Commit Graph

1015 Commits

Author SHA1 Message Date
Clark Boylan e2df5a8b47 Add docs for linaro cloud cert renewal process
These docs had lived on the server in question in a text file as they
were sort of cobbled together from emails. Since then multiple renewals
have been successfully performed so we may as well add the process to
our actual documentation.

Change-Id: I13267ad08c1e4ef6007e5cbea040c274ea2f27d5
2024-03-26 10:33:58 -07:00
Clark Boylan 688dd78a08 Add more info to afs fileserver recovery docs
During the debian buster mirror cleanup we lost a volume backing afs on
afs01.dfw.openstack.org. Our existing docs gave us a good starting point
for recovery, but they could use more specifics. Add that info.

Change-Id: Ib334759314f0fd493e9b1bc8c06a8060ba8917ee
2024-03-04 13:48:25 -08:00
Clark Boylan 51b6478849 Update reprepro cleanup docs to cover dists/ and lists/ cleanup
This includes a few extra steps that are needed to more fully cleanup
reprepro mirrors when we drop distro releases from reprepro. Without
this we leave some vestiges of old releases behind which can be
confusing in the future when we think we have already cleaned this stuff
up.

Change-Id: I15032314c39279999fbd6be74e9d73b76843399c
2024-02-29 10:32:56 -08:00
Jeremy Stanley aa3f4d71b0 Document adding Zuul WebUI admins
Step-by-step process for adding your account to the zuul realm in
Keycloak, so that you can access the admin capabilities of our Zuul
WebUI.

Change-Id: I613e3b45316471df2054300a8b115da78debdcb2
2024-02-14 16:54:47 +00:00
Zuul 17bc1edf3f Merge "Document gerrit comment deletion procedure" 2024-02-11 22:59:51 +00:00
James E. Blair 19fd812c7a Document gerrit comment deletion procedure
Change-Id: Iedc9446ea12415c8f9ba49b7f8390442045762fa
2024-02-07 10:57:23 -08:00
Jeremy Stanley f477e35561 Upgrade to Keycloak 23.0
This includes a switch from the "legacy" style Wildfly-based image
to a new setup using Quarkus.

Because Keycloak maintainers consider H2 databases as a test/dev
only option, there are no good migration and upgrade paths short of
export/import data. Go ahead and change our deployment model to rely
on a proper RDBMS, run locally from a container on the same server.

Change-Id: I01f8045563e9f6db6168b92c5a868b8095c0d97b
2024-02-06 05:33:37 +00:00
Clark Boylan 5c02d66231 Document gerrit openid login failure debugging
This tries to cover a few common cases of Gerrit login failures.
Breadcrumbs for the future to make potential debugging easier.

Change-Id: If935601d4b102d41c186e43bf4c4b77054e48bba
2024-01-24 09:30:20 -08:00
Jeremy Stanley 73f0a5336a Merge production and test node mailman configs
Now that the Mailman v3 migration is complete, we no longer need any
divergence between the lists01 (production) and lists99 (test node)
host vars, so put everything into the group vars file instead.

Change-Id: If92943694e95ef261fbd254eff65a51d8d3f7ce5
2023-10-30 19:26:03 +00:00
Jeremy Stanley cab53d10ac Remove the old mailing list server
Clean up references to lists.openstack.org other than as a virtual
host on the new lists01.opendev.org Mailman v3 server. Update a few
stale references to the old openstack-infra mailing list (and
accompanying stale references to the OpenStack Foundation and
OpenStack Infra team). Update our mailing list service documentation
to reflect the new system rather than the old one. Once this change
merges, we can create an archival image of the old server and delete
it (as well as removing it from our emergency skip list for
Ansible).

Side note, the lists.openstack.org server will be 11.5 years old on
November 1, created 2012-05-01 21:14:53 UTC. Farewell, old friend!

Change-Id: I54eddbaaddc7c88bdea8a1dbc88f27108c223239
2023-10-20 18:10:08 +00:00
Jeremy Stanley d3224e71b4 Enable receive.rejectImplicitMerges for Gerrit
Document our intent to enforce the rejectImplicitMerges option for
receipt of changes, in order to avoid silently merging the target
branch to include the change's history from another branch where
those commits are already present.

