Commit Graph

41 Commits

Author SHA1 Message Date
Jeremy Stanley 89c4fd9b3d Remove configuration management for wiki servers
We never finished puppeting the OpenStack wiki, and if we do manage
to get it under configuration management in the future it will
likely not use Puppet anyway. The dev server is already gone, and
deployment has been explicitly disabled for the other, so let's go
ahead and remove the references here and then we should be able to
retire the separate Puppet module we've been hosting.

Change-Id: I3f9ada3eb3d6f16545270135fab994ac460be94b
2022-02-14 22:32:18 +00:00
Ian Wienand 39ffc685d6 backups: remove all bup
All hosts are now running thier backups via borg to servers in
vexxhost and rax.ord.

For reference, the servers being backed up at this time are:

 borg-ask01
 borg-ethercalc02
 borg-etherpad01
 borg-gitea01
 borg-lists
 borg-review-dev01
 borg-review01
 borg-storyboard01
 borg-translate01
 borg-wiki-update-test
 borg-zuul01

This removes the old bup backup hosts, the no-longer used ansible
roles for the bup backup server and client roles, and any remaining
bup related configuration.

For simplicity, we will remove any remaining bup cron jobs on the
above servers manually after this merges.

Change-Id: I32554ca857a81ae8a250ce082421a7ede460ea3c
2021-02-16 16:00:28 +11:00
Zuul 46fe20acc7 Merge "Manage the favicon.ico file for the wiki" 2018-12-17 16:36:32 +00:00
Monty Taylor 15663daaf7 Add iptables role
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
2018-08-27 14:33:32 +00:00
Monty Taylor bab6fcad3c
Remove base.yaml things from openstack_project::server
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.

Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
2018-08-16 17:25:10 -05:00
Ian Wienand 60b89d662e Remove ci-backup-rs-ord.openstack.org
Migrate backups to new backup01.ord.rax.ci.openstack.org

We decided to start fresh backups on the new server, so this is ready
to go.  I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).

Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
2017-11-15 09:28:55 +11:00
Jeremy Stanley efe6e0e3af Manage the favicon.ico file for the wiki
Install a favicon.ico file on the wiki server, consistent with our
other sites, and instruct the mediawiki class to make use of it.

Change-Id: Icc04b2e3e228687b0df8a4c8ec3fddc3e2e36fcb
Depends-On: Iba36d169335b2b8ee278f3f4500893a1641e4b28
2017-02-28 17:57:12 +00:00
Jeremy Stanley b8fafd9f68 Conveniently link /root/.my.cnf on wiki servers
Since the mysql_backup::backup_remote class creates a
/root/.${name}_db.cnf file already, symlink root's .my.cnf to that
for more convenient `sudo -H mysql` operation on our wiki servers.

Change-Id: I0cda3c67926021ae468e711a5a8f3a4694dad735
2016-09-10 17:30:02 +00:00
Jeremy Stanley 62fc83c9a9 Disallow robots for wiki-dev site
We don't want old, stale copies of our production wiki content
showing up in search engines, so set the mediawiki module parameter
that disallows robots from indexing the site.

Change-Id: If8a2f2c2c00715ecce0ac1aa279f649ec84496a1
Depends-On: Ic62a72555315bd344db338809920a3605f17c8c6
2016-09-07 21:45:23 +00:00
Jeremy Stanley 6872478d81 Add a wiki-dev.o.o server to test newer mediawiki
The wiki-dev.openstack.org server will eventually be used to test
newer versions of Mediawiki and extensions/skins. To accommodate
this, also parameterize server backups so that they don't conflict
with production (and are in fact disabled entirely for the dev
site).

Change-Id: I6505d3af87f670e71a440c76873c085d97e5b82f
2016-08-30 03:05:07 +00:00
Jeremy Stanley f65cef27fe Use a host group for wiki.o.o
In keeping with our decision in Austin to start appending ordinal
suffixes to hostnames for new server instances, switch the node
definition for wiki.openstack.org to allow a new
wiki01.openstack.org to match. The production server has Puppet
temporarily disabled, and the FQDN hiera keys have already been
moved to a new "wiki" group file.

As a requirement for this work, also purge remaining "FQDNisms" from
the openstack_project::wiki class by making the site name a classvar
and removing redundant SSL filenames which now merely mirror the
defaults in the mediawiki module anyway.

Change-Id: I950cb68ecd34e82f0da6b10bf2b93fb2c349286f
2016-08-29 19:49:45 +00:00
Jeremy Stanley 33c6964bab Set wiki name and logo URL
Take advantage of new mediawiki class variables to set the site name
and custom logo URL.

Change-Id: I8f4726f7bc51393fa8d63008cf703e192ef7a15f
Depends-On: Ie005d5629623a14f4ebd8aef21294f222249232f
2016-08-24 21:56:18 +00:00
Jeremy Stanley 9bc75ed17b Set the Apache ServerAdmin on wiki.o.o from hiera
Our mediawiki module now allows setting the ServerAdmin in its
Apache vhost config as a class parameter. Fill it from hiera so that
people copying our global site manifest don't inadvertently
configure servers to list us as their webmaster.

