Currently, when the repo server stores files like OpenStack's
upper-constraints.txt, the cache settings cause pip to cache this
file. When updating this file or experimenting with different
constraints, this cache can cause unexpected results as pip may
deploy different versions to those currently specified in the file.
This change instructs pip or other clients not to cache responses,
and matches the OpenDev origin's response headers for requirements
files.
Similar issues could apply for wheels and similar if experimental
changes are made without adjusting version numbers.
Change-Id: I7fdb62f79590deb118ecac2aac71984bd32685f1
There were bunch of tasks for upgrading from lsyncd to the shared fs
mount, which can be safely cleaned-up now.
Change-Id: Ia0f5cbced196467007eafc61d3152ebea7559b84
At the moment there is a check, which ensures for race condition to
not happen between asking for a mount and mounting the point.
However, it tries to check for the mount when there is no mount
defined for the directory.
We add extra check to wait for the mount only when mounts are defined.
Change-Id: I900a55a6f4edce3d3fe419821c47cf56d641192f
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I74cefdfa885fa26dd7199fd0798527f511bf329d
By overriding the variable `repo_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the repo_server backend.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: I5c5d3dd5689ac122781303ad21dacc8a1fa746eb
Nginx adds trailing slashes to the URLs ending with directories.
So by default, when accessing http://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/.
It's an absolute redirect which causes a problem when haproxy frontend
listens on HTTPS but its backends listen on HTTP.
In this case, when accessing https://172.29.236.101:8181/pools, nginx
will return 301 redirect to http://172.29.236.101:8181/pools/ (http)
that won't work.
This patch changes behavior by disabling absolute_redirects, so when
accessing https://172.29.236.101:8181/pools, nginx will return a
redirect to relative location '/pools/' without changing protocol.
Change-Id: I9e55508996d9b24437870f2f23dca5db7827fee1
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: Ib6f505093477a8b19ca8ae31ab7759904369a8c0
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I89224e297ba377656774b3b62a176226558b6bc7
Include is deprecated, additionally include_tasks is now faster.
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
Change-Id: I20f92b972b794513cb774983f3aa6044769987d7
The version of nginx on centos-8 appears to keep file handles open,
possibly the old /var/www/repo directory persistently. Once the old
content is removed and the new shared filesystem mount is created at
the web root, ensure that nginx is restarted to close any file handles
which are now stale.
Change-Id: I941359b1b42aa4a874230a32b438dcefddfb2acb
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ieb0129ffb8964eba380a5d829e4033f19c892451
Currently we're trying to restore content for each host independently
This is not needed as we already storing content on shared FS,
that's been mounted.
We don't implement variable since that's only for migration purposes.
Change-Id: I0795fa1936aaeb9b9005a35685d85b6a4a619835
With current behavior of u-c file that is stored on repo server and
migration to shared FS instead of lsyncd, we don't have any reliable
path to check for.
Also we have issue, that with updated u-c SHA users catch "unrelated"
error in python_venv_build role.
As a solution, we can create a symlink to the u-c file, that will have
persistant name and be updated with repo_server role run.
That would give us both file to verify and it can be used as u-c URI.
Change-Id: Ie7bdb9137ed69be465f014fa811b750dbec4e428
Related-Bug: #1943978
These are no longer needed when a shared filesystem is used to
syncronise the repo server contents
Change-Id: I3109bd891d4c6b3522f5f741d9970093b1e882c8
This patch checks if the repo server content directory is a mountpoint,
and if it is not, creates an archive of the repo server contents
before mounting the shared filesystem. After the mount completes, the
archive of repo server contents is copied to the shared filesystem.
This runs on every repo server in the deployment to include corner
cases of repo servers running different OS versions or CPU architecures
and will gather all of the content onto a single shared mount.
Change-Id: I976a5ea5f6b6ebd65c22e89657763fef87cf4b23
If insist is not set to true then lsyncd will exit if it cannot
perform an initial rsync to the target hosts.
Due to the order in which the repo servers are configured, lsyncd
may be installed and started on the first host in the repo_servers
group before the ssh keys and other necessary configuration have
been placed on the remaining hosts. This leads to a failure to
start lsyncd.
This patch moves the setting of insist into the lua config file
for all operating systems, and removes the need to template a
defaults file on debian derivatives.
Change-Id: I26bb0e21d797c2bfbe67e03003da01c355c27561
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I14afe3040d8ecd8702edca19877ab50b6e57007f
We've created integrated linters check job a while back and it's successfully
working for several releases. At the moment we experience difficulties
with future maintenance of the linters check from the openstack-ansible-tests
repo. So instead of fixing current one, we replace it with modern version of
the test.
Change-Id: I73ff28f76aed64cf527cd4c58d25954b5e864f20
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Ibe914d0d547b930b8167bfa475cc838df8d7ae25
Since we copy all release notes to the integrated repo there is not need
in publishing release notes for each repository. We should only verify their
validity and linting.
Change-Id: Icd69125b861d292bfdbfca264e3867e4acf9b469
Infra jobs are more appropriate for testing infra resources, such
as repo server.
Depends-On: https://review.opendev.org/660477
Change-Id: Ie696c1b6b6732d0a59f03351d3135554afc14ce4
If a repo container and its data are deleted and recreated then it is
not currently possible for a loadbalancer healthcheck to differentiate
between an empty repo server and a correctly synchronised one.
This patch creates a file 'repo-sync-complete' as part of the process
of synchronising repo contents from master repo servers to slaves. The
presence of this file on the slave can then be used as the loadbalancer
healthcheck to ensure that repo contents are only served once sync has
completed.
In addition, this patch ensures that synchronisation occurs from the
master to a reprovisioned slave by triggering a master repo server lsyncd
restart handler during the initial setup of the slave repo server.
Currently, a freshly provisioned repo server will remain empty
for an indeterminate amount of time, this patch forces a complete re-sync
to occur.
Change-Id: I6913341674dbde5524c2270e824bda4544211eca