We tag our site.pp with annotations that indicate if certain hosts
should be testedo ntrusty or not. We've semi recently upgraded several
services that no longer need to be tested on trusty so we remove them
here.
Change-Id: I79e6e1e555eca9e93acb37303a80cecae7d8d92d
Bandersnatch mirroring has been disabled since
I88a838cb28fee3bd16b2b0a26e614ac5c2f23241 which is currently almost 6
months ago. Since then we have been running a reverse caching proxy.
Although bandersnatch served us well, it seems pypi has become
impractical to mirror locally. This is partially due to 2TB volume
limitations of OpenAFS and partially due to us not having a sane way
to filter large, frequently updating packages. With the reverse proxy
working there are no plans to restore our local mirror.
Retire the references to it before we clean up the AFS volumes.
Change-Id: Ia23828328dd859bbf26f95735c1c2e99c573d10e
We've only been using nodepool.o.o as a zookeeper server for the past
year or so. Last week we transitioned to a three node zookeeper cluster
and stopped using nodepool.o.o. This server has since been deleted.
This is the last bit of cleanup to remove it from config management.
Change-Id: I9d0363393ed20ee59f40b210ea14fb105a492e20
First we convert from a hash to an array to list the zk cluster members.
Do this because the older puppet-zookeeper module we use doesn't support
hashes like newer releases do.
Second we convert from hostnames to IP addresses because the hostnames
were looked up in /etc/hosts to resolve to 127.0.1.1 which caused zk to
listen on 127.0.1.1 and the cluster members could not talk to each
other.
Change-Id: Id590eb535301b27ff0dcb27cf65ba85d61ed19a5
You have to tell the zk servers what servers belong to the cluster to
have them act as a cluster. Currently all our servers are in mode
standalone as they do not know about the other servers.
Fix this by configuring the three servers as servers 1, 2, and 3 in the
zk config.
Change-Id: I985ac7387744498058f99859eb8445f885b8bbcc
Switch the zuul scheduler to use our new zk cluster. Note this should
happen after the builders have switched and populated image data on the
new database cluster and at the same time as the launchers update.
This gets us off the old single node zk server running on trusty to
newer xenial based zk cluster with HA.
This change does update the config for mergers and executors for
consistency, but I believe that only the scheduler makes use of this
config today.
Change-Id: I132c176af188787cec3a5a562ffdc81f818c26b0
Depends-On: https://review.openstack.org/612441
This will allow us to create new nameservers in the opendev.org
domain. We will replace the existing servers once these are
bootstrapped.
Some lines are commented pending server creation.
Change-Id: If71e3f87a9d7a83d80cff053874c84411b248515
Looking at upgrading etherpad servers to Xenial and realize that we
haven't "digitized" them yet. Lets get that in first so that the new
instances we boot can be etherpad01 and etherpad-dev01.
Change-Id: I700a1d018ab37436f11b2d883d79c82db7f1d6b1
This manages the clouds.yaml files in ansible so that we can get them
updated automatically on bridge.openstack.org (which does not puppet).
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Depends-On: https://review.openstack.org/598378
Change-Id: I2071f2593f57024bc985e18eaf1ffbf6f3d38140
In order to talk to limestone clouds we need to configure a custom CA.
Do this in ansible instead of puppet.
A followup should add writing out clouds.yaml files.
Change-Id: I355df1efb31feb31e039040da4ca6088ea632b7e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
We copied this over from puppetmaster, but let's manage it in ansible.
The key has been renamed in host_vars on bridge.openstack.org already.
Change-Id: Ia102dbe2ae2836880092b8997cb99135f5197b00
We have a bunch of this handled now in ansible, so remove the old stuff.
Remove puppetmaster group management files. It's confusing for there to
be two files. Remove the old one.
Remove mqtt config. This isn't really a thing currently, and we're
eyeing running things from zuul anyway, so no need to port to ansible.
Change-Id: I8b64d21eadcc4a08bd5e5440fc5f756ae5bcd46b
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
stackalytics.openstack.org does not resolve and seems very dead. Remove
its node from site.pp and remove it from the docs to avoid confusion
about what servers we're really managing. We can always add it back when
the time comes to try again.
Change-Id: I733130ebe97ae7e06ca57b3c8e3a8708fcfa069c
The odsreg.openstack.org server was removed from service 2018-01-11,
and should also be cleared from our global site manifest. It was the
only thing utilizing the puppet-odsreg module, so we can take that
out of the modules list as well (that will be retired separately).
Change-Id: Iadfddb3bf57428b928cacaaa672e24c4a1e92058
This is just a zookeeper server now, so doesn't need all these
passwords, a cloud.yaml file or a launcher-esque deployment.
Change-Id: I3cb20d9c8af150ecdc1fb0a16208a774e3fb530f
Generating a openstack-infra specific version of this file was
deprecated with change I6fdc3b622454b069f3ad2cf42da584d8df23a110 when
build logs was moved out of Python logging.
This means (post the depends-on) the file is exactly as kept in
puppet-nodepool. Remove the system-config template and just use that.
Depends-On: https://review.openstack.org/586231
Change-Id: I2db37868be12c146678f1c8934db80050c788540
We need to wrap the hostnames/ips with []s and supply the port numbers
for the files to be effective with paramiko.
Change-Id: Iab12951a828b7c27ef2255137a6bc0b69ca3a770
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I846983e873072c2235a4c49e36f602a47d06cfce
This brings online our 11th zuul-executor, and opens the required
firewall ports.
Change-Id: If0ee569a2d14caeeb912b7382160f47d460650ab
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The refstack puppetry is set up to use snakeoil certs by default which
is great for bootstrapping; however, our production instance has real
certificate issued to it and we shouldn't write that to the snakeoil
cerrt files to avoid confusion.
Specificy refstack specific certificate, key, and intermediate chain
file locations to clean this up and allow us to revert our snakeoil
certs to proper untrusted self signed certs.
Change-Id: Ibbcdd93a2ae38d9063b1f88f90ebdaadcac9b585
Packet Host and Platform 9 have generously agreed to donate some
compute resources to our testing efforts. Add Nodepool and
Puppetmaster credentials for them.
Change-Id: I705c4204abca060c35a1a417791a67229b78cd02
Apply the review.o.o ssh rsa host key to all of our active zuul servers.
Update the ip addresses in that host key entry to reflect the current
server's IP addrs too.
Change-Id: I147ff0b9547f2cee36d7c56c8f5352ece8a4ec82
This reverts commit c7bb14bba6ec00fff61879154a3f5f143c98767b.
SSH connectivity isn't quite working yet. Revert until we can get that
sorted out.
Change-Id: If2a88a61ed592f927980c71486ed0b7e3cb848d0
Open the firewall port for mirror-update so we can start logging some
stats about AFS partition and volume usage, initially for a grafana
dashboard.
Change-Id: I361e7213ed4b4ed4d3fcc8fdbee06e2fe677934a
This adds a connection to the opendaylight Gerrit server to zuul
so that we can perform cross-community testing.
Change-Id: I840b24ebe52c50840180f2dda40a3f8669baa347