Change-Id: I280d8fdf3f8c53d4a105b1739f7d0af83031d0b4
2016-08-22 19:57:46 +00:00
Jeremy Stanley f74bcccbb0 Switch wiki.o.o to recaptcha-nocaptcha
The newer recaptcha-nocaptcha implementation is a little better at
thwarting script-driven spammers and vandals, so switch to it for
wiki.openstack.org. Note: this is a catch-up patch for
implementation already in place in production.

Depends-On: I435484cd65a028d774dfd920ca19f3077d4e03fb
Change-Id: I9f9ba63399a8885e3694cef37ec987f223ff6dca
2016-08-20 16:33:16 +00:00
Jeremy Stanley b26db7249d Switch wiki.o.o to a remote database
For improved manageability, use a remote (Trove) database for the
Mediawiki instance on wiki.openstack.org. Note: this is a catch-up
patch for implementation already in place in production.

Change-Id: Id1affae0e319216f96c3fc7e9442e3ce8c051960
Depends-On: I26a03e2ce9a6bf8bcd6acbad9e8eaaa98e0f26ab
2016-08-20 16:33:13 +00:00
Jeremy Stanley 4dca9fde53 Setup ReCaptcha in Wiki to Prevent Spam
Plumb wg_recaptchapublickey and wg_recaptchaprivatekey variables
through from hiera into the mediawiki module for wiki.openstack.org.

Change-Id: I0f184c9bfa2bdaaca2478500d8f3b418c9bf77ae
Depends-On: Idfa2c01fb9d31f06643d6c82438c33db1ff33009
2016-07-14 19:34:44 +00:00
JP Maxwell 8a19127600 Adding ssh key for JP Maxwell to wiki.o.o
I, JP,  will help to identify the spam attack vectors, so this access
will allow me to directly edit the config file, adjust, add plugins and tail the log files to
determine what method to use to stop the spam which will then be rolled back
and submitted as an official patch.

Change-Id: Ieadd8e0e36ecd9f32bb29b5cb850968ab8cc9ae1
2016-06-14 14:06:05 -05:00
Jenkins c47d6191b1 Merge "wg_captchaquestions should be a hash for mediawiki" 2016-02-26 01:21:34 +00:00
Marton Kiss f43672e091 Add sshkey for mkiss to wiki.o.o
I will help to fix wiki issues.

Change-Id: I8dbedf54d15d1598b734bbd45dfde1e18b54017a
2016-02-25 17:30:02 +01:00
Paul Belanger e1451e25ab wg_captchaquestions should be a hash for mediawiki
Here we are updating our defaults to have hiera store our question /
answers for mediawiki captcha.

Change-Id: Iff0c326401ed9a4c3b40f8d43826603e599dc4a4
Depends-On: I102ff6991831901c578dab4107b0c23245da9d4b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-02-24 22:39:23 +00:00
Paul Belanger 6b69367cab Puppetize wiki.o.o settings
This should be a noop change, we are just moving the settings into
puppet.

Change-Id: Ic533a5fb125125e9791c40312318be79cbbe4826
Depends-On: I1ad6da353c25aed8976806f00cc39d6c3c93e7ae
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-02-24 12:13:23 -05:00
Colleen Murphy 9f74110cb6 Upgrade mysql module to 3.6.1
This patch upgrades the mysql module version as well as upgrading the
usage of that module in openstack_project. This includes:

 - upgrading the syntax to set the root password
 - no longer setting bind_address anywhere since it defaults to 127.0.0.1
 - upgrading the syntax to set the default storage engine using the new
   override_options param
 - upgrading the database and database_grant puppet resources to use the
   mysql_database and mysql_grant types. These types were renamed and
   are now more strict about how the title should look and what
   parameters need to be specified rather than inferred from the title.
   There is also no longer any reason to specify the 'mysql' provider
   since they gave up on the generic database provider idea.

Changes to the system that we can expect:

 - /etc/mysql/my.cnf will have its parameters reordered. The key_buffer
   config parameter was renamed to key_buffer_size and the log_error
   parameter was renamed to log-error. Default values haven't changed.
 - The change in /etc/mysql/my.conf will trigger a mysql restart
 - /root/.my.cnf now adds single quotes around the password value. This
   won't change how mysql or the module reads the value, but puppet
   will report the file as having changed.

This patch should not be merged until a downtime is prepared for the
paste and wiki services.

Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854
Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
2016-01-04 10:51:50 -08:00
Spencer Krum 9d4e875570 Refactor subversion module away
The subversion module was a trivial module, so rather than split
it out, just remove the indirection and have the wiki class
install the subversion package.

Change-Id: Ida58a545aba32bb6df65af677f4b4b93c0152851
2015-01-28 09:56:03 -08:00
Spencer Krum ff007f29a2 Removing openssl class
Didn't seem worth it to try to split this small of a module out.
I could be happy moving it into an openstack_project::openssl
class.

