Clean up references to lists.openstack.org other than as a virtual
host on the new lists01.opendev.org Mailman v3 server. Update a few
stale references to the old openstack-infra mailing list (and
accompanying stale references to the OpenStack Foundation and
OpenStack Infra team). Update our mailing list service documentation
to reflect the new system rather than the old one. Once this change
merges, we can create an archival image of the old server and delete
it (as well as removing it from our emergency skip list for
Ansible).
Side note, the lists.openstack.org server will be 11.5 years old on
November 1, created 2012-05-01 21:14:53 UTC. Farewell, old friend!
Change-Id: I54eddbaaddc7c88bdea8a1dbc88f27108c223239
Remove adns1/ns1/ns2 which are no longer in use. Switch the primary
master to adns02; the secondaries ns03/ns04 will now update from
there.
Change-Id: I700a514dd2b72b2632e8d0668251f52907008d44
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/880709
This is a new hidden-primary DNS (to replace adns1.opendev.org) and
two small namservers to replace ns1/ns2. ns03 is in RAX/dfw and ns04
is VexxHost/ya-cmq-1.
Change-Id: I1bcbdc21e5677e83e23418ca8953531cc84e96e6
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/880576
Once we have migrated the etherpad db to etherpad02, updated dns to
point at etherpad02, and are comfortable we won't need to fallback to
etherpad01 we should remove etherpad01 from inventory. Then the server
can be deleted and we can clean up DNS.
Change-Id: I43ca5d4469821a4542de92bc1e12d4b8e9fbfb2c
This server is already in the emergency file and DNS records for
everything it serves have been moved to static02. When we are happy that
static01 is no longer necessary as a fallback we should land this
change, delete the server, and cleanup DNS.
Change-Id: I3018727daaa4ab59d2f3182fcfdfaa0ca4fe30e1
This is a new Jammy etherpad server. Landing this change will deploy it
with an empty database. We will schedule a downtime then stop
etherpad01's services, migrate its db to etherpad02, update dns then
will be swapped over.
Note this requires secret vars updates for db passwds which I have
edited.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/879384
Change-Id: I4e8d1c9c9bffc7b740be33934942128b6939cc12
This is a Jammy replacement host for static01. It was booted with the
same flavor as the old server as the old server seemed happy with its
size. Note this may be our first afs client on jammy but our PPA appears
to have jammy packages so that should be fine.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/879382
Change-Id: Ib66e068024a9f2a2a8098934893dd7a730f6af34
At this point gitea09-14 should be our only production gitea backends
behind haproxy and the only gitea servers replicated to by Gerrit.
Additionally, our gitea DB backups should be moved to gitea09 by our
depends on change. There shouldn't be any other reason to keep these
servers around as long as the new ones are keeping up.
Depends-On: https://review.opendev.org/c/opendev/system-config/+/876471
Change-Id: I3d4dfa1682ed1d14c6cd9108fbcbe0bf934b72c7
This brings out total of new giteas to 6. We noticed today that load
skyrocketed on the other four new giteas implying that we need more
gitea backends. We think we tracked this down to a bad crawler (doesn't
identify itself as such), but we should be able to handle these
situations more gracefully. Note that gitea14 recycles gitea08's (now
deleted) IP address.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/876891
Change-Id: Ia0517eabd507a6e8c92205b894014c05a92380d1
At this point these four servers have been replaced by four new Jammy
servers at gitea09-12. They are no longer behind the opendev.org load
balancer, and Gerrit is not replicating to them. We should remove them
to stop consuming unnecessary resources and avoid any future confusion.
Change-Id: I636b1ed83ed433f3adca2a8b4523335c6a62c702
These servers will replace gitea05-07 and are built on top of Ubuntu
Jammy. Landing this change should deploy a working, but empty, gitea
installation. We will then transplant the brain (db) of gitea01 into
these three new servers so that they know about historical redirects.
Once that is all done we can replicate git content from gerrit to them
and eventually put them behind the production load balancer.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/876201
Change-Id: I519564fd16c204ce182bc7cd82d5e638d01a1a6b
This adds a new Jammy Gitea09 server to our inventory. THis should
deploy Gitea and provision empty repos on it for entries in our projects
list. However, we'll need to do database surgery to carry over redirects
from an older server. It is for this reason we don't add the server to
the Gerrit replication list or our load balancer's pool.
We'll take this a step at a time and add the new server to those other
items when it is ready.
Change-Id: Idac0f250f74d8db4ff8d6d68c1a1c35c28a4660f
We haven't used the Packethost donor environment in a very long
time, go ahead and clean up lingering references to it in our
configuration.
Change-Id: I870f667d10cc38de3ee16be333665ccd9fe396b9
The mirror in our Limestone Networks donor environment is now
unreachable, but we ceased using this region years ago due to
persistent networking trouble and the admin hasn't been around for
roughly as long, so it's probably time to go ahead and say goodbye
to it.
Change-Id: Ibad440a3e9e5c210c70c14a34bcfec1fb24e07ce
All references to this cloud have been removed from nodepool, so we
can now remove nb03 and the mirror node.
