This reverts commit 9d25a857da.
We revert this as our testing shows the MFA updates to our regular
accounts don't seem to affect swift uploads currently. That may change
when MFA is required across the board on the 26th but we can reapply
this sort of disablement and testing then and in the meantime continue
to have two providers of log upload locations.
Change-Id: I9f24f67253934a6a128a6cee3cceb9c1f0bcdf37
Rax is requiring everyone to use multi factor auth by March 26, 2024.
We're currently transitioning to MFA early to control when and how it
happens. One benefit of doing this early is we can pull rax out of the
log upload destination list to enable us to test it still works after
the MFA switch.
Do this by removing Rax from the prod uploads and removing ovh from the
test uploads so that only rax is used in base-test. After we update to
MFA we can check that uploads for base-test still work then revert this
change.
Change-Id: I8dafb5ea7ad6b10989ca6258c3f56bc8b91d0e06
We are cleaing up the centos-7 nodes as it is near EOL and this will
free up space on nodepool builders and our mirrors for other newer node
types. Land this when we are happy sufficient cleanup has been performed
within our Zuul tenants.
Change-Id: I8e7bf2776679647ffdfc6a3f4dedbf69f62b91fb
This restores our standard log upload config now that the outage
in ovh is resolved.
This reverts commit babd74eb4f.
This reverts commit 7e033243f3.
Change-Id: Ib308489085a6ad2ace501e4ae078606634eda50a
This resets the log upload targets to our full list of options. This
should only be landed after the previous commit has beened used to
confirm all is well in rax iad and dfw again.
Change-Id: Icc22521b812bfb10b158c5e1e07665f3e45aaa4e
These were disabled due to service issues. Independent testing seems to
indicate that things are happy again. Set up base-test to upload only to
these to regions to confirm. We'll reset base and base-test jobs to the
full set of upload targets if this goes well.
Change-Id: I90141b8f666101fabbcc0b820b370fe20af73632
We've seen errors with uploads to rax iad and rax dfw resulting in jobs
reporting POST_FAILURE with no logs uploaded. Testing container listings
against iad and dfw results in 500 errors but the same requests succeed
against ord so we leave it in place.
Based on the 500 errors received in testing above we believe this issue
is not on our end (client/sdk updates for example) but rather on the
server/service side and we need to disable the endpoints and ride it
out.
Change-Id: Ic38fb681c1de84bdb96edb1ecaa7c632a5bec706
We haven't kept up with fedora releases and the release we have images
for has been sunsetted upstream (they removed package mirrors under us).
In response to this we're going to wind down fedora images entirely and
that requires removal of this nodeset.
Users can look to centos stream which is a forward looking upstream to
rhel to fill a similar role as fedora. The upside to centos stream is
that it has much longer support periods so we don't have to update
images frequently.
Depends-On: https://review.opendev.org/c/opendev/bindep/+/892378
Change-Id: I81bb306a9d5d9f12a703ede382985fa0dec0b697
This is essentially the same stop-gap zuul/zuul-jobs put in place
with I93b9634f7d2813cb1a17aeda2d8ef2ec188f86f3 for now, since it's
generating the same diagrams.
Change-Id: I682ffe9e89ed83b09405940d5cc9bdc66643e131
Since run-buildset-registry depends on the container_command,
but buildset-registry supports only Docker, we need to enforce it.
Change-Id: I8966251030dcb3342befa727b2cc6e20b7229b11
This will ensure that properly defined container images are created in
quay registries for us. You need to do this out of band of the docker
push if you want the image repos to be public. The ensure-quay-repo role
should ignore images that don't have the correct metadata making this
safe for all container base jobs.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/881521
Change-Id: Ic358f5e2f44c2a1e02140f8c848fe352214ba65a
This sets some boilerplate variables for the container image promote
jobs. This does not change the promote method to intermediate-registry
but makes it easier to use.
Change-Id: Ia545b993d04bd3e29c474a3559804a72bedaf687
This is in the zuul-jobs pre-playbook, but we don't actually inherit
from those jobs so we need to duplicate it.
Change-Id: I875df74936736b80dbb2f29bbb474b993f4616ea
These are the analogs of the opendev-build-docker-image jobs,
using the newer container roles.
Change-Id: Ifec8fd7db3b238536b396a9012bdf93d0d19547e
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/878291
This reverts commit 5ce784d816.
This reverts commit 5497c3aa3a.
Revert the two chagnes that were used to disable rax and then force rax
under base-test for testing. The testing performed after that change
landed seems to indicate things are working.
Change-Id: Ibc3e71399205895d1508786f1eb40cb13d44817a
We recently disabled rax swift log uploads due to errors. Force all
uploads under the base-test job to go to rax so that we can test this
more now that the immediate fire is contained.
