Gerrit 3.6 and older do not support 'and' as a boolean operator. They
only support 'AND'. For maximum compatibility (we are running 3.6.4
currently) convert 'and' to 'AND' in Gerrit submittableIf rules.
Change-Id: Iac5e2cda4a245f99e98a1354ad4107da07e1f60d
Update the deprecated copy flags to copyCondition in the boostrap
documentation.
The verified and workflow labels don't ever copy their approvals, so
it is really only code-review.
Change-Id: I3563a7a394ae7d96af9e27b10dc18ba5c459ba82
We have added gitea09 to haproxy which allows us to remove one of the
old servers. Remove gitea08 since gitea01 is the host that gets backups
currently.
Note that this only removes gitea08 from haproxy and does not remove it
from gerrit replication or our inventory. We need to do this in a
multistep process to avoid a situation where gitea08 is still serving
requests but not receiving updates from Gerrit. Next step will be to
disable replication. Then we can remove it from inventory and finally
delete it altogether.
Change-Id: I26f368936819a41a7369d2d116e04151301ee0e2
At some point we shifted from doing this task using the web UI to
primarily using ssh only admin accounts. The docs ended up in a slightly
confusing place with steps that only make sense when you interact with
the web UI. Update the force merge docs to assume ssh only which is far
more aligned with our admin account expectations.
Change-Id: Ia99afe7ee10927765733891f72bd428e52fa2225
This renames zk-ca to opendev-ca and allows us to operate more than
one ca on bridge. This way we can keep the CAs for ZooKeeper and
Jaeger distinct (so that a compromise of the jaeger server could not
be used to access the ZooKeeper cluster).
This also starts a new jaeger-ca and uses it on the Jaeger server.
Change-Id: I4e5bc4e3ccd78284ce785c971f7e6ad6e721f887
If you are running these jobs by hand you are doing something that
will be expected to take a long time (initial sync, recovery, etc.).
Make these scripts assume interactivity and default to *not* running
under timeout -- it's too easy to forget NO_TIMEOUT when running
manually and having the job killed.
We already have an UNDER_CRON variable set so that we only send stats
when running ... under cron. Reuse this here for the timeout flag.
Change-Id: Ic2d2f39bb18d247c853284512fe0dc37485c00a4
The zuul pipeline reporter for merge-failure has been renamed to
merge-conflict. The old name has been depreacted and will be removed in
a future release. Update our examples to match Zuul's current
expectations.
Change-Id: I1f9effa311163d942171e35ba65fafa25245e9d2
A few formatting fixes
* try to more consistently use shell-session formatting for shell
sessions (makes it easier to copy-paste).
* fix up and use more `` around verbatim/code things.
Fixes:
* Gerrit Configuration : there's no db to set the ICLA fields in now,
remove
* Duplicate Accounts : add required arg "origin" to git fetch command
* Deactivating account : can not delete comments via sql query,
remove
Change-Id: Ia481750aa59fc88bef5c00bb0fd9e6f9e23b2777
OFTC's chanserv requires a channel description be provided when
registering it. Update the example in our documentation to reflect
that.
Change-Id: Iee61b8176b2b801b4843530e7570bad5000fe76e
Now that we're retiring the third-party-ci-announce mailing list,
which we never really used consistently anyway, just tell
third-party CI operators to make sure the E-mail address on their
account is current and reachable.
Change-Id: I6186149de25b06f2982702143a807de8bb01be73
In preparation for retiring a number of mailing lists from
lists.openstack.org which have had no activity for over three years,
remove their configuration so our deployment automation won't
recreate them once they're gone. Also remove references to the
third-part-announce list in our documentation, since that's one of
the unused lists we're removing. See the announcement at
http://lists.openstack.org/pipermail/openstack-discuss/2022-February/027404.html
for details.
Change-Id: Ieedd8613363039d19d3ae47f1a83a38747419bdc
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.
Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
Follow-on to I07ca2b18d2da7e6261389696a0eae13d20d2cb22
* Github issues are now closed via the
maintain-github-openstack-mirror which Zuul runs periodically
* manage-projects also runs from Zuul
* run-mirror hasn't been used since If5935b356e222c2f4d474a2cec8add3cc66b6010
* I'm not sure what the ssh key stuff is talking about, it's not
really relevant now.
