We never finished puppeting the OpenStack wiki, and if we do manage
to get it under configuration management in the future it will
likely not use Puppet anyway. The dev server is already gone, and
deployment has been explicitly disabled for the other, so let's go
ahead and remove the references here and then we should be able to
retire the separate Puppet module we've been hosting.
Change-Id: I3f9ada3eb3d6f16545270135fab994ac460be94b
All hosts are now running thier backups via borg to servers in
vexxhost and rax.ord.
For reference, the servers being backed up at this time are:
borg-ask01
borg-ethercalc02
borg-etherpad01
borg-gitea01
borg-lists
borg-review-dev01
borg-review01
borg-storyboard01
borg-translate01
borg-wiki-update-test
borg-zuul01
This removes the old bup backup hosts, the no-longer used ansible
roles for the bup backup server and client roles, and any remaining
bup related configuration.
For simplicity, we will remove any remaining bup cron jobs on the
above servers manually after this merges.
Change-Id: I32554ca857a81ae8a250ce082421a7ede460ea3c
Co-Authored-By: James E. Blair <corvus@inaugust.com>
Change-Id: Id8b347483affd710759f9b225bfadb3ce851333c
Depends-On: https://review.openstack.org/596503
Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.
Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
Migrate backups to new backup01.ord.rax.ci.openstack.org
We decided to start fresh backups on the new server, so this is ready
to go. I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).
Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
Install a favicon.ico file on the wiki server, consistent with our
other sites, and instruct the mediawiki class to make use of it.
Change-Id: Icc04b2e3e228687b0df8a4c8ec3fddc3e2e36fcb
Depends-On: Iba36d169335b2b8ee278f3f4500893a1641e4b28
Since the mysql_backup::backup_remote class creates a
/root/.${name}_db.cnf file already, symlink root's .my.cnf to that
for more convenient `sudo -H mysql` operation on our wiki servers.
Change-Id: I0cda3c67926021ae468e711a5a8f3a4694dad735
We don't want old, stale copies of our production wiki content
showing up in search engines, so set the mediawiki module parameter
that disallows robots from indexing the site.
Change-Id: If8a2f2c2c00715ecce0ac1aa279f649ec84496a1
Depends-On: Ic62a72555315bd344db338809920a3605f17c8c6
The wiki-dev.openstack.org server will eventually be used to test
newer versions of Mediawiki and extensions/skins. To accommodate
this, also parameterize server backups so that they don't conflict
with production (and are in fact disabled entirely for the dev
site).
Change-Id: I6505d3af87f670e71a440c76873c085d97e5b82f
In keeping with our decision in Austin to start appending ordinal
suffixes to hostnames for new server instances, switch the node
definition for wiki.openstack.org to allow a new
wiki01.openstack.org to match. The production server has Puppet
temporarily disabled, and the FQDN hiera keys have already been
moved to a new "wiki" group file.
As a requirement for this work, also purge remaining "FQDNisms" from
the openstack_project::wiki class by making the site name a classvar
and removing redundant SSL filenames which now merely mirror the
defaults in the mediawiki module anyway.
Change-Id: I950cb68ecd34e82f0da6b10bf2b93fb2c349286f
Take advantage of new mediawiki class variables to set the site name
and custom logo URL.
Change-Id: I8f4726f7bc51393fa8d63008cf703e192ef7a15f
Depends-On: Ie005d5629623a14f4ebd8aef21294f222249232f
Our mediawiki module now allows setting the ServerAdmin in its
Apache vhost config as a class parameter. Fill it from hiera so that
people copying our global site manifest don't inadvertently
configure servers to list us as their webmaster.
Change-Id: I280d8fdf3f8c53d4a105b1739f7d0af83031d0b4
The newer recaptcha-nocaptcha implementation is a little better at
thwarting script-driven spammers and vandals, so switch to it for
wiki.openstack.org. Note: this is a catch-up patch for
implementation already in place in production.
Depends-On: I435484cd65a028d774dfd920ca19f3077d4e03fb
Change-Id: I9f9ba63399a8885e3694cef37ec987f223ff6dca
For improved manageability, use a remote (Trove) database for the
Mediawiki instance on wiki.openstack.org. Note: this is a catch-up
patch for implementation already in place in production.
Change-Id: Id1affae0e319216f96c3fc7e9442e3ce8c051960
Depends-On: I26a03e2ce9a6bf8bcd6acbad9e8eaaa98e0f26ab
Plumb wg_recaptchapublickey and wg_recaptchaprivatekey variables
through from hiera into the mediawiki module for wiki.openstack.org.
Change-Id: I0f184c9bfa2bdaaca2478500d8f3b418c9bf77ae
Depends-On: Idfa2c01fb9d31f06643d6c82438c33db1ff33009
I, JP, will help to identify the spam attack vectors, so this access
will allow me to directly edit the config file, adjust, add plugins and tail the log files to
determine what method to use to stop the spam which will then be rolled back
and submitted as an official patch.
