Now that we're retiring the third-party-ci-announce mailing list,
which we never really used consistently anyway, just tell
third-party CI operators to make sure the E-mail address on their
account is current and reachable.
Change-Id: I6186149de25b06f2982702143a807de8bb01be73
In preparation for retiring a number of mailing lists from
lists.openstack.org which have had no activity for over three years,
remove their configuration so our deployment automation won't
recreate them once they're gone. Also remove references to the
third-part-announce list in our documentation, since that's one of
the unused lists we're removing. See the announcement at
http://lists.openstack.org/pipermail/openstack-discuss/2022-February/027404.html
for details.
Change-Id: Ieedd8613363039d19d3ae47f1a83a38747419bdc
The status.openstack.org server is offline now that it no longer
hosts any working services. Remove all configuration for it in
preparation for retiring related Git repositories.
Also roll some related cleanup into this for the already retired
puppet-kibana module.
Change-Id: I3cfcc129983e3641dfbe55d5ecc208c554e97de4
The openstack health server was removed but cleaning up its groups was
missed. Fix this by removing the group from our ansible configs.
Change-Id: I84fdf290e359609fc0854719fa9ecb032c7ea254
I think this was overlooked in the removal of the ELK stack with
I5f7f73affe7b97c74680d182e68eb4bfebbe23e1, the repo is now retired.
Change-Id: I87bfe7be61f20a7c05c500af4e82b787d9c37a8c
As an overall clean-up effort to free space on our mirror volumes,
stop mirroring source packages for the ubuntu package repository.
According to codesearch, no jobs in our system add deb-src lines for
it so this should be entirely safe. It also won't take effect
immediately, and will require a manual step to prune the old
packages from the filesystem once this configuration update has
deployed.
Change-Id: Ie2aa6bdf43721c9ceacea54f7f5bc928883287a7
As an overall clean-up effort to free space on our mirror volumes,
stop mirroring source packages for the various debian-docker-*
repositories. Note that this should be a no-op as those repositories
don't appear to provide source packages anyway.
Change-Id: I51c723782c7aa08dc29c839b8e46c2dd6d8c8d41
Our CI jobs generally don't make use of source packages, and because
pulling them requires a separate line in sources.list anyway any
jobs which want them can add an official mirror source easily.
Remove from the configured architectures list in ubuntu-ports
initially, since ARM jobs are even less likely to be impacted by
this due to their scant number and limited frequency. This will
allow us to evaluate the fallout and determine whether manual
cleanup is needed afterward.
Change-Id: Ib647b6733529d965fa9caa92ad4d123639510083
We're trying to start mirroring Ubuntu 22.04 LTS packages, and their
indices are now signed with the 2018 Archive Signing Key which we
haven't yet imported. Add it.
Change-Id: I88cabf8a703ef0086e58b8f6cd65bf54321f7998
This update brings a number of bugfixes. The most visible to us is it
should fix partial clones for older clients. This means we can reenable
partial cloning again. Note that we have testing of partial clones which
should detect if this is working for us.
There are no template diffs for the three template files we override
between 1.16.5 and 1.16.6. The release notes can be found at:
https://github.com/go-gitea/gitea/blob/v1.16.6/CHANGELOG.md#1166---2022-04-20
Change-Id: Ie5b6a3bcd73f135fe8914b55896a3a428a41dccc
This started as an effort to clean up our mirroring of stretch packages.
It appears that the stretch content in our mirrors isn't actively
mirrored at this point and needs to be manually cleaned up. But while I
was looking in the config management i noticed that we still configure
jessie and stretch gpg keys which I don't think are necessary either.
Remove them.
Note the key fingerprint values were swapped around in our _keys dicts,
but the file content appears to have been correct for each of the keys.
We swap the key fingerprints around so that everything makes sense
again.
To confirm the key file content is correct:
$ gpg --show-keys playbooks/roles/reprepro/files/keys/debian-bullseye-security.asc
gpg: directory '/home/clark/.gnupg' created
gpg: keybox '/home/clark/.gnupg/pubring.kbx' created
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC530D520F2F3269F5E98313A48449044AAD5C5D
uid Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
$ gpg --show-keys playbooks/roles/reprepro/files/keys/debian-bullseye.asc
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
And compare to the values published by debian:
https://ftp-master.debian.org/keys.html
Change-Id: If5d710051b03024512667a8cb9498320b88f5b33
We build our own images from scratch using yum/dnf and don't rely on the
isolinux/ or images/ content. Clean this up from our mirrors to reduce
their size and time to sync.
