These don't install anything by default, but allow people
to easily opt-in to a backport package if they need to without
lots of extra lines of boilerplate.
The base python image is on bullseye now instead of buster. That
means the libffi version is 7 not 6.
Change-Id: I0e0c2669d838fb622422f696f73e96e409157270
This adds a local mariadb container to the gerrit host to hold the
accountPatchReviewDb database. This is inspired by a few things
- since migration to NoteDB, there is only one table left where
Gerrit records what files have been reviewed for a change. This
logically scales with the number of reviews users are doing.
Pulling the stats on this, we can see since the NoteDB upgrade this
went from a very busy database (~300 queries/70 commits per second)
to barely registering one hit per second :
https://imgur.com/a/QGJV7Fw
Thus separating the db to an external host for performance reasons
is not a large concern any more.
- emperically we've done a bad job in keeping the existing hosted db
up-to-date; it's still running mysql 5.1 and we have been hit by
bugs such as the one referenced in-line which silently drops
backups.
- The other gerrit option is to use an on-disk H2 database. This is
certainly an option, however you need special tools to interact
with it for migration, etc. and it's not safe to backup from files
on disk (as opposed to mysqldump). Upstream advice is unclear, and
varies between H2 being a performance bottleneck to this being
ephemeral data that users don't care about. We know how to admin
mariadb/mysql and this allows us to migrate and backup data, so
seems like the best choice.
- we have a pressing need to update the server to a new operating
system. Running the db alongside the gerrit instance minimises
fiddling we have to do manging connections to and migrating the
hosted db systems.
- related to that, we are tending towards more provider independence
for control-plane servers. A hosted database product is not always
provided, so this gives us more flexibility in moving things
around.
- the main concern here is memory usage. "docker stats" reports a
quiescent container, freshly started on a 8GB host:
gerrit-compose_mariadb_1 67.32MiB
After loading a copy of the production table, and then dumping it
back to a file the same container reports:
gerrit-compose_mariadb_1 462.6MiB
The existing remote mysql configuration path remains mostly the same.
We move the gerrit startup into a script rather than a CMD so we can
call it after a "wait for db" script in the mariadb_container case
(this is the reccommeded way to enforce ordering [1]).
Backups of the local container need different dump commands; backups
are relocated to a new file and updated.
Testing is converted to use this rather than a local H2 database.
[1] https://docs.docker.com/compose/startup-order/
Change-Id: Iec981ef3c2e38889f91e9759e66295dbfb499c2e
This branch now has the two fixes noted inline. Pull this in until
everything merged to master upstream.
Change-Id: I0aa4716ae26cf6fb8068665a1f21a7c66503bcff
This installs statusbot on eavesdrop01.opendev.org.
Otherwise it's just config translation and bringing up the daemon.
Change-Id: I246b2723372594e65bcd1ba90215d6831d4c0c72
This container installs Limnoria, the supybot replacement as the
generic ircbot container. We install meetbot plugin as a sibling
project.
Previously we've conflated supybot with meetbot, which is a bit
confusing because meetbot is a plugin, but we also use other plugins
such as the channel logger. We also hope to convert some of our other
bots to Limnoria (ptgbot?) to consolidate everything. For this reason
I've called this the more generic "ircbot". The image installs
meetbot as a sibling project, with the idea being any other plugins
would also be installed as siblings.
The siblings install expects the work directory to be a relative
directory. I'm not sure we run this from other projects, but this
will work the same if we do.
Depends-On: https://review.opendev.org/c/opendev/meetbot/+/793876
Change-Id: Icee4c6bbb5ea235ba69c10f800a14bbf5beef3d5
A number of changes are needed to fit accessbot to OFTC's RBAC-style
permissions model and services syntax expectations. Most
importantly, access list entries now use role names for graduated
access tiers (member, chanop, master) rather than fine-grained
option flags. In order to avoid future confusion, switch variable
names and configuration keys to reflect that these are access levels
rather than masks.
While we're at it, skip setting the channel mlock if the result
would be a no-op, so that we don't unnecessarily spam the ircd with
pointless writes.
Also add a bunch of inline comments so I can more easily remember
the subtle nuances I spent a lot of time figuring out.
Change-Id: Id11598fc42672359e1abef7b70cc23100b16ab12
Depends-on: https://review.opendev.org/792843
It seems I added this --force with the original commit
(I4943ae723b06b0ad808e7c7f20788109e21aa8bf) but I'm not really sure
why. If we have built any siblings their wheels should have higher
version numbers (e.g. like pbr versioning with a "dev" on it).
Thus we shouldn't need to force the wheels to be installed. The
--force here causes a lot of uninstalls that take up quite a bit of
time, especialy under emulation.
Change-Id: I88b824058dc1cee90bfe4c8c4fd43a86472bc478
Because Id68080575a30e4a08c99df0af603fbb65a0983bd didn't touch any of
the docker files (but just added new 3.9 builds) they didn't get
promoted. Update timestamp to trigger this.
