This change describes the shared github administrator account.
This is inspired by I0c61f192a6b5164af7babde5c99e5ee2b77a652c. As
described there, this allows for admins to have private accounts in
the organisation, but requires that 2FA be turned on. If people wish
to keep this as a single account which they do "real" work with
(commits, etc) that is probably OK, but add a note that you'll end up
with a lot of mostly irrelevant stuff in your feeds.
Change-Id: Ic408250571133796b4b4639715fe8d01f91898f2
There are a bunch of places where the narrative text say things like
"jenkins runs jobs". This hasn't been true for a while and it's getting
less true.
Left third-party and running-your-own alone because those are
instructions for other people to do things - and we are not yet at the
point where we are suggesting anyone do their things like we do our
things.
The devstack-gate document describes an old deprecated system, but the
system is still in use (sadly) so it was mostly left intact. A warning
was added so that people would be clear that it was deprecated.
Also removed the logstash client config file. It's the only change in
here that actually affects running code and became unnecessary when it
was switched to geard with Ie3f814e6d3278d87f2a20a72e40b6b92217684fc
Change-Id: Iaf2128c3f953976180c71cb599fcbff7bc06c28a
Bandersnatch mirroring has been disabled since
I88a838cb28fee3bd16b2b0a26e614ac5c2f23241 which is currently almost 6
months ago. Since then we have been running a reverse caching proxy.
Although bandersnatch served us well, it seems pypi has become
impractical to mirror locally. This is partially due to 2TB volume
limitations of OpenAFS and partially due to us not having a sane way
to filter large, frequently updating packages. With the reverse proxy
working there are no plans to restore our local mirror.
Retire the references to it before we clean up the AFS volumes.
Change-Id: Ia23828328dd859bbf26f95735c1c2e99c573d10e
We've only been using nodepool.o.o as a zookeeper server for the past
year or so. Last week we transitioned to a three node zookeeper cluster
and stopped using nodepool.o.o. This server has since been deleted.
This is the last bit of cleanup to remove it from config management.
Change-Id: I9d0363393ed20ee59f40b210ea14fb105a492e20
Add some details about how we integrate a new cloud into the
ecosystem. I feel like this is an appropriate level of detail given
we're dealing with clueful admins who just need a rough guide on what
to do and can fill in the gaps.
Fix up the formatting a bit while we're here.
Change-Id: Iba3440e67ab798d5018b9dffb835601bb5c0c6c7
Add info on how to kinit and aklog if not using Debuntu deb.conf to set
the correct realm and cell settings.
Change-Id: I80a698649f03863b73399873cf190fda4fa41776
This will allow us to create new nameservers in the opendev.org
domain. We will replace the existing servers once these are
bootstrapped.
Some lines are commented pending server creation.
Change-Id: If71e3f87a9d7a83d80cff053874c84411b248515
This ate a good chunk of my day before a more AFS-savvy colleague
pointed out that a mountpoint within a volume is just a special kind
of file record and so needed the parent volume released before it
would appear in the read-only path.
Change-Id: Ic3d717d70c8bf2548447550472a52849dd85ffd3
Now that we've retired the old puppetmaster server and moved the
master keychain to the new bridge server we're faced with a much
newer release of GnuPG. This change updates various commands to
their modern option equivalents and attempts to adjust the sample
output to more closely resemble what administrators will see when
following the process.
Change-Id: Ic5eaa646786c2b7fa9ade9e42026f9ea5be40c56
We do not use pypi-mirror anymore, there's also no usage of pypimirror
in jeepyb. Remove the now obsolete module.
Related change: https://review.openstack.org/597370/
Change-Id: I13423bf55eac57da18449852e2102c9633d595bb
Fix indents of some pages, the wrong indent let to gray bars besides
them.
Also, fix a typo and add some markup.
Change-Id: I6e7126ef7b782b376efcc7c6d69c6de9a504ddb5
Move the exim role to be a "generic" role in the top-level roles/
directory, making it available for use as a Zuul role.
Update the linters jobs to look for roles in the top level
Update the Role documentation to explain what the split in roles is
about.
Change-Id: I6b49d2a4b120141b3c99f5f1e28c410da12d9dc3
Since we're building out roles in system-config now, generate
documentation. We look in roles/* and playbook/roles/* (follow-on
changes will split things up between the two).
Correct the reference names in the exim documentation to avoid
warnings and failure.
This also revealed a single unicode character in the exim readme
(which caused prior versions of zuul-sphinx to barf). For fun, see if
you can find it!
Depends-On: https://review.openstack.org/#/c/579474/
Change-Id: I243a96bbd6d09560f8aa80b6345b90039422547a
We don't run a cloud anymore and don't use these. With the cfg
management update effort, it's unlikely we'd use them in the form they
are in even if we did get more hardware and decide to run a cloud again.
Remove them for clarity.
Change-Id: I88f58fc7f2768ad60c5387eb775a340cac2c822a
We have a bunch of this handled now in ansible, so remove the old stuff.
Remove puppetmaster group management files. It's confusing for there to
be two files. Remove the old one.
Remove mqtt config. This isn't really a thing currently, and we're
eyeing running things from zuul anyway, so no need to port to ansible.
Change-Id: I8b64d21eadcc4a08bd5e5440fc5f756ae5bcd46b
The production directory is a relic from the puppet environment concept,
which we do not use. Remove it.
The puppet apply tests run puppet locally, where the production
environment is still needed, so don't update the paths in the
tools/prep-apply.sh.
Depends-On: https://review.openstack.org/592946
Change-Id: I82572cc616e3c994eab38b0de8c3c72cb5ec5413
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
stackalytics.openstack.org does not resolve and seems very dead. Remove
its node from site.pp and remove it from the docs to avoid confusion
about what servers we're really managing. We can always add it back when
the time comes to try again.
Change-Id: I733130ebe97ae7e06ca57b3c8e3a8708fcfa069c
Our community has insisted in the past that "core developers" aren't
a thing, so if we want to avoid continued propagation of that
terminology then we should do our best to eradicate it in official
documents.
Change-Id: I8f97231f7e56548c5ad0925ba2c5bb09e4800438
This modernises the openstack-infra documentation by switching to
openstackdocstheme. Update dependencies as required.
To remove non-relevant stuff from conf.py, I have just taken the demo
file from openstackdocstheme and lightly modified it.
It seems later sphinx has included it's own ":file:" role which now
conflicts. Change it it ":cgit_file:" in our documentation. Remove
the custom header template which no longer applies. Add the
post-2.0-pbr sphinx-based warning-as-error, which fixes the original
problem that I actually noticed that errors could slip through the
gate tests :)
Change-Id: Ic7bec57b971bb4c75fc839e7269d1f69a576b85c
This patch creates the documentation for the survey service.
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
Change-Id: Ie602a952b58c5f5200518cb31218097bddd5b747
Story: 2000691
A simple walkthrough of using an AFS superuser to perform write
operations under an AFS read-write path, including authenticating
and unauthenticating.
Change-Id: If27376745b43f94f27f104bca9309035d265ee72
As happens, if you don't use your Kerberos credentials often you may
lose track of your password for them. Document how, as a system
administrator with a shell on one of the KDCs, you can set a new
passwords for your accounts without needing to recreate the
principals.
Change-Id: I843b5be9630c805335a6cca04237477002748242