Commit Graph

19019 Commits

Author SHA1 Message Date
Zuul 6ed268aa0c Merge "Add docs for linaro cloud cert renewal process" 2024-03-27 02:32:02 +00:00
Zuul 629dfe2e6f Merge "Cleanup opensuse mirroring configs entirely" 2024-03-26 20:05:01 +00:00
Clark Boylan e2df5a8b47 Add docs for linaro cloud cert renewal process
These docs had lived on the server in question in a text file as they
were sort of cobbled together from emails. Since then multiple renewals
have been successfully performed so we may as well add the process to
our actual documentation.

Change-Id: I13267ad08c1e4ef6007e5cbea040c274ea2f27d5
2024-03-26 10:33:58 -07:00
Zuul 64c01708dd Merge "Update gitea to 1.21.9" 2024-03-25 18:02:12 +00:00
Zuul 336a4ae440 Merge "Switch install-docker playbook to include_tasks" 2024-03-22 22:48:03 +00:00
Zuul a572751996 Merge "Upgrade Refstack's MariaDB to 10.11" 2024-03-22 17:06:26 +00:00
Clark Boylan 9e9e980f09 Update gitea to 1.21.9
Almost immediately after we upgraded to 1.21.8 a new 1.21.9 release
became available. Again this appears to largely be a bugfix release with
no super important changes for us. However, there are performance
improvements which are always nice to see. The template files that we
override have not changed between 1.21.8 and 1.21.9.

Full change log can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.9/CHANGELOG.md

Change-Id: Ica763081203d9be44c9de0923a261afa820c891b
2024-03-22 09:10:20 -07:00
Zuul cd08f8c740 Merge "Update gitea to 1.21.8" 2024-03-21 21:40:43 +00:00
Clark Boylan 5a2bd42a4d Update gitea to 1.21.8
This is a bugfix release with no template updates and no other impactful
deployment changes that I can see. Full changelog notes can be found
here:

  https://github.com/go-gitea/gitea/blob/v1.21.8/CHANGELOG.md

Change-Id: I6009bbebc261e87702b7f603bf179be89d31edb9
2024-03-19 07:40:38 -07:00
Clark Boylan 515abdec64 Cleanup opensuse mirroring configs entirely
This should cleanup our mirror update server so that we no longer have
configes (cron, scripts, logrotate rules, etc) for mirroring opensuse.
It won't clean up the afs volume, but we can get to that later (and it
will probably require manual intervention). This cleanup is done in a
way that it should be able to be applied to future cleanups too (like
when centos 8 stream goes away and everything is centos stream
specific).

Change-Id: Ib5d15ce800ff0620187345e1cfec0b7b5d65bee5
2024-03-18 15:49:43 -07:00
Clark Boylan a0ae3481dd Update opensuse mirror script to more completely clean up
There are a number of issues with opensuse mirroring content cleanup
that this change aims to address. First up we fix the prefix for the
CentOS 7 networking content; it needed a repositories/ prefix. At the
same time we don't bother deleting the leaf data and instead delete the
more top level directory since we're cleaning this all up.

We then apply this top level cleanup to all of the repositories,
distributions, and updates. This is largely a noop (just some directory
removals) except in the case of update/ which still contains leap 15.2
update packages. These were apparently missed in the initial opensuse
cleaup.

After this lands we should end up with a largely empty volume.

Change-Id: Ic854fcecd1a0fabc388640a33da7e4e1f9ec07c0
2024-03-18 15:46:28 -07:00
Zuul 772cd8e2ad Merge "Stop mirroring CentOS 7 packages" 2024-03-18 16:21:22 +00:00
Zuul 03a7ed5c92 Merge "Clarify testinfra socket name for keycloak rdbms" 2024-03-18 16:21:19 +00:00
Zuul bbc8116886 Merge "Add backups for the new Keycloak server" 2024-03-18 16:21:16 +00:00
Clark Boylan 6df6c6507f Stop mirroring CentOS 7 packages
We have removed CentOS 7 from nodepool now we can stop mirroring
pacakges for it. This deletes official CentOS 7 package mirror content
and OBS packages mirrored by the OpenSUSE mirror script for CentOS 7.