Change-Id: I4d97f7bbb6392656017b1774b413b58bdb797323
This provider is going away and the depends-on change should be the last
step to remove it from nodepool. Once that is complete we can stop
trying to manage the mirror there (it will need to be manually shut
down), stop managing our user accounts, and stop writing cloud.yaml that
include these details for inap/iweb on nodepool nodes.
Note we leave the bridge clouds.yaml content in place so that we can
manually clean up the mirror node. We can safely remove that clouds.yaml
content in the future without much impact.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/867264
Change-Id: I01338712aeae79aa78e7f61d332a2290093c8a1b
gitea-lb01 has been replaced by gitea-lb02. Reviewers should double
check the new gitea-lb02 server appears happy to them before approving
this change. Approving this change will be the last step required before
we delete gitea-lb01 entirely.
jvb02 is one of two additional jitsi meet jvb servers (on top of the one
running in the all in one meetpad install) deployed to help scale up our
jitsi meet server. The current October 2022 PTG has shown that while
meetpad has been useful to a small number of team there isn't the
concurrent demand that having extra jvbs like this supports. This means
we can scale back as the PTG is expected to be our largest load on the
service.
Do both of these in the same change as they update the inventory file
which causes all of our infra-prod jobs to run which takes a long time.
Squashing the changes together ensures we turn that around in half the
time.
Change-Id: I5e8b23ba9a8dc389cd7ef7f294ba4b0f8048102b
This adds our first Jammy production server to the mix. We update the
gitea load balancer as it is a fairly simple service which will allow us
to focus on Jammy updates and not various server updates.
We update testing to shift testing to a jammy node as well. We don't
remove gitea-lb01 yet as this will happen after we switch DNS over to
the new server and are happy with it.
Change-Id: I8fb992e23abf9e97756a3cfef996be4c85da9e6f
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.
Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
This adds a keycloak server so we can start experimenting with it.
It's based on the docker-compose file Matthieu made for Zuul
(see https://review.opendev.org/819745 )
We should be able to configure a realm and federate with openstackid
and other providers as described in the opendev auth spec. However,
I am unable to test federation with openstackid due its inability to
configure an oauth app at "localhost". Therefore, we will need an
actual deployed system to test it. This should allow us to do so.
It will also allow use to connect realms to the newly available
Zuul admin api on opendev.
It should be possible to configure the realm the way we want, then
export its configuration into a JSON file and then have our playbooks
or the docker-compose file import it. That would allow us to drive
change to the configuration of the system through code review. Because
of the above limitation with openstackid, I think we should regard the
current implementation as experimental. Once we have a realm
configuration that we like (which we will create using the GUI), we
can chose to either continue to maintain the config with the GUI and
appropriate file backups, or switch to a gitops model based on an
export.
My understanding is that all the data (realms configuration and session)
are kept in an H2 database. This is probably sufficient for now and even
production use with Zuul, but we should probably switch to mariadb before
any heavy (eg gerrit, etc) production use.
This is a partial implementation of https://docs.opendev.org/opendev/infra-specs/latest/specs/central-auth.html
We can re-deploy with a new domain when it exists.
Change-Id: I2e069b1b220dbd3e0a5754ac094c2b296c141753
Co-Authored-By: Matthieu Huin <mhuin@redhat.com>
It would be nice to get some idea of how its resource utilization
compares to 02, especially as it runs on a smaller flavor.
Change-Id: If00a949a575949cb3b1a2d8268ae29e4c4965a0b
The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.
OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.
Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
This enables the new eavesdrop01.opendev.org server in all current
channels. Puppet has been disabled on the old server and we will
manually stop supybot/meetbot and mirgrate logs before this applies.
Change-Id: I4a422bb9589c8a8761191313a656f8377e93422f
This adds a new server to take over from eavesdrop01.openstack.org.
We limit the puppet installs, etc. to the openstack.org server. The
new server is in the group eavesdrop_opendev as we cut over services.
A stub for basic installation is added to the service playbook.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/795004
Change-Id: I88c3059532e4d6ab267fdec5b390daefa5b0c4a1
I've confirmed with EmilienM in #tripleo that the edeploy project is
defunct and the #edeploy IRC channel is no longer in use. It was
registered on OFTC by a lone project contributor many years ago and
is not under our control, so we should not be running bots in it
anyway.
Change-Id: I47613e4d88f358db5c51f9cb21c1eb1c2ebd32ed
In order to be able to correctly bootstrap statusbot notification
volunteers on OFTC, temporarily remove everyone whose OFTC nicks we
haven't already confirmed (our active infra-root sysadmins).
Volunteers can re-propose additions to this list via code review as
a means of directly confirming their registered nicks on OFTC.
Change-Id: Id37cdc0940f5139a4eca17c5998fff37ae9d6d0d
Stop reporting service info and logging in channels which have had
no human comments (only bots) in all of 2021.
Change-Id: Iaa062c48c70c546bfc8489154534b28637c5d003
Depends-On: https://review.opendev.org/792301
