Channel for PTG discussion was moved to #openinfra-events, and
the bot was renames "openinfraptg" to match the extended scope
of the event.
Change-Id: I52718358ddb4a199d24fc6da6e71f81c646da1f2
As noted inline, a recent mysql client update has broken the
"--all-databases" flag, at least for the client version and very old
server version we use.
Emperically, dumping individual databases still works with this
client. Switch this to stream the db directly into borg.
Ignore the old backups and remove the bup backup while we are here,
since this is all borg now.
Change-Id: I5fe762a003ce2c2ba4830367be87598f67f7e763
Despite be deprecated, the ask server is our 3rd biggest backup. Even
though the site is R/O we're still backing up the fresh rotations of
the gzipped backups every day.
To reduce the incremental space requirements, move to our plain-text
streaming for the db backup. This just needs a file dropped in /etc;
see the backup-borg role README documentation. We do this in puppet
to avoid complexity adding this deprecated service to ansible. This
then excludes the on-disk db backup dir.
Drop the bup backups while we are here.
Change-Id: Icfd81aca58b9a0dc3a3b74de04c1b00f03160327
1) The string is interpolated into JavaScript string which is
delimited using double quotation marks - using double quotation
marks in it breaks JavaScript parsing. The impact is unknown
but at least some JavaScript code does not get executed later.
2) The anchor was unproperly closed causing void anchor to appear.
This is clearly visible on the rendered page.
Change-Id: I90cdcdd81c6af67f940c1811b1b9c05f9309ba15
The mk-archives-index command is installed in /usr/local/sbin, so
add that to the path of the cronjob which calls it. Otherwise,
http://lists.opendev.org/archives.yaml is empty and engagement
statistics cannot be generated.
Change-Id: Ib49e8a7b78f8cb9cb385ba09b39e3f940cd17ad6
The hound project has undergone a small re-birth and moved to
https://github.com/hound-search/hound
which has broken our deployment. We've talked about leaving
codesearch up to gitea, but it's not quite there yet. There seems to
be no point working on the puppet now.
This builds a container than runs houndd. It's an opendev specific
container; the config is pulled from project-config directly.
There's some custom scripts that drive things. Some points for
reviewers:
- update-hound-config.sh uses "create-hound-config" (which is in
jeepyb for historical reasons) to generate the config file. It
grabs the latest projects.yaml from project-config and exits with a
return code to indicate if things changed.
- when the container starts, it runs update-hound-config.sh to
populate the initial config. There is a testing environment flag
and small config so it doesn't have to clone the entire opendev for
functional testing.
- it runs under supervisord so we can restart the daemon when
projects are updated. Unlike earlier versions that didn't start
listening till indexing was done, this version now puts up a "Hound
is not ready yet" message when while it is working; so we can drop
all the magic we were doing to probe if hound is listening via
netstat and making Apache redirect to a status page.
- resync-hound.sh is run from an external cron job daily, and does
this update and restart check. Since it only reloads if changes
are made, this should be relatively rare anyway.
- There is a PR to monitor the config file
(https://github.com/hound-search/hound/pull/357) which would mean
the restart is unnecessary. This would be good in the near and we
could remove the cron job.
- playbooks/roles/codesearch is unexciting and deploys the container,
certificates and an apache proxy back to localhost:6080 where hound
is listening.
I've combined removal of the old puppet bits here as the "-codesearch"
namespace was already being used.
Change-Id: I8c773b5ea6b87e8f7dfd8db2556626f7b2500473
Enable the Ansible based cron jobs, and disable the puppet host
versions to cut over the mirroring to the new server.
Change-Id: I0ffb1c484e64e67f5a5017dc3c3c8ebcdc3845c8
Create a mailing list for private coordination of security incidents
for the OpenDev Collaboratory. The intent is that this can be used
to share sensitive information between sysadmins and council members
in the event of any suspected breach. For the sake of transparency,
all information discussed on this list which can safely be made
public should also be communicated to the service-announce or
service-discuss mailing lists at the earliest opportunity.
