The migration of the zookeeper-statsd image itself already happened as
it was our test case. That said I found a small typo that needs fixing
(and will clean up the extra image that was created later). We also
update zookeeper-statsd to pull the base python image from quay.io
The real fun happens with haproxy-statsd. We update the image to pull
the python base image from quay.io and set it up to publish to quay.io
itself.
Change-Id: Ie0c119ac309837baef850236f7d5ba6b9da97ce0
We are moving our images to quay.io. This makes the move for our base
python images. Note once we move these images we should attempt to
quickly update any of the images that depend on these images. This will
minimize the time period where we might be pulling outdated base images.
Change-Id: I03c8053345abf6c94a8e904917f53caa5693ce89
Gitea is built using the library/golang base image published on docker
hub. We were building Hound with the golang found in Debian's package
repos. Let's sync these two up so that they build in a more similar
manner.
Change-Id: Ic171b12dd4ed504e751857d05598333023d2113d
Gitea 1.19 is here. Release notes can be found at:
https://github.com/go-gitea/gitea/blob/v1.19.3/CHANGELOG.md
I've highlighted the breaking changes entries in this commit message
with notes on whether or not this affects us.
* 1.19.0
* Add loading yaml label template files (#22976) (#23232)
* I think this is for auto applying labels to PRs? Shouldn't affect
us.
* Make issue and code search support camel case for Bleve (#22829)
* We don't rely on code search in gitea yet, but this seems like a
good addition.
* Repositories: by default disable all units except code and pulls on forks (#22541)
* We don't allow forks so this shouldn't affect us.
* Support template for merge message description (#22248)
* We don't do merging via gitea so this shouldn't affect us.
* Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
* We don't set this flag in our app.ini config file.
* Implement actions (#21937)
* They are disabled by default, but I've explicitly disabled them as
we use Zuul.
* Remove deprecated DSA host key from Docker Container (#21522)
* Our installatins were all created prior to this update which
generated DSA keys. We can go and manually clean them up with
gitea disabled if we like.
* Improve valid user name check (#20136)
* As long as our CI job is able to create the necessary accounts we
should be fine.
* 1.19.1
* Rename actions unit to repo.actions and add docs for it (#23733) (#23881)
* app.ini.j2 updated to use repo.actions to disable the repo unit.
* 1.19.2
* No breaking changes listed.
* 1.19.3
* No breaking changes listed.
In addition to the breaking changes upstream has updated to golang 1.20
and nodejs 18. We update our image to match.
In 1.19.0 and 1.19.1 org listing required authentication which was a new
change/regression in [0] gitea. I have updated the logo update role to
drop authentication details to make it clear this API should be publicly
accessible. In earlier patchsets I was forcing basic auth due to another
bug [1] which is not correct as we expect this API to be public.
Updating the role this way makes that more clear.
Finally the usual template updates are applied to keep our forked
templates in line with upstream. There were no template changes between
1.19.0, 1.19.1, 1.19.2, and 1.19.3 according to git diff.
[0] https://github.com/go-gitea/gitea/issues/24159
[1] https://github.com/go-gitea/gitea/issues/24160
Change-Id: I5570deaf505a27c8c90c58896de990a4d2d44530
Currently there is no logging with haproxy-statsd when it starts up and
start running. In this case, we are unable to know if the process starts
or not as the log file is completely empty if there is no exceptions.
This commits added an info log during haproxy-statsd startup.
Change-Id: I572005479b7caffe6214ec13f73ee052ed61e8f9
This commits update haproxy-statsd Dockerfile to use Python 3.11 images
instead of older 3.9 one. It's part of the effort to update Python
version to 3.10 or later.
Change-Id: I65d469d18d1cf10d7f404b12afdeb5e6d8580bd6
This commits update hound Dockerfile to use Python 3.11 images instead
of older 3.9 one. It's part of the effort to update Python version to
3.10 or later.
Change-Id: Idf5076709c55d3327c69c6e8160a8348b6640ca7
This commits update accessbot Dockerfile to use Python 3.11 images
instead of older 3.9 one. It's part of the effort to update Python
version to 3.10 or later.
Change-Id: I983ca73237b8a11ae3885505f549d8b0b16c144f
The UI bits for hound isn't rebuild properly upstream, causing some
overlay issues with advance option. In this patch, we build the houndd
from scratch to fix this issue.
Ian filed a PR upstream at
https://github.com/hound-search/hound/pull/456
Change-Id: Ia00dee2035b9785bd911c3724b0249cefbed3f57
Very minor but I noticed we could update these to the mailman3
locations. Also, although the archives are listed on the subscribe
page, add a direct link to make it more obvious we have them from
opendev.org.
