3.4.5 is a fairly minor update. Some bugs are fixed and jgit is updated.
3.4.5 release notes:
https://www.gerritcodereview.com/3.4.html#345
3.5.2 is a bigger update and important adds support for being able to
upgrade to 3.6.0 later. There is a new copy-approvals command that must
be run offline on 3.5.2 before upgrading to 3.6.0. This copies approvals
in the notedb in a way that 3.6.0 can handle them apparently. The
release notes indicate this may take some time to run. We don't need to
run it now though and instead need to make note of it when we prepare
for the 3.6.0 upgrade.
3.5.2 release notes:
https://www.gerritcodereview.com/3.5.html#352
For now don't overthink things and instead just get up to date with our
images.
Change-Id: I837c2cbb09e9a4ff934973f6fc115142d459ae0f
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
I think this was overlooked in the removal of the ELK stack with
I5f7f73affe7b97c74680d182e68eb4bfebbe23e1, the repo is now retired.
Change-Id: I87bfe7be61f20a7c05c500af4e82b787d9c37a8c
Now that we've cleaned up the old unused images we can look forward to
new Python. Add Python 3.10 base images based on Bullseye.
As part of this process we update the default var values in our
Dockerfiles to set Bullseye and Python3.10 as our defaults as these
should be valid for some time. We also tidy up some yaml anchor names to
make future copy and paste for new versions of images easier to perform
text replacement on.
Change-Id: I4943a9178334c4bdf10ee5601e39004d6783b34c
Everything is running on 3.8 or newer which should allow us to remove
the 3.7 images. This reduces the total set before we add python3.10
images and acts as good cleanup.
Change-Id: I2cc02fd681485f35a1b0bf1c089a12a4c5438df3
We've moved onto bullseye for just about everything at this point. It is
possible there are stragglers and the removal of these jobs should flag
them if their dependencies and requirements are set properly. Otherwise
they'll continue to pull the historical builds on docker hub. Either way
we'll either shake them out or they will continue until they can move to
bullseye.
We remove these in preparation for adding python3.10 images which don't
make sense for buster and our total image catalog is getting large
enough that successfully building and promoting this entire set is
getting problematic. A bit of spring cleaning on what we can commit to
before we commit to some new stuff.
Depends-On: https://review.opendev.org/c/opendev/gear/+/838402
Depends-On: https://review.opendev.org/c/opendev/storyboard/+/838403
Change-Id: I58c4d314ca4f4be3f1e17ec267a4c324cabf0c2a
Refstack is running python3.9 jobs now and they appear to be passing.
Update our image to python3.9 so that we are consistently using
python3.9 in as many locations as possible. Maybe one day we can drop
the 3.7 and 3.8 image builds too.
Change-Id: Iadb84f8f3756fe717ab6bcda0303bc23ff69ad6d
We don't use buster images anymore for anything. Update our dependency
on buster indicators to up to date and current bullseye dependencies.
Change-Id: I8da237559e074ae3d44be1dde8ffb7da89104d4f
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
Upload is based on build, since it builds and uploads for the
gate. This means we need to add the mirror here too, so that we're
installing docker from the deb mirror.
We convert to https at the same time for both jobs.
Change-Id: Ie1ff253e6cfc3e666a4e6be919a08f3a5d041319
This was running on all group var updates but we only need to run it
when refstack group vars update. Change the file requirements to match
the refstack.yaml group file to address this.
Change-Id: Id5ed4b65c1ed6566696fea9a33db27e9318af1a6
This plugin was updated to accomodate the ${hash} substition in gerrit
gitweb weblinks. We now need this updated version to build Gerrit
successfully but there is no tag for it yet. Just use the branch to
address this.
Change-Id: I4b0fd4ac845cc4289f78aacfa536db4185f12d38
The dependent change enables the "detect-ref" option of hound, which
looks at the remote origin HEAD and indexes on that. That should
allow indexing of our mixed repos that have a mix of "master" and
"main".