Change-Id: I7478825ed58c5a4e7cf29d06a770e70c7b5a7759
2023-06-05 22:16:19 +00:00
Clark Boylan a80956e592 Revert "Pull grafyaml from quay.io"
This reverts commit f4d4714cee.

OpenDev is moving back to docker.io to preserve speculative container
image testing.

Depends-On: https://review.opendev.org/c/opendev/grafyaml/+/884291
Change-Id: I6342a19e28d4e3a3f9130c16668d0f4ba2ed7329
2023-05-24 13:52:43 -07:00
Tony Breeds a06d1281c4 [docs] Use RST url link syntax to improve layout
The URL for upstream's RT is quite long which makes then causes the
rendering to look
k
i
n
d
a strange[1,2]

Snip the URL but preserve the full URL as a hyperlink

[1] https://docs.opendev.org/opendev/system-config/latest/afs.html
[2] https://pasteboard.co/Joxai7GgRoLG.png

Change-Id: I2cd52c376e4935efed8f22779ae1722768bb8a6c
2023-05-19 12:38:24 +10:00
Clark Boylan f4d4714cee Pull grafyaml from quay.io
The grafyaml image location has moved to quay.io. This change ensures we
are pulling it from the new correct location.

Depends-On: https://review.opendev.org/c/opendev/grafyaml/+/882493
Change-Id: Iee30e90c9b2ab43db8e98bbd0c3207edf00ba479
2023-05-10 20:27:15 +00:00
Zuul 13f167a46a Merge "Remove old DNS servers" 2023-04-30 22:29:26 +00:00
Ian Wienand 436f956140
Remove old DNS servers
Remove adns1/ns1/ns2 which are no longer in use.  Switch the primary
master to adns02; the secondaries ns03/ns04 will now update from
there.

Change-Id: I700a514dd2b72b2632e8d0668251f52907008d44
Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/880709
2023-04-28 12:03:30 +10:00
Zuul 16831ca5d9 Merge "doc/nodepool: update vhd-util docs" 2023-04-28 00:33:47 +00:00
Zuul 35d4bc9b81 Merge "reprepro doc: mention contents.cache.db" 2023-04-28 00:32:56 +00:00
Zuul 4a101da52a Merge "Refactor adns variables" 2023-04-13 02:31:48 +00:00
Clark Boylan ed1c7c94a3 Make etherpad configuration more generic for multiple hosts
This switches us to running the services against the etherpad group. We
also define vars in a group_vars file rather than a host specific
file. This allows us to switch testing over to etherpad99 to decouple it
from our production hostnames.

A followup change will add a new etherpad production server that will be
deployed alongside the existing one. This refactor makes that a bit
simpler.

Change-Id: I838ad31eb74a3abfd02bbfa77c9c2d007d57a3d4
2023-04-05 08:36:27 -07:00
lotorev vitaly 1d1709b3a1 Fix typos in doc/source/open-infrastructure.rst
Change-Id: Ic888880741fc4095ef53843a2d483c06d6101a82
2023-03-23 20:12:21 +00:00
Ian Wienand b0d27692de
Refactor adns variables
Firstly, my understanding of "adns" is that it's short for
authoritative-dns; i.e. things related to our main non-recursive DNS
servers for the zones we manage.  The "a" is useful to distinguish
this from any sort of other dns services we might run for CI, etc.

The way we do this is with a "hidden" server that applies updates from
config management, which then notifies secondary public servers which
do a zone transfer from the primary.  They're all "authoritative" in
the sense they're not for general recursive queries.

As mentioned in Ibd8063e92ad7ff9ee683dcc7dfcc115a0b19dcaa, we
currently have 3 groups

 adns : the hidden primary bind server
 ns : the secondary public authoratitive servers
 dns : both of the above

This proposes a refactor into the following 3 groups

 adns-primary : hidden primary bind server
 adns-secondary : the secondary public authoritative servers
 adns : both of the above

This is meant to be a no-op; I just feel like this makes it a bit
clearer as to the "lay of the land" with these servers.  It will need
some considering of the hiera variables on bridge if we merge.

Change-Id: I9ffef52f27bd23ceeec07fe0f45f9fee08b5559a
2023-03-10 09:36:01 +11:00
Clark Boylan 64957e9e0d Fix boolean operator in submittableIf rules
Gerrit 3.6 and older do not support 'and' as a boolean operator. They
only support 'AND'. For maximum compatibility (we are running 3.6.4
currently) convert 'and' to 'AND' in Gerrit submittableIf rules.

