This runs bind as a hidden master nameserver so we can do all the
keysigning there, and then use nsd (or bind) as public authoritative
slaves.
Change-Id: Ifb2ad109103051fa13c4af1c7be1ca0ae98bb1a1
We no longer need kdc02.o.o (ubuntu trusty), now that kdc04.o.o
(ubuntu xenial) is online.
Change-Id: I92b879f7a233dc81c0d64153b293ac12f7e72a40
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The server has been rebuilt on Ubuntu Xenial and is ready to go back
into service.
This reverts commit 664689e42729fdbc750ee74f481687cb4d9ee3f0.
Change-Id: I3e7a388fc01d99c5534ace678864dd5840f8e6d8
Currently puppetdb and puppetboard have been broken for some time (+1
year) and with ubuntu precise becoming EOL it is prime for deleting.
This leaves openstack-infra with a gap in reporting for non-root
users. As such, as proposal is in the works to maybe use ARA.
Change-Id: Ifc73a2dba3b37ebe790a29c0daa948d6bad0aa33
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
All draft documentation jobs now just publish content into an "html"
subtree of their job logs on logs.openstack.org and have been doing
so since longer than our configured content expiration period, so
the separate vhost for docs-draft.openstack.org is no longer
required and can be removed.
While here, change up the CORS configuration for
storyboard.openstack.org and storyboard-dev.openstack.org to respect
draft storyboard-webclient copies on logs.openstack.org rather than
simply removing these stanzas.
Once this change merges and configuration gets applied to
static.openstack.org, the allocated resources for the old docs-draft
vhost (logical volume, DNS entry) can be safely removed.
Change-Id: Ib44df24100192f7903eb60c6fc93feeea0894b90
Migrate backups to new backup01.ord.rax.ci.openstack.org
We decided to start fresh backups on the new server, so this is ready
to go. I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).
Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
With the migration to zuulv3, there is no more zuul-launcher. This has
become zuul-executor, which has been moved into production.
Servers have already been deleted, lets also remove it from puppet.
Change-Id: Id2b53decdc63712460049f5fa9ed751e049d17ff
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This server doesn't exist any more and is stopping firewall rules from
properly loading on logstach-worker servers.
Change-Id: I0e4b30881b660c4dc903c97e5939a5888c0a7948
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We are granting abandon permissions for release managers so that
changes on EOL branches can be removed.
Change-Id: I7486fead3d1066e0c45cd3a9c2ff1545849bd7e3
Add some documentation on reprepo, including some recovery techniques
gleaned from the battlefield.
Change-Id: I3368dedc1b9a769a1c8f5e8fe831d059ff23875b
We don't actually use this region any more, remove it so we don't
attempt to access it with dynamic inventory with ansible.
Change-Id: Ic6d4474a61ee32d198f4d70800fd79b8bd80623f
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
As part of the "Gerrit ContactStore Removal" specification, now that
owners.py is checking foundation membership when generating voter
rolls it's fine for us to stop using requireContactInformation on
the ICLA and rip out our accompanying configuration.
Note that this should not be merged until the All-Projects config on
review.openstack.org and review-dev.openstack.org has been manually
adjusted to remove the "requireContactInformation = true" line from
the [contributor-agreement "ICLA"] section therein. Further, this
must be done by pushing the necessary edit directly into
refs/meta/config as there is no WebUI control nor API method to
alter contributor-agreement options.
Change-Id: I8c39a6bf43f5b12db3e8aab18bedbf7e1a0f0b7e
Story: #2001094
Task: #4867
The app_key config entry for zuul actually wants a path to a file, not
the key content itself. Write it to disk and update the config.
Do the file writing in site.pp and not puppet-zuul because it's an
arbitrary filename/content. A zuul user could have zero or many github
connections, and the connection data is stored in a hash in hiera, so
there's not a super great way to add key writing support to puppet-zuul
itself at the moment. It's also a single file.
Change-Id: I43f93f59b9a82186a60734810a277edeac67bbac
We're running a zuulv3 and it has several pieces. Make a place that we
can start documenting the sysadmin of the system. Once we go live we can
remove the old zuul.rst and move zuulv3.rst to take its place.
Change-Id: I3efaa8026f9d1c67e765ca79594b2768f0fa2fbf
While adding the last patch, I noticed the comment from doug about the
entries missing from the TOC that were added to a hidden section. I can
see no reason for these to be hidden, so add them to the main TOC.
Also, there's a warning about an invalid ref in the firehose document.
Fix it.
Change-Id: I86663407356aca0cadd633122a0257ad63d0297c
In order to demystify some of the initial setup around IRC nick
registration for new bots, start a new section in the IRC
documentation page for a recommended workflow and gotchas.
Change-Id: Ica9f24b725cc2d4425741b383f788a537992f80d
This installs the ptgbot Puppet module so it will run from the
eavesdrop.openstack.org server and generate its Web content there.
Include some rudimentary operational documentation.
Change-Id: I92ddbbb683dede2c325f70267bd5e26884a35c01
Depends-On: Idb1fc5273b67ab88e1c78578275969b04c781c7a
We want to start encrypting our gearman traffic for zuulv3, as such
we'll need to bring online a CA service. The idea here, is we create a
new CA for each interconnecting service we want SSL certs for.
As an example /etc/zuul-ca will be used to generate SSL certs for our
gearman service.
Change-Id: I8c341559292c78d5428fe16837f28494a76e65db
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Co-Authored-By: Jeremy Stanley <fungi@yuggoth.org>
This commit adds docs on event notifications as an example use case.
This is a common thing that people want to do with firehose events, so
it's good to document how to do it. This commit doesn't go into detail
on how to use/configure mqttwarn (since it can be quite involved) but
points people at the docs.
Change-Id: Ic5fff993e5f268e2dbd82062b4fb95483d69abf2
