From facd7ec2b35972bac90994d5eb720feadb87278f Mon Sep 17 00:00:00 2001 From: Tony Breeds Date: Tue, 6 Jun 2023 19:05:28 -0500 Subject: [PATCH] Deploy insecure-ci-registry.opendev.org on jammy This adds a second registry host. We will remove the other once we've cut over successfully (should just depend on a DNS update). Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/886874 Change-Id: Ib6be5ef242ed038c23e0007488f2c21ce10f4fcb --- inventory/base/hosts.yaml | 11 +++++++++++ .../host_vars/insecure-ci-registry02.opendev.org.yaml | 7 +++++++ .../host_vars/insecure-ci-registry99.opendev.org.yaml | 4 ++++ .../roles/letsencrypt-create-certs/handlers/main.yaml | 6 ++++++ testinfra/test_registry.py | 2 +- zuul.d/system-config-run.yaml | 7 ++++--- 6 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml create mode 100644 inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index bbd4c874ae..8aa24aca16 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -264,6 +264,17 @@ all: - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBHRhj7Cu4wauGhgtclmP0QCW6v/M03KjQInEcZw6TGpB+VZF06oGcZCnQUlY/QRCw3tsUzh4DZPN6YiqAVKkxcMnF2KfIQkgeGC/Qwc6gHuN8EnNSVX4r6gS573jr023hlokRdmDeImR1OaihJyPPisZi+1nPb1VXG1gI+mJgPNxKlCk5PaMfiRn2VJ+U6JnVoiVvy5Ga+xIwWhdbV0dIWQVxP8p52k9ttwCe352jk/CTl0oUrINIj/1qipMgskSCN529TQ7QLrFZ552hW4H0W5+5l+2d/r2aWke3tZ8xRDIfnrU3rPFLrrWvhyAWUsphhLC6PnSNEl3I4924Mxnd' - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCXOlXrBdGLK8gn4M/JlNL3Oh7bXyroNduTzETfgdvDNIjqlI6gbdikZriKUiLpMckt/y7sqACtv9zwYa3Ub/xI=' - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnFOZxmPa6VJwHDByRKC+4jEh1q1b69y3d1GabSr4d6' + insecure-ci-registry02.opendev.org: + ansible_host: 104.130.127.113 + location: + cloud: openstackci-rax + region_name: DFW + public_v4: 104.130.127.113 + public_v6: 2001:4800:7818:104:be76:4eff:fe00:bebf + host_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw3YXkaIZAeGHqMznJYkpnVxszl2jrelix0MW5qEuk2G9AlwLUjDoRisINZlPtYPlXGR8KOd61FCaim1pPcEFFMa+tvJZfRInQxJSEN5u4MZUKbpTjxMseKkkivkMPkDEZpzD1xjnGGCKq3nbQs+hvNjDEKLJg8sOOyYYTYkTaxulaXz2jVcqEG+VwyX/7WqpMzZz5IIG+MRseq+6DCvk0rgTZwSHgvFWdB2QS3wIkVCwLtF7ztGkIRfy/yNzdrmuKKLByHPs6BirDjhqoUaapQa105yZYgEXR3XfhAHojlRFHVMEXni/1FFev0eh2UqzdHQjjhnh6Hj5YU99CrE4GbUFSXKhE0b8SLbZiql5UiFjGOVWRHvPCw5R0HbSG9WABgi/U8myEv5/NWeWQAl1DtEO9BWTAng4LF9N/W4YfcuPfVlzWk8NXNJ82DgcZQRceC3S/UBCBzWvEEh4S2UbhNUeqPdlRKXKRyWbEsSMjB/Vdlzdej82IY95f/gp6sMs=' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJ6BBM9NlSL7udoL6bg9TSnmUPaB2RsQJ9OXsbdsHQj' + - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBPcTh91YO5uO55ehQUTgPphlNYZXW9pkcSWvqyK1beEQDWazfwNEeH0QJYlOkTDHMck4RwDEyoJH0BsG77RZOc=' jvb01.opendev.org: ansible_host: 174.143.130.41 location: diff --git a/inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml b/inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml new file mode 100644 index 0000000000..440a0af3a7 --- /dev/null +++ b/inventory/service/host_vars/insecure-ci-registry02.opendev.org.yaml @@ -0,0 +1,7 @@ +letsencrypt_certs: + insecure-ci-registry02-main: + # TODO can we consolidate this in the the registry group vars file? + # Not sure if the magic port cert checking will work using + # inventory_hostname in the group file. + - insecure-ci-registry02.opendev.org:5000 + - insecure-ci-registry.opendev.org diff --git a/inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml b/inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml new file mode 100644 index 0000000000..0920d6a7af --- /dev/null +++ b/inventory/service/host_vars/insecure-ci-registry99.opendev.org.yaml @@ -0,0 +1,4 @@ +letsencrypt_certs: + insecure-ci-registry99-main: + - insecure-ci-registry99.opendev.org:5000 + - insecure-ci-registry.opendev.org diff --git a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml index 6bbf6450f8..9ca0cb1fd1 100644 --- a/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml +++ b/playbooks/roles/letsencrypt-create-certs/handlers/main.yaml @@ -35,6 +35,12 @@ - name: letsencrypt updated insecure-ci-registry01-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml +- name: letsencrypt updated insecure-ci-registry02-main + include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml + +- name: letsencrypt updated insecure-ci-registry99-main + include_tasks: roles/letsencrypt-create-certs/handlers/restart_zuul_registry.yaml + - name: letsencrypt updated meetpad01-main include_tasks: roles/letsencrypt-create-certs/handlers/restart_jitsi_meet.yaml diff --git a/testinfra/test_registry.py b/testinfra/test_registry.py index a30a6dc769..02ed66d8ca 100644 --- a/testinfra/test_registry.py +++ b/testinfra/test_registry.py @@ -14,7 +14,7 @@ import pytest -testinfra_hosts = ['insecure-ci-registry01.opendev.org'] +testinfra_hosts = ['insecure-ci-registry99.opendev.org'] # Currently the zuul-registry service aborts due to there not being an diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index e0c8403ef0..ae4ebb21e0 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -596,8 +596,8 @@ nodeset: nodes: - <<: *bridge_node_x86 - - name: insecure-ci-registry01.opendev.org - label: ubuntu-bionic + - name: insecure-ci-registry99.opendev.org + label: ubuntu-jammy groups: - <<: *bastion_group vars: @@ -605,9 +605,10 @@ - playbooks/letsencrypt.yaml - playbooks/service-registry.yaml host-vars: - insecure-ci-registry01.opendev.org: + insecure-ci-registry99.opendev.org: host_copy_output: '/var/registry/auth': logs + '/var/registry/conf': logs '/var/registry/certs': logs files: - playbooks/bootstrap-bridge.yaml