Change-Id: I6b69d2a735ca241e03ea6bd35203e130fc6314a3
Remove link after merge of I4adbf87a0cc9ecf16a074643376491b81591cb74,
which stops statusbot publishing there.
Change-Id: Iee27351b8f80e574e8dfadfed188b569eba842cb
This is mostly a bookkeeping update, but it reflects that upstream made
a release to fix the related changes issue.
https://www.gerritcodereview.com/3.7.html#372
Change-Id: Iecbda339d0af4cc625df7be3925010ce643808bd
We actually just build 3.6.4 and 3.7.1 images using 3.6.3 and 3.7.0
versions of plugins. We also deployed the resulting 3.6.4 image to prod.
Luckily for us 3.6.3 plugin tags match 3.6.4 and 3.7.0 tags match 3.7.1.
There was one exception which we were alredy checking out master for in
order to fix build errors. Now that there is a new reviewnotes tag for
3.6.4 we can drop the master checkout for that plugin and use the tag.
TL;DR this should be a noop for our images but is nice bookkeeping to
avoid surprises.
Change-Id: Ica8b3605ecb0f3f93747b904c39913800d1eee4e
The replication, manage-plugins, and delete-project plugins all seem to
want to write content out to /var/gerrit/data within the Gerrit
container. At /home/gerrit2/review_site/data we've got an old carried
over dir from previous installations but this does not appear to be bind
mounted.
Best I can tell the replication plugin may use this disk location to
keep track of tasks that are queued,running,etc and this may work around
the issues with autoreloading gerrit replication configs. However, we
don't get those benefits when we delete the container (as with
docker-compose down/up-d) as the content is ephemeral within the
container. Address this by bind mounting the location along with the
other bind mounts.
Note I have excluded this from backups as I think we don't need backups
of things like replication queues. That said depending on what the other
plugins use this for we may need to refine our backup rules in the
future.
Change-Id: If3a91aeb1bd86c8514179b8ecfde17e98c29af6a
The debian openjdk-11-jre-headless package lacks tools like jcmd which
can be useful for debugging the jvm and applications running on top of
the jvm. In particular I had to use `kill -3 $JVM_PID` to get a thread
dump (which worked) instead of jcmd during a recent Gerrit outage.
Since you don't know that you'll need these tools until its too late go
ahead and switch to the jdk package instead of the jre package to be
prepared in the future.
Change-Id: I09a81f1abc6e528b4ffd624050698a99c264f499
This upgrade bumps us up two minor releases for gitea. Changelogs can be
found here:
https://github.com/go-gitea/gitea/blob/v1.18.5/CHANGELOG.md
On the whole seems pretty minor for our uses. I did check the diffs
between 1.18.3 and 1.18.5 for template files we override and those diffs
are empty.
Change-Id: I68204afc28b6382559ece115994c36d35ab60844
Add logos for our cloud donors, similar to the
https://openinfra.dev/members/#infrastructure or
https://www.openstack.org/community/supporting-organizations/#infra-donors
lists.
Companies whose logos are listed on the OpenInfra members page have
given explicit permission to the foundation to display those logos
in order to promote their involvement in foundation-led activities,
which includes projects and communities represented by the
foundation (like the OpenDev Collaboratory). The agreements the
companies referenced in this change have entered into aren't limited
to specific web sites, so displaying them on opendev.org shouldn't
require that we seek additional permission in order to do so.
When adding these logos in a subdirectory (for ease of maintenance),
we need to update the copy step from the assets image to the gitea
image making it recursive, otherwise the directory will be omitted
form the final image build. It's also worth noting that COPY
directives in Dockerfiles behave in an odd and non-shell-like
manner, as they flatten the files when recursing source directories,
so you end up needing to force them into the intended target
directories.
Change-Id: I56279da7008cd4961c964b00f23a255e2865b602
This is required for jeepyb to be able to talk to git remotes via ssh.
Unfortunately this was missed when I converted us over to our python
images.
Change-Id: Id6d2eb25871420f2ec717b189beda1295ecc1f74
This is done for a number of reasons. First it will allow us to update
the python version used in the images as we can have a 3.10 builder and
base images (but not a 3.10 openjdk:11 image). Second it will allow us
to easily switch to openjdk 17 by simply updating the package we install
and some paths for the jdk location.
The goal here is to have more control over the images so that we can do
things like change python and java versions when we want to.
