We have discovered that it is possible for a gitea repository to be come
corrupted. Since gitea is not the source of truth the easiest way to
handle this is to replace the repo with a new empty repository and have
Gerrit replicate back to it. This adds documentation that walks through
the process of doing this.
Change-Id: Ief990adaaf3cbb3c748bc9ee6ceb466a1104915a
This is meant to help debug gerrit in some circumstances particularly
now that the Java Melody plugin is not installed.
Change-Id: Ifedb7abd08c7fe1281ac510c6872fe8d9fe700a1
Update the docs to reflect not having grafyaml in the container.
Also move the import into a separate helper script, which can be
manually run on the host if the container needs to be restarted
out-of-band for some reason.
Change-Id: Ib1f6aea7e16180d9b122552a2aa30ce223426941
In OFTC, entery message is set via ``entrymsg`` command,
correcting it in doc.
<ChanServ> *** SET Help ***
..
URL: Set the channel's homepage.
EMAIL: Sets the channel's e-mail address.
ENTRYMSG: Sets the channel greeting.
..
Change-Id: I2e436015641ab78c5b509b4b4ca35e1088c3376f
The commit replaces DefCore committee (a former name) by
Interop Working Group (the current name) and updates a few
more old interop references.
Change-Id: I35d754ad0b37ba462afdc52b552fbd0b607954df
This adds a keycloak server so we can start experimenting with it.
It's based on the docker-compose file Matthieu made for Zuul
(see https://review.opendev.org/819745 )
We should be able to configure a realm and federate with openstackid
and other providers as described in the opendev auth spec. However,
I am unable to test federation with openstackid due its inability to
configure an oauth app at "localhost". Therefore, we will need an
actual deployed system to test it. This should allow us to do so.
It will also allow use to connect realms to the newly available
Zuul admin api on opendev.
It should be possible to configure the realm the way we want, then
export its configuration into a JSON file and then have our playbooks
or the docker-compose file import it. That would allow us to drive
change to the configuration of the system through code review. Because
of the above limitation with openstackid, I think we should regard the
current implementation as experimental. Once we have a realm
configuration that we like (which we will create using the GUI), we
can chose to either continue to maintain the config with the GUI and
appropriate file backups, or switch to a gitops model based on an
export.
My understanding is that all the data (realms configuration and session)
are kept in an H2 database. This is probably sufficient for now and even
production use with Zuul, but we should probably switch to mariadb before
any heavy (eg gerrit, etc) production use.
This is a partial implementation of https://docs.opendev.org/opendev/infra-specs/latest/specs/central-auth.html
We can re-deploy with a new domain when it exists.
Change-Id: I2e069b1b220dbd3e0a5754ac094c2b296c141753
Co-Authored-By: Matthieu Huin <mhuin@redhat.com>
Now that the SKS keyserver network is no more, and there's no
convenient way to share third-party key signatures, we need to
adjust our key management and rollover process accordingly.
Change-Id: I7008706aae06b6e4a16db2dd85a8c7f91530cd50
All the osf/ namespace Git repositories have moved into a new and
more appropriate openinfra/ namespace, so make the necessary
adjustments to RefStack's image build and operations document.
Change-Id: I01c8d153321a617fbc78c2d3c99102185b03243d
Depends-On: https://review.opendev.org/808479
Mostly just formatting and punctuation, plus some outdated bits.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I641beb5d65f87173d50c74a4e1f0dba48d006231
This is followon to feedback for earlier docs updates. Basically we
should always log these restarts so make that more clear that it isn't
optional.
Change-Id: Ib0fa05b2075d6c82199e6e043724aeedaf04e49c
Zuul has changed has it stores secret keys and they are in zookeeper
now. This means our old docs on decrypting things are no longer correct.
Update them with a new set of instructions that matches the modern
setup.
Change-Id: I7484a8c02e005fadc41e22a4158b3dcb8434ec5d
It was recently pointed out that our restart process for zuul is a bit
stale. Document the new modern process that deals with ansible playbooks
and docker containers.
Change-Id: I52812e87ed73e6ed538f94a86c1b62ce3de57c37
This is just a documentation update but reflect the change upstream
Gerrit made in versions 3.3 renaming this group.
Change-Id: I5458afd2683c2a7c4616f4894884e3d3ce03bbaf
Since ptgbot has updated config management and deployment
orchestration now, update our operational docs to reflect that.
