123 Commits

Author SHA1 Message Date
Thierry Carrez
8ea3d6c8b7 [gitea] Point to newly-split Getting Started content
We recently added a "Get started" link to Gitea, pointing to the
generic Developer's Guide. Now that the content is split between
"Getting started" and the reference "Developer's Guide", point
to Getting started content instead.

This should be a lot less intimidating for our new users.

Depends-On: https://review.opendev.org/715961
Change-Id: Ifa496bc8de1a6a39d7b52363db3ab49b8175ed9a
2020-03-30 16:41:52 +02:00
Zuul
f892f0690e Merge "jitsi-meet: open etherpad on join" 2020-03-27 14:48:18 +00:00
Zuul
bfe1af5747 Merge "Build jitsi-meet images" 2020-03-27 14:48:16 +00:00
Zuul
e71a4e8ada Merge "Remove gitea doc links" 2020-03-27 13:46:57 +00:00
Zuul
7fdc05318b Merge "Add links to dev docs on gitea" 2020-03-27 13:10:56 +00:00
Clark Boylan
8bcc9bba24 Remove gitea doc links
These render as "help" links in the UI and for most of our users will
just be an attractive nuisance since we don't manage accounts and repos
and such directly in gitea.

Change-Id: Iea4bd262dd6304bc1d423f1bf23dacc4333f506b
2020-03-26 10:16:20 -07:00
Clark Boylan
e6639c52c1 Add links to dev docs on gitea
Currently if you end up at opendev.org it isn't clear how to start
contributing code. Add a "Get Started" link to the nav bar header to
will send you to the opendev developer docs.

Note we may want to consider updating the developer docs to be a better
landing page or even create a new doc for that, but this is a start.

Change-Id: Iee43e2552c1be2e4cd46f43f050e476f140530ad
2020-03-26 10:15:39 -07:00
Zuul
2bf5de8f72 Merge "Start making 3.8 python images" 2020-03-26 13:43:27 +00:00
James E. Blair
b478ad2acf jitsi-meet: open etherpad on join
For our meetpad service, modify jitsi-meet to open the etherpad
when a user joins.

There is an upstream PR for this, but until it lands or is rejected,
this clones from a temporary github repo with the patch.

Change-Id: Idd33a68a4fe7a90c75c5988bd1fd6136b8b7db08
2020-03-25 16:37:54 -07:00
Monty Taylor
650392c700 Start making 3.8 python images
base and builder are currently pinned to 3.7, which makes it hard
to consider upgrading to python-3.8. To help with that, make
python-3.7 and python-3.8 images, but point latest as 3.7 for the
time being. Then add version-specific provides and FROM lines
so that we can start being deliberate and clear about our version
choice.

Change-Id: Ibf1d846d5c4a005547785124567ce2900e272a7a
2020-03-25 17:45:39 -05:00
James E. Blair
c79c11c2b7 Build jitsi-meet images
So that we can run jitsi-meet with local modifications, build our
own container images.  This builds the base, prosody, and web images
from the docker-jitsi-meet project.  That project has distinct
Dockerfiles for each image, but for simplicity, this change combines
them into a single multi-stage Dockerfile.  The minor stylistic
differences between the different sections are a result of that, and
are intentional in order to minimise the delta from the source material.

Again, for simplicity, this change does not publish the base image
since it is not anticipated that we will run this build often.  If we do,
we could split this back out.

The upstream images are based on pre-built debian packages hosted by
the jitsi project.  Since our goal is to modify the software, we will
need to rebuild the debian packages as well.  This adds a new builder
image that is used to build the debian packages initially.

The docker-jitsi-meet project also has Dockerfiles for several more
images, but since the immediate need is only for the "web" image (built
from the "jitsi-meet" project), we only build that image and the "prosody"
image (not strictly necessary, but it is also a product of the "jisti-meet"
repository, so it seems a good practice to build it as well).

Change-Id: Ib3177ebfe2b8732a3522a1fa101fe95586dd1e1b
2020-03-25 15:40:50 -07:00
Zuul
66e6c84e40 Merge "Disable recommends in python-base and python-builder" 2020-03-25 22:18:02 +00:00
Clark Boylan
d679a9e197 Note about gitea functionality on opendev.org
We seem to semi regularly get questions about why we don't use features
like Gitea's issue tracker and wiki. Add that to the opendev.org front
page FAQ.

