https://github.com/ansible/ansible/pull/14882 landed, so the inventory
will understand that an empty cache means the inventory needs
refetching. Zero out the file, and start consuming inventory from the
master branch of ansible since mordred controls that file anyway.
Change-Id: I2a4f4b21c50bfa94a229dd109e3d21f47552f0a1
In order for individuals to be able to run launch node commands without
becoming root, make these group owned and group writeable by admin.
Change-Id: I0a2fa336919be24d41a6a9c0a88b91a87536cbcc
This is no longer needed as pabelanger is now an infra-root.
Change-Id: I6939c2ee9e3662c08441dd0ddad3e84a47bd0192
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Due to the possibility for multiple OSIC clouds we need to distinguish
between them in our clouds.yaml. Do that now before it becomes a problem
later and refer to the current cloud as osic-cloud1.
Change-Id: I3f35db2911a44200f0486e71fc215d021aa7c227
The max-repo-count setting in the cgitrc adjusts how many repos should
be displayed on each page. In the puppet-cgit module we have a default
of 600, which was intended to be enough for all the repos to be shown
on git.openstack.org without a second page. We're now at over 1,000
repos, so you now need to page through them and this is not an optimal
experience. Since cgit can handle loading thousands of repos on the
main page, add the setting to our local configuration and bump it up
to 1500.
Change-Id: I7a2ea185f0876806ecfd17bedd84dbcd9769b124
After switching to ubuntu-trusty and project that use
other-requirements.txt for bindep, log uploads will fail. So rather
then forcing all projects to include curl in other-requirements.txt,
we'll install it with puppet.
Our entry point is ::openstack_project::single_use_slave.
Change-Id: Icade064bd32c2179836f4d1c3d2ec91425422d02
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
According to [1], UIDs and GIDs between 0 and 200 are reserved for some
services, including OpenStack services.
Puppet OpenStack is deploying OpenStack using RDO packaging and there is
currently a race condition where sometimes RabbitMQ is installed
*before* Keystone and steals its UID, Keystone fails to be installed,
and CI job is failing.
This patch prevents this situation by setting both SYS_UID_MIN and
SYS_GID_MIN ti 201, so packages using dynamic UID/GID won't steal
reserved ones.
[1] https://git.fedorahosted.org/cgit/setup.git/tree/uidgid
Change-Id: I7cc41adc7e6070c32d9a56940a67640ab4419e7e
Without this patch, puppet does not idempotently create the openstackci
and openstackjenkins users. Puppet will create the openstackci and
openstackjenkins users, but won't assign them any kind of membership in
the openstackci and openstackjenkins projects. Then on the second
puppet run, puppet tries to check the users' passwords by issuing an
'openstack token issue' command. Without a role, the users can't
authenticate and receive a 401. Puppet then reports that it 'changed
password' because the password check failed.
The name of the role, 'user', is not significant.
The strange syntax of the keystone_user_role resource is explained in
the keystone module[1].
[1] http://git.openstack.org/cgit/openstack/puppet-keystone/tree/examples/user_project_user_role_composite_namevar.pp
Change-Id: I4fb94722ccafb80cdbefa9500b2124a82ddd57cf
In an effort to reduce how often this runs. A future patch would add
better support into jeepyb to detect if the file actually changes, if
so return a different return code and have puppet only notify the
hound servce to reload.
Change-Id: I29c7e41ee0e605d290dc360db10149e157d09a0d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The French i18n team is getting more and more members and
Zanata lacks an efficient mailing feature. So the solution
is to use a mailing list.
In agreement with the i18n PTL, the ML is called openstack-i18n-fr.
Change-Id: I35079e25cd03b02dbbf5444acf5d574e51508dfd
Security fix Blowfish password hash checking
This issue affect to all users with passwordEncryption= 'blowfish'
the code was only doing the hash comparision using only the first 10 chars
and not the whole hash string
Change-Id: I3382488baf221bc2d9337152e344c5ca312af42b
Add vexxhost account credentials to our various clouds.yaml files. This
covers the all clouds, ansible, and nodepool clouds.yaml files. With
this in place we can work to deploying tests onto vexxhost.
Change-Id: I42101e9acc9f62897a3f63b85dd34a14adcf2394
Project names are easier for humans to deal with use the project_name
key in clouds.yaml for OSIC not the project_id key.
Change-Id: I15b6424e355c711941a43e78116ffb71f6647cb7
This adds clouds.yaml information to our three clouds.yaml files for our
two users in the OSIC cloud. This will let us manage the OSIC cloud
resources and start deploying tests to OSIC with nodepool.
Change-Id: I5a392d165fb6db2e70036008a55cd99eed237ab4
In I9f61c4bb1f5634df0b0da909466b4c1b1b149ba5 when the Release link
was removed, a QA health link was added.
However, I57825f7e04bbdb405f7a1e67e4639d6afd7f3c5c is actually the
preferred change to this, which has the wording "OpenStack-Health"
instead. Matthew Treinish left a comment saying so when I tried
to revert it in Ia9355c3f4206ba089c19a51556bb5321e9df9b6b
Change-Id: I293e326e45e1939dc57556d1477434cd1cfb56a2
Ansible-clouds.yaml becomes /etc/openstack/clouds.yaml on the
puppetmaster and is used forr the ansible dynamic inventory. When a
cloud there does not respond, the ansible inventory fails completely.
Remove infracloudwest from all-clouds.yaml until it comes back.
Change-Id: I34d265a60f0a97f040b6703ab74c93a8fd0063af
dvipng is used by Sphinx pngmath extension - but none of the projects
actually uses it as a search for ".. math" reveals. Remove it from
images.
Corresponding project-config change: Id1c421038d9819b52b0018c1c9b117dabddbc69a
Change-Id: I87f8109c708011f256df600f5f782c3fbb5f4e52
The infra-cloud-west is currently unavailable due to being relocated
causing the inventory for ansible to not be generated:
Inventory script (/etc/ansible/hosts/openstack) had an execution error: Error fetching server list on openstackci-infracloud-west:RegionOne:
This means ansible and hence puppet fail to run.
For now remove infra-cloud-west from clouds.yaml. This should be added back
in one the cloud is turned back on.
Change-Id: I16fe54c3c040c273977b0cb2e51bf7f804832380
