The opendev project has been moving away from puppet and this is one of
the puppet modules that is no longer used. To simplify things for us we
are taking the extra step of retiring this repo.
Change-Id: I1d3a8a3999e75be00844a314fa7f52c37e28f9d4
We need to communicate to apache vhost config that we want LE certs to
be used in some cases. Add a vhosts_flags flag to signal this then plumb
the correct data into the vhost when set.
Note this requires the vhost name and the le cert name to match as that
is our mapping between puppet and ansibe here.
Change-Id: I40131525c10152ebb0a7495588f137e3c019bbc5
There are two deployment options for the new multi-ansible support:
the executor can install Ansible on startup (the default), or we
can pre-install ansible when we install Zuul, so that it's ready
for the next executor restart. This change implements the latter.
Change-Id: I0c75724b4376f68128590eaabdd8a10ed63dcda0
The user field no longer has a default, so if we want fingergw
to drop root privs, we need to set it.
Change-Id: I0bd16cbd23a30d2c643d1ac1840868e63f7adb4e
We want the t/ prefix to survive to requests to the backend when we are
hosting a global tenant UI. This rewrite appears to be causing 404s when
/t/tenant/status is rewritten to /tenant/status.
The upstream docs [0] also don't include this rewrite.
[0] https://zuul-ci.org/docs/zuul/admin/installation.html#static-offload
Change-Id: Id8f94581b9a1c8a383c7a0d40fb89ce49c50b2e3
This updates the zuul web config to manage both global web server and
whitelabeled per tenant webserver configs. A new set of config hashes is
introduced to do this. For backward compatibility we construct the
hashes from existing parameters if the new hashes are unset.
Change-Id: Ie8ba46111530e74b8b1d0ec1746df2e09754fe67
This change also removes backward compat /status rewrite
The new URL scheme actually uses /status for the status page,
and it should be rewritten to the index.html below instead.
Change-Id: I7ff5a8387ec6fb65bda55d3233b670180682d08d
This change makes the ProxyPass rewrites Last to stop as soon as they
match. Then any requests that doesn't match a file is served the
index.html.
Depends-On: https://review.openstack.org/591604
Change-Id: I363c2c4d3924074c8ff5c7fd9a410e357ed71b5d
Dynamic scoping for variables in ERB templates was removed in puppet
4[1] which means that the variables defined in the zuul and zuul::web
classes cannot be found when it is referenced in the httpd::vhost
defined type and will be evaluated as nil when puppet runs. Use
scope.lookupvar instead to be explicit about the variable's source.
[1] https://puppet.com/docs/puppet/4.10/lang_updating_manifests.html#dynamic-scoping-in-erb
Change-Id: I321cc7215387723c787ebc5d359b27866da26995
The previous layout meant we couldn't really do apache offloading of
static content and instead were proxying them to the aiohttp server.
The new update moves api calls below /api. Update the rewrite rules to
deal with this. Also, update the document root to point to where we
deploy the zuul dashboard so that it's picked up by apache.
This also updates the apache config to work for non-whitelabeled deploys
as well.
Depends-On: https://review.openstack.org/556967
Change-Id: I6e662e7bc97de96969828801bcb18c5f354965c5
In v3, we need to be able to use some variables from zuul/web.pp in the
vhost template, but the vhost is created in ::zuul because of how v2
worked.
Split the config, and split where we're defining it so that in the next
patch we can make use of variables from zuul/web.pp.
Change-Id: I3e1c72bb773be050854f5563d09f6c19af8bc6dc
Depends-On: https://review.openstack.org/557085
With the update to the use of yarn/webpack for the zuul-web javascript
stack, there is now a pre-built tarball of the web assets. Update the
code to use it.
An alternative to this approach would be to install nodejs and yarn on
the machine and just do a pip install . in the zuul source dir which
would also work ... but since there is an option that doesn't require
the need to run the build tools, why not use it?
Because spec/acceptance/fixtures/default.pp is hard-coded to the
zuulv3 install path, we can remove the now unnecessary checks from it.