Change-Id: Ie5c4602741dcdb9cc4e87b9286a8f6b8b7ed7934
2020-03-24 09:33:16 -07:00
Monty Taylor
643623ba8a Disable recommends in python-base and python-builder
We disable these on our VM images, so might as well make our
container images follow suit. Could make them a smidge smaller.
Also do it in the gerrit-base image.

Change-Id: Iba60cf5c7009d57c4910f9e4464aff9231598ad6
2020-03-23 16:06:43 -05:00
Monty Taylor
8c7b94436b Cleanup a few docker image related thigns
We don't use the bazel image anymore, so it can go away.

Also, the bouncy castle line in the gerrit base dir is bong.

Change-Id: I58842dd9adee108893c0c953c4bb8361b9117775
2020-03-21 10:21:24 -05:00
Monty Taylor
63d8f7af48 Base 2.13 image on gerrit-base
We install jeepyb and launchpadlib in gerrit-base. Those are
important. We also need to add cgi for gitweb.

The gerrit init command does two things that we don't actually
want it to do at runtime. It extracts the plugins into the
plugins dir, and it downloads the right database library.

We can extract the plugins for it during image creation, and
then we can also download the plugin it would have downloaded.

We can also download the mysql library for it:

https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-2.13/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config

Finally, we tell it to not download or expand anything during
init, because we're running in a container and next time we run
the process that dir isn't going to be there.

Our gerrit integration tests don't depend on our gerrit image builds.
Put in image depends between run-review and gerrit builds.

We also need to depend directly on opendev-buildset-registry.

Add java.security.egd setting to java invocation

This tells java to be secure.

https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for

Add support for setting heap limit properly

The gerrit init script does this based on the value in
container.javaOptions. We could, but then we'd have to
run an entrypoint script. Instead, set the value via
the JAVA_OPTIONS env var setting based on a value from
ansible.

Finally, make gerrit-master image build non-voting

It looks like there might be a real issue, but debugging that
is not important for us at this moment.

Depends-On: https://review.opendev.org/714216
Change-Id: I01e94c10f470fb3c8ddfce7b0e201357e5050679
2020-03-20 16:37:18 -05:00
Clark Boylan
6c7f7de55f Don't run make generate for gitea
Upstream stopped running make generate in order to fix their static file
builds [0]. Our static file builds have stopped working with our bump to
1.11.3. Apply the corresponding fix to our dockerfile.

Note that we also use clean-all instead of clean to be sure we clean all
the js and css files first.

[0] 48be1889cd (diff-3254677a7917c6c01f55212f86c57fbf)

Change-Id: I40f0449ae29e185ba7082f2f5a27dc96acf58e31
2020-03-18 12:57:38 -07:00
Zuul
e3f7c8cee8 Merge "Update references to IRC channels" 2020-03-18 18:55:57 +00:00
Dr. Jens Harbott
c86525ccd3 Update references to IRC channels
With the move from OpenStack governance to our own OpenDev team, we
should also move to use the #opendev IRC channel in preference to
the #openstack-infra channel which will remain in use for OpenStack
specific discussions.

Update the references in our docs accordingly.

Change-Id: I448704f5d2664fd233a69a2ad12578ca24d9878a
2020-03-18 17:33:08 +01:00
Monty Taylor
89b66c3851 Update to gitea 1.11.3
Change-Id: I6c52e5e99095b7178e9e94b9ca70ea697cce7464
2020-03-17 14:16:19 -05:00
Monty Taylor
f875c7a73f Undo debian changes to openssl.cnf for python-base
Debian has decided to be a bit too aggressive in their openssl
defaults. Vendor in a copy of openssl.cnf with the changes in

https://salsa.debian.org/debian/openssl/-/blob/debian/unstable/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch

reverted.

DEFAULT@SECLEVEL=2 breaks API interactions with Rackspace, but
it's not just them. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
indicates that 1 is defaut and setting higher is problematic.

Change-Id: Ida7e9a557b873c14c0bf474450508f42fe7a5ad2
2020-03-16 10:58:37 -05:00
Monty Taylor
763aa927a7 Add python3-distutils to gerrit-base
We need this to exist so that we can install pip.

