Change restart mode to always instead of 'no' as testing shows we won't
restart in a loop in CI and we want production to restart automatically.
Also add ssh pubkey contents for completeness and simplicity if we need
to find those in the future.
Change-Id: I81573a1ad1574419194eb3088070dda95fb81fff
This new ansible role deploys gerritbot with docker-compose on
eavesdrop.openstack.org. This way we can run it where the other bots
live.
Testing is rudimentary for now as we don't really want to connect to a
production gerrit and freenode. We check things the best we can.
We will want to coordinate deployment of this change with disabling the
running service on the gerrit server.
Depends-On: https://review.opendev.org/745240
Change-Id: I008992978791ff0a38f92fb4bc529ff643f01dd6
Add a tool to scan a host and generate the sshfp records to go into
dns. Hook this into the DNS print out from the node launcher.
Change-Id: I686287c3c081debeb6a230e2a3e7b48e5720c65a
The pip install -f flag is for find-links which is a list of locations
to look for python packages. What we hvae at this path for extras
installation is a list of packages themselves not locations to find
them. We need to use the -r flag for requirements lists to specify this
instead.
This change should update our zuul and nodepool images to include useful
debugging extras.
Change-Id: I647bb835d0c85c3772e1593866a54cfc5ea1db2f
The default indexer timeout is 30 seconds. During a recent gitea restart
gitea01 hit this timeout five times: 150 seconds. Increase the timeout
to double that value: 300 seconds.
This is important to ensure that our graceful restarts are in fact
graceful. We don't want the sshd container running while web is being
restarted multiple times. Doing so can lead to lost replication events
from gerrit.
Change-Id: I1f9253ccd6fbb055f848e186f478651454fee7e0
We remove old git web server env vars from the apache config and add
comments to our /p/ handling to describe the need for further cleanup
when Gerrit is upgraded.
Change-Id: I79fc130dec0a8b00706c0ec0f8fcab4d867e34d1
This is an incredibly minor update and the templates don't seem to
change at all. But its still a good idea to keep up as much as possible.
Change-Id: I7afcd741bfea056f34dacca65512c86949539340
We get:
INTERNALERROR> AttributeError: 'tuple' object has no attribute 'rsplit'
When running pytest-html and this appears related to the recent pytest
6.0.0 release. Cap pytest to <6.0.0 to fix this.
Change-Id: I1379267598099f3ab53c217f15c57f825b8889fa
The zuul01.openstack.org server is not matching the Ansible backup
group, which specifies opendev.org. This means it is not backing up
to the "new" vexxhost server like everything else.
Change-Id: I07ac19f7cb5597950886c01806189e479e7a3724
Gerrit is repurposing the /p/ path for project dashboard under
polygerrit. We use this path for Git mirrors. To resolve this let's
disable the /p/ path now then when it is used for project dashboards
users won't be as confused.
This has the added benefit of reducing the number of mirrors we need to
manage which makes managing branches in the mirrors simpler.
Change-Id: I9ebca2049a4a0707ecfbaecd92e42ebc1e6c3f87
Add an override to the systemd configuration for the docker service
unit so that it won't start until after openafs-client is started
and /afs is mounted (the latter because we don't know if the
initscript will possibly return early). Without this, it's a race to
see whether the container will have a working /afs mount, so can
lead to jobs failing to write into AFS with cryptic permissions
errors.
Change-Id: Ie00b1c1bc9c330e2af28c59b3b07a7c244c912dc
We need to add host (and possibly the ssh host key so its here too) in
this playbook because the add_host from the base-jobs side is only
applicable to the playbook running in base-jobs. When we start our
playbook here that state is lost. Simple fix, just add_host it again.
Change-Id: Iee60d04f0232500be745a7a8ca0eac4a6202063d
We can't run ARA on the executor because that involves running
arbitrary commands, instead generate reports on the executor and put
them where the normal fetch-output will find them later.
Change-Id: I20d88a7f03872d19f6bd014bc687a1bf16e4e80e
This uses a new base job which handles pushing the git repos on to
bridge since that must now happen in a trusted playbook.
Depends-On: https://review.opendev.org/742934
Change-Id: Ie6d0668f83af801c0c0e920b676f2f49e19c59f6
We want these to rebuild to push up multiarch images. I couldn't come up
with a good actual change so I added a . to a comment instead.
Change-Id: I287fee62075bc124ea7d9cc51baaeecdc0e73c6c
We want to pick up changes to our docker setup in production. Without
this we don't get the infra-prod-service-etherpad job running when we
update the etherpad docker image.
Change-Id: I25aee457b7c0547fc11439301054bb5aef799476
Etherpad 1.8.4 added console logging that breaks iframes like those used
by meetpad when logging. THis means many etherpads work fine and only
have an issue when logging is tripped.
We fix this by adding patch files based on the upstream fix,
00b6a1d9fe,
cherrypicked to 1.8.4 and then diffed. The reason we don't just use git
is that while the installation in the upstream image is a git repo there
is not git installation and adding in patch keeps our image small.
We also convert the existing css fix to using patch for consistency.
Change-Id: I7eed0d74c40141255cbff62069a83144feef6b61
This reverts commit 05021f11a29a0213c5aecddf8e7b907b7834214a.
This switches Zuul and Nodepool to use Zookeeper TLS. The ZK
cluster is already listening on both ports.
Change-Id: I03d28fb75610fbf5221eeee28699e4bd6f1157ea
Fedora 33 is not released yet and the TripleO team would
like to perform some tests on that image.
Change-Id: I39f6bedadc12277739292cf31cc601bc3b6e30ec
Note this shouldn't be used until we can configure Gerrit to do similar
with jeepyb. Otherwise we'll end up with mismatched branches between our
canonical source (Gerrit) and our mirrors (Gitea).
Change-Id: I8d353cbc90c2d354e7cdebfc4e247f3f73d97d86
The process of switching hosts to Ansible backups got a little
... backed up. I think the idea was that we would move these legacy
hosts to an all-Ansible configuration a little faster than what has
ended up happening.
In the mean time, we have done a better job of merging our environment
so puppet hosts are just a regular host that runs a puppet step rather
than separate entities.
So there is no problem running these roles on these older servers.
This will bring consistency to our backup story with everything being
managed from Ansible.
This will currently setup these hosts to backup to the only opendev
backup server in vexxhost. As a follow-on, we will add another
opendev backup host in another provider to provide dual-redundancy.
After that, we can remove the bup::site calls from these hosts and
retire the puppet-based backups.
Change-Id: Ieaea46d312056bf34992826d673356c56abfc87a
Specifying the family stops a deprecation warning being output.
Add a HTML report and report it as an artifact as well; this is easier
to read.
Change-Id: I2bd6505c19cee2d51e9af27e9344cfe2e1110572