Change-Id: Ieadd8e0e36ecd9f32bb29b5cb850968ab8cc9ae1
Here we are updating our defaults to have hiera store our question /
answers for mediawiki captcha.
Change-Id: Iff0c326401ed9a4c3b40f8d43826603e599dc4a4
Depends-On: I102ff6991831901c578dab4107b0c23245da9d4b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This should be a noop change, we are just moving the settings into
puppet.
Change-Id: Ic533a5fb125125e9791c40312318be79cbbe4826
Depends-On: I1ad6da353c25aed8976806f00cc39d6c3c93e7ae
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This patch upgrades the mysql module version as well as upgrading the
usage of that module in openstack_project. This includes:
- upgrading the syntax to set the root password
- no longer setting bind_address anywhere since it defaults to 127.0.0.1
- upgrading the syntax to set the default storage engine using the new
override_options param
- upgrading the database and database_grant puppet resources to use the
mysql_database and mysql_grant types. These types were renamed and
are now more strict about how the title should look and what
parameters need to be specified rather than inferred from the title.
There is also no longer any reason to specify the 'mysql' provider
since they gave up on the generic database provider idea.
Changes to the system that we can expect:
- /etc/mysql/my.cnf will have its parameters reordered. The key_buffer
config parameter was renamed to key_buffer_size and the log_error
parameter was renamed to log-error. Default values haven't changed.
- The change in /etc/mysql/my.conf will trigger a mysql restart
- /root/.my.cnf now adds single quotes around the password value. This
won't change how mysql or the module reads the value, but puppet
will report the file as having changed.
This patch should not be merged until a downtime is prepared for the
paste and wiki services.
Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854
Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
The subversion module was a trivial module, so rather than split
it out, just remove the indirection and have the wiki class
install the subversion package.
Change-Id: Ida58a545aba32bb6df65af677f4b4b93c0152851
Didn't seem worth it to try to split this small of a module out.
I could be happy moving it into an openstack_project::openssl
class.
Change-Id: I36a27c5cddd2c4cbdd95cdcc015e54780fd441ae
* modules/openstack_project/manifests/wiki.pp: The latest mediawiki
cirrus extension uses groovy instead of mvel, so we need to be
running a 1.3.x release of elasticsearch on wiki.openstack.org to
support groovy.
Change-Id: I7f543ab217d5a16aab7d5cba654ef0d80b16d9e3
wiki.o.o is much smaller than our typical elasticsearch nodes. For it to
use elasticsearch it needs to allocate a much smaller heap. Make the
heap size configurable (keep the 16g default) and set the heap size to
1g for wiki.o.o.
Change-Id: I0c5fb4865eb07c0fa5bbe4cf698a9f0e9ea9f2fc
openstack_project::elasticsearch exists, so the scoping for this
is incorrect. We want to find the module instead.
Change-Id: I29b28af957f6aadc779c61fb0360bce98e64cb9b
elasticsearch is needed for the CirrusSearch MediaWiki extension,
which would be a much nicer search than the default database
search currently being done.
Change-Id: I2e014ff6713c9ed797bece482ea4460cbffb1300
Puppetlabs-mysql 0.6.1 correctly removes the local ::1 root user in the
account_security manifest. Upgrade to this version to take advantage of
that. Do not upgrade to latest version (0.9.0) to minimize delta that
needs testing.
Change-Id: Ic8265733f1159f34ae0afcccdea4c7d8cd44e3cb
The version of puppetlabs-mysql that we use does not remove the local
::1 root user from the mysqld. Explicitly remove this user.
Change-Id: I626fcc77c75a29d3f3cab57217b714e68a30b468
* modules/openstack_project/manifests/review_dev.pp: Remove
mysql_backup, gerrit.pp will do this for review_dev now.
* modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in
central Gerrit manifest. This will backup MySQL locally for review and
review-dev.
* modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB
locally wth the mysql_backup module.
These changes make it possible to do offsite DB backups with bup by
first backing up the databases locally.
Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
Change-Id: Ia0ec8657aedc4bafda396255b011382382d7287c
Reviewed-on: https://review.openstack.org/19827
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
It's ideal for the image location in mediawiki to be outside of
its path. This allows you to have multiple copies of the software
while having the uploads in a shared spot.
Change-Id: Iae0ac3e13213353d6f101c62f5e150cf844b5694
Reviewed-on: https://review.openstack.org/17575
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I6c6ad0ddd000e3f140cb08faef7dce2cb9ae7079
Reviewed-on: https://review.openstack.org/18349
Reviewed-by: Ryan Lane
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Now with extra unwrap!
Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins