This makes the haproxy role more generic so we can run another (or
potentially even more) haproxy instance(s) to manage other services.
The config file is moved to a variable for the haproxy role. The
gitea specific config is then installed for the gitea-lb service by a
new gitea-lb role.
statsd reporting is made optional with an argument. This
enables/disables the service in the docker compose.
Role documenation is updated.
Needed-By: https://review.opendev.org/678159
Change-Id: I3506ebbed9dda17d910001e71b17a865eba4225d
This updates our etherpad image to version 1.18.16. To do this we've had
to adopt the upstream Dockerfile locally and introduce our own edits as
upstream hasn't build images for this release or the previous one.
Minor updates are made to the upstream Dockerfile to update the
maintainer directive and convert from using a local copy of the source
code to a git clone.
Change-Id: I561680072085caff751e08b6f2fd79dee1d4efe8
It would be nice to get some idea of how its resource utilization
compares to 02, especially as it runs on a smaller flavor.
Change-Id: If00a949a575949cb3b1a2d8268ae29e4c4965a0b
It complains about not being able to get or create the default cache
directory (but doesn't tell us what that directory is). We'll have to
sort this out later.
Change-Id: I5ce7a875ede77c6203d1b5d06da97f8c52ee48e1
The dependent change moves this into the common infra-prod-base job so
we don't have to do this in here.
Change-Id: I444d2844fe7c7560088c7ef9112893da1496ae62
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/818189
The known_host key is written out by the parent infra-prod-base job in
the run-production-playbook.yaml step [1]. We don't need to do this
here again.
[1] 2c194e5cbf/playbooks/zuul/run-production-playbook.yaml (L1)
Change-Id: I514132b2dbc20ac321a79ca2eb6d4c8b11c4296d
Missed this with I483c2982a6931e7d6fc97ab82f7750b72d2ef265; this
ensure the mirror webserver exports the directory.
Change-Id: I6e14cdace213a6af6df65b8ddb09bb3a167fbf9b
This is a re-implementation of
I195ebee548071b0b89bd5bf64b251595271178ca that puts 9-stream in a
separate AFS volume
(Note the automated volume name "mirror.centos-stream" comes just
short of the limit)
Change-Id: I483c2982a6931e7d6fc97ab82f7750b72d2ef265
This reverts commit 8591ce2b5c689b5e438fc0bfe9d410be7e344fb1.
It did not click that this is written to use
/afs/.openstack.org/mirror/centos-stream as the base directory. The
mirror/ directory has volumes mounted in it -- i.e. centos-stream has
to be a new volume (and also has to be "vos released" separately, the
existing script won't do it).
The simplest way to do this is to treat this separately. I'll propose
this in a follow-on.
Change-Id: If7b8239adf7635da4f0c317287d23daf5ab0f4bf
It picks the rackspace mirror from this list
https://admin.fedoraproject.org/mirrormanager/mirrors/CentOS/9-stream/x86_64
which is present in US.
It moves base directory to centos-stream to be consistent to centos
mirrors.
We will only synchronize x86_64 and aarch64 arches as those are the only
ones used in opendev CI. We also exculde source and debug directories to
optimize space usage as those are only required for debugging purposes.
Change-Id: I195ebee548071b0b89bd5bf64b251595271178ca
It looks like 6 hours is too infrequent and is enough time for the
disk to fill up when we're busy. Instead, purge old snapshots every
2 hours, which looks like it should give us plenty of headroom with
our current usage pattern.
Change-Id: Ieb92d052e633e9326c41367442f036cc333c40f2
Marking a file as "reviewed" will update the accountPatchDb database
and test the mariadb connection.
Change-Id: Ifaee5981e0977d7d1135275e7d8a0790075f670b
In order to avoid unfortunate collisions with statically assigned
container account UIDs and GIDs, cap normal users at 9999. That way
we can set our containers to use IDs 10000 and above.
Make sure adduser/addgroup's adduser.conf gets adjusted to match the
values we set in the login.defs referenced by the lower-level
useradd/groupadd tools too. We're not using non-Debian-derivative
servers these days, so don't bother to try making this work on other
distributions for the time being.
Change-Id: I0068d5cea66e898c35b661cd559437dc4049e8f4
Cloud images bake in an ubuntu/centos/admin user then prevent root
logins. Early on in our boot process we copy authorized keys to root
then logout and back in again as root and proceed from there. This means
it should be safe to remove these "helpful" user accounts that we don't
use. Clean them up as they can only cause problems.
Change-Id: I9dc1e580cb69004f071370c21c2a5fda09e0cf5b
The mariadb container is overriding these and we can race ansible
setting them back to root and the mariadb container starting up
resulting in a sad database.
Change-Id: Ib88f6aec83e73baf95a660165d13839f7baeed3d
See I8d8ce5c62c660875d5c6eed54c686996576ec9df; mariadb containers
chown this to their internal user, we don't want to reset it.
Change-Id: If33a26438c6aa63d0ef0e02bdad6a643070be922
