The existing test gearman cert+key combos were mismatched and therefore
invalid. This replaces them with newly generated test data, and moves
them into the test private hostvar files where the production private
data are now housed.
This removes the public production data as well; those certs are now
in the private hostvar files.
Change-Id: I6d7e12e2548f4c777854b8738c98f621bd10ad00
The jitsi video bridge (jvb) appears to be the main component we'll need
to scale up to handle more users on meetpad. Start preliminary
ansiblification of scale out jvb hosts.
Note this requires each new jvb to run on a separate host as the jvb
docker images seem to rely on $HOSTNAME to uniquely identify each jvb.
Change-Id: If6d055b6ec163d4a9d912bee9a9912f5a7b58125
This adds a new variable for the iptables role that allows us to
indicate all members of an ansible inventory group should have
iptables rules added.
It also removes the unused zuul-executor-opendev group, and some
unused variables related to the snmp rule.
Also, collect the generated iptables rules for debugging.
Change-Id: I48746a6527848a45a4debf62fd833527cc392398
Depends-On: https://review.opendev.org/728952
This avoids the conflict with the zuul user (1000) on the test
nodes. The executor will continue to use the default username
of 'zuul' as the ansible_user in the inventory.
This change also touches the zk and nodepool deployment to use
variables for the usernames and uids to make changes like this
easier. No changes are intended there.
Change-Id: Ib8cef6b7889b23ddc65a07bcba29c21a36e3dcb5
We use several PPAs on the Zuul servers, and today the Ubuntu keyring
servers are frequently failing. Rather than rely on them, store the
GPG keys in this repo and install the files "manually" rather than
using the apt_repo module.
Change-Id: I009a1a38d3a5864a8d5b0d8f8be24a83d1924292
We need to tell apache to listen on the ports used by the Quay Registry
Mirror. Without this we aren't actually able to provide connections to
this vhost.
Add testing to ensure this is working in a simple manner.
Change-Id: I28bdb7aeb9c3252c6319658acaa530a7d7c25a72
This was missed in an earlier change where we enabled these vhosts.
Testing worked because testing was communicating to localhost and not
the public ip address.
This has been addressed as well.
Change-Id: I2d91aea466f1b587780a452cfe8e1396515930ed
The install-nodejs role in zuul-jobs has been replaced by
ensure-nodejs, so we should use the new thing if we want our tests
running again.
Change-Id: I196814b616d3b332b2c1d397097c01b5bb0d2aac
Previously we had enabled SSL on our main vhost for the mirrors. Do
similar for all of the proxy cache vhosts for docker and other external
resources.
As part of this change we improve the testing to ensure that the new
vhosts are working as expected. One testing specific change to note is
the testinfra node names did not match our existing system-config-run
job nodenames. This has been corrected.
Additionally RHRegistryMirror and QuayMirror may not be working and
fixing those is left as a followup.
Change-Id: I9dbbd4080c3a2cce4acc39d63244f7a645503553
Disable the jitsi logo watermark which is displayed in the top left
portion of the jitsi conference toolbar. The reason for this is it seems
to cause rendering issues with the etherpads that are loaded in meetpad.
Even without the rendering issues it covers the beginning portion of
etherpads which is annoying.
To do this we copy over the interface config and edit the two variables
related to displaying the watermark. All other values are kept
consistent with the defaults in the docker image.
Change-Id: I1e363d780083894fc53a030349fbc36567891271
Remove the separate "mirror_opendev" group and rename it to just
"mirror". Update various parts to reflect that change.
We no longer deploy any mirror hosts with puppet, remove the various
configuration files.
Depends-On: https://review.opendev.org/728345
Change-Id: Ia982fe9cb4357447989664f033df976b528aaf84
This mirror has been replaced by the opendev.org version
Change-Id: I86b706adec9dd6ce02baed87c0404f11ab1d4104
Depends-On: https://review.opendev.org/728318
This is to replace the puppet managed openstack.org server
Change-Id: I0e3586befd922cb56d1a0ec9c9cb650add9b225d
Depends-On: https://review.opendev.org/728314
These are to replace the puppet-based openstack.org mirrors
Depends-On: https://review.opendev.org/728308
Change-Id: Ibdce99daa514fb445f1f8389e7c052ee151057ea
People are starting to use this service so having performance metrics
over time is a good thing. We also want to avoid having our cert expire
unexpectedly.
Change-Id: I744b3e68f8f483b36c0d8ecb6f6f46a484a3577a
This is a rebuilt host for this mirror, the old one has been removed.
Depends-On: https://review.opendev.org/727899
Change-Id: Icaf4ad1d88a40c0abdfe1e87386b3c557de062a1
We've noticed that our mirrors will semi regularly have problems due to
old stale works. For example using old ssl certs or having connection
problems to round robin backend services. In all cases restarting the
service (killing old workers) seems to fix things. Try to force this to
automatically happen by setting a reasonable connection limit per worker
before we recycle them.
Change-Id: Ic377f48d1a5a3eecbcb183327c9255134c4364ab
Due to the way OpenStack Ansible and Nova work we can't update the value
for our ssh keys entries in nova. We need to create a new key then
switch everything over to that. Unfortunately, we've had a few people
request their keys be removed and a few others that haven't been active
since the last rotation. That means now is a good time to do a rotation
to clean up the set of valid keys.
Change-Id: Idb7c5eaa546096784e428b3cde61581dcc9050a2
This server was removed everywhere but our inventory. I checked it
doesn't show up in a nova listing. Remove it from here so we can remove
it from the emergency.yaml file as well.
Change-Id: I154f7c16166e6ac6610c0ea02e5d59fa7baa25c0
If we match these explicit paths, don't allow the regex matches to
run. Otherwise, we might redirect "/http-bind" to "/" which doesn't
work.
Also, restore the default meet.conf to the upstream; we're not
intending to carry any local changes to the rootfs.
Change-Id: I119d8c223291d79bd5fe0977264dec4bae126280
The string previously expected in the docs.airshipit.org site is no
longer used there, so pick another which will get the
system-config-run-static job passing again.
Change-Id: I8bf0da25408412dc80ff8cb6d26c185234916941
New opendev.org CI mirrors for OVH regions. The old BHS1 mirror was
in the openstack.org domain, so is added new. There was an old GRA1
mirror in the opendev.org domain, so remote it and increment the
ordinal in its short hostname to avoid a collision in the inventory
cache.
This is being done to switch to un-billed flavors in this provider,
to simplify internal billing for their donation of resources.
Change-Id: I05770856b5704aa438ed6bc54ec42ba9efb5cd2a