A followup change will remove the OpenSUSE mirroring entirely as this
was the last thing it was used for.

Change-Id: I484651b0845eaab933e98106684e0a2a6215b3d7
2024-03-15 15:30:46 -07:00
Jeremy Stanley 68af2b31d4 Deduplicate Rackspace control plane API keys
The clouds.yaml and rackdns config files do not need to use two
different Ansible vars to refer to the same credentials. Note that
the forward DNS account is separate, and so we still keep those
intact.

Change-Id: I9dd657f357d32083f2cfd7f074ba0d122ca803c3
2024-03-12 19:17:09 +00:00
Jeremy Stanley 40dddea014 Clean up unused Rackspace password test values
These are no longer needed since we've switched to API keys.

Change-Id: I06aeef0d6ae5f70faab0147dfb591e8d9e53740e
2024-03-07 19:11:16 +00:00
James E. Blair cf73eda44f Switch rackspace clouds to api key auth
After this merges, the temporary credential set opendevci_rax_*
and opendevzuul_rax_* can be removed from hostvars.

Depends-On: https://review.opendev.org/911163
Change-Id: I2e9067aa2f11100d311c86beb4df5bf15c72db69
2024-03-07 09:05:12 -08:00
Jeremy Stanley 601e4a4a55 Transition to Rackspace API keys
Rackspace is requiring multi-factor authentication for all users
beginning 2024-03-26. Enabling MFA on our accounts will immediately
render password-based authentication inoperable for the API. In
preparation for this switch, add new cloud entries for the provider
which authenticate by API key so that we can test and move more
smoothly between the two while we work out any unanticipated kinks.

Change-Id: I787df458aa048ad80e246128085b252bb5888285
2024-03-05 19:31:09 +00:00
Clark Boylan 688dd78a08 Add more info to afs fileserver recovery docs
During the debian buster mirror cleanup we lost a volume backing afs on
afs01.dfw.openstack.org. Our existing docs gave us a good starting point
for recovery, but they could use more specifics. Add that info.

Change-Id: Ib334759314f0fd493e9b1bc8c06a8060ba8917ee
2024-03-04 13:48:25 -08:00
Clark Boylan 7ad66ad0cf Upgrade Refstack's MariaDB to 10.11
We are currently running MariaDB 10.4 for refstack. We use the
MARIADB_AUTO_UPGRADE flag to automatically upgrade the mariadb install
to 10.11 when switching the image version over to 10.11. This was
successfully performed against the lodgeit paste service.

Change-Id: I75262bc8eba3dd59d5869be9bf568fd66dc7f608
2024-03-04 13:27:20 -08:00
Clark Boylan 51b6478849 Update reprepro cleanup docs to cover dists/ and lists/ cleanup
This includes a few extra steps that are needed to more fully cleanup
reprepro mirrors when we drop distro releases from reprepro. Without
this we leave some vestiges of old releases behind which can be
confusing in the future when we think we have already cleaned this stuff
up.

Change-Id: I15032314c39279999fbd6be74e9d73b76843399c
2024-02-29 10:32:56 -08:00
Zuul cc8011fe14 Merge "Remove debian buster package mirrors" 2024-02-29 17:18:48 +00:00
Zuul 3cb82cc7ac Merge "Upgrade the lodgeit mariadb to 10.11" 2024-02-28 20:05:13 +00:00
Zuul a44a354e53 Merge "Upgrade gitea to 1.21.7" 2024-02-28 18:01:58 +00:00
Zuul c7940f5ca6 Merge "Exclude CentOS automotive SIGs repos from mirror synchronization" 2024-02-26 22:29:27 +00:00
Zuul 0616f00aa1 Merge "Update gerrit image to 3.8.4" 2024-02-26 22:15:28 +00:00
Zuul 134a1f9db1 Merge "Replace buster with bookworm in role integration testing" 2024-02-26 16:46:04 +00:00
Clark Boylan 31ea71655c Upgrade gitea to 1.21.7
This upgrades our gitea container image and, thus deployment, to version
1.21.7 from 1.21.5. There are no updates to the three template files we
override upstream according to git diff in the gitea repo.

