As noted in the linked thread, we need to stay on the stable branch
until we update various bits for the 1.0 version of ARA. This should
fix the -devel job.
Change-Id: I3b5931cc9b8d55feb66971daed1ef28621da4b59
This removes groups.openstack.org as this service was shut down. Add new
opendev services behind ssl.
Change-Id: I14c667c8fbde07c3a52778bc2c5e93abf8f053a4
The stdout progress feed from `git gc` is fairly verbose and
targeted at audiences running it interactively. Since our cron for
this iterates over thoudands of repositories on our Gitea servers,
we don't need to send the progress info to all our sysadmins by
E-mail. Instead use the --quiet option to the gc subcommand so that
progress output will be suppressed.
If this still proves too verbose (as in, continues to result in
E-mail to root even when there are no failures), we can try
redirecting stdout to /dev/null.
Change-Id: Idc06e48cbf85e127a343c2a3cf51a35e6ed09685
This requires an external program and only works on Debian hosts.
Newer versions of exim (4.91) have SPF functionality built-in, but
they are not yet available to us.
Change-Id: Idfe6bfa5a404b61c8761aa1bfa2212e4b4e32be9
Having proxy_[80|443]_access.log is wrong beacuse they're not really
proxies (I think I just copied this incorrectly). Change it to
mirror_, and update the macro that is only used on the mirror portions
too.
Change-Id: I8eca941fee9606d25dd25bc54bc552ccc7094e0f
Previously we evaluated the vhost templates before setting
ssl_cert_file_ and ssl_key_file_ and ssl_chain_file_. This made erb
unhappy because those are the three variables we use to set paths in the
vhost. Fix this by moving the vhost after the ssl file vars are set.
Change-Id: I4ba62521c9e7da104f8799d016cbcf0214cbdfc1
In a follow-on change (I9bf74df351e056791ed817180436617048224d2c) I
want to use #noqa to ignore an ansible-lint rule on a task; however
emperical testing shows that it doesn't work with 3.5.1. Upgrading to
4.1.0 it seems whatever was wrong has been fixed.
This, however, requires upgrading to 4.1.0.
I've been through the errors ... the comments inline I think justify
what has been turned off. The two legitimate variable space issues I
have rolled into this change; all other hits were false positives as
described.
Change-Id: I7752648aa2d1728749390cf4f38459c1032c0877
To deal with puppet scoping fun we evaluate the template for our
files.o.o website vhosts in the context of the website define and not in
the context of httpd::vhost.
Change-Id: I90bb881eb6ad78cede3a8a2548e1dfcf24e1160b
Testinfra works with Ansible 2.8.0 now, so we can update
bridge.opendev.org to the latest version. This also needs an ARA
update; bring it to the latest 0.16.4 release.
Update test-requirements so that tox/ansible-lint use Ansible 2.8.0
too. See note inline about dependencies.
Note we replace import_tasks with include_tasks in handlers to address
this porting issue:
https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html#imports-as-handlers
Change-Id: I7ed75d253857f86b68f67023af6897af4e1b4f50
As a follow-on to I0e110ef51c8ed301fd8280ae7fc039e3b01db92c; this
dropped the /centos/ from the base mirror, add it back.
Also switch the mirror to the only one on the altarch-mirrors page
that is in US/TX, which from the name is in Dallas, which must be
pretty close to rax.dfw where the update server lives.
Change-Id: If4d71865f4328e73a26c7b38300767ed6b790579
This isn't added as a separate role because it heavily relies on the
gitea deployment specific (docker-compose, service names, etc). If we
end up running more services with docker-compose and databases we can
probably make this reconsumable.
Change-Id: I7b9084a8a90a86f73f5b24de505978d3f286850b
CentOS keeps non-x86 architectures in /altarch/ directory (contrary to
/centos/ one for x86-64). We have aarch64 (arm64) machines in infra and
they fail due to lack of CentOS altarch mirror.
