Gitea wants us to move the robots.txt file to a new location. It
currently logs a warning about it:
2024/04/17 19:30:56 cmd/web.go:191:serveInstalled() [E] Found legacy public
asset "robots.txt" in CustomPath. Please move it to
/custom/public/robots.txt
Change-Id: Ic4a7f3bbe4633972e0409b37b511fdb03f968442
Crawlers that ignore our robots.txt are triggering archive creation
so rapidly our rootfs fills up between weekly purges, so doing it
once a day should hopefully mitigate further problems.
Change-Id: Ib4e56fbd666f7bf93c017739697d8443d527b8c7
This is a bugfix update upgrade from v1.21.10 to v1.21.11. None of the
templates we override have been changed between these two versions
according to git diff.
A full changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.11/CHANGELOG.md
Change-Id: I4d3648e311fe87b275856f2d73aca4a79c2c5507
This updates our production 3.8 image to the latest bugfix release and
our future upgrade image to 3.9.4. Importantly this addresses problems
with reindexing in 3.9 which will allow us to start upgrade testing in
earnest.
Change-Id: I21f692121665d5630b68c17901b80fc3102ea280
Adding the information about which host we were checking for certcheck
did help in debugging. It pointed out that a specific host was at fault
(nb02 in this case though it could change over time) and further
investigation of this host showed acme.sh was not running there at all
due to earlier failures. Rather than the playbook ending at that point
it continued to run until building the certcheck list and then had a
fatal error leading to the confusion.
Add a breadcrumb comment to the Ansible role to help point this behavior
out in the future.
Change-Id: Ib607665d75eb666d19c8508346eb217783b98eb5
Ansible Galaxy appears to be served behind cloudflare and is currently
throwing 504 errors waiting for the backend to respond on /api/
requests. Since we know this is already not working and this is
preventing other changes from landing lets just go ahead and completely
disable the testing of this proxy.
We can always add the test back if and when effort is made to proxy the
new version of galaxy's api.
Change-Id: Iad35fc19ce4f8bb8ec3c57eb995b44fc5e61a06c
We don't need the Mailman 2 service deployment playbook, as we're no
longer running it. This was simply overlooked in the earlier mass
cleanup change, and even refers to a no longer existing role.
Change-Id: I7e65fdf9e81858f780bef8dce15ef88823345be8
We are currently running MariaDB 10.6 for Mailman. We use the
MARIADB_AUTO_UPGRADE flag to automatically upgrade the mariadb
install to 10.11 when switching the image version over to 10.11.
This was successfully performed against several other services
already.
Change-Id: I675753df142d635eca60c15728ece2870b406134
This increases the innodb buffer pool size from the default of
128M to 4G. Some increase is necessary for creating large indexes,
but probably not this much. Having a large pool allows for
significant performance improvement. To that end, allocate half of
our RAM to this.
https://mariadb.com/kb/en/innodb-buffer-pool/#innodb_buffer_pool_size
Change-Id: I0a20cb2e11edc88dac6a55191a05637e7634773f
These docs had lived on the server in question in a text file as they
were sort of cobbled together from emails. Since then multiple renewals
have been successfully performed so we may as well add the process to
our actual documentation.
Change-Id: I13267ad08c1e4ef6007e5cbea040c274ea2f27d5
Gitea and OpenDev are playing a game of tag. Whenever we bump our
deployment up to the lastest version they release a new version the next
day. That means there is now a v1.21.10 available shortly after updating
to v1.21.9.
Again this appears to be a fairly straight forward bug fix release.
There are no diffs in the templates we override between 1.21.9 and
1.21.10. Full release notes can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.10/CHANGELOG.md
Change-Id: I7491d18b14100ca6457d42994a45de1e70de8758
Almost immediately after we upgraded to 1.21.8 a new 1.21.9 release
became available. Again this appears to largely be a bugfix release with
no super important changes for us. However, there are performance
improvements which are always nice to see. The template files that we
override have not changed between 1.21.8 and 1.21.9.
Full change log can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.9/CHANGELOG.md
Change-Id: Ica763081203d9be44c9de0923a261afa820c891b
This is a bugfix release with no template updates and no other impactful
deployment changes that I can see. Full changelog notes can be found
here:
https://github.com/go-gitea/gitea/blob/v1.21.8/CHANGELOG.md
Change-Id: I6009bbebc261e87702b7f603bf179be89d31edb9
This should cleanup our mirror update server so that we no longer have
configes (cron, scripts, logrotate rules, etc) for mirroring opensuse.
It won't clean up the afs volume, but we can get to that later (and it
will probably require manual intervention). This cleanup is done in a
way that it should be able to be applied to future cleanups too (like
when centos 8 stream goes away and everything is centos stream
specific).
Change-Id: Ib5d15ce800ff0620187345e1cfec0b7b5d65bee5
There are a number of issues with opensuse mirroring content cleanup
that this change aims to address. First up we fix the prefix for the
CentOS 7 networking content; it needed a repositories/ prefix. At the
same time we don't bother deleting the leaf data and instead delete the
more top level directory since we're cleaning this all up.
We then apply this top level cleanup to all of the repositories,
distributions, and updates. This is largely a noop (just some directory
removals) except in the case of update/ which still contains leap 15.2
update packages. These were apparently missed in the initial opensuse
cleaup.
After this lands we should end up with a largely empty volume.
Change-Id: Ic854fcecd1a0fabc388640a33da7e4e1f9ec07c0
We have removed CentOS 7 from nodepool now we can stop mirroring
pacakges for it. This deletes official CentOS 7 package mirror content
and OBS packages mirrored by the OpenSUSE mirror script for CentOS 7.
A followup change will remove the OpenSUSE mirroring entirely as this
was the last thing it was used for.
Change-Id: I484651b0845eaab933e98106684e0a2a6215b3d7
The clouds.yaml and rackdns config files do not need to use two
different Ansible vars to refer to the same credentials. Note that
the forward DNS account is separate, and so we still keep those
intact.
Change-Id: I9dd657f357d32083f2cfd7f074ba0d122ca803c3