Change-Id: I36a27c5cddd2c4cbdd95cdcc015e54780fd441ae
2014-10-06 16:47:44 -07:00
Jeremy Stanley a362e0aa3d Upgrade wiki to use elasticsearch 1.3.2
* modules/openstack_project/manifests/wiki.pp: The latest mediawiki
cirrus extension uses groovy instead of mvel, so we need to be
running a 1.3.x release of elasticsearch on wiki.openstack.org to
support groovy.

Change-Id: I7f543ab217d5a16aab7d5cba654ef0d80b16d9e3
2014-09-08 18:59:54 +00:00
Ryan Lane 917dca388c Upgrading Elastic Search to 1.1.1 on the wiki
Change-Id: I7e16ee1ed7f8d4803c45e6a7da159923ec5e33b6
2014-05-05 21:11:47 -07:00
Ryan Lane 712349aae7 Configure elasticsearch via a hash
Change-Id: I70067e371d930dcecab6e85399465b4c3bf67ab2
2013-10-21 18:48:29 -07:00
Clark Boylan 053f98b4ee Make ES Heap Size configurable.
wiki.o.o is much smaller than our typical elasticsearch nodes. For it to
use elasticsearch it needs to allocate a much smaller heap. Make the
heap size configurable (keep the 16g default) and set the heap size to
1g for wiki.o.o.

Change-Id: I0c5fb4865eb07c0fa5bbe4cf698a9f0e9ea9f2fc
2013-10-18 16:59:47 -07:00
Ryan Lane a5ece77a7c Fix scoping issue for elasticsearch
openstack_project::elasticsearch exists, so the scoping for this
is incorrect. We want to find the module instead.

Change-Id: I29b28af957f6aadc779c61fb0360bce98e64cb9b
2013-10-17 16:06:38 -07:00
Ryan Lane 54550b80fa Send correct param to elasticsearch class
Change-Id: I310df2c8d1850556a5de3c12848f2c6e3456e355
2013-10-17 15:47:25 -07:00
Ryan Lane 0c6458296b Add elasticsearch to the mediawiki node
elasticsearch is needed for the CirrusSearch MediaWiki extension,
which would be a much nicer search than the default database
search currently being done.

Change-Id: I2e014ff6713c9ed797bece482ea4460cbffb1300
2013-10-17 22:16:00 +00:00
Clark Boylan 9a30d3a309 Upgrade puppetlabs-mysql to 0.6.1.
Puppetlabs-mysql 0.6.1 correctly removes the local ::1 root user in the
account_security manifest. Upgrade to this version to take advantage of
that. Do not upgrade to latest version (0.9.0) to minimize delta that
needs testing.

Change-Id: Ic8265733f1159f34ae0afcccdea4c7d8cd44e3cb
2013-10-12 17:37:24 +00:00
Clark Boylan 0adc30f151 Remove ::1 mysql root user.
The version of puppetlabs-mysql that we use does not remove the local
::1 root user from the mysqld. Explicitly remove this user.

Change-Id: I626fcc77c75a29d3f3cab57217b714e68a30b468
2013-10-12 17:32:09 +00:00
Clark Boylan 23896c8094 Backup review and wiki MySQL DBs.
* modules/openstack_project/manifests/review_dev.pp: Remove
mysql_backup, gerrit.pp will do this for review_dev now.

* modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in
central Gerrit manifest. This will backup MySQL locally for review and
review-dev.

* modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB
locally wth the mysql_backup module.

These changes make it possible to do offsite DB backups with bup by
first backing up the databases locally.

Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
2013-08-28 12:07:15 -07:00
James E. Blair e13eea405e Add backups to wiki server.
Change-Id: Ia0ec8657aedc4bafda396255b011382382d7287c
Reviewed-on: https://review.openstack.org/19827
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-01-17 18:28:24 +00:00
Ryan Lane 9c3c631573 Set image location explicitly
It's ideal for the image location in mediawiki to be outside of
its path. This allows you to have multiple copies of the software
while having the uploads in a shared spot.

Change-Id: Iae0ac3e13213353d6f101c62f5e150cf844b5694
Reviewed-on: https://review.openstack.org/17575
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2013-01-14 12:48:37 +00:00
James E. Blair 37daa678e2 Add ssl cert to wiki.o.o.
Change-Id: I6c6ad0ddd000e3f140cb08faef7dce2cb9ae7079
Reviewed-on: https://review.openstack.org/18349
Reviewed-by: Ryan Lane
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-12-18 23:00:55 +00:00
Matthew Wagoner f31a426c65 Cleanup openstack_project manifest lint errors.
Now with extra unwrap!

Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2012-11-21 17:48:11 +00:00
Clark Boylan 94a7768dc3 Pass sysadmins list into node defs.
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.

Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-09-10 15:58:27 +00:00
Ryan Lane 7da354907e Initial commit of MediaWiki module
Change-Id: I6181e0d4a717d0a11ea2d741034db99435d5e180
Reviewed-on: https://review.openstack.org/10521
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-12 18:40:54 +00:00
Monty Taylor e498870959 Make a class for each type of server.
Change-Id: I520b77a4d83958a6a1c2472e87b28f6b8822d890
2012-07-23 10:33:20 -05:00