The Open Infrastructure Foundation's developers who maintain the
OpenStackID software are taking over management of the site itself,
and have deployed it on new servers. DNS records have already been
updated to the new IP address, so it's time to clean up our end in
preparation for deleting the old servers we've been running.
OpenStackID is still used by some services we run, like RefStack and
Zanata, and we're still hosting the OpenStackID Git repository and
documentation, so this does not get rid of all references to it.
The extant variable name is never set so this never writes anything
out. Move it to a dictionary value. Use stub values for testing,
this way we don't need the "when:".
Additionally remove an unused old template file.
This will update meetbot to connect to OFTC using the new opendevmeet
nick. We keep the site name the same for simplicity. However, the
network name updates which causes irclogs to be written to a new
location. We have already copied the old logs from the FreeNode location
to the OFTC location so this should be a noop.
This cleans up ask-staging which hasn't been a thing in a log time.
We remove some puppet stubs for nodepool builders (they are all ansible
We also cleanup the inventory file to remove corvustest, lists-dev,
pbx, mirror-update*.openstack.org (is opendev.org now), and sort the
The Limesurvey service hosted at survey.openstack.org was a beta
which saw limited use. The platform it runs on, Xenial, is now EOL
from Ubuntu/Canonical and in order to upgrade to a newer
distribution release we would need to rewrite all the configuration
management (the version of Puppet supported by newer Ubuntu is not
backward-compatible with what we've been running).
If a similar service becomes interesting to users of our
collaboratory in the future, it will need to be reintroduced with
freshly written configuration management anyway. The old configs and
documentation remain in our Git history should anyone wish to use
them as inspiration.
Once we are satisfied that we have disabled the inputs to firehose we
can land this change to stop managing it in config management. Once that
is complete the server can be removed.
We are going to cleanup firehose.openstack.org as it never really ended
up being used for significant things and we would need to rewrite the
puppet into ansible at this point. Before we cleanup the server ensure
that things are not talking to it.
The only thing I can find that externally talks to it is the subunit
workers. germqtt and lpmqtt run on firehose so will be cleaned out when
firehose goes away.
The OpenEdge cloud has been offline for five months, initially
disabled in I4e46c782a63279d9c18ff4ba2944c15b3027114b, so go ahead
and clean up lingering references. If it is restored later, this can
be reverted fairly easily.
It looks like we missed these in cleanups for the old puppet-managed
mirror-update server (I5f82139c981c2716f568b15b118690e943b02d52).
These are unused.
This is a follow-on to I60b40897486b29beafc76025790c501b5055313d to
switch the KDC servers to Ansible control and remove any related
Our Mailman site templates and similar content contain links to an
old openstack-security page on the foundation-run site which no
longer exists. Correct this to the OpenStack community's security
site, which should be much more stable.
All hosts are now running thier backups via borg to servers in
vexxhost and rax.ord.
For reference, the servers being backed up at this time are:
This removes the old bup backup hosts, the no-longer used ansible
roles for the bup backup server and client roles, and any remaining
bup related configuration.
For simplicity, we will remove any remaining bup cron jobs on the
above servers manually after this merges.
As noted inline, a recent mysql client update has broken the
"--all-databases" flag, at least for the client version and very old
server version we use.
Emperically, dumping individual databases still works with this
client. Switch this to stream the db directly into borg.
Ignore the old backups and remove the bup backup while we are here,
since this is all borg now.
Despite be deprecated, the ask server is our 3rd biggest backup. Even
though the site is R/O we're still backing up the fresh rotations of
the gzipped backups every day.
To reduce the incremental space requirements, move to our plain-text
streaming for the db backup. This just needs a file dropped in /etc;
see the backup-borg role README documentation. We do this in puppet
to avoid complexity adding this deprecated service to ansible. This
then excludes the on-disk db backup dir.
Drop the bup backups while we are here.
delimited using double quotation marks - using double quotation
2) The anchor was unproperly closed causing void anchor to appear.
This is clearly visible on the rendered page.
The mk-archives-index command is installed in /usr/local/sbin, so
add that to the path of the cronjob which calls it. Otherwise,
http://lists.opendev.org/archives.yaml is empty and engagement
statistics cannot be generated.
The hound project has undergone a small re-birth and moved to
which has broken our deployment. We've talked about leaving
codesearch up to gitea, but it's not quite there yet. There seems to
be no point working on the puppet now.
This builds a container than runs houndd. It's an opendev specific
container; the config is pulled from project-config directly.
There's some custom scripts that drive things. Some points for
- update-hound-config.sh uses "create-hound-config" (which is in
jeepyb for historical reasons) to generate the config file. It
grabs the latest projects.yaml from project-config and exits with a
return code to indicate if things changed.
- when the container starts, it runs update-hound-config.sh to
populate the initial config. There is a testing environment flag
and small config so it doesn't have to clone the entire opendev for
- it runs under supervisord so we can restart the daemon when
projects are updated. Unlike earlier versions that didn't start
listening till indexing was done, this version now puts up a "Hound
is not ready yet" message when while it is working; so we can drop
all the magic we were doing to probe if hound is listening via
netstat and making Apache redirect to a status page.
- resync-hound.sh is run from an external cron job daily, and does
this update and restart check. Since it only reloads if changes
are made, this should be relatively rare anyway.
- There is a PR to monitor the config file
(https://github.com/hound-search/hound/pull/357) which would mean
the restart is unnecessary. This would be good in the near and we
could remove the cron job.
- playbooks/roles/codesearch is unexciting and deploys the container,
certificates and an apache proxy back to localhost:6080 where hound
I've combined removal of the old puppet bits here as the "-codesearch"
namespace was already being used.
Create a mailing list for private coordination of security incidents
for the OpenDev Collaboratory. The intent is that this can be used
to share sensitive information between sysadmins and council members
in the event of any suspected breach. For the sake of transparency,
all information discussed on this list which can safely be made
public should also be communicated to the service-announce or
service-discuss mailing lists at the earliest opportunity.
The active releases according to  are octopus and nautlius. Remove
the old releases from our mirroring. This needs manual cleanup of the
jobs and volumes -- I will do this manually as this is mostly about
clearing out old things before moving the mirroring to Ansible.