This will update meetbot to connect to OFTC using the new opendevmeet
nick. We keep the site name the same for simplicity. However, the
network name updates which causes irclogs to be written to a new
location. We have already copied the old logs from the FreeNode location
to the OFTC location so this should be a noop.
Change-Id: Ie72280ad2129418d7df549f2ba629a891f172496
This cleans up ask-staging which hasn't been a thing in a log time.
We remove some puppet stubs for nodepool builders (they are all ansible
now).
We also cleanup the inventory file to remove corvustest, lists-dev,
pbx, mirror-update*.openstack.org (is opendev.org now), and sort the
LE list.
Change-Id: I8da025640e16bf6e8aca1eb6ec7799d26bd03f12
The previous change should provision the certs for us. If we are happy
with the results then we can land this to swap production over.
Change-Id: I5b0de65a245c20763eca3165ca7076e5fb2d69a6
Once we are happy with the newly provisioned LE cert for storyboard we
can land this change to swap apache2 over to it.
Change-Id: Ib77ce8c0b6927a85f09b857ca67ad56059898a84
We have shifted over to using ansible for managing the listservs.
This also updates our service docs to point at the corret ansible and
not puppet.
Change-Id: I76f01ff1479c5af0a502a060aac2baa1ab622b21
This migrated to Ansible with
Idbe084f13f3684021e8efd9ac69b63fe31484606. Remove the now unused
puppet components.
Change-Id: I500d6eefcb64f4941e216b8590f4cd60ceec0811
The Limesurvey service hosted at survey.openstack.org was a beta
which saw limited use. The platform it runs on, Xenial, is now EOL
from Ubuntu/Canonical and in order to upgrade to a newer
distribution release we would need to rewrite all the configuration
management (the version of Puppet supported by newer Ubuntu is not
backward-compatible with what we've been running).
If a similar service becomes interesting to users of our
collaboratory in the future, it will need to be reintroduced with
freshly written configuration management anyway. The old configs and
documentation remain in our Git history should anyone wish to use
them as inspiration.
Change-Id: I59b419cf112d32f20084ab93eb6f2417a7f93fdb
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
Change-Id: I7ebd54f566f8d6f940a921b38139b54a9c4569d8
We are going to cleanup firehose.openstack.org as it never really ended
up being used for significant things and we would need to rewrite the
puppet into ansible at this point. Before we cleanup the server ensure
that things are not talking to it.
The only thing I can find that externally talks to it is the subunit
workers. germqtt and lpmqtt run on firehose so will be cleaned out when
firehose goes away.
Change-Id: I5b657aad1a276a18e58d09f5b2108940d0bd8ac2
The OpenEdge cloud has been offline for five months, initially
disabled in I4e46c782a63279d9c18ff4ba2944c15b3027114b, so go ahead
and clean up lingering references. If it is restored later, this can
be reverted fairly easily.
Depends-On: https://review.opendev.org/783989
Depends-On: https://review.opendev.org/783990
Change-Id: I544895003344bc8202363993b52f978e1c07d061
It looks like we missed these in cleanups for the old puppet-managed
mirror-update server (I5f82139c981c2716f568b15b118690e943b02d52).
These are unused.
Change-Id: Ia79920a7567d73d311f37d73e10c1396d09ddf93
With our increased ability to test in the gate, there's not much use
for review-dev any more. Remove references.
Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
This is a follow-on to I60b40897486b29beafc76025790c501b5055313d to
switch the KDC servers to Ansible control and remove any related
puppet configuration.
Change-Id: Ib8f6ec657ca10a3ba648bd154a035fc3d8da4be5
Our Mailman site templates and similar content contain links to an
old openstack-security page on the foundation-run site which no
longer exists. Correct this to the OpenStack community's security
site, which should be much more stable.
Change-Id: I9577540319c53f76afc40a33b2c5697280397149
All hosts are now running thier backups via borg to servers in
vexxhost and rax.ord.
For reference, the servers being backed up at this time are:
borg-ask01
borg-ethercalc02
borg-etherpad01
borg-gitea01
borg-lists
borg-review-dev01
borg-review01
borg-storyboard01
borg-translate01
borg-wiki-update-test
borg-zuul01
This removes the old bup backup hosts, the no-longer used ansible
roles for the bup backup server and client roles, and any remaining
bup related configuration.
For simplicity, we will remove any remaining bup cron jobs on the
above servers manually after this merges.
Change-Id: I32554ca857a81ae8a250ce082421a7ede460ea3c
Channel for PTG discussion was moved to #openinfra-events, and
the bot was renames "openinfraptg" to match the extended scope
of the event.
Change-Id: I52718358ddb4a199d24fc6da6e71f81c646da1f2
As noted inline, a recent mysql client update has broken the
"--all-databases" flag, at least for the client version and very old
server version we use.
Emperically, dumping individual databases still works with this
client. Switch this to stream the db directly into borg.
Ignore the old backups and remove the bup backup while we are here,
since this is all borg now.
Change-Id: I5fe762a003ce2c2ba4830367be87598f67f7e763
Despite be deprecated, the ask server is our 3rd biggest backup. Even
though the site is R/O we're still backing up the fresh rotations of
the gzipped backups every day.