Change-Id: I7cb8b312356fbaf0d8b4db02b6cc9363f3b13c6f
We are seeing failures to these regions. Disable them until we can debug
further to avoid unnecessary job failures.
Change-Id: If47636adf08279f8c691c3e9b6351b08067f3191
These regions are returning 503s for file retrievals and some jobs are
failing to upload logs there. Disable until it stabilizes.
Change-Id: Ic5d75b95bf8e3c71025c7297644e7fb3ed2fd9b3
This adds a new publish-opendev-nox-docs project-template which will run
opendev-nox-docs and opendev-promote-docs (with the appropriate var for
nox jobs set) to promote and publish our docs using nox based jobs.
Change-Id: I7ed1f439062f13a15fd5a24fbb77d4135cfb08ee
This will probably go away eventually but before that can happen the
child change adding nox docs support needs to land.
Change-Id: Ibf25e07ceb80e54263223c7dc900a444143ecbac
This adds a copy of the tox-docs related jobs but using nox instead.
Depends-On: https://review.opendev.org/868134
Change-Id: I445202f366c748191fe6a05e145c05cbad1bb8f5
This reverts commit 85e1ff20ea.
The incident [0] has been marked as resolved by our provider. We should
be good to return to our full set of swift backends for log storage.
[0] https://public-cloud.status-ovhcloud.com/incidents/by8279p6sdjd
Change-Id: I46d5ae367412081808c22f6b2626fbb83fe2e34c
There is an incident producing errors with ovh swift object storage [0].
Disable these regions until that incident is resolved.
Note we disable rax on the test job so that we can easily test things
are functional once this incident is resolved. Reverting this change
will reenable all swift endpoints in base and base-test jobs.
[0] https://public-cloud.status-ovhcloud.com/incidents/by8279p6sdjd
Change-Id: I8f0655f95308a31881680d1b0c25ed6af8f54fb7
This is similar in purpose to
I137ab824b9a09ccb067b8d5f0bb2896192291883 to separate out where we are
talking to the bastion host from the executor, versus the nested
ansible CD run.
Add the host in the "prod_bastion" group, and switch the source setup
playbook to use "prod_bastion[0]". This reduces the number of places
you have to update the bridge name when you change the host.
Change-Id: I66df4057b3990eed2230d894ff42d0a425a2381a
Currently we reset trees to master in two places; here and in
sync-project-config (Ib999731fe132b1e9f197e51d74066fa75cb6c69b). This
is a bit confusing, and requires delegating tasks to the bridge node
which isn't great. Also, as we think about trying to make jobs run in
parallel it's another place to get things wrong.
This merges the update into one place.
Change-Id: I6ffeb6e6562fb34db89f4e475da27b60e30f6fe7
We no longer use ara since we have the zuul web console now. This change
has effectively been tested for a long while since these variable were
never added to the base-test job.
Change-Id: I74dba3acf63fde543eee865c2d3e65528cbf0c23
This puts the dynamically added bridge node in the "bastion" group.
This way the production jobs can refer to the generic group name, and
be abstracted from the actual hostname.
Change-Id: Ie35f3f003f21472be2ca87ab962141d17fc2a7b6
Similar to Ie0a0d8f4ae137dc12f4c13f901096ee39d9a088e in system-config;
fix the typo on this variable name.
Change-Id: I579af80831ec6c317aa4c03d68a1e1934c2fe16c
This stops the bridge trying to write out console streaming files that
will never be read, because we don't allow connections to the
streaming port. c.f. Ifbb5b8acb1f231812905cf9643bfec6fbbd08324
Change-Id: I82f194631c2a6d4ed2e46e057a609e5d68ffd2dc
This will enable us to test changes to test-prepare-workspace-git and
ultimately prepare-workspace-git.
Change-Id: Ic6badd58a7021595508cad0d3ecb9c7d80780858
Zuul is removing support for old ansible versions like 2.8 remove our
use of it. While we are syncing base-test with base a bit add abstract:
true to base-test to match base as well.
Change-Id: I949c6c7d93db7e3862ec9169ee94fd501539863a
This uses the new argument provided in the dependent change to enable
the extras-common repo for 9-stream. Since this is already running
with the default arguments, it should be low-risk to change them here
and only affect CentOS 9-stream.
Change-Id: I185657987fd1b454db683bd1329a985940014750
The switch to api_token in I8fd7310a91ff023cc348466a9cf20a144a4ff691
was incomplete. The username must be removed in order to pass
the validation check in zuul-jobs.
Change-Id: I395868f41cc20da9fbbcbd0493a7631ab332104e