This is a tool to tell us which of our on-disk wheels are duplicated
upstream by PyPI. These are things we don't need to cache locally.
At one time, we were downloading all dependencies of our requirements
and caching them; we shouldn't be doing that any more, but anything
reported by this tool can be removed from our local mirrors.
Now that the number of platforms * number of branches is becoming a
maintence issue, this will help us foucs on keeping a useful working
set in the cache.
Change-Id: I3ded6b9869598a0907d7cda9f03bf414e46885df
These images have a number of issues we've identified and worked
around. The current iteration of this change is essentially
identical to upstream but with a minor tweak to allow the latest
mailman version, and adjusts the paths for hyperkitty and postorius
URLs to match those in the upstream mailman-web codebase, but
doesn't try to address the other items. However, we should consider
moving our fixes from ansible into the docker images where possible
and upstream those updates.
Unfortunately upstream hasn't been super responsive so far hence this
fork. For tracking purposes here are the issues/PRs we've already filed
upstream:
https://github.com/maxking/docker-mailman/pull/552https://github.com/maxking/docker-mailman/issues/548https://github.com/maxking/docker-mailman/issues/549https://github.com/maxking/docker-mailman/issues/550
Change-Id: I3314037d46c2ef2086a06dea0321d9f8cdd35c73
This should now be a largely functional deployment of mailman 3. There
are still some bits that need testing but we'll use followup changes to
force failure and hold nodes.
This deployment of mailman3 uses upstream docker container images. We
currently hack up uids and gids to accomodate that. We also hack up the
settings file and bind mount it over the upstream file in order to use
host networking. We override the hyperkitty index type to xapian. All
list domains are hosted in a single installation and we use native
vhosting to handle that.
We'll deploy this to a new server and migrate one mailing list domain at
a time. This will allow us to start with lists.opendev.org and test
things like dmarc settings before expanding to the remaining lists.
A migration script is also included, which has seen extensive
testing on held nodes for importing copies of the production data
sets.
Change-Id: Ic9bf5cfaf0b87c100a6ce003a6645010a7b50358
The check for 'The "do" should be on same line as for' is not a good
rule when the loop condition is too long to fit on a single line, so
excludes more readable ways of constructing the script. Ignore it.
Also, ironically, wrap some long lines in the tools/run-bashate.sh
script since we're editing it anyway.
Change-Id: I1f2cf44896a0137fcb954f67005268faa7291d5e
This enables the new eavesdrop01.opendev.org server in all current
channels. Puppet has been disabled on the old server and we will
manually stop supybot/meetbot and mirgrate logs before this applies.
Change-Id: I4a422bb9589c8a8761191313a656f8377e93422f
We're trying to phase out the ELK systems. While we have agreed to not
immediately turn anything off we probably don't need to keep running the
system-config-legacy-logstash-filters job as ELK should remain fairly
fixed unless someone rewrites config management for it and modernizes
it. And if that happens they will want new modern testing too.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/792710
Change-Id: I9ac6f12ec3245e3c1be0471d5ed17caec976334f
This allows us to "query" the datastructure for different perspectives
without needing to rerun the costly queries each time we update
audit-uses.py. The script is predominantly collecting data now, then we
can use the python repl or other scripts to give us better insights.
We also do a small refactoring to simplify the collection of data.
Change-Id: Ie777ae706050b38ce294a1acf9b1b843fcf5ab41
The first tool has been used to "retire" accounts that have preferred
email addresses without a matching external id. The second is being used
to make sense of whether or not we can do a bulk retirement of accounts
with email conflicts in their external ids. The third is a script that
can be used to remove external ids from accounts in bulk based on their
email addresses.
Change-Id: Idf22cfc9f2bac7d3921e006c40faef4585c2d977
We're wanting to more properly set permissions on the ansible puppet
role manifest dir. This ends up setting mode 0755 with ownership of
root:root on the dir. As a result sudo is necessary to move these
contents later.
Change-Id: I6b6aa79e8e8b63f4665679ab183a8551f0dd521e
This reverts commit be802b319abf740e161d08e1f5a5a8c997c0278c.
A 50.1.0 release of setuptools has been made which reverts the breaking
behavior.
Change-Id: Ic32afc1466556eed9aaf3869974d85d5f779375f
We create a virtualenv to install ansible in which then runs puppet for
us in our puppet apply jobs. This is pulling in setuptools 50 which then
fails due to the problems setuptools 50 has with older pythons. Address
this by pinning back to setuptools <50.
