9 Commits

Author SHA1 Message Date
Monty Taylor
5e6aa5e70d Use python3 for ansible
We get deprecation warnings from ansible about use
of python2 on xenial hosts. Rather than setting
ansible_python_interpreter to python3 on a host by
host basis, set it globally to python3.

Set it to python for the one host that's too old,
refstack.openstack.org, which is running on trusty
which only has python3.4.

Change-Id: I4965d950c13efad80d72912911bc7099e9da1659
2020-04-28 11:54:15 -05:00
Monty Taylor
ebae022d07 Use project-config from zuul instead of direct clones
We use project-config for gerrit, gitea and nodepool config. That's
cool, because can clone that from zuul too and make sure that each
prod run we're doing runs with the contents of the patch in question.

Introduce a flag file that can be touched in /home/zuulcd that will
block zuul from running prod playbooks. By default, if the file is
there, zuul will wait for an hour before giving up.

Rename zuulcd to zuul

To better align prod and test, name the zuul user zuul.

Change-Id: I83c38c9c430218059579f3763e02d6b9f40c7b89
2020-04-15 12:29:33 -05:00
Monty Taylor
009068456a Fix the hostkey for gerrit
We want the hostkeys for gerrit, not for ssh on the host.

Change-Id: I45f82b70946ce63d813ab55b8f78b0c30ab7659c
2020-04-14 13:41:54 -05:00
Monty Taylor
014b3004c0 Add self host keys to known_hosts on gerrit
We run some utility scripts which ssh to ourselves, but we aren't
setting host keys for them. We should fix that.

Change-Id: I2aa5d5e65b15c5c151767377dbc5ead1e442b3ce
2020-04-13 11:33:16 -05:00
Monty Taylor
e6d98f0181 Install utility scripts for running jeepyb commands
jeepyb is installed in the gerrit image because of hook scripts.
To run manage-projects and track-upstream, make wrapper scripts
in /usr/local that runs the commands from in the container image
bind-mounting the appropriate dirs and files into the container.

Change-Id: I7ef1f00e69d4c310d69d83c80ca210e8f340878d
2020-03-22 10:39:47 -05:00
Monty Taylor
906e6a72a1 Use dev subdir on review-dev for project-config things
This is in anticipation of running manage-projects, which wants to
use the dev subdir of project-config when run on dev, but we're
currently not doing anything with that. Point at root or dev as
appropriate. Then we can do a similar thing - probably just
bind-mounting the root or the dev when we docker run for
manage-projects.

Change-Id: Ia13bbb0bf8dbe1f7e7c0f378ba9b41bef3ecd5c1
2020-03-21 11:34:28 -05:00
Monty Taylor
bbe8086726 Use LE certs for Apache
We're getting LE certs for the hosts now, use them in the apache
config. Also add the redirects.

Change-Id: I67d33b4c542182a2474ac0d2416357541b1c3a47
2020-02-13 10:31:59 -06:00
Monty Taylor
083cbf2911 Get LE certs for review.o.o
We have LE dns entries for review.o.o, but we're not actually
requesting the cert. Go ahead and request it - it'll make the
apache config easier to sort out.

Get the openstack.org certs for review-dev while we're at it.

Change-Id: I91d06c97993ba37204bd1fc326ae823e1b9c0c1a
Depends-On: https://review.opendev.org/707267
Depends-On: https://review.opendev.org/707255
2020-02-11 17:01:43 -06:00
Monty Taylor
cc619fe589 Add review-dev01.opendev.org
Add a new review-dev server on the opendev domain with LE support
enabled.

Depends-On: https://review.opendev.org/705661
Change-Id: Ie32124cd617e9986602301f230e83bb138524fdf
2020-02-05 09:58:25 -06:00