This was special non-docker testing of iptables, however, the testing
of iptables which is applied everywhere works for docker too. This
is not necessary.
Change-Id: I9ec73874b89f8013bbc7e2d08e33d55e8cebca0f
We tag our site.pp with annotations that indicate if certain hosts
should be testedo ntrusty or not. We've semi recently upgraded several
services that no longer need to be tested on trusty so we remove them
here.
Change-Id: I79e6e1e555eca9e93acb37303a80cecae7d8d92d
The arm64 nodes install special kernels so we have a dedicated
base-server task list for them. To reduce duplication we were then
include_tasks: Debian.yaml but this seems to result in the ansible play
crashing there and continuing with the next play in the playbook as if
there were no failure/error.
This is concerning but to deal with this in the present lets copy pasta
the debian bits so things hopefully work again then go from there.
Logs of this occurring:
2018-12-14 20:54:28,515 p=11685 u=root | TASK [base-server : Install HWE kernel for arm64] ******************************
2018-12-14 20:54:28,515 p=11685 u=root | Friday 14 December 2018 20:54:28 +0000 (0:00:14.672) 0:08:06.479 *******
2018-12-14 20:54:32,564 p=11685 u=root | ok: [mirror01.london.linaro-london.openstack.org]
2018-12-14 20:54:32,747 p=11685 u=root | ok: [nb03.openstack.org]
2018-12-14 20:54:32,843 p=11685 u=root | ok: [mirror01.nrt1.arm64ci.openstack.org]
2018-12-14 20:54:33,727 p=11685 u=root | ok: [mirror01.cn1.linaro.openstack.org]
2018-12-14 20:54:33,777 p=11685 u=root | TASK [base-server : Include generic Debian tasks] ******************************
2018-12-14 20:54:33,778 p=11685 u=root | Friday 14 December 2018 20:54:33 +0000 (0:00:05.262) 0:08:11.741 *******
2018-12-14 20:54:34,023 p=11685 u=root | PLAY [Base: configure OpenStackSDK on bridge] **********************************
2018-12-14 20:54:34,052 p=11685 u=root | TASK [include_role : configure-openstacksdk] ***********************************
Change-Id: I20dbd5b4c768c967c82f786a7cb1d5261bf5b494
This is a role for installing docker on our control-plane servers.
It is based on install-docker from zuul-jobs.
Basic testinfra tests are added; because docker fiddles the iptables
rules in magic ways, the firewall testing is moved out of the base
tests and modified to partially match our base firewall configuration.
Change-Id: Ia4de5032789ff0f2b07d4f93c0c52cf94aa9c25c
This collects syslogs from nodes running in our ansible gate tests.
The node's logs are grouped under a "hosts" directory (the bridge.o.o
logs are moved there for consistentcy too).
Change-Id: I3869946888f09e189c61be4afb280673aa3a3f2e
Docker wants to set FORWARD DROP but our existing rules set FORWARD
ACCEPT. To avoid these two services fighting over each other and to
simplify testing lets default to FORWARD DROP too.
None of our servers should act as routers currently. If we resurrect
infracloud or if we deploy k8s this may change but today this should be
fine and be a safer ruleset.
Change-Id: I5f19233129cf54eb70beb335c7b6224f0836096c
A group of interested developers for crosvm and Firecracker are
seeking a neutral location to host a discussion list for
collaboration around secure/special-purpose virtual machine monitors
implemented in the Rust programming language, and asked for the list
name to be rust-vmm. This request came to us via OSF staff who they
approached earlier this week.
Change-Id: I2003e3ae7a352b12d213a553f7ee0cd4f4e5d4f1
Depends-On: https://review.openstack.org/625241
Set up the initial boilerplate to enable addition of new
project-neutral Mailman mailing lists on lists.opendev.org.
Change-Id: I8cad4149bdd7b51d10f43b928cdb9362d4bde835
Newer pip sets cache-control: max-age=0 on requests for pypi indexes.
This tells the proxy cache not to serve the index content from the
cache. Unfortauntely this then means we fail to get this data which
could be cached if we can't talk to the backend for some reason.
By default pypi seems to set a 600 second max-age on these indexes which
should be far better than not caching at all. So set the config to have
apache ignore client side max-age and other cache disabling directives.
Change-Id: I2da7006dcd8a8f4212f5e766ef35ba7b98177ed0
This change describes the shared github administrator account.
This is inspired by I0c61f192a6b5164af7babde5c99e5ee2b77a652c. As
described there, this allows for admins to have private accounts in
the organisation, but requires that 2FA be turned on. If people wish
to keep this as a single account which they do "real" work with
(commits, etc) that is probably OK, but add a note that you'll end up
with a lot of mostly irrelevant stuff in your feeds.
Change-Id: Ic408250571133796b4b4639715fe8d01f91898f2
We moved from dynamic to static inventory. When creating a new host with
launch-node, a script isn't really needed, the inventory is yaml, the
new host can just be added. However, generating a new inventory by
hitting the APIs of all of our clouds might be useful, so add a utility
script to help in case such a thing is needed.
Change-Id: Iae1be8e9cfe19533005e9f0395d1ef7a6427bc83
There are a bunch of places where the narrative text say things like
"jenkins runs jobs". This hasn't been true for a while and it's getting
less true.
Left third-party and running-your-own alone because those are
instructions for other people to do things - and we are not yet at the
point where we are suggesting anyone do their things like we do our
things.
The devstack-gate document describes an old deprecated system, but the
system is still in use (sadly) so it was mostly left intact. A warning
was added so that people would be clear that it was deprecated.
Also removed the logstash client config file. It's the only change in
here that actually affects running code and became unnecessary when it
was switched to geard with Ie3f814e6d3278d87f2a20a72e40b6b92217684fc
Change-Id: Iaf2128c3f953976180c71cb599fcbff7bc06c28a