Change-Id: I02ea466319f7cd90f73972bf5a99876d14823ac1
Make inventory/service for service-specific things, including the
groups.yaml group definitions, and inventory/base for hostvars
related to the base system, including the list of hosts.
Move the exisitng host_vars into inventory/service, since most of
them are likely service-specific. Move group_vars/all.yaml into
base/group_vars as almost all of it is related to base things,
with the execption of the gerrit public key.
A followup patch will move host-specific values into equivilent
files in inventory/base.
This should let us override hostvars in gate jobs. It should also
allow us to do better file matchers - and to be able to organize
our playbooks move if we want to.
Depends-On: https://review.opendev.org/731583
Change-Id: Iddf57b5be47c2e9de16b83a1bc83bee25db995cf
We have one global variable that is used in two places.
By removing it, we can more easily split site.pp into
per-service manifest files, and ultimately we should be
deriving this from groups['elasticsearch'] anyway.
Change-Id: I1d794b269847da85778f71e816359953af9b31e0
We are copying system-config in parallel to a bunch of targets
and we're also creating and deleting applytest files. Instead,
do the apply test files outside of the dir that's going to
get synced in the puppet role.
While we're at it, copy don't link the openstack_project
module into /etc/puppet/modules, just to be sure.
Change-Id: I4bcd8ebd6da8395e77d673ac76f4c41568d810ec
We use project-config for gerrit, gitea and nodepool config. That's
cool, because can clone that from zuul too and make sure that each
prod run we're doing runs with the contents of the patch in question.
Introduce a flag file that can be touched in /home/zuulcd that will
block zuul from running prod playbooks. By default, if the file is
there, zuul will wait for an hour before giving up.
Rename zuulcd to zuul
To better align prod and test, name the zuul user zuul.
Change-Id: I83c38c9c430218059579f3763e02d6b9f40c7b89
We had the clouds split from back when we used the openstack
dynamic inventory plugin. We don't use that anymore, so we don't
need these to be split. Any other usage we have directly references
a cloud.
Change-Id: I5d95bf910fb8e2cbca64f92c6ad4acd3aaeed1a3
As part of OpenDev rename, a lot of links were changed.
A couple of URLs point to old locations, update them.
This list was done while grepping for "openstack-infra" and fixing
locations that are wrong.
Change-Id: I313d76284bb549f1b2c636ce17fa662c233c0af9
With the move from OpenStack governance to our own OpenDev team, we
should also move to use the #opendev IRC channel in preference to
the #openstack-infra channel which will remain in use for OpenStack
specific discussions.
Update the references in our docs accordingly.
Change-Id: I448704f5d2664fd233a69a2ad12578ca24d9878a
This will give us a nice link to the goaccess reports on the zuul
dashboard build pages.
Move ansible-lint config into config file
As of 4.2.0 we can configure ansible-lint with a config file. It's
also apparently now smart enough to only find ansible yaml. Let's
see how that goes.
Add a fake zuul_return module
This should let us fake out ansible-lint without having to install
all of zuul.
Change-Id: Ib233eb577a8ca2aabfe3a49b2cd823dd4a00bd82
A few things have changed and we need to fix them in one go.
Use mirror for installing docker for buildset-registry
While, we need to make this more systemic, that's hanging off of the
mirror rework. For now, since we know all of these jobs are debian
based, just set the mirror location.
Replace use of zuul cloner with git clones
You can never be a prophet in your own hometown. This is now broken
because of the git cache rework, so just replace it.
Update libjemalloc library
python:slim is based on buster now, which has libjemalloc2 not
libjemalloc1.
Remove gerrit repo remote for submodules
A recent change to the base jobs to use prepare-workspace-git
broke the gerrit image builds by actually having the origin
remote by /dev/null as intended. This breaks submodules because
for a few of them where we don't have matching stable branches
the submodule relative path behavior is actually exactly what
we want.
Since we don't care about the remote otherwise, remove the
origin remote before doing the submodule update --init so that
the submodule will clone the refs from the zuul prepared repo.
Change-Id: Ieb5b6bc8711fe971ed3445c7c267306ac4616464
This causes newlines to appear in the config file which causes the
server to fail to start which is the opposite of what this is
supposed to do.