Change-Id: Iac5e2cda4a245f99e98a1354ad4107da07e1f60d
2023-03-09 08:33:22 -08:00
Ian Wienand b37ec6632a
doc/gerrit : update to submit-requirements
Update the MaxWithBlock function in the default labels to a new-format
submit-requirement.

Change-Id: I9887c4949fe375db0397bf273820e57a9d539749
2023-03-08 10:24:54 +11:00
Ian Wienand 22506e5682
doc/gerrit : update copyCondition
Update the deprecated copy flags to copyCondition in the boostrap
documentation.

The verified and workflow labels don't ever copy their approvals, so
it is really only code-review.

Change-Id: I3563a7a394ae7d96af9e27b10dc18ba5c459ba82
2023-03-07 10:21:43 +11:00
Clark Boylan 11e89d4be9 Remove gitea08 from haproxy
We have added gitea09 to haproxy which allows us to remove one of the
old servers. Remove gitea08 since gitea01 is the host that gets backups
currently.

Note that this only removes gitea08 from haproxy and does not remove it
from gerrit replication or our inventory. We need to do this in a
multistep process to avoid a situation where gitea08 is still serving
requests but not receiving updates from Gerrit. Next step will be to
disable replication. Then we can remove it from inventory and finally
delete it altogether.

Change-Id: I26f368936819a41a7369d2d116e04151301ee0e2
2023-03-02 08:53:50 -08:00
Zuul 387302645a Merge "mirror-update: make jobs interactive by default" 2023-01-17 19:27:20 +00:00
Ian Wienand 67c32f5f0d
doc/nodepool: update vhd-util docs
Update the docs on the package generation for the automated building
we have implemented.

Change-Id: I60816ab8686cc32b3767fc13295b95ed42e02483
2023-01-10 15:12:55 +11:00
Ian Wienand 8b42a38df2
Add nb04.opendev.org
This is a replacement ARM64 builder for nb03.  Add basic config

Change-Id: I42889d3acfb269687dcc9731c04c8eae9ace2cfa
2023-01-10 15:07:45 +11:00
Clark Boylan 2e961b1af0 Cleanup force merging docs
At some point we shifted from doing this task using the web UI to
primarily using ssh only admin accounts. The docs ended up in a slightly
confusing place with steps that only make sense when you interact with
the web UI. Update the force merge docs to assume ssh only which is far
more aligned with our admin account expectations.

Change-Id: Ia99afe7ee10927765733891f72bd428e52fa2225
2022-11-16 14:50:11 -08:00
James E. Blair 11516e0e4b Make zk-ca role more generic
This renames zk-ca to opendev-ca and allows us to operate more than
one ca on bridge.  This way we can keep the CAs for ZooKeeper and
Jaeger distinct (so that a compromise of the jaeger server could not
be used to access the ZooKeeper cluster).

This also starts a new jaeger-ca and uses it on the Jaeger server.

Change-Id: I4e5bc4e3ccd78284ce785c971f7e6ad6e721f887
2022-09-22 15:05:32 -07:00
James E. Blair c661fb0972 Add Jaeger tracing server
Change-Id: I1aa68b1d5f99364fa09776301894b922ed169a3a
2022-09-15 19:21:33 -07:00
Ian Wienand 96059d52bb
reprepro doc: mention contents.cache.db
Today we found a corrupt contents.cache.db; after investigation we
found that it is regenerated by the export command.  This makes a note
of that for future reference.

Change-Id: Ib6d698651b9d4c84d0704b79a6ee58d009c89854
2022-09-14 11:29:37 +10:00
Ian Wienand a6ece2cacc
mirror-update: make jobs interactive by default
If you are running these jobs by hand you are doing something that
will be expected to take a long time (initial sync, recovery, etc.).
Make these scripts assume interactivity and default to *not* running
under timeout -- it's too easy to forget NO_TIMEOUT when running
manually and having the job killed.

We already have an UNDER_CRON variable set so that we only send stats
when running ... under cron.  Reuse this here for the timeout flag.