Move the status backups to /var/lib/zuul/backup, instead of www/backup
as the www directory no longer exists. Also remove it as the
documentroot.
Depends-On: https://review.openstack.org/547790
Change-Id: Ib88b48ddea26ef5d8d0d152774112844b180f77e
The match ^/jobs doesn't have an ending anchor, so it matches /jobs
and /jobs.html - which makes the url
https://zuul.openstack.org/jobs.html return JSON. While the JSON is
valid job data, raw JSON is less pleasant for a human to read than HTML
(go figure)
Move the less specific entries to after the more specific entries.
Change-Id: I80f7fbe54d96cc151ef8da28465445f93092aadd
Zuul is about to remove .json suffixes from the REST endpoints. Update
the puppet to deal with that.
Change-Id: Ic1df0c01eec57f163ce332518ebc560e77b92bf3
Depends-On: https://review.openstack.org/537010
OpenStack white-labels the dashboard specifically at the OpenStack
level, but there are some URLs, like the github connection payload
webhook receiver, that are global and not per-tenant. It's conceivable
that we might want to add richer support for single-tenant whitelabels
as well.
Change-Id: I03ea09e86168ed4e896f74db1b715131ad61f600
As of I8278d9ca81ed7b0a2a2189d42b8b69c5eea2bab5 the last remaining
use for the [webapp] config section (passing in the status_url) is
no longer required, so it is safe to remove in its entirety at this
point.
Change-Id: I9ceb695cf54397fa2ccbbd4e580843a3f37a997c
Starting with I8278d9ca81ed7b0a2a2189d42b8b69c5eea2bab5 the github
reporter looks for its status_url in the [web] section of the
configuration instead of [webapp], so put a copy there as well.
Change-Id: I55ec498e1e35832723d6ffeb62ffa06b9ee4c930
We need to forward requests for /connection to zuul_status_url, which is
the scheduler port 8001.
This will need to get updated when we land the move-gh-to-zuul-web
patches.
Change-Id: I6d10e090b37218176e969128c337b0d431870d41
This updates the rewrite rules to the current state of the zuulv3
dashboard, and removes the overlap with zuul v2 urls.
Change-Id: Idd84facca4a0e0170234bf7d4ee2b42811f52b67
We're adding statsd support to zuul.conf; support it there and the
existing defaults file for compatability.
Change-Id: I08feb2dbb18146a1a962aa8b96e3d33e5f794459
We want to ensure that our jobdir and the git repo cache are
on the same filesystem. Configure the executors to use a dir
under /var/lib/zuul for the jobdir. We will mount a new (large)
filesystem at /var/lib/zuul to accomodate both.
Change-Id: I91472fa609274aadcf4945aad44f25014c07b105
Because we need to update zuul.conf with the path to the file, we
actually need to configure this variable within init.pp.
Change-Id: I734f2c338ceab2b1da2a3245423cb912b7dd8c00
Depends-On: I7983ff9cfaea1ee6d3b099824b5f31df98ce72a5
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We need to expose our public keys for secrets.
Change-Id: I3d80aaa008b3b0d18f6e8a6bc479352eb9c076d7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
github and mysql connections both contain secret data that is not
appropriate for public hiera. Create a second list of data that can go
into private hiera. If it's found, it will be added to the connection
config.
Change-Id: I265b445cfbf4b6d4555621e3663e71e9a0f85813
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The console-stream URL needs to be talked to over ws:// to make sure the
WebSocket upgrade headers are sent.
Change-Id: I38f1f0b0f05403b9a47acdf88d5d8059f9af6295
Zuul v3 has a zuul-web service that provides web streaming and
eventually other web content. Add support for running it. Also add it to
the Apache mod_rewrite proxy info.
While we're adding things, add proxy info for plugin connections, which
should allow receiving github webhook events.
Change-Id: Ic79681b287dbd1a44469da70c680060940734f40
The previous patch incorrect add the SSL contents to zuul.conf, we
actually want the file path.
Change-Id: If1f9e9d333d23d22a9f3e2aa320b1b5cd1642d91
Signed-off-by: Paul Belanger <pabelanger@redhat.com>