrit_storyboard_url: https://storyboard.openstack.org
gerrit_vhost_name: review.opendev.org
gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543

View File

@ -4,7 +4,10 @@
{% endif %}
{% if gerrit_reviewdb_database_type == 'mariadb_container' %}
[accountPatchReviewDb]
url = jdbc:mariadb://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
# NOTE(ianw) 2021-07-19 : the mariadb connector throws errors because
# it doesn't seem to handle duplicate key detection. Investigation
# upstream TBC.
url = jdbc:mysql://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
{% endif %}
[auth]
registerEmailPrivateKey = {{ gerrit_email_private_key }}

View File

@ -32,8 +32,7 @@ results:
- letsencrypt
- mirror
review01.openstack.org:
- borg-backup
review02.opendev.org:
- gerrit
- letsencrypt
- review

View File

@ -5,34 +5,16 @@
- install-docker
- gerrit
# NOTE(ianw) 2021-03-30 : This is just temporary to facilitate bulk
# data transfer of data between the old and new server.
- hosts: "review01.openstack.org"
name: Setup remote gerrit
tasks:
- name: Install rrsync
shell:
cmd: |
mkdir /home/gerrit2/bin/
gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /home/gerrit2/bin/rrsync
chmod a+x /home/gerrit2/bin/rrsync
creates: '/home/gerrit2/bin/rrsync'
- name: Install review02.opendev.org copying key
authorized_key:
user: gerrit2
state: present
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz'
key_options: 'command="/home/gerrit2/bin/rrsync -ro /home/gerrit2",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty'
# NOTE(ianw) 2021-04-09 This is a workaround for RA leaks seen in
# vexxhost which is currently unresolved. This pins the ipv6 config
# and ensures we don't listen to RA's. See:
# http://lists.opendev.org/pipermail/service-discuss/2021-April/000200.html
# https://launchpad.net/bugs/1844712
# We do not want this to be created when we are testing gerrit.
- hosts: "review02.opendev.org"
tasks:
- name: Install RA rejection
when: gerrit_under_test is not defined or not gerrit_under_test
copy:
dest: '/etc/netplan/50-cloud-init.yaml'
owner: 'root'

View File

@ -99,3 +99,4 @@ gerrit_storyboard_token: 52514e74-4b8f-4d6d-a29a-a6262f97578a
gerrit_email_private_key: wjpkxebohgbid6rpuwpfrYsouxpgseluqir6yupppBczoezj
gerrit_rest_token_private_key: A83fAC8x72wxcu
gerrit_container_image: "docker.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.2') }}"
gerrit_under_test: true

View File

@ -18,7 +18,7 @@ from selenium.common.exceptions import TimeoutException
import time
testinfra_hosts = [
'review01.openstack.org',
'review02.opendev.org',
]

View File

@ -811,8 +811,8 @@
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: review01.openstack.org
label: ubuntu-xenial
- name: review02.opendev.org
label: ubuntu-focal
required-projects:
- openstack/project-config
- opendev/system-config
@ -822,7 +822,7 @@
- playbooks/service-review.yaml
run_test_playbook: playbooks/test-review.yaml
host-vars:
review01.openstack.org:
review02.opendev.org:
host_copy_output:
'/home/gerrit2/review_site/etc': logs
'/home/gerrit2/review_site/logs': logs