This order is important to ensure we update the matrix eavesdrop bot
when expected and not later in the day when the daily runs happen.
Change-Id: If8e3f9f34e30cdeb7765e6665d1fb19b339454a3
This will double check that we can run our ansible against focal without
trouble. Once the production server is updated we can land this change
to reflect the server state.
Change-Id: I1a572ee13ea4c3fae38f84e5cc300a610efa94ae
We create (a currently test only) playbook that upgrades zuul. This job
then runs through project creation and renaming and testinfra testing on
the upgraded gerrit version.
Future improvements should consider loading state on the old gerrit
install before we upgrade that can be asserted as well.
Change-Id: I364037232cf0e6f3fa150f4dbb736ef27d1be3f8
The pastebinit command-line tool hard-codes an allowed list of
pastebin URLs, one of which is "http://paste.openstack.org" so
redirecting to HTTPS and to other hostnames seems to break it.
It has a specific user-agent, so allow plain HTTP access for this
tool, but redirect others.
Change-Id: Ia7c983986e6e9c08299ded5282a83761448b35bb
These services are all managed with ansible now and don't need to be
triggered when puppet updates.
Change-Id: Ie32b788263724ad9a5ca88a6406290309ec8c87a
Update the file matchers to actually match the current set of puppet
things. This ensure the deploy job runs when we want it and we can catch
up daily instead of hourly.
Previously a number of the matchers didn't actually match the puppet
things because the path prefix was wrong or works were in different
orders for the dir names.
Change-Id: I3510da81d942cf6fb7da998b8a73b0a566ea7411
This is being done beacuse we don't make many changes to the
zuul-preview service but it runs in the hourly buildset starving deploy
runs. Since this doesn't change much we can move it to the daily run
instead.
If we need to update it we can run the playbook manually or land a
change to trigger it.
Change-Id: I89d2c712fcfd18bd4f694b2c90067295253b8836
Currently this randomises the minute based on a seed generated from
the backup server name; i.e. all hosts going to a particular backup
server get the same minute. Use the inventory_hostname of the host
actually being backed up as the seed; this will distribute the backups
over the hour as originally intended.
Change-Id: If25587492e057bed765c91ea759af43293775126
This is a job that takes quite a bit of time, but only rarely do we need
the updates encoded in this job. Move the job from our hourly deployment
to the daily deployment to make its impact less painful.
Change-Id: I724bcdd67f4c324f497a9d8239bcfd8d37528956
This update captures that we host projects outside of openstack and
intend for projects like openstack or others to do some steps on their
own. We also update this to reflect chagnes in the configuration
management and deployment tooling that we use today.
Change-Id: I0bc0ce335fd90e6187253e18007361a133a8f30c
This upgrades etherpad to 1.8.14 which will pull in a number of fixes as
well as dropped support for IE.
Change-Id: If9a85d3b606af700da1ab34f1a893d9c3b5f8416
A lot of the current sections here talk about modify the Gerrit
database that no longer exists. Remove these.
Update the section on duplicate accounts to handle removing the second
account via NoteDB and the API.
Change-Id: I2139ff33d87bf42e4453f6e7252fcc427594967a
If we update group names we should reindex the groups index and I think
that if we update project ACLs we should reindex the project index. Add
these reindexes to the post rename reindexing list. Both should be cheap
compared to the changes reindex.
Change-Id: I7f855c5ad52c072f77d109ae372d93f3fc49c784
This isn't necessary since it's hard-coded into the file. Let's
not add it where it isn't needed lest we confuse ourselves into
thinking it's necessary.
Change-Id: I011c647bb85e145e55fb6feb19facdedec180bf1
We merged change I9459e47ecfd19b27b7adcaee9ce91f80d51c124d which
should have opened this port but did not. Add testing for it.
Remove eavesdrop from webservers group
This was overridding the custom iptables ports that were being set
in the eavesdrop group vars file. There appears to be no other use
for the webservers group.
Change-Id: I7109f1472176ff39482f9bdfc8462e5f525f791c
We are now using the mariadb jdbc connector in production and no longer
need to include the mysql legacy connector in our images. We also don't
need support for h2 or mysql as testing and prod are all using the
mariadb connector and local database.
Note this is a separate change to ensure everything is happy with the
mariadb connector before we remove the fallback mysql connector from our
images.
Change-Id: I982d3c3c026a5351bff567ce7fbb32798718ec1b
Zuul is changing the way its key management system work from implicit
"backups" to explicit exports that can be used for backups. Additionally
to rename projects we will need to update those keys in zk which can be
done with copy and delete commands. We update the rename playbook to use
these.
Depends-On: https://review.opendev.org/c/zuul/zuul/+/803973
Change-Id: I2ba8015392f22ea615bcba7fb0d73a138dc77034
Setting gitea project settings like wiki and issue tracker settings was
previously done via hijacking web ui requests. We now have a REST API
that is capable of setting things items. Using this API should be more
reliable as the API is versioned.
Update the gitea project creation code to use this API for more
stability. As a nice side effect the code is simplified quite a bit as
we can combine a few actions that were previously separate like updating
descriptions and default branches.
As a side note this fixes a bug where we hardcoded setting master as the
default branch despite making that configurable.
Change-Id: I101dd8f81a2cb91655f6de878bc94350aeb1fc0c
There are no diffs in the template files between v1.14.5 and v1.14.6.
This should be a safe update.
Upstream indicates bugfixes around cancelling batched file catting as
well as security updates around jwt and auth.
Change-Id: I2799c62bb3f1fb5e62fc6e3773ec8b9a38ceddfa
Clark Boylan