Change-Id: Iad4eb23616ac8ad44d8456268dca730a9754acce
Symlink the docs logo to the canonical assets location. It looks like
it does the sensible thing and de-references the source symlink when
building, as doc/build/html/_static/opendev.svg ends up as the actual
file, not a symlink.
Change-Id: I4409c8e20601bdcb9e387d028b5df13c90d1ffa0
The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.
OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.
Change-Id: I1d625d5204f1e9e3a85ba9605465f6ebb9433021
This update captures that we host projects outside of openstack and
intend for projects like openstack or others to do some steps on their
own. We also update this to reflect chagnes in the configuration
management and deployment tooling that we use today.
Change-Id: I0bc0ce335fd90e6187253e18007361a133a8f30c
A lot of the current sections here talk about modify the Gerrit
database that no longer exists. Remove these.
Update the section on duplicate accounts to handle removing the second
account via NoteDB and the API.
Change-Id: I2139ff33d87bf42e4453f6e7252fcc427594967a
We've stopped relying on jeepyb's track-upstream feature, so stop
installing the entrypoint script and cease running its cronjob.
Depends-On: https://review.opendev.org/799123
Change-Id: I0d6edcc34f25e6bfe2bc41d328ac76618b59f62d
I tripped over this during recent afs fileserver reboots. Note it in the
docs so that we are aware of this in the future when doing maintenance.
Change-Id: Iac20fa6b9ec17f1eb69c50bc8f5736b34967fd83
Noticed this when doing some afs maintenance. We want the bos status of
fileservers when rebooting those servers not the status of the db
servers.
Change-Id: I30f6a2320487c302fda2ffe300daa1d91c7dec45
We're happy for teams to manage their individual IRC channel access
lists through our accessbot configuration if they want, so explain
the situations in which they might choose to add channel ops or
admins, and the differences between them.
Change-Id: I4ae4463fe5017176d2d93cbaac6820fe11350899
The openstack-security mailing list is officially closing, and wants
future attempts at posting to end up on openstack-discuss instead:
http://lists.openstack.org/pipermail/openstack-security/2021-June/006077.html
This was also the only remaining user of the notify-impact Gerrit
hook, so we can stop installing/running it.
Change-Id: Id60b781beb072366673b32326e32fd79637c1219
The IRC bot nick registration process had Freenode-specific examples
and references, so switch those to reflect we're now using OFTC.
Also the weechat command-line syntax was outdated and did not work
with newer versions of the client, so fix that.
Change-Id: I74b60e997b32cc51e8db6e5b7a76d6f281dfc211
The troubleshooting section of our IRC doc had examples specific to
Freenode, update those. Further, drop the bit about /etc/hosts on
eavesdrop, since OFTC offers an IPv4-only round-robin name we can
use directly in our meetbot configuration to work around the
TwistedPython+SSL+IPv6 DNS resolution bug without resorting to
hard-coding addresses on the server.
Change-Id: I7ac1542dcd0a4f088b8c475756338851994f5433
OFTC doesn't have a server-side remove command (I can't find
evidence that it even works on Freenode though I only bothered to
test on OFTC to confirm). Update this section of our IRC document
accordingly.
Change-Id: I6b7838327f0d4ea3ea8c3697fc784657bb2a64ff
Some syntax and available commands on OFTC differ from Freenode,
adjust them were necessary. In particular, setting the channel topic
through ChanServ isn't quite the same any longer.
Change-Id: Id24afc16f7f46476ef761132c9c9a7b491eda47f
In order to accommodate the different permissions model on OFTC,
some changes were made to accessbot and its data structures. Correct
our documentation to reflect that.
Change-Id: I7a2c4201507dff2640b1506b885126d458b063a4
There is no join forwarding in OFTC's network, so instead let's just
update channel topics and possibly set entry messages to let people
know when a channel has moved. In order to be considerate of the
network operators, remember to drop the old unused channel
registrations after a while.
Change-Id: Icbcc9b780ae3a2d1c19d2591158a9d36d0407582
We're moving to OFTC and this tries to capture the various types of
updates for bots and docs we'll need to do. I don't expect this to
be complete, but adds some good reminder for a few things we don't
want to miss.
Change-Id: I09f4c7aa1a2eb8cd167439d58ab4222f5e63a4b1
