All our AFS release roles use "kinit" for authentication. The only
scripts using k5start are the mirror scripts, but since that doesn't
run on CentOS we don't need it there.
This avoids us having to use EPEL or, on 8, an unsupported build.
Anything needing to be portable should use kinit from now on.
Change-Id: I6323cb835cedf9974cf8d96faa7eb55b8aaafd9a
There was an issue in pip that prevented correctly caching locally
built wheels [1]. This has been fixed in recent pip versions so
upgrade pip in both images so image caching works correctly. This is
needed to unbreak nodepool images that fail to install the locally
built netifaces package.
[1] https://github.com/pypa/pip/issues/6852
Change-Id: Ibbe12bcc53253a80d0bafa3d09a20c49a3a2b784
As a follow-on to Ie37abb4fd3eb3342b66ade52ab65024c420d7264 remove the
linaro credentials that were related to the (now removed) linaro-cn1
cloud.
Change-Id: Ia1e8dd3732164708c2e9fd82509e350829c438ba
We're retiring ubuntu-trusty and thus do not need instructions on
uploading these images anymore, remove the openstackci-images section.
Change-Id: I2b1491836f29fa72bc6eda62e427084ac43b5e1a
haproxy-statsd uses opendevorg/python-base already. Add that to its
job dependencies and make sure it triggers on updates to python-base.
Update the FROM line to be fully qualified.
Change-Id: I9c8e8094f5570bf44076915610cd1be6d95ed326
This was missed when converting the registry server over to LE in
production. We need to test it this way too.
Change-Id: Ic2a05ebeae6991b69c000d5269165a45a0c72d38
Apache doesn't have a reload, but it has something almost as good: a
"graceful" restart. This begins accepting connections while existing
ones wind down, rather than terminating them prematurely. Most
distributions (including the ones we use) map this to the "reload"
action of their SysV initscripts or SystemD service units for
Apache. As a result, we can be nicer to our users by applying the
"reloaded" state to the service module for it in our Ansible role
when Let's Encrypt SSL certs are replaced.
Change-Id: Iac3fad3d0d8216914d94a42f7705e07cef741847
The review-dev service playbook should do everything now that
the puppet did. Update how we're running things.
Change-Id: I70303c48328ea6713c24bf9c6f63d4808d30b95c
This adds a new handler to restart the zuul registry to pick up the new
cert. We may want to consider updating zuul registry to accept a reload
of ssl config without restarting the service.
Depends-On: https://review.opendev.org/702050
Change-Id: I23f6bea68285bc7cb0d12224235eaa16f0d07986
This name/host doesn't actually exist so don't try issuing a cert for
it. Instead only issue a cert for zuul.opendev.org.
Change-Id: I6c8eaa9280c3d6f070b8a1c79d850ee42e0e8d50
This change switches the post bits to use a new centralized
role to collect all container logs.
Depends-On: https://review.opendev.org/701867
Change-Id: I9e982b37518c22e6d5358f7604ebc7f56b0626e3
This provisions the cert but does not use it yet. We will do the
switchover once the cert is confirmed to be in place.
Depends-On: https://review.opendev.org/701819
Change-Id: I04fee48b9a79758527d8f9e8128c0fa915cd133e
Zuul
Ian Wienand
Tobias Henkel
Andreas Jaeger
Mohammed Naser
Monty Taylor
Clark Boylan
Jeremy Stanley