A full changelog can be found here:

  https://github.com/go-gitea/gitea/blob/v1.21.7/CHANGELOG.md

Change-Id: I95d92f47085532275bf0f2508f9026e9394aebc7
2024-02-26 08:20:18 -08:00
Clark Boylan d720d58e70 Update gerrit image to 3.8.4
There is at least one Gerrit bugfix for an NPE that we should pick up by
this update. There are also improvements to the MINA SSHD server that
gerrit runs.

Full changelogs can be found here:
  https://www.gerritcodereview.com/3.8.html#384

Change-Id: Icba387496457c5a60fd914a6ee689104d3a52c1d
2024-02-26 08:17:52 -08:00
Alfredo Moralejo e70c0a0402 Exclude CentOS automotive SIGs repos from mirror synchronization
Those repos are produced by the Automotive SIG [1], are not used by
OpenStack and increase the size of the centos stream repositories
needlessly.

[1] https://sigs.centos.org/automotive/

Change-Id: I8a12956aa2079ce851ad0bb5ff60f49677f5b7d3
2024-02-26 13:42:18 +01:00
Clark Boylan 7136db339e Remove debian buster package mirrors
We have successfully removed debian buster from nodepool and zuul at
this point. The last major TODO in debian buster cleanup is to remove it
from our package mirrors. This change is the first step in making that
happen.

For step two we follow the manual process documented in our reprepro
docs [0] for cleaning up mirror components. We will need to perform
these actions against the debian, debian security, and ceph octopus
mirrors.

[0] https://docs.opendev.org/opendev/system-config/latest/reprepro.html#removing-components

Depends-On: https://review.opendev.org/c/openstack/project-config/+/910031
Change-Id: Ic1fc6a45cb7f644d7862312589254b6100e17222
2024-02-23 13:27:17 -08:00
Clark Boylan 9c299f82e8 Replace buster with bookworm in role integration testing
Buster is the old old release of debian having been succeeded by
bullseye and bookworm. Drop buster testing in preparation for buster
test environment removal and add bookworm.

Note the arm64 job is marked nonvoting because there is a bug building
openafs on bookworm. This same issue shows up in nixos [0], and I have
reported it to openafs via their IRC channel where someone is working to
correct the problem upstream. Hopefully we can get a fix backported into
the distro package.

[0] https://github.com/NixOS/nixpkgs/issues/284501

Change-Id: I5b7e2e0cabb5123c48d745e9e84df96130217683
2024-02-23 08:33:29 -08:00
Clark Boylan 8ec8ee66b7 Stop mirroring OpenSUSE Leap 15
This change updates the opensuse mirror script to stop mirroring
opensuse 15. However, we do not entirely remove the opensuse mirroring
script as it is currently mirring some centos 7 packages from OBS for
kolla. We will clean this up more fully when we remove centos 7.

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909776
Change-Id: I0c3546b79219180b796ca02fa8d82dba2316878a
2024-02-21 09:45:21 -08:00
Clark Boylan 7526de2410 Upgrade the lodgeit mariadb to 10.11
I have tested this upgrade on a held node going straight from 10.4 to
10.11 in one go. The resulting logs can be found in this paste [0].

The resulting backups of system tables are small enough that it seems
reasonable to keep those enabled (though they can be disabled). Also, we
can either land this change and let docker-compose do the upgrade for
us, or we can put the host in the emergency file, do the upgrade by
hand, then merge this change to reflect the new state of the world.
One advantage to doing this by hand is that we can manually run a db
backup with the service turned off to avoid any lost data between the
time the upgrade occurs and the time of our last backup should anything
go wrong.

In either case we should probably double check that db backups look good
in borg before proceeding. Comments on approach are very much welcome.

