Gerrit very much wants its ACLs to indent option lines (but not
section headings) by a single hard tab.
The recent migration to schema 185 with Gerrit 3.7 has updated
copyConditions flags and re-written most of the ACL files to look like
this (c.f. I1f11c07e3786bd1a68b43d908d939fde42ddb99c).
This updates the normalize tool to format like this, and modifies all
our ACL's to the new format.
This is intended to be a no-op with no functional change. For future
upgrades, this will reduce the diffs of any updates Gerrit might make.
Change-Id: I3a0c0da1eb32f8afb31ffa0c24ea45aaca8da8cc
Now that we have a fix in place for Gerrit's tag signature detection
regression, remove the unsafe permission for pushing unsigned tags
to return everything to the state we had prior to the 3.4 upgrade.
Change-Id: Ia9afb5fb4be311cca59d3e1cf3b7bc611184fe15
Upon upgrading from Gerrit 3.3 to 3.4, a regression was observed in
which jgit no longer returns signatures in its tag messages, causing
Gerrit to misidentify signed tags as unsigned (annotated) tags.
Because our ACLs only allow signed tags to be pushed, this
regression prevents Gerrit from accepting them now.
Temporarily grant permission to push unsigned tags to anyone who
has permission to push signed ones. We will revert that as soon as a
fixed Gerrit is in place, but in the meantime users will be warned
to take care when pushing tags so that they don't accidentally push
actually unsigned tags to Gerrit.
Also, the pushSignedTag keyword was deprecated in favor of the new
createSignedTag name, so go ahead and update to that while we're
doing this so that we can limit the amount of churn across all these
ACLs. Documentation will be corrected to recommend the new format in
a separate change, but update the ACL linter now to prevent the old
syntax from being used in new projects.
This workaround was already tested on opendev/bindep in the parent
Iad8c1f83e247c9a8bcf5b4f530f7b83663e1f793 change, and confirmed to
function as intended.
Change-Id: Ia426ea36b4e6877fdce5725ff1e00ae02c62e3f4
This grants delete privileges on Treasuremap project branches to the
airship-release group. This is required so that we can clean up the
old `v2` branch now that its contents have been moved to master, and
is no longer needed (and can be confusing).
Change-Id: I052401ba1932f821f0825fa7047576a119cee1ed
This is a request to create the airship/gerrit-to-github-bot
project in opendev.
This bot synchronizes state between gerrit patchsets, where
airship work is done, and github issues, where airship scope
is tracked.
If you can seed the new gerrit group with me then I can add
the appropriate core team.
The upstream imported project, while created for Airship in
the first place, is essentially abandoned by its owner (hence our
need to import to airship proper to continue enhancing it).
We are unable to clean up the extra feature branch outside of master.
Change-Id: I9c75e12d6b9c2b1c7c4a3047a90e9f80440c3532
This is a request to create the airship/sip project in opendev.
SIP (Service Infrastructure Provisioner) will be a Kubernetes
operator which will have responsibility within Airship-based
clusters for standing up supporting infrastructure for managed
CAPI sub-clusters: Metal3 setup, an authentication service,
an operational access point, etc.
If you can seed the new gerrit group with me and I can add the appropriate
initial core team.
Change-Id: I81a59d49311e2b5af10803f06501dc2b985e9e5e
This is a request to create the airship/vino project in opendev.
ViNo is a Kubernetes operator that has
responsibility within Airship-based Kubernetes
clusters for lifecycle managing static libvirt definitions on
worker nodes, for use within simple CAPI sub-clusters.
If you can seed the new gerrit group with me and I can add the appropriate
initial core team.
Change-Id: I9facf665936f9ba8529af2457bb97fc5cc6e49b1
This is a request to create the airship/hostconfig-operator project in opendev.
Hostconfig-operator is based on the Kubernetes ansible operator framework,
which allows declarative intent (represented as custom resources) to drive
Ansible playbooks.
This operator will be used by Airship 2 to drive declarative host-level
management for the nodes that run the managed Kubernetes cluster;
generally for things that are not handled by existing tools like the
Cluster API or KubeADM. Examples include setting permissions on the
filesystem, enforcing OS resource limits, etc.
This project plays a similar role in Airship 2 that Divingbell played
in Airship 1.