Depends-On: https://review.opendev.org/c/opendev/jeepyb/+/870873
Change-Id: I7ea2658caf71336d582c01be17a91759e9ac2043
This stops us installing our locally patched git package and shifts to
installing git from debian bullseye. This should pull in git
2.30.2-1+deb11u1 which includes the same patches we made but in the
upstream package.
Reviewers should double check this correct up to date version of git is
installed in the image build.
Note we don't do a straight revert because we need to explicitly install
git to upgrade git on the base image as it has not updated yet.
Change-Id: I34b170f59bc648a8917176ded66ffaea9425c4b9
This reverts commit 3f2cc870b8b0f5aac5249b2f33ac5dfd0ae383db.
Upstream Debian has updated git to 2.30.2-1+deb11u1 which patches git
for the issues we manually patched to cover. We don't need the manual
patch anymore and can switch to the distro hence this revert.
Reviewers should double check that the image build process installs the
expected 2.30.2-1+deb11u1 version.
Change-Id: I6e6c817f078160412983e170abcaa9591a8daaa5
This reverts commit eb823707ab1ba333eedecd2845b6fdb1fab56bba.
Upstream Debian has updated git to 2.30.2-1+deb11u1 which patches git
for the issues we manually patched to cover. We don't need the manual
patch anymore and can switch to the distro hence this revert.
Reviewers should double check that the image build process installs the
expected 2.30.2-1+deb11u1 version.
Change-Id: I17fd16a88fbcaa9bbd5d32bfc6d4bb8cdd52ce99
This updates our Gitea installation to 1.18.3. We bump our go verison to
1.19 to match upstream, disable some newer features in app.ini, and
synchronize our template files with upstream edits.
Otherwise not much stood out to me in the changelog as far as backward
compatibility goes:
https://github.com/go-gitea/gitea/blob/v1.18.3/CHANGELOG.md
Reviewers should look this over and double check that though.
Change-Id: I9679fb4908621a065ab3a0bc670a0e96ea15f476
Pull in updated git packages to address CVE-2022-23521.
This is a direct copy of work done in
Ib08ff1fc7b3c8623fa6b927f3010af72e1b946cf
git is included from the openjdk base image
Change-Id: Ia219a2485d166bc192f2172b56a076c94de38e0c
Pull in updated git packages to address CVE-2022-23521.
This is a direct copy of work done in
Ib08ff1fc7b3c8623fa6b927f3010af72e1b946cf
Change-Id: Ie7d4c3c50f4b72e83f32c91f17ea7e893c3d943a
The template files we override do not appear to have changed between
1.17.3 and 1.17.4. This update should get us into a spot where we can
plan to upgrade to 1.18.
Change-Id: I9690a7339bb8ca913ca279c9eaf3ff13eefff9e1
This runs tests on Ic47d998089c320e8e4ca371b8fb4b338c5fd903a. We'll
use this tested image to deploy with.
Change-Id: I6c500b26a0340a685573c22b748d37d32cb45e27
These images have a number of issues we've identified and worked
around. The current iteration of this change is essentially
identical to upstream but with a minor tweak to allow the latest
mailman version, and adjusts the paths for hyperkitty and postorius
URLs to match those in the upstream mailman-web codebase, but
doesn't try to address the other items. However, we should consider
moving our fixes from ansible into the docker images where possible
and upstream those updates.
Unfortunately upstream hasn't been super responsive so far hence this
fork. For tracking purposes here are the issues/PRs we've already filed
upstream:
https://github.com/maxking/docker-mailman/pull/552https://github.com/maxking/docker-mailman/issues/548https://github.com/maxking/docker-mailman/issues/549https://github.com/maxking/docker-mailman/issues/550
Change-Id: I3314037d46c2ef2086a06dea0321d9f8cdd35c73
This adds links to @opendevinfra; the Mastodon one allows us to have a
"green" certified link to opendev.org in our Mastodon profile.
Change-Id: Ic127ceb4abd2d89cd6155e8831145fa3b3705664
Gerrit made new releases and we should update to them. Release notes can
be found here:
https://www.gerritcodereview.com/3.5.html#354https://www.gerritcodereview.com/3.6.html#363
The main improvement for us is likely to be the copy approvals
performance boosts and error handling. We still need to run that prior
to our 3.6 upgrade.
Note we currently only run 3.5 in production but we test the 3.6 upgrade
from our current production version so it makes sense to update the 3.6
image as well.
Change-Id: Idf9a16b443907a2d0c19c1b6ec016f5d16583ad2