[0] https://paste.opendev.org/show/bWhZZH97IMLv44eeiWlB/

Change-Id: I1bfcaeb9b90838a80d002732215f45a14a158fed
2024-02-20 14:25:42 -08:00
Zuul 5b8dd8b96c Merge "Update etherpad to 1.9.7" 2024-02-16 17:04:49 +00:00
Zuul a219525621 Merge "Document adding Zuul WebUI admins" 2024-02-14 19:39:26 +00:00
Jeremy Stanley aa3f4d71b0 Document adding Zuul WebUI admins
Step-by-step process for adding your account to the zuul realm in
Keycloak, so that you can access the admin capabilities of our Zuul
WebUI.

Change-Id: I613e3b45316471df2054300a8b115da78debdcb2
2024-02-14 16:54:47 +00:00
Zuul 380f64ce07 Merge "Update Zuul auth config for new Keycloak images" 2024-02-13 20:11:06 +00:00
Zuul 352f0bbb45 Merge "Check launched server for x86-64-v2/sse4_2 support" 2024-02-13 19:17:25 +00:00
Jeremy Stanley 9ca359a843 Increase Jaeger start timeout to 300
Our deployment tasks wait for Jaeger to be listening on its network
socket, but storage-related delays and slowdowns can sometimes cause
it to take longer than the 120 seconds we budgeted. Increase this to
300 seconds so we can be sure we've given it plenty of time to sort
that out.

Change-Id: I4eaffe2d00fca8b9c10ed9235583fca671413dab
2024-02-12 22:45:39 +00:00
Zuul 17bc1edf3f Merge "Document gerrit comment deletion procedure" 2024-02-11 22:59:51 +00:00
Jeremy Stanley 0d34d9678b Clarify testinfra socket name for keycloak rdbms
Trivial cleanup of some variable name copy-paste I overlooked,
making the source code for the test clearer.

Change-Id: I5a15e0733b3cf2ceb26f46a2f3d9a9f059d4f702
2024-02-09 17:35:03 +00:00
Jeremy Stanley f1ad3c5198 Add backups for the new Keycloak server
We should really be backing this up before it begins to get used by
additional services. Also, since our newer deployment uses a
separate RDBMS, back that up safely.

Change-Id: I4510dd05204f4b0f450d1925ed7be148d7d73e6e
2024-02-09 17:35:02 +00:00
Jeremy Stanley 38e2a00a5b Update Zuul auth config for new Keycloak images
The newer Quarkus-based Keycloak container images no longer include
an "auth/" prefix to all the URL paths by default. Rather than alter
the Keycloak deployment, switch Zuul configuration to use the new
default instead.

Change-Id: I9f7f52e80c39c8bd41c728bf9e2b38dcece29978
2024-02-09 17:34:21 +00:00
Jeremy Stanley e9f2a1b979 Inventory entry for another new Keycloak server
This is a new server for our Keycloak service. The previous one is
also removed by this change, since it did not have the correct CPU
flags to run the latest Keycloak container images. The problem which
necessitated this rebuild is addressed by an additional check to our
launch script in Ib0f482a939f94e801c82f3583e0a58dc4ca1f35c.

Depends-On: https://review.opendev.org/908608
Change-Id: I4a4a8cb629cbda430a113d61689c9d8ec15408b5
2024-02-09 17:34:20 +00:00
Jeremy Stanley b44cae0233 Check launched server for x86-64-v2/sse4_2 support
The "UBI" that the latest Keycloak images are based on has a glibc
compiled to only work on x86-64-v2 systems, and in some regions we
seem to sometimes get hypervisors reporting older processor
architectures where it won't work. Check CPU flags for sse4_2
support as an indicator, and abort launching if it's not present.

Change-Id: Ib0f482a939f94e801c82f3583e0a58dc4ca1f35c
2024-02-08 18:42:20 +00:00
Zuul 1bd482e062 Merge "Add inventory entry for new Keycloak server" 2024-02-08 15:09:53 +00:00
Zuul 606229382f Merge "Upgrade to Keycloak 23.0" 2024-02-08 15:09:50 +00:00
Zuul 362b419338 Merge "Use centos hosted mirror to sync CentOS content" 2024-02-07 22:35:31 +00:00