Now that the Mailman v3 migration is complete, we no longer need any
divergence between the lists01 (production) and lists99 (test node)
host vars, so put everything into the group vars file instead.
Change-Id: If92943694e95ef261fbd254eff65a51d8d3f7ce5
Clean up references to lists.openstack.org other than as a virtual
host on the new lists01.opendev.org Mailman v3 server. Update a few
stale references to the old openstack-infra mailing list (and
accompanying stale references to the OpenStack Foundation and
OpenStack Infra team). Update our mailing list service documentation
to reflect the new system rather than the old one. Once this change
merges, we can create an archival image of the old server and delete
it (as well as removing it from our emergency skip list for
Ansible).
Side note, the lists.openstack.org server will be 11.5 years old on
November 1, created 2012-05-01 21:14:53 UTC. Farewell, old friend!
Change-Id: I54eddbaaddc7c88bdea8a1dbc88f27108c223239
Document our intent to enforce the rejectImplicitMerges option for
receipt of changes, in order to avoid silently merging the target
branch to include the change's history from another branch where
those commits are already present.
Change-Id: I7478825ed58c5a4e7cf29d06a770e70c7b5a7759
This reverts commit f4d4714ceeb041552a37cfaada7b9d3f95081cbd.
OpenDev is moving back to docker.io to preserve speculative container
image testing.
Depends-On: https://review.opendev.org/c/opendev/grafyaml/+/884291
Change-Id: I6342a19e28d4e3a3f9130c16668d0f4ba2ed7329
The grafyaml image location has moved to quay.io. This change ensures we
are pulling it from the new correct location.
Depends-On: https://review.opendev.org/c/opendev/grafyaml/+/882493
Change-Id: Iee30e90c9b2ab43db8e98bbd0c3207edf00ba479
Remove adns1/ns1/ns2 which are no longer in use. Switch the primary
master to adns02; the secondaries ns03/ns04 will now update from
there.
Change-Id: I700a514dd2b72b2632e8d0668251f52907008d44
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/880709
This switches us to running the services against the etherpad group. We
also define vars in a group_vars file rather than a host specific
file. This allows us to switch testing over to etherpad99 to decouple it
from our production hostnames.
A followup change will add a new etherpad production server that will be
deployed alongside the existing one. This refactor makes that a bit
simpler.
Change-Id: I838ad31eb74a3abfd02bbfa77c9c2d007d57a3d4
Firstly, my understanding of "adns" is that it's short for
authoritative-dns; i.e. things related to our main non-recursive DNS
servers for the zones we manage. The "a" is useful to distinguish
this from any sort of other dns services we might run for CI, etc.
The way we do this is with a "hidden" server that applies updates from
config management, which then notifies secondary public servers which
do a zone transfer from the primary. They're all "authoritative" in
the sense they're not for general recursive queries.
As mentioned in Ibd8063e92ad7ff9ee683dcc7dfcc115a0b19dcaa, we
currently have 3 groups
adns : the hidden primary bind server
ns : the secondary public authoratitive servers
dns : both of the above
This proposes a refactor into the following 3 groups
adns-primary : hidden primary bind server
adns-secondary : the secondary public authoritative servers
adns : both of the above
This is meant to be a no-op; I just feel like this makes it a bit
clearer as to the "lay of the land" with these servers. It will need
some considering of the hiera variables on bridge if we merge.
Change-Id: I9ffef52f27bd23ceeec07fe0f45f9fee08b5559a
Gerrit 3.6 and older do not support 'and' as a boolean operator. They
only support 'AND'. For maximum compatibility (we are running 3.6.4
currently) convert 'and' to 'AND' in Gerrit submittableIf rules.
Change-Id: Iac5e2cda4a245f99e98a1354ad4107da07e1f60d
Update the deprecated copy flags to copyCondition in the boostrap
documentation.
The verified and workflow labels don't ever copy their approvals, so
it is really only code-review.
Change-Id: I3563a7a394ae7d96af9e27b10dc18ba5c459ba82
We have added gitea09 to haproxy which allows us to remove one of the
old servers. Remove gitea08 since gitea01 is the host that gets backups
currently.
Note that this only removes gitea08 from haproxy and does not remove it
from gerrit replication or our inventory. We need to do this in a
multistep process to avoid a situation where gitea08 is still serving
requests but not receiving updates from Gerrit. Next step will be to
disable replication. Then we can remove it from inventory and finally
delete it altogether.
