f2220c4fe0
There has been one confirmed denial-of-service against the opendev git servers due to an openstack-ansible deployment failing to correctly use cached wheels from the repo server and instead clone and build the source code for each openstack service on each target host. Whilst we wait for further information to understand the root cause of that DOS, it is possible to adjust the user-agent that git uses on a per-domain basis. A previous patch [1] creates a user-agent string very early during the setup of a deployment host, or all-in-one environment, but not any other nodes in a multinode environment. This patch addresses creating /etc/gitconfig for all hosts in a multinode environment. If git is not installed on a host (which would be the default state for hosts other than the deploy host and repo server) a placeholder /etc/gitconfig is written in case later in the deployment the python_venv_build role installs git and clones openstack services from source code to install into a venv without use of the repo server container. The repo server should normally clone once for each service deployed for the whole environment. The user-agent, where possible, contains the git version string, the openstack-ansible version string and the OSA 'component' to aid understanding traffic patterns seen at the opendev.org git servers. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/786596 Change-Id: I4f82bb1a08d01f30c45444f52db357e47245fe31
3 lines
141 B
Django/Jinja
3 lines
141 B
Django/Jinja
[http "https://opendev.org/"]
|
|
userAgent = git/unknown (osa/{{ lookup('env', 'OSA_VERSION') }}/{{ component | default('undefined') }})
|