Add cirros to the test, which should exercise this path, and take some
screenshosts because this a js/react app and just a "curl" doesn't
help.
Change-Id: I1850577c63566b594f9730f5b8f0bc10b07ff7e4
Depends-On: https://review.opendev.org/c/opendev/jeepyb/+/830919
We have validated that the log encryption/export path is working, so
turn it on for all prod jobs.
Change-Id: Ic04d5b6e716dffedc925cb799e3630027183d890
Based on the changes in I5b9f9dd53eb896bb542652e8175c570877842584,
enable returning encrypted log artifacts for the codesearch production
job, as an initial test.
Change-Id: I9bd4ed0880596968000b1f153c31df849cd7fa8d
Our production jobs currently only put their logging locally on the
bastion host. This means that to help maintain a production system,
you effectively need full access to the bastion host to debug any
misbehaviour.
We've long discussed publishing these Ansible runs as public logs, or
via a reporting system (ARA, etc.) but, despite our best efforts at
no_log and similar, we are not 100% sure that secret values may not
leak.
This is the infrastructure for an in-between solution, where we
publish the production run logs encrypted to specific GPG public keys.
Here we are capturing and encrypting the logs of the
system-config-run-* jobs, and providing a small download script to
automatically grab and unencrypt the log files. Obviously this is
just to exercise the encryption/log-download path for these jobs, as
the logs are public.
Once this has landed, I will propose similar for the production jobs
(because these are post-pipeline this takes a bit more fiddling and
doens't run in CI). The variables will be setup in such a way that if
someone wishes to help maintain a production system, they can add
their public-key and then add themselves to the particular
infra-prod-* job they wish to view the logs for.
It is planned that the extant operators will be in the default list;
however this is still useful over the status quo -- instead of having
to search through the log history on the bastion host when debugging a
failed run, they can simply view the logs from the failing build in
Zuul directly.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/828818/
Change-Id: I5b9f9dd53eb896bb542652e8175c570877842584
This should act as a sanity check that the puppet modules that we are
planning to retire are not used. The jobs updated here run puppet noop
applies and should confirm we don't have transitive needs for this
modules.
Change-Id: Ie4c7b809b22e9bded65a17876a9eb98195fc8910
This triggers the test job on changes to any gitea.* roles, including
gitea-lb which wasn't included before.
It also removes the letescrypt job as a soft dependency from the lb
jobs since that is not strictly necessary.
Change-Id: Ie5bcd4d8215bb14d939dddf3e20d3173ccc0acdc
We removed the promote jobs for Gerrit 3.3 images but left them in place
as infra-prod-service-review dependencies. Fix that by updating the
infra prod job dependencies to the job for Gerrit 3.4 image promotion.
Change-Id: If2277799db91ea61aaffafb600f403531a0fb562
This reenables Gerrit upgrade testing but tests the 3.4 to 3.5 upgrade
now. Note this may need some work to get happy once we have 3.5 images
which is why we've split it out into a separate change.
Change-Id: Ibbbd3f98ac2df8d99d4ffda57df59f4a47da3cd3
This will build gerrit 3.5 images and run it through our standard Gerrit
testing. Upgrade testing from 3.4 to 3.5 to follow in followup changes.
Change-Id: I76d0389d1455e62b242aad1926b3a09830301801
We've upgraded to 3.4 and don't appear to be reverting. Remove the 3.3
images as they are no longer needed.
Note we comment out the review upgrade testing jobs until we have 3.5
images building.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/827562
Change-Id: I0e3cb81b790ab06c690ed0245526e4f47911c584
We dropped making our own grafana container with with
If0d584f848f213aeea385885e3decfaee6303de5, so we don't need this job
any more.
Change-Id: Ide212f25cda6d25e5cc31b0e8d2a65f3759bafdd
Instead of building a local grafana image with grafyaml installed,
use the plain upstream grafana image along with the newly created
separate opendev grafyaml image to run the dashboards.
Depends-On: https://review.opendev.org/780119
Change-Id: If0d584f848f213aeea385885e3decfaee6303de5
Zuul