Change-Id: I6bf33936d4da773329900a2a52d09654087313d4
Upstream change has merged that makes a REST endpoint that
enables/disables the Zuul Summary tab on a per-project basis in
results. It defaults to enabled.
This happens via a .jar which is now copied in during the build.
Change-Id: If50f0fa3c5fb116bd0a5a78694de1e7067aa7f11
Depends-On: https://gerrit-review.googlesource.com/c/plugins/zuul-results-summary/+/298465/
This appears to be a small update of bugfixes. The templates we have
modified in our images have not changed between v1.13.6 and v1.13.7
according to git diff in the go-gitea/gitea repo.
Change-Id: I28a2411e107786c7ff96bd7240f3d15190a88f9e
This picks up a variety of bug fixes and ensures we're keeping up.
The diff of the template files we modify between gitea v1.13.1, v1.13.4,
and v1.13.6 is empty. The diff between our modifications at v1.13.4
looks about how I would expect (implying that v1.13.6 is also fine).
Reviews should double check though.
We also add in setup for the system-config repo on the test gitea as
this will give us something to look at for verification purposes.
Change-Id: Idb3568a9d287a2d46d568ab7d8d3a7108739d23e
This adds a program, zookeeper-statsd, which monitors zookeeper
metrics and reports them to statsd. It also adds a container to
run that program. And it runs the container on each of the
ZooKeeper quorum members. And it updates the graphite host to
allow statsd traffic from quorum members. And it updates the
4-letter-word whitelist to allow the mntr command (which is used
to gather metrics) to be issued.
Change-Id: I298f0b13a05cc615d8496edd4622438507fc5423
This has our change to open etherpad on join, so we should no longer need
to run a fork of the web server. Switch to the upstream container image
and stop building our own.
Change-Id: I3e8da211c78b6486a3dcbd362ae7eb03cc9f5a48
This change adds comments to the python-base and python-builder
dockerfiles to force a rebuild of these images. We do this periodically
to pull in updates.
Change-Id: I109a46603a74a376cc36fdfbd35734f6dc835abe
This includes a fix for I216528a76307189d8d87bd2fcfeff95c6ceb53cc.
Now it's released we can be a bit more explicit about why we added the
workaround.
Change-Id: Ibaf1850549b5e7ec3622418b650bc5e59a289ab6
This is a private list to contact administrators that is suitable
for raising security concerns. I've stolen the wording from Ian's
similar I886f67d875abd09753511f6c33312cfc5eb62933 docs change.
Change-Id: I7eb094d9fc75494ab33e0b9133fb451724f96dad
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Ib7e7d7313e0827a40009df840119444611d74ca2 did not match the promote
job file filter, so the image wasn't promoted. Bump to create a new
image build.
Change-Id: I31e8368ec309e62a9cf3607acfd5157aa5b6c61e
This adds a dockerfile to build an opendevorg/refstack image as well as
the jobs to build and publish it.
Change-Id: Icade6c713fa9bf6ab508fd4d8d65debada2ddb30
We modify the x/ route to ensure we can serve git repos from x/.
Previously we had been using sed which is likely to be much more fragile
than patch. Patch will detect conflicts and other errors which would be
good for us to find out about early.
Change-Id: Ic324c7777e7851a6150e4415338c4628ac710970
This installs the zuul-summary-results plugin into our gerrit
container. testinfra is updated to take a screenshot of the plugin in
action.
Change-Id: Ie0a165cc6ffc765c03457691901a1dd41ce99d5a
bazel likes to build everything in ~/.cache and then symlink bazel-*
"convience symlinks" in the workspace/build directory. This causes a
problem for building docker images where we run in the context of the
build directory; docker will not follow the symlinks out of build
directory.
Currently the bazelisk-build copies parts of the build to the
top-level; this means the bazelisk-build role is gerrit specific,
rather than generic as the name implies.
We modify the gerrit build step to break build output symlink and move
it into the top level of the build tree, which is the context the
docker build runs in later. Since this is now just a normal
directory, we can copy from it at will there.
This is useful in follow-on builds where we want to start copying more
than just the release.war file from the build tree, e.g. polygerrit
plugin output.
While we're here, remove the javamelody things that were only for 2.X
series gerrit, which we don't build any more.
[1] https://docs.bazel.build/versions/master/output_directories.html
Change-Id: I00abe437925d805bd88824d653eec38fa95e4fcd
Specify bazelisk_targets as a list, and join the targets as
space-separated in the build command. This is used in the follow-on
Ie0a165cc6ffc765c03457691901a1dd41ce99d5a.
While we are here, remove the build-gerrit.sh script that isn't used
any more, along with the step that installs it.
Also, refactor the tasks to use include_role (this is also used in the
follow on).
Change-Id: I4f3908e75cbbb7673135a2717f9e51f099a4860e
