Improve the export stage of the artifact signing key rotation steps
in the following ways: make sure umask is set again since this stage
is expected to happen at a later date and so in a new session, make
sure to inspect the exported keychain to ensure the primary secret
key is unusable, correct the path to the hiera files, remind the
reader to commit their hiera edits, and test the result on the CI
node at the very end.
Change-Id: Ica40a0226ef8bc6b0df9e3a511f7d7b31c8d4076
To make it easier to find in a pinch, the IRC channel banning
documentation is given its own subsection and rearranged to make the
fastest and easiest solution appear as the first documented example.
Change-Id: If4d00927c3ac55a74b6ed1059269dbe872f18079
This commit adds a note to the firehose docs to document that we've
temporarily disabled access to the websockets ports. This way users
will know that the websockets access isn't expected to work right now.
Once we have a solution in place to address the DOS when using
websockets we can remove this note when we open up the firewall again.
Change-Id: Ia6fb1ca0f80873e5547d2e72676b1b4ebeb01521
The IMAP and MX section was not a documentation on using MQTT clients
but a separate section documenting how to setup the imap mailbox for
lpmqtt on the firehose node. We therefore should clearly mark it as
something different.
Change-Id: I369cae6e0020fd4599bc6d838c6ba32d15d800b8
This commit adds the logstash messages to the services table in the
firehose docs. We should strive to keep this up to date, and the
messages should start reporting there once we unbreak logstash.
Change-Id: Ifaf040f889c2dcb1317c7b27cd81f275e52ed65c
This commit adds deploying a running lpmqtt to firehose nodes.
Change-Id: Ia9d659e282a2a992b8c1a7a48577f3e59793effa
Depends-On: I613330e2bff2e6fe1cacd7e53f3c189584978ea2
These previously warned users that only infrastructure projects should
be added to StoryBoard. This is no longer the official view, although
there may be reasons certain projects cannot be added.
Change-Id: I12576af9040e1315ca16d2cc93612ea9f8e1e1e0
The infracloud is no longer split geographically in two sites.
The servers are located in the same datacenter, but we will manage
them as if they were two different clouds.
Change-Id: I484ee35cc0ec155f7416a0ac9e76d071f4ea0930
Update Gerrit deployment documentation to cover the its-storyboard
plugin addition in our configuration.
Change-Id: Iaa84d50756b00a0c83b087a0f4ad7ccd38e6b293
This commit adds documentation on how to use mqtt clients to subscribe
to events on firehose.o.o. This will hopefully provide enough context
for people who wish to consume any events get started working with it.
Change-Id: I5e5f088d00d1c6f5bded4613fbbe1dad1c10fff3
As a persistent means of kick-banning users from a channel, you can
have Chanserv do the dirty work for you making your own nick less of
a target for retaliation.
Change-Id: Ia8dcd17c53ea8235598712d1d6b177770d9bd029
Askbot has a couple of URLs that can be helpful for debugging
or changing settings. This patch adds a paragraph for them to
the docs.
Change-Id: Ia2ac40142eda4520919f3fbad366993d388abe03
Add key management process sections with configuration details, a
transcript of key generation and an example of key signing.
Change-Id: Ibf4588437a9ed62c111df1728722358f51b92016
Create the signing01.ci.openstack.org job node and puppet the
signing subkey onto it via pubring.gpg and secring.gpg files stored
in private hiera. Also set up some basic configuration and packages
on the management bastion to aid in key management/rotation, and add
the beginnings of administrative documentation for this.
Change-Id: Iecddb778994a38f7898e0c20e7f3f8e93f0a7f60
Depends-On: I70c3b82185681ee64791cda653360c26a93bd466
Story: #2000336
Signed-off-by: Jeremy Stanley <fungi@yuggoth.org>
anteaya has requested this be reverted until proper consensus is reached.
This reverts commit 4fb97f7ed44272fdde51cd373dd465314ed913ed.
Change-Id: I19f481a46d203328fb0bb0667df864a6040eefd9
Based on http://lists.openstack.org/pipermail/openstack-dev/2014-July/041238.html,
update the recommendations to ensure the global namespace is
left for official Infra usage, and per-system rechecks occur
only within a namespace for each individual system
Change-Id: I2a51d45938bc607f49714a372cdd7da574e254d8