Change-Id: I83181c1e9b5282ef0cba6d1b9193a71967564a43
2020-03-03 11:41:26 -06:00
Zuul
7fbcb1c561 Merge "Upgrade gitea to 1.11.1" 2020-02-25 23:17:02 +00:00
Monty Taylor
385e89d21e Upgrade gitea to 1.11.1
Gitea build needs npm now, so add the installation.

Change-Id: I250dbedf5fb0b30f5f80d23ff67f0b445ce3eb9d
2020-02-25 15:10:51 -06:00
Zuul
7fe8a64cdc Merge "Build gerrit images with bazelisk" 2020-02-24 18:20:48 +00:00
Monty Taylor
a8e1d1496d Build gerrit images with bazelisk
We need to use bazelisk to build gerrit so that we can properly
track bazel versions in the job. Use the roles developed for
gerrit-review to do that, then simplify the dockerfile to have
it simply copy the war into the target image.

Also add polymer-bridges.

Depends-On: https://review.opendev.org/709256
Change-Id: I7c13df51d3b8c117bcc9aab9caad59687471d622
2020-02-21 17:32:01 -06:00
Zuul
2402b208b2 Merge "Upgrade gitea to 1.10.3" 2020-02-20 17:06:18 +00:00
Monty Taylor
37a47fb259 Add curl to python-builder image
It's pretty common to use curl to grab things.

Change-Id: Ifdf69b066cc6642a06ce77a36065e867be0fe12d
2020-02-13 09:17:59 -06:00
Monty Taylor
acd0307fc5 Upgrade gitea to 1.10.3
The latest from the 1.10 series is 1.10.3.

Change-Id: I294b5f31ef6fc30b36c79e521554f03af33d4be9
2020-02-04 13:13:51 -06:00
Tobias Henkel
e35fcde591
Upgrade pip in python-builder and base
There was an issue in pip that prevented correctly caching locally
built wheels [1]. This has been fixed in recent pip versions so
upgrade pip in both images so image caching works correctly. This is
needed to unbreak nodepool images that fail to install the locally
built netifaces package.

[1] https://github.com/pypa/pip/issues/6852

Change-Id: Ibbe12bcc53253a80d0bafa3d09a20c49a3a2b784
2020-01-22 15:47:58 +01:00
Zuul
3927db22c4 Merge "Add job dependencies to haproxy-statsd" 2020-01-17 00:11:11 +00:00
Monty Taylor
99c3fbff78 Add job dependencies to haproxy-statsd
haproxy-statsd uses opendevorg/python-base already. Add that to its
job dependencies and make sure it triggers on updates to python-base.

Update the FROM line to be fully qualified.

Change-Id: I9c8e8094f5570bf44076915610cd1be6d95ed326
2020-01-17 06:50:19 +08:00
Zuul
69f9f64ebc Merge "Bump gitea version to 1.10.2" 2020-01-07 20:59:52 +00:00
Zuul
564a9d2a2a Merge "Base gitea-init on opendevorg/python-base" 2020-01-06 15:41:11 +00:00
Monty Taylor
6689ee968e Bump gitea version to 1.10.2
Change-Id: If29f2a4bdb95819433cde4cf9f4b5315222de4b0
2020-01-06 09:05:13 -06:00
Monty Taylor
5de73f6c36 Use explicit image paths
To make it clear that docker hub is but one of many possible registries,
update our usage of FROM and image: lines to include docker.io in the
path.

There are a few other FROM lines for the gitea images which are handled
in a separate stack.

Change-Id: I6fafd5f659ad19de6951574afc9a6b6a4cf184df
2019-12-17 08:13:34 -05:00
Monty Taylor
c6c8ed75be Update bazel to version 1.2.0
Upstream has updated.

Change-Id: I07af5f101270b6ec735b6c7e29599d5dae0e2a86
2019-12-17 08:13:33 -05:00
Zuul
5497d9365c Merge "Add some details on where to find things to homepage" 2019-12-05 09:54:53 +00:00
Zuul
99a0fed381 Merge "Split bindep and wheel invocations" 2019-12-04 17:41:22 +00:00
Zuul
3e7b9e9736 Merge "python-builder: install sibling packages" 2019-12-04 17:34:01 +00:00
Zuul
93067cb679 Merge "Update gitea to v1.10.0" 2019-12-04 16:39:46 +00:00
Monty Taylor
b3e5f0cab0 Update gitea to v1.10.0
1.10 introduces a PASSWORD_COMPLEXITY setting with a default value
of lower,upper,digit,spec - which requires passwords to have an
upper, lower, digit and special character. Our example password does
not have this, so set the PASSWORD_COMPLEXITY setting. We could
alternately leave it at the default and ensure that our passwords
meet the spec.