Change-Id: Ic2d2f39bb18d247c853284512fe0dc37485c00a4
2022-09-14 08:22:14 +10:00
Clark Boylan d435c9fd01 Update example zuul config to remove deprecated syntax
The zuul pipeline reporter for merge-failure has been renamed to
merge-conflict. The old name has been depreacted and will be removed in
a future release. Update our examples to match Zuul's current
expectations.

Change-Id: I1f9effa311163d942171e35ba65fafa25245e9d2
2022-09-02 09:23:15 -07:00
James E. Blair 1ff685488e Combine / reconcile two force-merge docs
The force-merge procedure was documented twice, neither one complete.
Combine them.

Change-Id: If4350a0a90d455b64227befde2f1be7475ac8120
2022-07-28 07:57:21 -07:00
Zuul d46e4c2308 Merge "gerrit docs: add note that duplicate user may have email addresses to remove" 2022-06-24 06:03:33 +00:00
Zuul 2599cdccb8 Merge "gerrit docs: cleanup and use shell-session" 2022-06-24 05:56:55 +00:00
Ian Wienand 4f3be693e5 gerrit docs: add note that duplicate user may have email addresses to remove
Change-Id: I54e935704d38dd60cdf75415dd8c61b06cae7b11
2022-06-24 15:37:54 +10:00
Ian Wienand 3a09bf7e8a gerrit docs: cleanup and use shell-session
A few formatting fixes

* try to more consistently use shell-session formatting for shell
  sessions (makes it easier to copy-paste).
* fix up and use more `` around verbatim/code things.

Fixes:

 * Gerrit Configuration : there's no db to set the ICLA fields in now,
   remove
 * Duplicate Accounts : add required arg "origin" to git fetch command
 * Deactivating account : can not delete comments via sql query,
   remove

Change-Id: Ia481750aa59fc88bef5c00bb0fd9e6f9e23b2777
2022-06-24 15:37:52 +10:00
Jeremy Stanley 121cc0e452 Add description to IRC channel reg example
OFTC's chanserv requires a channel description be provided when
registering it. Update the example in our documentation to reflect
that.

Change-Id: Iee61b8176b2b801b4843530e7570bad5000fe76e
2022-06-16 14:54:32 +00:00
Jeremy Stanley 40caa4eec6 third-party CI: reminder to keep address current
Now that we're retiring the third-party-ci-announce mailing list,
which we never really used consistently anyway, just tell
third-party CI operators to make sure the E-mail address on their
account is current and reachable.

Change-Id: I6186149de25b06f2982702143a807de8bb01be73
2022-05-02 23:14:12 +00:00
Jeremy Stanley 1f1443a2c8 Clean up defunct OpenStack mailing lists
In preparation for retiring a number of mailing lists from
lists.openstack.org which have had no activity for over three years,
remove their configuration so our deployment automation won't
recreate them once they're gone. Also remove references to the
third-part-announce list in our documentation, since that's one of
the unused lists we're removing. See the announcement at
http://lists.openstack.org/pipermail/openstack-discuss/2022-February/027404.html
for details.

Change-Id: Ieedd8613363039d19d3ae47f1a83a38747419bdc
2022-04-29 18:27:22 +00:00
Jeremy Stanley d185aedd7d Decommission status.openstack.org and services
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.

Also roll some related cleanup into this for the already retired
puppet-kibana module.

Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
2022-04-29 16:34:51 +00:00
Zuul 7b09f7baab Merge "Remove configuration management for ELK stack" 2022-04-22 16:04:22 +00:00
Zuul 4e8d344e67 Merge "Remove config management for subunit2sql workers" 2022-04-18 19:00:40 +00:00
Clark Boylan 4279e20293 Remove configuration management for ELK stack
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.

This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.

Note a follow-up will clean up elastic-recheck which runs on the status
server.

Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
2022-04-18 10:04:06 -07:00
Clark Boylan a5f06418b6 Remove config management for subunit2sql workers
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.

Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
2022-04-18 10:01:57 -07:00
Zuul 7675cbd390 Merge "Retire opendev/puppet-openstack_health: remove from system-config" 2022-04-18 15:55:10 +00:00
Jeremy Stanley 15e07d8a37 Fix a trivial typo for repo renaming playbook path
Change-Id: I3cb5c42df9cc4e9c308da592353b7867391211a3
2022-04-15 14:49:00 +00:00