Once we are happy with the newly provisioned LE cert for storyboard we
can land this change to swap apache2 over to it.
Change-Id: Ib77ce8c0b6927a85f09b857ca67ad56059898a84
All hosts are now running thier backups via borg to servers in
vexxhost and rax.ord.
For reference, the servers being backed up at this time are:
borg-ask01
borg-ethercalc02
borg-etherpad01
borg-gitea01
borg-lists
borg-review-dev01
borg-review01
borg-storyboard01
borg-translate01
borg-wiki-update-test
borg-zuul01
This removes the old bup backup hosts, the no-longer used ansible
roles for the bup backup server and client roles, and any remaining
bup related configuration.
For simplicity, we will remove any remaining bup cron jobs on the
above servers manually after this merges.
Change-Id: I32554ca857a81ae8a250ce082421a7ede460ea3c
Once the database move maintenance has been completed for the
StoryBoard servers, merge this change so that they switch from
backing up the old remote database to the new local one.
Change-Id: I95ace65737816e6019c5e3df65d88db3e5bd5fd8
In preparation to move the SB data out of Trove instances to a local
database, make sure the database is created via configuration
management. Make the mysql_backup resource require
storyboard::database instead of storyboard::application to work
around a package resource conflict.
A separate maintenance window will be used to move the data, coupled
with a change of database hostname in private Hiera. Following that,
a followup change will switch the database backups from remote to
local.
Change-Id: I912130ad8a5a139147727e49800e36e2afd815f7
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
In order to provide useful URLs in E-mail notifications, set the
default_url for the openstack_project::storyboard class.
Change-Id: I70cc33e73b3cff6855270d46e1dd40940221b0d1
Depends-On: https://review.openstack.org/555237
Migrate backups to new backup01.ord.rax.ci.openstack.org
We decided to start fresh backups on the new server, so this is ready
to go. I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).
Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
We'd like to enable additional superusers on the development
instance of StoryBoard, so make it a class parameter and copy the
production list to start out.
Change-Id: Ie6d59e23dba59c195eb58b949c623ac4be6bfa2d
Since we want to use different certificate and key file paths in
openstack_project::storyboard::dev we need to be able to default
them through openstack_project::storyboard, so set them from the
global site manifest instead of hard-coding them in the class.
Change-Id: Ifc92d78f081fc69d804c29033e96e1c94462213b
Configure routers and transports for storyboard based on
Mailman-style VERP addressing.
Messages accepted on the localhost interface with a sender address
matching "*-bounces@" (eg, "storyboard-bounces@storyboard.openstack.org"),
will be sent out with VERP addressing (eg
"storyboard-bounces+user=example.com@storyboard.openstack.org). This
way storyboard can perform bounce processing on messages it receives
back to that address.
Messages addressed to either "storyboard@", "storyboard-bounces@",
or "storyboard-bounces+user=example.com@" will be delivered to storyboard
by calling the '/path/to/storyboard inject $localpart' command.
Storyboard may then parse the message as appropriate.
Change-Id: I854006c19b22b233bae5017e4ad04c10a37e0adc
Depends-On: Id4f69580eb126d058ee699f4e7bfdb01cfc7409c
Moved $hostname and $cors_allowed_origins into the top
level module, so that they may be set on a per-host basis.
Change-Id: I9859c903d0075493d230e433d68e0471f019140a
StoryBoard now only permits a finite list of authorized oauth clients,
which are based on the domain host. This adds the necessary configuration
elements to the OpenStack StoryBoard manifest.
Change-Id: Ia7d34e9b80399ffa9e4229d6cc7035061c41dffc
Depends-on: I29495a0b640c3ca097cca8c17349df5cc42388de
In order to get the puppet module for storyboard up to a level where
we can publish it to puppetforge, I did some work on it to create
separate modules which can be used by anyone to install storyboard.
- API and Webclient are now installed via storyboard::application,
which assumes that you can provide the DB connection criteria.
- storyboard::cert is now a separate class, which accepts either
files or strings, which generates the SSL certificate and chain
files for storyboard.
- storyboard::params is our dependency checker.
- storyboard::init will install a standalone, entirely
self-contained instance of storyboard.
- Added various puppet module files necessary for eventual
deployment to puppetforge.
- Added README.md documentation for later puppetforge addition.
This patch also includes a new module: example42-puppi, which is a
series of convenience utilities useful for deployment. For example,
puppi::netinstall (used here) will fetch tarballs and zip files and
extract them into a provided directory. It also contains changes to
the storyboard configuration for the new refresh token support patch
in #94363
Change-Id: I6ab8c24b308df38774fc0694d218dcb5022cd899
There are actions, such as deleting projects, that should only be done
by superusers. For that to work, we need to have superusers.
Change-Id: I827446788ca53018a6d2c76eaf667b6fe4065f80
There are two major parts being installed with this module:
1. storyboard-api - REST API service served with
apache mod_wsgi module
2. storyboard-webclient - static html/css/js files.
This project is built and published to tarballs.o.o,
from where it'll be installed with this puppet module
This module requires three configs from Hiera:
* storyboard_db_host
* storyboard_db_password
* storyboard_db_user
Installed projects:
* http://git.openstack.org/cgit/openstack-infra/storyboard/
* http://git.openstack.org/cgit/openstack-infra/storyboard-webclient/
Things to be added in later commits:
* Documentation for ci.openstack.org
* Configure logging (once supported by storyboard)
* SSL
Change-Id: If3da06f8d20a6282036f1f9f063c25a6d0db60c6
Clark Boylan