This will double check that we can run our ansible against focal without
trouble. Once the production server is updated we can land this change
to reflect the server state.
We create (a currently test only) playbook that upgrades zuul. This job
then runs through project creation and renaming and testinfra testing on
the upgraded gerrit version.
Future improvements should consider loading state on the old gerrit
install before we upgrade that can be asserted as well.
The pastebinit command-line tool hard-codes an allowed list of
pastebin URLs, one of which is "http://paste.openstack.org" so
redirecting to HTTPS and to other hostnames seems to break it.
It has a specific user-agent, so allow plain HTTP access for this
tool, but redirect others.
Update the file matchers to actually match the current set of puppet
things. This ensure the deploy job runs when we want it and we can catch
up daily instead of hourly.
Previously a number of the matchers didn't actually match the puppet
things because the path prefix was wrong or works were in different
orders for the dir names.
This is being done beacuse we don't make many changes to the
zuul-preview service but it runs in the hourly buildset starving deploy
runs. Since this doesn't change much we can move it to the daily run
If we need to update it we can run the playbook manually or land a
change to trigger it.
Currently this randomises the minute based on a seed generated from
the backup server name; i.e. all hosts going to a particular backup
server get the same minute. Use the inventory_hostname of the host
actually being backed up as the seed; this will distribute the backups
over the hour as originally intended.
This is a job that takes quite a bit of time, but only rarely do we need
the updates encoded in this job. Move the job from our hourly deployment
to the daily deployment to make its impact less painful.
This update captures that we host projects outside of openstack and
intend for projects like openstack or others to do some steps on their
own. We also update this to reflect chagnes in the configuration
management and deployment tooling that we use today.
A lot of the current sections here talk about modify the Gerrit
database that no longer exists. Remove these.
Update the section on duplicate accounts to handle removing the second
account via NoteDB and the API.
If we update group names we should reindex the groups index and I think
that if we update project ACLs we should reindex the project index. Add
these reindexes to the post rename reindexing list. Both should be cheap
compared to the changes reindex.
This isn't necessary since it's hard-coded into the file. Let's
not add it where it isn't needed lest we confuse ourselves into
thinking it's necessary.
We merged change I9459e47ecfd19b27b7adcaee9ce91f80d51c124d which
should have opened this port but did not. Add testing for it.
Remove eavesdrop from webservers group
This was overridding the custom iptables ports that were being set
in the eavesdrop group vars file. There appears to be no other use
for the webservers group.
We are now using the mariadb jdbc connector in production and no longer
need to include the mysql legacy connector in our images. We also don't
need support for h2 or mysql as testing and prod are all using the
mariadb connector and local database.
Note this is a separate change to ensure everything is happy with the
mariadb connector before we remove the fallback mysql connector from our
Zuul is changing the way its key management system work from implicit
"backups" to explicit exports that can be used for backups. Additionally
to rename projects we will need to update those keys in zk which can be
done with copy and delete commands. We update the rename playbook to use
Setting gitea project settings like wiki and issue tracker settings was
previously done via hijacking web ui requests. We now have a REST API
that is capable of setting things items. Using this API should be more
reliable as the API is versioned.
Update the gitea project creation code to use this API for more
stability. As a nice side effect the code is simplified quite a bit as
we can combine a few actions that were previously separate like updating
descriptions and default branches.
As a side note this fixes a bug where we hardcoded setting master as the
default branch despite making that configurable.
There are no diffs in the template files between v1.14.5 and v1.14.6.
This should be a safe update.
Upstream indicates bugfixes around cancelling batched file catting as
well as security updates around jwt and auth.