Change-Id: I22090408b152b15f5b4f823945b098615ca8c2af
This project will serve as a home for Helm Charts maintained by the
Airship community, for Airship and Airship-adjacent use cases.
Please add mattmceuen as an initial core reviewer in the
airship-charts-core group, and he will add the rest.
Change-Id: I4e77a8948789a3d452eec8d32ae6d929155b0dba
This new project will hold common, reusable ansible roles that
are primarily targeted for use in Airship 2.0 Zuul gates.
There is no need to import from an existing repo; some existing
material on github will be revised before being put in
as a patchset against the new repo.
Please add me (Matt McEuen) as an initial member of the new ACL,
and I can add additional seed core reviewers.
Thanks!
Change-Id: I249e610ca5074f0134038aeddfba81d2f61f5e5d
This new project will host go client library for the Redfish
host management API. It is intended to be consumable/useful
outside of Airship itself; the Airship team created this library
only because of deficiencies in other available implementations.
The folks that own the github repo from which the extant
implementation should be imported have blessed this change, and
will continue their work under the Airship umbrella.
Please add me (Matt McEuen) as an initial member of the new ACL,
and I can add additional seed core reviewers.
Thanks!
Change-Id: I0c7542461555f5a23eddf0b3d3e548a734af778e
- Apis will hold CRDs for Airship
- Storyboard is disabled, as it is not used anymore.
- Repository is to be filled along with CRD development, and at
the start will be empty.
Change-Id: Ica811b09fda9959fa14e3c395a84685d72140418
Per discussion at the last PTG, new Airship projects have been
getting created with per-project core groups, instead of the older
airship-core group. This change catches up existing Airship projects
to this setup, as they either have new core reviewers being added
or will in the future. A few projects which are closely and
logically related to other projects are configured to share their
ACLs for simplicity's sake.
Note that this removes the airship.config ACL, but we do need to retain
the airship-core group (for now).
With (or ahead of) this change, please seed the existing airship-core
group as a member of all the newly created groups, to ensure
uninterrupted review/merge ability.
Change-Id: I0c054714ca9a709bd58b85570a5c415a76cacd1c
This repo will contain scripts and Dockerfiles for building
Airship supplementary images. Some Airship sub-projects may run
utility containers. These utilities may not fit to particular project
in terms of implementation therefore container image artifacts should be
moved to separate repository.
Change-Id: I8b3e13a83deb4a6acf25bca961ef57bd5090ee5f
This change migrates the kubernetes-entrypoint project from
the Stackanetes namespace into Airship. Stackanetes is no longer
actively maintaining the project; however, Airship and OpenStack-Helm
are active consumers and contributors to it. This move has been
socialized with the Stackanetes team, and they are supportive.
Change-Id: If259ab21a5a5336bbd53330cda3e74297c4cdce6
This moves the Porthole project, which has been incubating in
github, into the Airship namespace. Porthole is a project that
provides a collection of utility containers which can be used
to access various Airship and OpenStack-Helm component CLIs
(e.g. etcdctl, psql...), and can be configured for enterprise
use cases that require fine-grained RBAC controls.
Change-Id: I40c4c40292bbb9543cbcbd560731d89610f9a99d
This adds a documentation project for Airship. Currently, Airship
documentation is scattered across a handful of non-obvious projects.
At the PTG it was decided to create a single, clear home for
Airship-wide documentation as the project matures.
Existing documentation will migrate to this project, and new docs
will be authored here, once the project is created.
Change-Id: Ifab77cc746e0187611eda98776715909e4819af8
This adds the airshipctl command line interface, which will be used
to drive Airship operations in the Airship 2.0 target state.
Change-Id: I79abd7ee9f06cbcaec645f5da284f52566a40bb1
This adds the Airship Election documentation project, which
is modeled after the StarlingX and OpenStack Election projects.
Change-Id: I1728359788f818f2b3c5b5942f6f63bbff4c02d9
This adds more granular ACLs for the Airship Pegleg and Spyglass
projects. As discussed at the Denver PTG, Airship project-specific core
teams will be requested as-needed, while the existing Airship-wide core
team will maintain grandfathered core review responsibilities.
Change-Id: I47f4188f8cf85b371a686a8ce964e154775730dc
Jeremy Stanley