We previously had two manually issued certs (one each for opendev.org
and openstack.org) but now have a single cert with all the appropriate
names in it automatically issued by LE. Use this new cert before the old
one expires.
Change-Id: I635d2bfd820fe138ee951833dd66f157b2b7c097
The current version wil now skip performing expensive operations
on unknown refs, so it is safe to push refs/notes and refs/changes
to gitea.
Change-Id: I8f08f3341e0ff603f8579870bd862b5fd6c5a9c1
We used to replicate refs to the git farm, but we stopped doing that
with gitea. Therefore, download links for patches must be served
from gerrit itself now. We could remove this option (this is the
default), but I've left it to remind us about it in case we start
replicating again in the future.
Change-Id: I0b537afbcac17ae28a63bd2ef01102eb00b5f315
This is part of the opendev git hosting transition. We do this on
review.opendev.org/review.openstack.org and not files.openstack.org so
that ssh connections continue to work. This will need to be applied
during the maintenance window.
This also updates the canonical urls and logo.
Change-Id: I5bf4dcd6835e379fcdd2d55393c5a844578074a9
This enables automatic reload of the replication configuration for
review.
Depends-On: https://review.openstack.org/650049
Change-Id: I6f43e2e234a452a860fb669124589120476acb18
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I6c126f7e724249741403a87733f546c1642f7f25
We discovered that gitea doesn't like to be run in a shared everything
configuration. Upstream is working to solve those issues but until they
do we'll run 8 independent gitea servers intead of one shared cluster
for "production". The shared cluster remains for testing so we rename
its replication target then add eight new targets for the standalone
servers.
Note that this uses the full ssh:// url format so that we can set the
non standard ssh port. This was tested on review-dev against the github
replica there. Docs can be found at:
https://git-scm.com/docs/git-push#URLS
Change-Id: I372627d7fa4240b8d34a9067a2e16dda2b6fdb07
Story: 2004627
Task: 29704
Note that we will need to manually delete the .bcp*.backup jar files in
/home/gerrit2/review_site/lib before merging this change. If we don't do
that then the gerrit init step will fail.
This has been tested on review-dev.openstack.org. Please kick the tires
on that server prior to ok'ing this change.
Change-Id: Ia404366a3fef919a406c918c36f241ed3f5d5e74
The refs/changes for repos are a bit expensive size-wise on the
cephfs as the moment (which may be better in the next ceph release)
Aslo, gitea doesn't really know how to handle the refs/changes refs.
For now, only replicate branches and tags.
While we're making settings, bump the thread count up so that we're
replicating a bit more in parallel, and update the gitea POC ip
address.
Change-Id: I2ca2834357c6795dc1dfd63c2e39272f51717f76
Depends-On: https://review.openstack.org/629658
Replicate to the POC gitea site, so we can see what it will look
like fully propogated. This may not function at some times,
but gerrit will handle that gracefully.
Change-Id: Idc6bffaf24deecf4fc69c05a709725d3cf89766c
Add a commentlink entry which matches task footers in commit
messages and links them to the corresponding task URL on storyboard.
This has already been tested on review-dev, and seems to work
without breaking the separate its-storyboard entry which handles
task updating automation.
Change-Id: I8e69fa7e5dfdef5ea9c05fa457c4ee08c624d005
The current amount of backslashes is not good enough for gerrit, and it
rejects the config file. Probably related to futureparser? In any case,
we need doubled-backslashes in the generated file, so 4 backslashes does
the right thing in the puppet.
Change-Id: I950b8efbcb876b2d1309f1117626a41ef22025b0
As we start doing things like opendev, we should be able to add
additional prefixes in gerrit without replicating them to github - or
causing gerrit to just spawn errors.
Change-Id: I9bca81df9d9600c4ccb1550039f488c6eb552abd
We need to explicitly set the $canonicalweburl and $vhost_name
parameters for the ::gerrit class when instantiating it in
openstack_project::review so that it gets passed through correctly
overriding the $fqdn default, now that we're using
ordinally-numbered hosts with a CNAME for this service.
Change-Id: I6d12c6e6a1bd90e40042124a801c1439f283d7fd
Configure the its-storyboard Gerrit plugin to leave comments with
hyperlinks on stories mentioned in a change's commit message footer
whenever that change gets a new patchset, or is abandoned or merged.