Change-Id: I2ff7e8835878652b3a7cdc2f633d263b37aaa7e9
This script helps restart the AFS servers, which is useful when
updating parameters. It can also enable audit logging.
It can also stop and start the servers, although it's unlikely we'd
want all the servers offline at the same time so stopping has a
warning included.
Documentation is updated to refer to the helper script
Change-Id: Idcb3e43a3f6e614cdb787d4334e692a98bffdd15
We ended up running into a problem with nodepool built control plane
images (has to do with boot from volume not allowing us to delete images
that are in use by a nova instance). We have decided to clean this up
and go back to not doing this until we can do it more properly.
Note this isn't a revert because having a group for access to control
plane clouds does seem like a good idea in general and I believe there
have been changes we'd have to resolve in the clouds.yaml files anyway.
Depends-On: https://review.opendev.org/#/c/665012/
Change-Id: I5e72928ec2dec37afa9c8567eff30eb6e9c04f1d
This tool scans gerrit changes for comments from zuul over the last 30
days to build out success rates for check and gate pipelines. This only
looks at changes that have merged to avoid those that never can merge
because they only fail or are expected to fail.
This tool emits information like:
Changes: 4475
Check Failures: 5317.0
Check Successes: 9173.0
Check Rate of failure: 0.3669427191166322
Gate Failures: 687.0
Gate Successes: 4450.0
Gate Rate of failure: 0.13373564337161767
Total Failures: 6004.0
Total Successes: 13623.0
Total Rate of failure: 0.3059051306873185
Change-Id: I759ba670c6b81f4425ce618c412db9cbd0e51401
Git repo moves based on cgit aliases from project-config, the
OpenStack TC guidance recorded in
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html
and the ethercalc used to collect input from other users of the
system. Also the results of an extensive bikeshedding session at
http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2019-04-11.log.html#t2019-04-11T14:54:09
which concluded that anything left homeless goes in a namespace
called "x" since that's short, a basic alphabetic character and
provides no particular connotation.
The opendev-migrate script, when run, provides a shareable rendering
on stdout and also writes a repos.yaml file for input into the
rename_repos playbook.
The opendev-patching script, when run, uses the repos.yaml file and
iterates over a tree of Git repositories updating their Zuul
configuration, playbooks and roles as well as .gitreview files both
for the project renames and the opendev hostname changes. It also
creates a rename commit in project-config so that manage-projects
will be in sync with the results of the rename_repos playbook.
Change-Id: Ifa9fa6896110e8a33f32dcda6325bd58846935e2
Task: #30570
Co-Authored-By: James E. Blair <jeblair@redhat.com>
We ignore E006 which is line lenght longer than 79 characters. We don't
actually care about that. Fix E042 in run_all.sh this represents a
potential real issue in bash as it will hide errors.
This makes the bashate output much cleaner which should make it easier
for people to understand why it fails when it fails in check.
Change-Id: I2249b76e33003b57a1d2ab5fcdb17eda4e5cd7ad
In order to have nodepool build images and upload them to control
plane clouds, add them to the clouds.yaml on the nodepool-builder
hosts. Keep them out of the launcher configs by splitting the config
templates. So that we can keep our copies of things to a minimum,
create a group called "control-plane-clouds" and put bridge and nb0*
in it.
There are clouds mentions in here that we no longer use, a followup
patch will clean those up.
NOTE: Requires shifting the clouds config dict from
host_vars/bridge.openstack.org.yaml to group_vars/control-plane-clouds.yaml
in the secrets on bridge.
Needed-By: https://review.opendev.org/640044
Change-Id: Id1161bca8f23129202599dba299c288a6aa29212
Now that the tools/owners.py script is a module in the
openstack_election package within the openstack/election repository,
we can stop providing a copy here.
Change-Id: I39efbad539790687646c1d76159894e9e997ff72
Depends-On: I180ef0e5ec880b46f0427c1c952b640a780b5732
There are many references to review.openstack.org, and while the
redirect should work, we can also go ahead and fix them.
Change-Id: I28f398796a6392a3dffea1d25cfe2ae3a36a3589
There's a bunch in here. This is mostly big-ticket things and test
fixes. Also, change the README to rst - because why is it markdown?
Depends-On: https://review.opendev.org/654005
Change-Id: I21e5017011e1111b4d7a9e4bf0ea6b10f5dd8c1b