The sshd_config file is templated now, so we can set the listen port
via env var.

Change-Id: I6e4b595eabb9c6885d78fff1109ea9f602e89ef7
2019-12-04 07:54:49 -06:00
Monty Taylor
5e12438e0d Split bindep and wheel invocations
We need to run bindep before installing git, because otherwise if
a project needs git in its bindep, it won't show up because it'll
be on the build host.

Split the function in two and call them before and after the git
installation.

Change-Id: I316b1bc643eb9293500b31e676361eec7060701d
2019-12-03 11:13:56 -06:00
Ian Wienand
bd66a7cb1b python-builder: install sibling packages
In the dependent change, the docker roles will add sibling packages to
the .zuul-siblings directory of the checked-out source.

Refactor the "assemble" script to handle this.  Essentially we build
the wheel for "." and then iterate over ZUUL_SIBLINGS subdirectories
(set in a --build-arg by the role in dependent change) to also build
the sibling packages.  Note we concatenate the bindep.txt files, so
that we end up with the complete package list required by the main
code and its dependencies.

"install-from-bindep" now installs all the wheels, using --force to
make sure we re-install the speculatively built packages.

This means that a single Dockerfile works under Zuul when
ZUUL_SIBLINGS is set, pointing to Zuul's checkouts; but it also works
stand-alone -- in this case ZUUL_SIBLINGS is empty and we just install
from upstream as usual.

Depends-On: https://review.opendev.org/696987
Change-Id: I4943ae723b06b0ad808e7c7f20788109e21aa8bf
2019-12-03 20:51:32 +11:00
Zuul
02ef233529 Merge "gitea: Use 1.9.6" 2019-11-21 19:43:50 +00:00
Ian Wienand
9f6df6deaf gitea: Use 1.9.6
We are seeing issues with hanging git connections discussed in [1].
It is suggested to upgrade to gitea 1.9.6; do that.

[1] https://github.com/go-gitea/gitea/issues/9006

Change-Id: Ibbbe73b5487d3d01a8d7ba23ecca16c2264973ca
2019-11-19 13:48:42 +11:00
Monty Taylor
fe8daeca5b Update bazel to 1.1.0
Upstream gerrit now needs at least 1.1.0

Change-Id: I783eb712e4153df4ccba30cbf92f44221141f559
2019-11-16 10:49:52 -08:00
Zara
1d07e57ab8 Add some details on where to find things to homepage
The homepage mentions a lot of technologies that OpenDev use, but
doesn't link to any of the running instances. This commit
adds links to review.opendev.org, etherpad.openstack.org and
the configuration for the opendev homepage itself, so that
it's easier to find things and to experience the technologies
it refers to.

Change-Id: Ia041ebbc558539955238bb4fdb4da868bf6f1dd8
2019-11-15 10:16:09 +00:00
Thierry Carrez
16c06894ef Fix recently-introduced "Proposed changes" link
I'm bad at Gitea templates, so the recently-introduced "proposed
changes" tab is active-selected (while it should never be) and the link
is missing the repository name.

This should fix it...

Change-Id: I02adc8ebd012adc233a37223480d14517c7f3c98
2019-11-08 04:18:02 +01:00
Thierry Carrez
67408f6ead [opendev][gitea] Add a link to open changes
Gitea is quickly becoming the public face of Opendev, however it can
be difficult for visitors to understand how to propose changes (or
access already-proposed changes), and then assume everything on opendev
is read-only (which is the exact opposite of what we want to convey).

In the spirit of further integrating Opendev tooling, add a link to
on every repository to open proposed changes on Gerrit.

NB: the link is not I18n-ilized since there is no simple way to add a
new string there, and I did not want to use teh "Pull requests"
terminology.

Change-Id: I851a1e7d25556194947198a8f5534542d167c7f8
2019-11-07 01:51:15 +00:00