This now must be explicitly configured for the version of the plugin
used with newer Gerrit (circa 2.13).
Change-Id: I14dea61a906c4b267145dce6911a10d8075b4ba9
The commentlink for noop jobs of zuulv3 is not working properly.
So we add a commentlink match for noop jobs.
Change-Id: Ic9f5812d1fc666e718bd478c5a361ed5ad18a0a7
Depends-On: https://review.openstack.org/#/c/559634/
Signed-off-by: tom-shan <swt0008411@gmail.com>
This will allow us to bootstrap a server with gerrit users, then
attach the volumes with hold the git repos for gerrit, then we can
remove this flag and properly puppet the rest of the server.
We also create a 2nd node in site.pp as we need both server to be
online for about 2 weeks, this is to give users enough time to make
firewall changes if needed for the new IP address
Related-to: I9159c941ece4f6928204601b9933d7a953baa2dd
Change-Id: I88826298818a690d4c98b60a9fbf444fba48cef6
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Remove the sources.list
From review.pp, don't set java_home. The puppet-gerrit module figures
it out automatically.
For review-dev.pp, it seems java paths are used to import keys for
storyboard. Add matching logic for that.
Remove precise only workaround in status.o.o
[1] https://git.openstack.org/cgit/openstack-infra/puppet-gerrit/tree/manifests/init.pp#n274
Change-Id: I31c9196a32febf4760b897a3110150fcd581e173
Migrate backups to new backup01.ord.rax.ci.openstack.org
We decided to start fresh backups on the new server, so this is ready
to go. I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).
Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
It ran up against the 30g limit within a couple of hours after
the 2.13 upgrade. Give it more headroom to hopefully let it
function longer.
Change-Id: I41fb5929c99b82858f7dac28d89497db332bdbd8
This change can't quite do the upgrade itself unfortunately. Instead the
upgrade should be performed as described at
https://etherpad.openstack.org/p/gerrit-2.13.-upgrade-steps then this
change should be merged before puppet is reenabled on that node. This
ensures that puppet wants to see the post upgrade state preventing it
from undoing anything.
Change-Id: Ide9e89542ae4203d70b5480475993d79259a3840
As part of the "Gerrit ContactStore Removal" specification, now that
owners.py is checking foundation membership when generating voter
rolls it's fine for us to stop using requireContactInformation on
the ICLA and rip out our accompanying configuration.
Note that this should not be merged until the All-Projects config on
review.openstack.org and review-dev.openstack.org has been manually
adjusted to remove the "requireContactInformation = true" line from
the [contributor-agreement "ICLA"] section therein. Further, this
must be done by pushing the necessary edit directly into
refs/meta/config as there is no WebUI control nor API method to
alter contributor-agreement options.
Change-Id: I8c39a6bf43f5b12db3e8aab18bedbf7e1a0f0b7e
Story: #2001094
Task: #4867
Setup known_hosts file on review.o.o and review-dev.o.o so that
known services connecting to it won't be blocked.
Change-Id: If0b082867df73322a9115b94ea5be18d0631acc0
depends-on: I0bb6638f5362696cd9a9a7401cb2e96ab69eea06
To handle ever increasing volumes of HTTP traffic, quadruple the
httpd.minThreads and httpd.maxThreads values from their defaults.
Also raise database.poolLimit by the same amount httpd.maxThreads is
raised to provide an equivalent amount of breathing room there.
Change-Id: I7e0a2d462292266c2e71f3be71af1b3a00a221e0
Refactor and rename our Launchpad "sync" credentials (they haven't
been used to synchronize group membership from LP to Gerrit for
nearly 4 years now) which currently perform bug updates for
new/merged changes, so that they can be reused in the future to
update bugs as a part of release automation jobs.
Change-Id: Icd08dffef88fc8e99683d991ac6ac88b93bcb3e6
Now that we're running with a backport of
https://gerrit-review.googlesource.com/80320 from upstream, the
hyperlinks in comments include a rel="nofollow" parameter. Our
regular expression for these entries needs to take that into
account.
