This reduces the total number of git repos we need to manage as we
migrated away from puppet. Keeping this pruned is a good way of tracking
progress and should make the jobs more reliable until we can delete
them.
In this change remove modules that have moved to base server roles
like ntp and haveged. Also removed are ircbot management,
selinux (no more centos here), haproxy (this moved into ansible with
gitea), and lodgit modules.
Change-Id: I13e254541aed4ac657b696dd8e8b00c8340fe034
This appears to give a unicode error; but also looking at the access
patterns it seems to serve no good purpose but to be a target for
bots and other odd behaviour. Block it from apache.
Change-Id: I3a9d4a0161eef34ffe39cf4feb9ab2af561684ca
We had an image promote failure for python-base:3.8. Due to docker
hub making it very difficult to know if old tags have been cleaned up we
are not sure that reenqueing the previous chagne to zuul will do the
right thing. It may downgrade the latest tag on some of our images. To
avoid any confusion over what is latest we just have zuul build new
images and promote them again.
Change-Id: Iaa859396030f1110b43788e73e9644a97e2ada9b
Upstream stable-3.2 and stable-3.3 branches have been fixed to allow us
to use the mariadb jdbc connector. The previous change has updated our
images to ensure they include this fix. We can now update the config to
use the mariadb connector.
Change-Id: I43ac20d601ff88e42f0d20387fc6ad8842ab8244
We upstreamed fixes for the mariadb jdbc connector and users being able
to orphan their accounts through accidental deletion of their openid
external ids. These fixes are now present in both the stable-3.2 and
stable-3.3 branches of gerrit. We should rebuild these images to ensure
our images include the fixes.
Note that stable-3.4 does not yet include these fixes but should in
time.
We will update our jdbc connection url in a followup change as we don't
auto update our images. This way we can ensure that the new image is
ready to go before updating that config.
Change-Id: Id23215ddfb3bd4424109e77ecd3480ed2375431d
Previously we were hacking the gitea web ui to transfer repo ownership
and to rename repos within an org. We believe this was necessary because
there was no REST API ability to do this. Now we have the ability to do
this via the REST API and in addition a new Gitea release will break our
web ui hijacking.
Update the project renaming playbook to use the REST API as it is
simpler to use and should be more reliable over time as it is versioned.
Change-Id: Idd8326a4891df6bdd47422e2a73880aa053380f5
We are looking ahead to rebuilding a number of our images for services
like Zuul, Gerrit, and Gitea to do things like check zuul v5 efforts,
fix gerrit bugs, and upgrade gitea to a new version. Ensuring that we
have an up to date base platform seems like a good idea as a result.
Change-Id: I4262b8aa1759eaae85e5429c5a5097397152afa5
The bot is supposed to create the filesystem director for the room
path when joining, but it may have done so with a relative path
instead of the full path that is actually used for logging.
Change-Id: I8c9c19a12eb2b85797ade75358859dc06b81b0b6
Mailman's newlist command helpfully prompts on the TTY waiting for
the user to press enter so that a message will be sent to the list
admin containing the initial configuration password or ctrl-C to
abort notifying. Unfortunately, Ansible's command tasks look enough
like an interactive TTY to confuse newlist into thinking it should
do the same when orchestrated. Pass an empty stdin as part of the
task to work around this.
We didn't encounter the issue in our test jobs, because we avoid
sending notifications by passing newlist a --quiet option which
skips that step, and thus the problematic prompting behavior we
observed in production deployment.
Change-Id: I345bda61802f93a52386b7d3057163e30f0e1b65
This tests that we can rename both the project and the org the project
lives in. Should just add a bit more robustness to our testing.
Change-Id: I0914e864c787b1dba175e0fabf6ab2648a554d16
According to upstream gitea nodejs 16 has broken them and there isn't
much they can do other than using nodejs 14 for the moment. Use 14 in
our image builds to keep our dockerfile buildable.
See https://github.com/go-gitea/gitea/issues/16604 for more info.
Change-Id: I143c3e67f354d220614136905e8b598cd6d2ad61
Previously we were only managing root's known_hosts via ansible but even
then this wasn't happening because the gerrit_self_hostkey var wasn't
set anywhere. On top of that we need to manage multiple known_hosts
because gerrit must recognize itself and all of the gitea servers.
Update the code to take a dict of host key values and add each entry to
known_hosts for both the root and gerrit2 user.
We remove keyscans from tests to ensure that this update is actually
working.
Change-Id: If64c34322f64c1fb63bf2ebdcc04355fff6ebba2
If the hound service is shutdown uncleanly (like the server stops on
us) it can leave behind lock files that stop processing. Clear old
lock files on start before indexing begins.
Also fix the job matching
Change-Id: I6e6c57d7121702eb61124c3d4c4cdc7afd3e75c3
Thin runs the new matrix-eavesdrop bot on the eavesdrop server.
It will write logs out to the limnoria logs directory, which is mounted
inside the container.
Change-Id: I867eec692f63099b295a37a028ee096c24109a2e
It would be useful to test our rename playbook against gitea and gerrit
when we make changes to these related playbooks, roles, and docker
images. To do this we need to converge our test and production setups
for gerrit a bit more. We create an openstack-project-creator account in
the test gerrit to match prod and we have rename_repos.yaml talk to
localhost for gerrit ssh commands.
With that done we can run the rename_repos.yaml playbook from
test-gitea.yaml and test-gerrit.yaml to help ensure the playbook
functions as expected against these services.
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Change-Id: I49ffaf86828e87705da303f40ad4a86be030c709
Add Bullsye testing, and also rename the "stable" jobs to codenames to
be clearer about what is being tested.
Change-Id: If2d31481f2e455b58729d581799ba752020fb3d1
It appears quay is now returning their own domain in their blob
redirects. We currently don't cache it so in order for it to work we
need to add cdn01.quay.io and cdn02.quay.io to the proxy config
Change-Id: I2b603d6a5d057e388d473f71bfbaf822d65dd4e1
This is a small update to gitea after the previous update. This is
relatively recent and since we had tested the prior upgrade I figured we
can do this as a followup. None of the template files seem to have
deltas between 1.14.4 and 1.14.5 which means if 1.14.4 deploys sanely
then I expect this one will too.
Change-Id: I4472d5973d8104a63f16092a2804fabd3e9fa954
Zuul