Change-Id: I32bef68eb7019261471c167d19eee733457078a2
We can rely on Require instead of Order, Allow, Deny, Satisfy since we
are all on apache 2.4 now. This simplifies reasoning about acl rules.
Change-Id: Idedba1558ccaa1c753d1175e356bf26a8d4b1084
The active releases according to [1] are octopus and nautlius. Remove
the old releases from our mirroring. This needs manual cleanup of the
jobs and volumes -- I will do this manually as this is mostly about
clearing out old things before moving the mirroring to Ansible.
[1] https://docs.ceph.com/en/latest/releases/
Change-Id: I050f737521fa6837f3b6b52b8028a839a29f7bd2
added new search criteria for endpoint
GET /api/v1/users
primary_email (==,@=)
Change-Id: Ib643a8c1ba4e79444463777197fc86a64a1912be
Signed-off-by: smarcet <smarcet@gmail.com>
In order to collect historical statistics on usage of our mailing
lists, we need an index of not only the current lists (which we
could get from Mailman) but also retired lists (which could only be
found by knowing the URL to their archives). Ultimately we should
publish hyperlinks to these so they'll continue to be indexed by
search engines, but for now start with structured YAML, which we
could later use to build that too.
Because the only way to determine the names of retired lists is from
the listserv's filesystem, we'll run a simple script once daily to
refresh the index and keep it in the Web root alongside the
robots.txt file. In the future, this could be triggered instead by
addition of new mailing lists, though while we're still managing
them with Puppet it's not clear how to go about doing that.
Of course restrict this to only indexing public list archives, as
privately-archived lists won't be accessible to the general public
by design.
Change-Id: Ibe3175a56831b7a43698d6fe454d70e93fcd0bc7
Nobody maintains our askbot website, and questions there go
unanswered. In the spirit of simplification, make the site
read-only (so that old answers can still be found) and redirect
users to the openstack-discuss mailing-list and Stack Overflow
(which has a decent openstack community answering questions).
Read-only config values documented at:
https://github.com/ASKBOT/askbot-devel/blob/master/askbot/conf/access_control.py
Change-Id: I33d9d7c87a5a17138fcdc37ee8f8b16cda2248d5
Unfortunately we can't mix the distributions here, because upstream
keeps the same filename, built differently, in each distributions
separate pool. So we can't combine it back into one pool.
Mirror each into a separate subdirectory.
Change-Id: I728d38daf9a953a64364689da0648c9339a27693
This script has been moved into management done by ansible and is
executing on mirror-update not afsdb01. Cleanup the unused dead code.
Change-Id: Idc1c10cc968eef5ec1aeece70bad7606a7607269
Previous review pointed out some additional modules we probably
aren't using any longer.
Remove the openafs::client section from openstack_project::server
because we're doing this with ansible now.
Depends-On: https://review.opendev.org/733890
Change-Id: Ib5104da9cf7d53b77191f48ec185f5d667d51944
Remove the separate "mirror_opendev" group and rename it to just
"mirror". Update various parts to reflect that change.
We no longer deploy any mirror hosts with puppet, remove the various
configuration files.
Depends-On: https://review.opendev.org/728345
Change-Id: Ia982fe9cb4357447989664f033df976b528aaf84
This is to replace the puppet managed openstack.org server
Change-Id: I0e3586befd922cb56d1a0ec9c9cb650add9b225d
Depends-On: https://review.opendev.org/728314
These are to replace the puppet-based openstack.org mirrors
Depends-On: https://review.opendev.org/728308
Change-Id: Ibdce99daa514fb445f1f8389e7c052ee151057ea
People are starting to use this service so having performance metrics
over time is a good thing. We also want to avoid having our cert expire
unexpectedly.
Change-Id: I744b3e68f8f483b36c0d8ecb6f6f46a484a3577a