By default mailman3 uses a single outgoing mail runner. We have seen
lists with large membership (openstack-discuss for example) delay mail
delivery for 5-10 minutes. In an attempt to increase throughput we bump
the number of outgoing runner instances to 4.
This upstream thread [0] has more info on this and other tuning options
we might consider. We start with this one as the other options have
behavior implications and will need more thought.
[0] https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/W4F2OEM4VIEEU4U6MAPVMFIEGERBMY55/
Change-Id: I9e353960fe55468be1dadffd37aada7da6ed7db0
This adds upgrade testing of gerrit from 3.9 to 3.10. This is the very
first step in the very long process of eventually upgrading to Gerrit
3.10.
Change-Id: Iaa77287b1334dc761e8de815704fec4d8d69d863
When updating jitsi-meet to jammy we switched to using {meetpad,jvb}99
as the hostnames but were setting host-vars for {meetpad,jvb}01. Fix that
Also a pointless and harmless ')' was left in a comment so clean that up.
Change-Id: Iad3079d9295559fd286bb41361f4de26efc14091
This removes management of the inmotion cloud mirror and cloud launcher
configs in prepration for retirement of this cloud. We don't remove the
cloud from clouds.yaml files as it is a bit more ambiguous as to how
long that will be useful (potentially necessary for manual cleanup
steps). Instead when we get around to adding openmetal after inmotion
has been shutdown and resurrected as a new openmetal cloud we can
replace clouds.yaml config then.
This cleanup is necessary to avoid errors when the cloud goes away. We
will be working with OpenMetal to make this happen. It shouldn't matter
if we land this before or after the project-config changes for nodepool
cleanup as things are decoupled sufficiently well.
Change-Id: I9d224318a9cfac35b867babff92e1071ca23c574
Our install-ansible-role role is used to install the cloud launcher and
puppet ansbible roles on bridge. It does this by cloning the zuul repos
for these roles into the appropriate ansible role path location. Recent
versions of git will not clone repos owned by different users by default
due to security concerns. This breaks install-ansible-role because zuul
owns the zuul repos and install-ansible-role is cloning as root. In this
case we do trust the zuul repos though so we mark them as safe
directories in the root .gitconfig file.
Change-Id: I0cc4a011bbfb484fcc2ccf0d8b1d254c01fc03d6
This is followup to our Gerrit 3.9 upgrade and should only be merged
when we are confident that a revert is unlikely. We don't need to build
this image anymore as it is in our past so stop building it. Followup
changes will add 3.10 image builds and then resurrect the gerrit upgrade
job to test upgrades from 3.9 to 3.10.
Change-Id: I6fd8fd0eaa6b9b466679bead813b0877eadcaaa0
This was missed when switching over to the Gerrit 3.9 image in prod. We
do the same for manage projects as well.
Change-Id: Ia0c5bca1dc0d34089f41ab3ebe343a0e65bd496f
Note this will not perform the upgrade for us. Gerrit upgrades are still
manual. But we will land this change after the upgrade is completed to
reflect the new state.
Change-Id: I439d5588e05a15b2d2fad4bafad8d59babf9d468
There are new bugfix updates for both of the Gerrit images we are
building. Bump up to these new releases. The delta between these updates
and what we are already running should be quite small since we just
updated updates recently which will update the main gerrit repo off of
stable branches. Many plugins are fixed to tags but many of those simply
get retagged with new versions. There are some exceptions to this like
the codemirror-editor plugin though.
Overall though should be a straightforward update.
Change-Id: Ic8df1922672317f463e39548f318eae77796b9fd
This adds noble to the existing ubuntu packge mirrors for AArch64.
In order to not overload the AFS servers we added x86 packages in a
previous change.
Note that afs quotas have already been increased in order to mirror
this content.
Change-Id: Id56bf5775b38cb932550d4cb8250c238918e6ce3
This adds noble to the existing ubuntu packge mirrors for x86_64. In
order to not overload the AFS servers we avoid adding both x86 and arm
packages at the same time. A followup change can add arm packages.
Note that afs quotas will almost certainly need to be increased in order
to mirror this content.
Change-Id: I7ddf4be4663aa9d96844359361337ed73f0e9544
There is some ancient redirect we don't control somewhere in Liquid
Web's IP space which has been serving a redirect from
api.openstack.org to developer.openstack.org for who knows how long.
Since we already have a farm of redirect vhosts for other sites on
static.openstack.org, add this one as well so we can clean up this
strange and confusing external dependency.
Change-Id: I8051121761366ccbd07f3795c9aecc766f9fb7ff
The last rebuild only promoted our Gerrit 3.8 image. This appears to
have happened because we only modified the jobs and not the Dockerfile
itself. Fix this by modifying the Dockerfile which should rebuild and
promote both 3.8 and 3.9 images ensuring that our upgrade testing tests
what we want to upgrade to.
Change-Id: I8d06ea9971a6ee0c0e06e6fe2b73391526be6220
In earlier commits it was noted that we aren't as complete as we could
be with the scripts in launch. This commit removes detection of yum as
a package manager (which stopped being a real thin in CentOS-7).
And creates a more complete list of tools used in the appropriate
scripts
Change-Id: I4cd05da18155169fd640c06a151467aed6112a3d
Mirror nodes have an atypical LVN setup. In that the volume, once
visible to the guest, is split between 2 equal volumes for proxy and
afs caches.
This will do that work for us. As the volume (at least in ord.rax) is
attached to the guest after initial creation this script isn't integrated
into launch_node (like mount_volume.sh).
Change-Id: I9ebc6daa9a65a654d9e8622ea6004ebbc28348a2
Also while we're there use 99 as the host index to make it slightly
harder to confuse testing with production.
Change-Id: I62193418feb9401fc06da39bd100553aef3dc52d
In testing jammy updates we discovered that this value need to match
so that websockets are directed to the correct host.
Change-Id: Id44bf92edff411389f05a652dad2ae78607e4d55
The file in which our Etherpad settings reside is templated with
sensitive data like an API key and DB password. Remove the world
readable bit from it, and also drop user/group write perms while
we're at it. Also switch the service's effective GID to match its
UID and make sure the config's ownership is set accordingly.
Change-Id: I65b70237b4bc8f4e63aa0b717702c124e01ed777
This updates changes how Etherpad is built and how authentication is
managed for API requests. This ends up changing a lot of our tooling
around etherpad but etherpad itself (other than the auth changes)
doesn't seem to change much. In response to this I update our admin docs
on common api tasks to use the new process. Then update our testinfra
testing as well to cover that to ensure it all continues to work
properly after this change.
Note the Dockerfile updates are all adapted from upstream. I'm actually
not fond of the decisions they have made in this image build, but being
in sync is probably more important than fixing the multistage builds and
being different.
This change jumps us from v1.9.7 to 2.0.3 (covers releases 2.0.0, 2.0.1,
and 2.0.2 too). A changelog can be found here:
https://github.com/ether/etherpad-lite/blob/v2.0.3/CHANGELOG.md
Change-Id: Ia7c4f26d893b4fc4a178262e1a6b9f3fa80d2a5c
The OpenDev team is planning on removing Ubuntu Xenial in the nearish
future. One of the things still running on Xenial is our old puppet
testing. We've decided taht we'll just have to manually manage those
nodes going forward without CI as there are few of them at this point
and we really want to clean up old Ubuntus in nodepool and our mirrors.
There is a risk that this will allow things to break without detection
or otherwise create new problems, but this stuff has been neglected so
that risk was there anyway.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/917198
Change-Id: I4560ae9bbb61e950a7baa1d29aaf677403249012