Change-Id: Ifb525a4c60bee26bad511ce46f2fd43e4c840202
This upgrade does not require a reindex. It will pull in the following
changes:
351418 Add an optional flag to force an online reindex
277538 Append submitted info to the change REST endpoint.
267927 Remove required access permission to list account emails
340157 Update Google gson library to 2.3.1
345540 Add rel=nofollow parameter to links in comments
311903 Use maven repos for bouncy castle resources
260324 Add syntax highlighting support for puppet
Change-Id: I1c2e0884ed9ded757c9e001d27b54349afdf5670
The change-restored event isn't getting process by the its-storyboard
plugin due to spaces in the config string. This is a bug in plugin
and should be fixed. Until then this change is a workaround so that the
change-restored event will get processed.
Change-Id: Ic4489d029ce8409520f16c23a676125c7b3ab164
Install Gerrit its-storyboard plugin[1] to support integration between
gerrit and storyboard. Install the plugin from tarballs.o.o[2] to
review.o.o.
Additional requirement for this change to take effect:
1. A parameter needs to be set to enable its-storyboard plugin. This
is a per project setting in refs/meta/config (project.config file)
If we want to enable for all project then set this param in
All-Projects:
[plugin "its-storyboard"]
enabled = true
[1] https://gerrit.googlesource.com/plugins/its-storyboard
[2] http://tarballs.openstack.org/ci/gerrit/plugins/its-storyboard
Change-Id: Iae0762f86c1d90902f9ad77ce47e967008a46885
Add configurations for the its-storyboard plugin:
1. Move java_home variable to a higher level module so it can be used
to install certificate on review-dev.o.o
2. Configure its-storyboard for review.o.o and review-dev.o.o
3. Associate review.o.o with storyboard.o.o and review-dev.o.o with
storyboard-dev.o.o
4. Import ssl certificate to java on review-dev.o.o so that the plugin
can POST updates to storyboard-dev.o.o using storyboard REST APIs.
5. Configure rules (or conditions) telling its-plugin to update
storyboard tasks status on specific gerrit change updates.
Gerrit change to storyboard task transition mapping:
change abandoned -> SB task set to 'todo'
change createed or change restored -> SB task set to 'review'
change merged -> SB task set to 'merged'
Change-Id: Id6ec16e267fca5fbbc42b1d3547fc5d2fa4c671b
depends-on: I9f47a2ed88ffbe827e494a478c0dc89a08bbe370
depends-on: I5e817fab8a8973b688fd44dd819e3616df171321
Refactor the commentlinks to allow review.o.o and review-dev.o.o to
define seperate comment links. We essentially want to point
review.o.o story links to storyboard.o.o and review-dev.o.o links to
storyboard-dev.o.o
Change-Id: I70e5791a76ca97756613c393e598978ec13c8271
Configure Gerrit's download plugin to show all available
protocol to our openstack repos in the downloads list.
We support ssh, anonymous http, and anonymous git. Set to
not show http because it duplicates anon_http due to
change I24946f5feea
Depends-on: Ia6a3a28cce62b6bd1570fd0ab5b1224fc35d8284
Change-Id: I6d34e75da71186ca4744525fd1143e75b4394a18
Openstack supports the git protocol (git://git.openstack.org/)
for accessing our repros[1]. The anoymous git download command
on the Gerrit change screen points to review.o.o We prefer it
to point to the cgit servers because those are faster and
there are many more of them.
[1] https://git.openstack.org/cgit/openstack-infra/system-config
Change-Id: I7989769b3e702c9f924b76e862e775d5717fb529
Depends-on: I5bd57d91b4d4a685328efe4d589a191debaa0fe5
The http download command on the Gerrit change screen points to
review.o.o We prefer it to point to the replicated repos because
those are faster and there are many more of them.
Depends-on: I4fa1cc7b1f0b717c35dc4eccedb635c9f3680c26
Change-Id: I24946f5feeae11b6659982d79f119d84335cc237
Remove the workaround for a bug in Gerrit versions older than 2.5 where
the http.maxWait value was sent to a method expecting the integer to
representing milliseconds without first correctly converting the default
time.
Gerrit's 2.5 release notes specifically note this bug was fixed.
Change-Id: Ic697fd1f5bcf0c7186ac5a9a2201edf88717ae80
Monty Taylor