Bump this timeout for a couple of reasons. First we've seen the job
timeout at least once in the last month. This seems to be due to gitea
portions of the job running slowly.
Second we're planning some large scale updates to the openstack acls and
a longer timeout should help us get those in in larger batches. We can
consider trimming this back again after these updates are done if gitea
doesn't continue to give us trouble.
Change-Id: Ib61849b4c73a1b3fa2a0bbe90ace29fb23849449
This appears to be a small update of bugfixes. The templates we have
modified in our images have not changed between v1.13.6 and v1.13.7
according to git diff in the go-gitea/gitea repo.
Change-Id: I28a2411e107786c7ff96bd7240f3d15190a88f9e
The public5 network has the most IP addresses available and is
recommended for use.
This cloud also has fixed public IP's, not floating
Change-Id: I7ae1bb0081d3a86149225c3400b53a9561ccffe6
Add a variable to configure upload-workers for nodepool-builder
daemons.
Reduce our defaults for nb03 to see if we can get more reliable
uploads.
Change-Id: I819bdd262c7118cbde4e6ffdc12aa3ac64569a96
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
Change-Id: I7ebd54f566f8d6f940a921b38139b54a9c4569d8
We are going to cleanup firehose.openstack.org as it never really ended
up being used for significant things and we would need to rewrite the
puppet into ansible at this point. Before we cleanup the server ensure
that things are not talking to it.
The only thing I can find that externally talks to it is the subunit
workers. germqtt and lpmqtt run on firehose so will be cleaned out when
firehose goes away.
Change-Id: I5b657aad1a276a18e58d09f5b2108940d0bd8ac2
This handles planet.openstack.org and redirects it to the
opendev.org/openstack/planet-openstack repo, where we will put a
README and the OPML file of the last state as we deprecate this
service.
Change-Id: If141aca5efbdbe60c91ceefaa4e05c98cd0ba5bb
Otherwise you get
BadRequest: Expecting to find domain in project - the server could
not comply with the request since it is either malformed or otherwise
incorrect. The client is assumed to be in error.
Change-Id: If8869fe888c9f1e9c0a487405574d59dd3001b65
This matches the proposal in https://review.opendev.org/785972
It's safe to merge now (secret storage on bridge is updated) and get
ahead of the curve. It's harmless to add unused items.
Change-Id: I942ef5f95f9f1afe39b7d9a044276bfb338d6760
As discussed in the thread mentioned inline, this pins the ipv6
configuration to avoid listening to RA's on the review02 server.
Change-Id: I17b0e049fcc1e975e8b4383957b020c11d9b89f0
The Oregon State University Open Source Lab (OSUOSL;
https://osuosl.org/) has kindly donated some ARM64 resources. Add
initial cloud config.
Change-Id: I43ed7f0cb0b193db52d9908e39c04e351b3887e3
Now that https://bugs.debian.org/980115 has been fixed in
1.8.2-1+deb10u1 for Buster and appears in the 10.9 stable point
release (2021-03-27), we no longer need our special backport PPA of
the patched packages and are able to safely drop it from the role.
Change-Id: Id062fef9461e8f6ac66585ccf25f85a588782177
When we added Apache as a filtering proxy on our Gitea backends in
order to more easily mitigate resource starvation, we did not set
any tuning to tell it when to recycle worker processes. As a result,
backends may continue serving requests with workers which pre-date
certificate rotation. This problem has also become more broadly
prevalent throughout our services with the introduction of Let's
Encrypt's 3-month certificate expirations as compared to our
previous 2-year certificates.
Add the same MaxConnectionsPerChild tuning to our Gitea backend
proxies as we use for our static sites and mirror servers.
Change-Id: I77d89385178a30f7dc5d04bedd0ab3772865c09f
The sync to our new ORD replica has completed and we're back to the
typical vos release cadence for this volume again.
This reverts commit 542c898021.
Change-Id: I4bb2ddcc46c6c56c7124acc52dce6a60da1662b2
We're in progress replicating the AFS volume for tarballs to a
remote location for added redundancy, but this is blocking updates
of all the read-only replicas until it completes and we're unsure
how long that will take. In the meantime, serve content from the
writeable path instead of the read-only replica path so we're not
stuck with outdated content on the site.
Change-Id: I6e0333bdb9717a724fd29adffc3df6e6c5da1558
Starting in bullseye, Debian's security suite will add -security to
dist codenames, meaning we have stretch, buster, and
bullseye-security entries. Looks inconsistent, but is actually
correct.
Change-Id: I34806145f099868c2cdd95893b69cb1f4915f56f