Deploy insecure-ci-registry.opendev.org on jammy

This adds a second registry host. We will remove the other once we've cut over successfully (should just depend on a DNS update). Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/886874 Change-Id: Ib6be5ef242ed038c23e0007488f2c21ce10f4fcb
2023-06-06 19:05:28 -05:00 · 2023-06-06 19:05:28 -05:00 · facd7ec2b3
parent 0a5ccd2690
commit facd7ec2b3
6 changed files with 33 additions and 4 deletions
--- a/inventory/base/hosts.yaml
+++ b/inventory/base/hosts.yaml
@ -264,6 +264,17 @@ all:
        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHRhj7Cu4wauGhgtclmP0QCW6v/M03KjQInEcZw6TGpB+VZF06oGcZCnQUlY/QRCw3tsUzh4DZPN6YiqAVKkxcMnF2KfIQkgeGC/Qwc6gHuN8EnNSVX4r6gS573jr023hlokRdmDeImR1OaihJyPPisZi+1nPb1VXG1gI+mJgPNxKlCk5PaMfiRn2VJ+U6JnVoiVvy5Ga+xIwWhdbV0dIWQVxP8p52k9ttwCe352jk/CTl0oUrINIj/1qipMgskSCN529TQ7QLrFZ552hW4H0W5+5l+2d/r2aWke3tZ8xRDIfnrU3rPFLrrWvhyAWUsphhLC6PnSNEl3I4924Mxnd'
        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXOlXrBdGLK8gn4M/JlNL3Oh7bXyroNduTzETfgdvDNIjqlI6gbdikZriKUiLpMckt/y7sqACtv9zwYa3Ub/xI='
        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnFOZxmPa6VJwHDByRKC+4jEh1q1b69y3d1GabSr4d6'
+    insecure-ci-registry02.opendev.org:
+      ansible_host: 104.130.127.113
+      location:
+        cloud: openstackci-rax
+        region_name: DFW
+      public_v4: 104.130.127.113
+      public_v6: 2001:4800:7818:104:be76:4eff:fe00:bebf
+      host_keys:
+        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw3YXkaIZAeGHqMznJYkpnVxszl2jrelix0MW5qEuk2G9AlwLUjDoRisINZlPtYPlXGR8KOd61FCaim1pPcEFFMa+tvJZfRInQxJSEN5u4MZUKbpTjxMseKkkivkMPkDEZpzD1xjnGGCKq3nbQs+hvNjDEKLJg8sOOyYYTYkTaxulaXz2jVcqEG+VwyX/7WqpMzZz5IIG+MRseq+6DCvk0rgTZwSHgvFWdB2QS3wIkVCwLtF7ztGkIRfy/yNzdrmuKKLByHPs6BirDjhqoUaapQa105yZYgEXR3XfhAHojlRFHVMEXni/1FFev0eh2UqzdHQjjhnh6Hj5YU99CrE4GbUFSXKhE0b8SLbZiql5UiFjGOVWRHvPCw5R0HbSG9WABgi/U8myEv5/NWeWQAl1DtEO9BWTAng4LF9N/W4YfcuPfVlzWk8NXNJ82DgcZQRceC3S/UBCBzWvEEh4S2UbhNUeqPdlRKXKRyWbEsSMjB/Vdlzdej82IY95f/gp6sMs='
+        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJ6BBM9NlSL7udoL6bg9TSnmUPaB2RsQJ9OXsbdsHQj'
+        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBPcTh91YO5uO55ehQUTgPphlNYZXW9pkcSWvqyK1beEQDWazfwNEeH0QJYlOkTDHMck4RwDEyoJH0BsG77RZOc='
    jvb01.opendev.org:
      ansible_host: 174.143.130.41
      location:
--- a/inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml
+++ b/inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml
@ -0,0 +1,7 @@
+letsencrypt_certs:
+  insecure-ci-registry02-main:
+    # TODO can we consolidate this in the the registry group vars file?
+    # Not sure if the magic port cert checking will work using
+    # inventory_hostname in the group file.
+    - insecure-ci-registry02.opendev.org:5000
+    - insecure-ci-registry.opendev.org
--- a/inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml
+++ b/inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml
@ -0,0 +1,4 @@
+letsencrypt_certs:
+  insecure-ci-registry99-main:
+    - insecure-ci-registry99.opendev.org:5000
+    - insecure-ci-registry.opendev.org
--- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
+++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml
@ -35,6 +35,12 @@
 - name: letsencrypt updated insecure-ci-registry01-main
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml

+- name: letsencrypt updated insecure-ci-registry02-main
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
+
+- name: letsencrypt updated insecure-ci-registry99-main
+  include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml
+
 - name: letsencrypt updated meetpad01-main
  include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml

--- a/testinfra/test_registry.py
+++ b/testinfra/test_registry.py
@ -14,7 +14,7 @@

 import pytest

-testinfra_hosts = ['insecure-ci-registry01.opendev.org']
+testinfra_hosts = ['insecure-ci-registry99.opendev.org']


 # Currently the zuul-registry service aborts due to there not being an
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@ -596,8 +596,8 @@
    nodeset:
      nodes:
        - <<: *bridge_node_x86
-        - name: insecure-ci-registry01.opendev.org
-          label: ubuntu-bionic
+        - name: insecure-ci-registry99.opendev.org
+          label: ubuntu-jammy
      groups:
        - <<: *bastion_group
    vars:
@ -605,9 +605,10 @@
        - playbooks/letsencrypt.yaml
        - playbooks/service-registry.yaml
    host-vars:
-      insecure-ci-registry01.opendev.org:
+      insecure-ci-registry99.opendev.org:
        host_copy_output:
          '/var/registry/auth': logs
+          '/var/registry/conf': logs
          '/var/registry/certs': logs
    files:
      - playbooks/bootstrap-bridge.yaml