gitea-lb01 has been replaced by gitea-lb02. Reviewers should double
check the new gitea-lb02 server appears happy to them before approving
this change. Approving this change will be the last step required before
we delete gitea-lb01 entirely.
jvb02 is one of two additional jitsi meet jvb servers (on top of the one
running in the all in one meetpad install) deployed to help scale up our
jitsi meet server. The current October 2022 PTG has shown that while
meetpad has been useful to a small number of team there isn't the
concurrent demand that having extra jvbs like this supports. This means
we can scale back as the PTG is expected to be our largest load on the
service.
Do both of these in the same change as they update the inventory file
which causes all of our infra-prod jobs to run which takes a long time.
Squashing the changes together ensures we turn that around in half the
time.
Change-Id: I5e8b23ba9a8dc389cd7ef7f294ba4b0f8048102b
This adds our first Jammy production server to the mix. We update the
gitea load balancer as it is a fairly simple service which will allow us
to focus on Jammy updates and not various server updates.
We update testing to shift testing to a jammy node as well. We don't
remove gitea-lb01 yet as this will happen after we switch DNS over to
the new server and are happy with it.
Change-Id: I8fb992e23abf9e97756a3cfef996be4c85da9e6f
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.
Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
This adds a keycloak server so we can start experimenting with it.
It's based on the docker-compose file Matthieu made for Zuul
(see https://review.opendev.org/819745 )
We should be able to configure a realm and federate with openstackid
and other providers as described in the opendev auth spec. However,
I am unable to test federation with openstackid due its inability to
configure an oauth app at "localhost". Therefore, we will need an
actual deployed system to test it. This should allow us to do so.
It will also allow use to connect realms to the newly available
Zuul admin api on opendev.
It should be possible to configure the realm the way we want, then
export its configuration into a JSON file and then have our playbooks
or the docker-compose file import it. That would allow us to drive
change to the configuration of the system through code review. Because
of the above limitation with openstackid, I think we should regard the
current implementation as experimental. Once we have a realm
configuration that we like (which we will create using the GUI), we
can chose to either continue to maintain the config with the GUI and
appropriate file backups, or switch to a gitops model based on an
export.
My understanding is that all the data (realms configuration and session)
are kept in an H2 database. This is probably sufficient for now and even
production use with Zuul, but we should probably switch to mariadb before
any heavy (eg gerrit, etc) production use.
This is a partial implementation of https://docs.opendev.org/opendev/infra-specs/latest/specs/central-auth.html
We can re-deploy with a new domain when it exists.
Change-Id: I2e069b1b220dbd3e0a5754ac094c2b296c141753
Co-Authored-By: Matthieu Huin <mhuin@redhat.com>
It would be nice to get some idea of how its resource utilization
compares to 02, especially as it runs on a smaller flavor.
Change-Id: If00a949a575949cb3b1a2d8268ae29e4c4965a0b
The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.
OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.
Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
This enables the new eavesdrop01.opendev.org server in all current
channels. Puppet has been disabled on the old server and we will
manually stop supybot/meetbot and mirgrate logs before this applies.
Change-Id: I4a422bb9589c8a8761191313a656f8377e93422f
This adds a new server to take over from eavesdrop01.openstack.org.
We limit the puppet installs, etc. to the openstack.org server. The
new server is in the group eavesdrop_opendev as we cut over services.
A stub for basic installation is added to the service playbook.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/795004
Change-Id: I88c3059532e4d6ab267fdec5b390daefa5b0c4a1
I've confirmed with EmilienM in #tripleo that the edeploy project is
defunct and the #edeploy IRC channel is no longer in use. It was
registered on OFTC by a lone project contributor many years ago and
is not under our control, so we should not be running bots in it
anyway.
Change-Id: I47613e4d88f358db5c51f9cb21c1eb1c2ebd32ed
In order to be able to correctly bootstrap statusbot notification
volunteers on OFTC, temporarily remove everyone whose OFTC nicks we
haven't already confirmed (our active infra-root sysadmins).
Volunteers can re-propose additions to this list via code review as
a means of directly confirming their registered nicks on OFTC.
Change-Id: Id37cdc0940f5139a4eca17c5998fff37ae9d6d0d
Stop reporting service info and logging in channels which have had
no human comments (only bots) in all of 2021.
Change-Id: Iaa062c48c70c546bfc8489154534b28637c5d003
Depends-On: https://review.opendev.org/792301
This cleans up zuul01 as it should no longer be used at this point. We
also make the inventory groups a bit more clear that all zuul servers
are under the opendev.org domain now.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/790483
Change-Id: I7885fe60028fbd87688f3ae920a24bce4d1a3acd
This zuul02 instance will replace zuul01. There are a few items to
coordinate when doing an actual switch so we haven't removed zuul01 from
inventory here. In particular we need to update gearman server config
values in the zuul cluster and we need to save queues, shutdown zuul01,
then start zuul02's scheduler and restore queues there.
I believe landing this change is safe as we don't appear to start zuul
on new instances by default. Reviewers should double check this.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/791039
Change-Id: I524b456e494124d8293fbe8e1468de40f3800772
The #ara channel no longer grants founder access to the
openstackinfra bot account, so we should not continue to operate our
bots in it.
Change-Id: I09e5e7001b5eb1bdd08a73cd05ee7c1bbc7fe355
We are doing this so that we can cleanup the private network + floating
IP setup that the existing mirror does. Once this new mirror is up and
happy we can cname to it and then clean up the old mirror and its
networking config. We do this in order to save an IP that the current
private network router is consuming.
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/787628
Change-Id: I50c311087c6c28726e36913c7e081f3b3d0ee049
This updates out inventory to add the new inmotion mirror. This is a
necessary step in bootstrapping this cloud for nodepool usage.
Change-Id: Ie66cdb010c0772310f1cfa8187ca0a2d7f1de1b8
We will be rotating zk01-03.openstack.org out and replacing them with
zk04-06.opendev.org. This is the first change in that process which puts
zk04 into the rotation. This should only be landed when operators are
ready to manually stop zookeeper on zk03 (which is being replaced by
zk04 in this change).
Change-Id: Iea69130f6b3b2c8e54e3938c60e4a3295601c46f
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
Change-Id: I7ebd54f566f8d6f940a921b38139b54a9c4569d8
The OpenEdge cloud has been offline for five months, initially
disabled in I4e46c782a63279d9c18ff4ba2944c15b3027114b, so go ahead
and clean up lingering references. If it is restored later, this can
be reverted fairly easily.
Depends-On: https://review.opendev.org/783989
Depends-On: https://review.opendev.org/783990
Change-Id: I544895003344bc8202363993b52f978e1c07d061
With our increased ability to test in the gate, there's not much use
for review-dev any more. Remove references.
Change-Id: I97e9865e0b655cd157acf9ffa7d067b150e6fc72
These have been replaced with new focal .opendev.org hosts. Note we
don't want to land this until we successfully transitioned from one set
of hosts to another.
Change-Id: I385a74c8a093f5baebb0d4858127c7595be191c0