Change-Id: I26f368936819a41a7369d2d116e04151301ee0e2
At some point we shifted from doing this task using the web UI to
primarily using ssh only admin accounts. The docs ended up in a slightly
confusing place with steps that only make sense when you interact with
the web UI. Update the force merge docs to assume ssh only which is far
more aligned with our admin account expectations.
Change-Id: Ia99afe7ee10927765733891f72bd428e52fa2225
This renames zk-ca to opendev-ca and allows us to operate more than
one ca on bridge. This way we can keep the CAs for ZooKeeper and
Jaeger distinct (so that a compromise of the jaeger server could not
be used to access the ZooKeeper cluster).
This also starts a new jaeger-ca and uses it on the Jaeger server.
Change-Id: I4e5bc4e3ccd78284ce785c971f7e6ad6e721f887
Today we found a corrupt contents.cache.db; after investigation we
found that it is regenerated by the export command. This makes a note
of that for future reference.
Change-Id: Ib6d698651b9d4c84d0704b79a6ee58d009c89854
If you are running these jobs by hand you are doing something that
will be expected to take a long time (initial sync, recovery, etc.).
Make these scripts assume interactivity and default to *not* running
under timeout -- it's too easy to forget NO_TIMEOUT when running
manually and having the job killed.
We already have an UNDER_CRON variable set so that we only send stats
when running ... under cron. Reuse this here for the timeout flag.
Change-Id: Ic2d2f39bb18d247c853284512fe0dc37485c00a4
The zuul pipeline reporter for merge-failure has been renamed to
merge-conflict. The old name has been depreacted and will be removed in
a future release. Update our examples to match Zuul's current
expectations.
Change-Id: I1f9effa311163d942171e35ba65fafa25245e9d2
A few formatting fixes
* try to more consistently use shell-session formatting for shell
sessions (makes it easier to copy-paste).
* fix up and use more `` around verbatim/code things.
Fixes:
* Gerrit Configuration : there's no db to set the ICLA fields in now,
remove
* Duplicate Accounts : add required arg "origin" to git fetch command
* Deactivating account : can not delete comments via sql query,
remove
Change-Id: Ia481750aa59fc88bef5c00bb0fd9e6f9e23b2777
OFTC's chanserv requires a channel description be provided when
registering it. Update the example in our documentation to reflect
that.
Change-Id: Iee61b8176b2b801b4843530e7570bad5000fe76e
Now that we're retiring the third-party-ci-announce mailing list,
which we never really used consistently anyway, just tell
third-party CI operators to make sure the E-mail address on their
account is current and reachable.
Change-Id: I6186149de25b06f2982702143a807de8bb01be73
In preparation for retiring a number of mailing lists from
lists.openstack.org which have had no activity for over three years,
remove their configuration so our deployment automation won't
recreate them once they're gone. Also remove references to the
third-part-announce list in our documentation, since that's one of
the unused lists we're removing. See the announcement at
http://lists.openstack.org/pipermail/openstack-discuss/2022-February/027404.html
for details.
Change-Id: Ieedd8613363039d19d3ae47f1a83a38747419bdc
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.
Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
Follow-on to I07ca2b18d2da7e6261389696a0eae13d20d2cb22
* Github issues are now closed via the
maintain-github-openstack-mirror which Zuul runs periodically
* manage-projects also runs from Zuul
* run-mirror hasn't been used since If5935b356e222c2f4d474a2cec8add3cc66b6010
* I'm not sure what the ssh key stuff is talking about, it's not
really relevant now.
Change-Id: If4d8a1ac98c35c494090564d94f3a8c082cea900
This introduces and "Open Infrastructure" page which is designed for a
moderately experienced developer with some understanding of Zuul,
Ansible and basic Linux admin skills to have an entrypoint to
navigating the system-config and related repositories.
It is designed to re-enforce the idea of open infrastructure, and
explain how development, testing and production come together at a
level high enough to be understood, but with links or descriptions of
specific places in the code to get started.
It moves a little of what was in the sysadmin page into this, and
leaves that page as more low-level descriptions of various tasks.
Change-Id: I60a9299df455b98ad549ac0075a59d381722bc06
We have discovered that it is possible for a gitea repository to be come
corrupted. Since gitea is not the source of truth the easiest way to
handle this is to replace the repo with a new empty repository and have
Gerrit replicate back to it. This adds documentation that walks through
the process of doing this.
Change-Id: Ief990adaaf3cbb3c748bc9ee6ceb466a1104915a