Change-Id: If4d8a1ac98c35c494090564d94f3a8c082cea900
This introduces and "Open Infrastructure" page which is designed for a
moderately experienced developer with some understanding of Zuul,
Ansible and basic Linux admin skills to have an entrypoint to
navigating the system-config and related repositories.
It is designed to re-enforce the idea of open infrastructure, and
explain how development, testing and production come together at a
level high enough to be understood, but with links or descriptions of
specific places in the code to get started.
It moves a little of what was in the sysadmin page into this, and
leaves that page as more low-level descriptions of various tasks.
Change-Id: I60a9299df455b98ad549ac0075a59d381722bc06
We have discovered that it is possible for a gitea repository to be come
corrupted. Since gitea is not the source of truth the easiest way to
handle this is to replace the repo with a new empty repository and have
Gerrit replicate back to it. This adds documentation that walks through
the process of doing this.
Change-Id: Ief990adaaf3cbb3c748bc9ee6ceb466a1104915a
This is meant to help debug gerrit in some circumstances particularly
now that the Java Melody plugin is not installed.
Change-Id: Ifedb7abd08c7fe1281ac510c6872fe8d9fe700a1
Update the docs to reflect not having grafyaml in the container.
Also move the import into a separate helper script, which can be
manually run on the host if the container needs to be restarted
out-of-band for some reason.
Change-Id: Ib1f6aea7e16180d9b122552a2aa30ce223426941
In OFTC, entery message is set via ``entrymsg`` command,
correcting it in doc.
<ChanServ> *** SET Help ***
..
URL: Set the channel's homepage.
EMAIL: Sets the channel's e-mail address.
ENTRYMSG: Sets the channel greeting.
..
Change-Id: I2e436015641ab78c5b509b4b4ca35e1088c3376f
The commit replaces DefCore committee (a former name) by
Interop Working Group (the current name) and updates a few
more old interop references.
Change-Id: I35d754ad0b37ba462afdc52b552fbd0b607954df
This adds a keycloak server so we can start experimenting with it.
It's based on the docker-compose file Matthieu made for Zuul
(see https://review.opendev.org/819745 )
We should be able to configure a realm and federate with openstackid
and other providers as described in the opendev auth spec. However,
I am unable to test federation with openstackid due its inability to
configure an oauth app at "localhost". Therefore, we will need an
actual deployed system to test it. This should allow us to do so.
It will also allow use to connect realms to the newly available
Zuul admin api on opendev.
It should be possible to configure the realm the way we want, then
export its configuration into a JSON file and then have our playbooks
or the docker-compose file import it. That would allow us to drive
change to the configuration of the system through code review. Because
of the above limitation with openstackid, I think we should regard the
current implementation as experimental. Once we have a realm
configuration that we like (which we will create using the GUI), we
can chose to either continue to maintain the config with the GUI and
appropriate file backups, or switch to a gitops model based on an
export.
My understanding is that all the data (realms configuration and session)
are kept in an H2 database. This is probably sufficient for now and even
production use with Zuul, but we should probably switch to mariadb before
any heavy (eg gerrit, etc) production use.
This is a partial implementation of https://docs.opendev.org/opendev/infra-specs/latest/specs/central-auth.html
We can re-deploy with a new domain when it exists.
Change-Id: I2e069b1b220dbd3e0a5754ac094c2b296c141753
Co-Authored-By: Matthieu Huin <mhuin@redhat.com>
Now that the SKS keyserver network is no more, and there's no
convenient way to share third-party key signatures, we need to
adjust our key management and rollover process accordingly.
Change-Id: I7008706aae06b6e4a16db2dd85a8c7f91530cd50
All the osf/ namespace Git repositories have moved into a new and
more appropriate openinfra/ namespace, so make the necessary
adjustments to RefStack's image build and operations document.
Change-Id: I01c8d153321a617fbc78c2d3c99102185b03243d
Depends-On: https://review.opendev.org/808479
Mostly just formatting and punctuation, plus some outdated bits.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I641beb5d65f87173d50c74a4e1f0dba48d006231
This is followon to feedback for earlier docs updates. Basically we
should always log these restarts so make that more clear that it isn't
optional.
Change-Id: Ib0fa05b2075d6c82199e6e043724aeedaf04e49c
Zuul has changed has it stores secret keys and they are in zookeeper
now. This means our old docs on decrypting things are no longer correct.
Update them with a new set of instructions that matches the modern
setup.
Change-Id: I7484a8c02e005fadc41e22a4158b3dcb8434ec5d
Clark Boylan