To reduce the incremental space requirements, move to our plain-text
streaming for the db backup. This just needs a file dropped in /etc;
see the backup-borg role README documentation. We do this in puppet
to avoid complexity adding this deprecated service to ansible. This
then excludes the on-disk db backup dir.
Drop the bup backups while we are here.
Change-Id: Icfd81aca58b9a0dc3a3b74de04c1b00f03160327
1) The string is interpolated into JavaScript string which is
delimited using double quotation marks - using double quotation
marks in it breaks JavaScript parsing. The impact is unknown
but at least some JavaScript code does not get executed later.
2) The anchor was unproperly closed causing void anchor to appear.
This is clearly visible on the rendered page.
Change-Id: I90cdcdd81c6af67f940c1811b1b9c05f9309ba15
The mk-archives-index command is installed in /usr/local/sbin, so
add that to the path of the cronjob which calls it. Otherwise,
http://lists.opendev.org/archives.yaml is empty and engagement
statistics cannot be generated.
Change-Id: Ib49e8a7b78f8cb9cb385ba09b39e3f940cd17ad6
The hound project has undergone a small re-birth and moved to
https://github.com/hound-search/hound
which has broken our deployment. We've talked about leaving
codesearch up to gitea, but it's not quite there yet. There seems to
be no point working on the puppet now.
This builds a container than runs houndd. It's an opendev specific
container; the config is pulled from project-config directly.
There's some custom scripts that drive things. Some points for
reviewers:
- update-hound-config.sh uses "create-hound-config" (which is in
jeepyb for historical reasons) to generate the config file. It
grabs the latest projects.yaml from project-config and exits with a
return code to indicate if things changed.
- when the container starts, it runs update-hound-config.sh to
populate the initial config. There is a testing environment flag
and small config so it doesn't have to clone the entire opendev for
functional testing.
- it runs under supervisord so we can restart the daemon when
projects are updated. Unlike earlier versions that didn't start
listening till indexing was done, this version now puts up a "Hound
is not ready yet" message when while it is working; so we can drop
all the magic we were doing to probe if hound is listening via
netstat and making Apache redirect to a status page.
- resync-hound.sh is run from an external cron job daily, and does
this update and restart check. Since it only reloads if changes
are made, this should be relatively rare anyway.
- There is a PR to monitor the config file
(https://github.com/hound-search/hound/pull/357) which would mean
the restart is unnecessary. This would be good in the near and we
could remove the cron job.
- playbooks/roles/codesearch is unexciting and deploys the container,
certificates and an apache proxy back to localhost:6080 where hound
is listening.
I've combined removal of the old puppet bits here as the "-codesearch"
namespace was already being used.
Change-Id: I8c773b5ea6b87e8f7dfd8db2556626f7b2500473
Enable the Ansible based cron jobs, and disable the puppet host
versions to cut over the mirroring to the new server.
Change-Id: I0ffb1c484e64e67f5a5017dc3c3c8ebcdc3845c8
Create a mailing list for private coordination of security incidents
for the OpenDev Collaboratory. The intent is that this can be used
to share sensitive information between sysadmins and council members
in the event of any suspected breach. For the sake of transparency,
all information discussed on this list which can safely be made
public should also be communicated to the service-announce or
service-discuss mailing lists at the earliest opportunity.
Change-Id: I32bef68eb7019261471c167d19eee733457078a2
We can rely on Require instead of Order, Allow, Deny, Satisfy since we
are all on apache 2.4 now. This simplifies reasoning about acl rules.
Change-Id: Idedba1558ccaa1c753d1175e356bf26a8d4b1084
The active releases according to [1] are octopus and nautlius. Remove
the old releases from our mirroring. This needs manual cleanup of the
jobs and volumes -- I will do this manually as this is mostly about
clearing out old things before moving the mirroring to Ansible.
[1] https://docs.ceph.com/en/latest/releases/
Change-Id: I050f737521fa6837f3b6b52b8028a839a29f7bd2
added new search criteria for endpoint
GET /api/v1/users
primary_email (==,@=)
Change-Id: Ib643a8c1ba4e79444463777197fc86a64a1912be
Signed-off-by: smarcet <smarcet@gmail.com>
In order to collect historical statistics on usage of our mailing
lists, we need an index of not only the current lists (which we
could get from Mailman) but also retired lists (which could only be
found by knowing the URL to their archives). Ultimately we should
publish hyperlinks to these so they'll continue to be indexed by
search engines, but for now start with structured YAML, which we
could later use to build that too.
Because the only way to determine the names of retired lists is from
the listserv's filesystem, we'll run a simple script once daily to
refresh the index and keep it in the Web root alongside the
robots.txt file. In the future, this could be triggered instead by
addition of new mailing lists, though while we're still managing
them with Puppet it's not clear how to go about doing that.
Of course restrict this to only indexing public list archives, as
privately-archived lists won't be accessible to the general public
by design.
Change-Id: Ibe3175a56831b7a43698d6fe454d70e93fcd0bc7
Clark Boylan