List of wanted alternative architectures is controlled by ALTARCHS
variable (aarch64 and ppc64le enabled). As CentOS has several other
architectures too they are listed in ALTARCHS_IGNORED so we do not fetch
them.
Current CentOS mirror lands in same /mirror/centos/7/ directory. Altarch
mirrors goes to /mirror/centos/altarch/7/ one.
Change-Id: I0e110ef51c8ed301fd8280ae7fc039e3b01db92c
The org creation task list requires a list of the existing orgs.
Copy that from the gitea creation playbook.
Change-Id: Ia21f6211004f8dde3cacf4fb549ea8418a6d2888
These fixes were either missed by the omnibus or introduced by new
changes since the big opendev migration.
Change-Id: I58e2b2c93567b47b161fdbbf143ff58738a577b8
The /var/www/mirror/ubuntu -> /afs/openstack.org/mirror/ubuntu symlink
was missing so we weren't serving ubuntu mirror content from the opendev
mirror. Add this to the list of afs content symlinks we create.
Change-Id: I10b985afbaa737033cd5c1d4dd72eb8e77f8eb32
This way we can send a single email that our users can see if subscribed
to this list instead of sending emails to all of their discuss lists.
Change-Id: I3b978a3c4e7888f14e3986628cb29a6c86bbcf61
Add tasks to the rename_repos utility playbook for moving the
per-project secrets and ssh keys on the zuul scheduler's filesystem,
creating new namespace parent directories if they don't already
exist.
Change-Id: Iccce53953d5829bd4eb5fe4c33c9d2f195ae825c
The sandbox repos moved from openstack-dev to opendev, the
zone-opendev.org and zone-zuul-ci.org as well.
Follow the rename in this repo.
Depends-On: https://review.opendev.org/657277
Change-Id: I31097568e8791cc49c623fc751bcc575268ad148
This reverts commit fe1b3cee80982fa1ec9c084196dd3b19b3f27f44.
We suspect this may be the cause of some templates going all weird:
* times are showing up as "ago%!(EXTRA string=months%!(EXTRA int64=8))"
* many strings are now showing up as lower cased (eg "explore")
Also, the link to gerrit for nova is "project:openstack/" and is
missing the "nova" portion of the name.
Change-Id: I72a06efd118ad0eae231f5ddf1a9888cb8d35aba
The yum-puppetlabs mirror exceeded its 100GB quota as of April 26.
Rather than increase the quota, start excluding packages for old
platforms we don't provide like RHEL5-6 and Fedora F20-27. We could
probably get even more aggressive with it, but this get the
utilization back under 50% which is plenty of headroom for now.
Change-Id: I9665b3a2a89f991f9433fe7f45bc1bb0e0c7632b
We were using the leastconn method which sends new connections to the
backend with the least number of connections. Unfortunately git clients
seem to have trouble with varying backend repo state (due to GC and
packing) and the thought is sending all requests from a single client to
a single backend will alleviate this.
To do this we switch to the source balance method which hashes the
source IP and finds a stable backend to talk to. This method handles
backend outages fine as it will hash to a new backend if the older one
goes offline.
Change-Id: I2c7a4ec0809a2f4ef6556833ac6a0ff3651904dd
It seems the openSUSE build process can leave artifacts behind,
in the form of .~tmp~ files in the mirror. I assume these are
wrongfully present.
This is a problem, as those ~tmp~ files prevent syncing the
repositories.
While it's most likely that openSUSE files will be cleaned in the
source repos, should this problem arise in the future, it's also
more robust to skip the syncing of those files.
This has the extra benefit of temporarily unblock mirroring of
openSUSE Leap 15.1 in infra, as of today.
Change-Id: I0124b992483cfda9f97960b43bddf94efa008030
Build a container image with the haproxy-statsd script, and run that
along with the haproxy container.
Change-Id: I18be70d339df613bf9a72e115e80a6da876111e0