This reduces the total number of git repos we need to manage as we
migrated away from puppet. Keeping this pruned is a good way of tracking
progress and should make the jobs more reliable until we can delete
In this change remove modules that have moved to base server roles
like ntp and haveged. Also removed are ircbot management,
selinux (no more centos here), haproxy (this moved into ansible with
gitea), and lodgit modules.
This appears to give a unicode error; but also looking at the access
patterns it seems to serve no good purpose but to be a target for
bots and other odd behaviour. Block it from apache.
We had an image promote failure for python-base:3.8. Due to docker
hub making it very difficult to know if old tags have been cleaned up we
are not sure that reenqueing the previous chagne to zuul will do the
right thing. It may downgrade the latest tag on some of our images. To
avoid any confusion over what is latest we just have zuul build new
images and promote them again.
Upstream stable-3.2 and stable-3.3 branches have been fixed to allow us
to use the mariadb jdbc connector. The previous change has updated our
images to ensure they include this fix. We can now update the config to
use the mariadb connector.
We upstreamed fixes for the mariadb jdbc connector and users being able
to orphan their accounts through accidental deletion of their openid
external ids. These fixes are now present in both the stable-3.2 and
stable-3.3 branches of gerrit. We should rebuild these images to ensure
our images include the fixes.
Note that stable-3.4 does not yet include these fixes but should in
We will update our jdbc connection url in a followup change as we don't
auto update our images. This way we can ensure that the new image is
ready to go before updating that config.
Previously we were hacking the gitea web ui to transfer repo ownership
and to rename repos within an org. We believe this was necessary because
there was no REST API ability to do this. Now we have the ability to do
this via the REST API and in addition a new Gitea release will break our
web ui hijacking.
Update the project renaming playbook to use the REST API as it is
simpler to use and should be more reliable over time as it is versioned.
We are looking ahead to rebuilding a number of our images for services
like Zuul, Gerrit, and Gitea to do things like check zuul v5 efforts,
fix gerrit bugs, and upgrade gitea to a new version. Ensuring that we
have an up to date base platform seems like a good idea as a result.
The bot is supposed to create the filesystem director for the room
path when joining, but it may have done so with a relative path
instead of the full path that is actually used for logging.
Mailman's newlist command helpfully prompts on the TTY waiting for
the user to press enter so that a message will be sent to the list
admin containing the initial configuration password or ctrl-C to
abort notifying. Unfortunately, Ansible's command tasks look enough
like an interactive TTY to confuse newlist into thinking it should
do the same when orchestrated. Pass an empty stdin as part of the
task to work around this.
We didn't encounter the issue in our test jobs, because we avoid
sending notifications by passing newlist a --quiet option which
skips that step, and thus the problematic prompting behavior we
observed in production deployment.
According to upstream gitea nodejs 16 has broken them and there isn't
much they can do other than using nodejs 14 for the moment. Use 14 in
our image builds to keep our dockerfile buildable.
See https://github.com/go-gitea/gitea/issues/16604 for more info.
Previously we were only managing root's known_hosts via ansible but even
then this wasn't happening because the gerrit_self_hostkey var wasn't
set anywhere. On top of that we need to manage multiple known_hosts
because gerrit must recognize itself and all of the gitea servers.
Update the code to take a dict of host key values and add each entry to
known_hosts for both the root and gerrit2 user.
We remove keyscans from tests to ensure that this update is actually
If the hound service is shutdown uncleanly (like the server stops on
us) it can leave behind lock files that stop processing. Clear old
lock files on start before indexing begins.
Also fix the job matching
Thin runs the new matrix-eavesdrop bot on the eavesdrop server.
It will write logs out to the limnoria logs directory, which is mounted
inside the container.
It would be useful to test our rename playbook against gitea and gerrit
when we make changes to these related playbooks, roles, and docker
images. To do this we need to converge our test and production setups
for gerrit a bit more. We create an openstack-project-creator account in
the test gerrit to match prod and we have rename_repos.yaml talk to
localhost for gerrit ssh commands.
With that done we can run the rename_repos.yaml playbook from
test-gitea.yaml and test-gerrit.yaml to help ensure the playbook
functions as expected against these services.
Co-Authored-By: Ian Wienand <firstname.lastname@example.org>
It appears quay is now returning their own domain in their blob
redirects. We currently don't cache it so in order for it to work we
need to add cdn01.quay.io and cdn02.quay.io to the proxy config
This is a small update to gitea after the previous update. This is
relatively recent and since we had tested the prior upgrade I figured we
can do this as a followup. None of the template files seem to have
deltas between 1.14.4 and 1.14.5 which means if 1.14.4 deploys sanely
then I expect this one will too.