Change-Id: Ifa47c8ae1f3a080e69e4c00b0c2ef38f4094e1a2
This removes debug and non-oss packages from our opensuse mirrors. These
shouldn't be needed by any jobs so we don't need to mirror them. The
goal here is to reduce overall disk consumption where possible.
Change-Id: Ic48f421e8e7cf7bae039b68b8ed3bc2a5c8e278b
We don't have CentOS 7 arm64 test instances so we remove the aarch64
packages for CentOS 7. Additionally we remove unneeded source and
alternative arch packages from Epel for CentOS 7 and 8.
Change-Id: I8b5c6906c2ce698a02b794e635e8f8ba613c0fef
Our python builder's assemble script was used as guidance for building
wheels to workaround git's new permission checking behavior. When it was
called out that setup.py is deprecated and using `build` would be better
we decided that using setup.py was fine since all our images currently
use it.
Now that we've cleaned up our old buster images and python3.7 it is the
perfect time to update to modern python build tooling as well. Update
the assembel script to use `build` instead of setup.py.
As far as I can tell `build` maintains the old setup.py behavior of
emitting artifacts to the output directory separate of any dependency
packages that may have been pulled down to build the package. As the old
comment indicates this behavior is desireable.
It may also be worth testing this update against Zuul and other
relatively complicated python packages to ensure we haven't changed
behavior in some unexpected way.
Change-Id: Ib2a7335219842413e507c0593ceed187819d83b3
Now that we've cleaned up the old unused images we can look forward to
new Python. Add Python 3.10 base images based on Bullseye.
As part of this process we update the default var values in our
Dockerfiles to set Bullseye and Python3.10 as our defaults as these
should be valid for some time. We also tidy up some yaml anchor names to
make future copy and paste for new versions of images easier to perform
text replacement on.
Change-Id: I4943a9178334c4bdf10ee5601e39004d6783b34c
Everything is running on 3.8 or newer which should allow us to remove
the 3.7 images. This reduces the total set before we add python3.10
images and acts as good cleanup.
Change-Id: I2cc02fd681485f35a1b0bf1c089a12a4c5438df3
We've moved onto bullseye for just about everything at this point. It is
possible there are stragglers and the removal of these jobs should flag
them if their dependencies and requirements are set properly. Otherwise
they'll continue to pull the historical builds on docker hub. Either way
we'll either shake them out or they will continue until they can move to
bullseye.
We remove these in preparation for adding python3.10 images which don't
make sense for buster and our total image catalog is getting large
enough that successfully building and promoting this entire set is
getting problematic. A bit of spring cleaning on what we can commit to
before we commit to some new stuff.
Depends-On: https://review.opendev.org/c/opendev/gear/+/838402
Depends-On: https://review.opendev.org/c/opendev/storyboard/+/838403
Change-Id: I58c4d314ca4f4be3f1e17ec267a4c324cabf0c2a
Refstack is running python3.9 jobs now and they appear to be passing.
Update our image to python3.9 so that we are consistently using
python3.9 in as many locations as possible. Maybe one day we can drop
the 3.7 and 3.8 image builds too.
Change-Id: Iadb84f8f3756fe717ab6bcda0303bc23ff69ad6d
We don't use buster images anymore for anything. Update our dependency
on buster indicators to up to date and current bullseye dependencies.
Change-Id: I8da237559e074ae3d44be1dde8ffb7da89104d4f
We indicated to the OpenStack TC that this service would be going away
after the Yoga cycle if no one stepped up to start maintaining it. That
help didn't arrive in the form of OpenDev assistance (there is effort
to use OpenSearch external to OpenDev) and Yoga has released. This means
we are now clear to retire and shutdown this service.
This change attempts to remove our configuration management for these
services so that we can shutdown the servers afterwards. It was a good
run. Sad to see it go but it wasn't sustainable anymore.
Note a follow-up will clean up elastic-recheck which runs on the status
server.
Depends-On: https://review.opendev.org/c/opendev/base-jobs/+/837619
Change-Id: I5f7f73affe7b97c74680d182e68eb4bfebbe23e1
The openstack health service is being shutdown and retired. That
services was the only service that relied on the subunit2sql workers.
This means we can shutdown and retire the subunit2sql workers. This is
one step of that process.
Change-Id: Ibd02faaeba888dfcd1f512f4dd3a7d768497fc16
This was missed in the previous change that removes config management
for these servers. Additionally these servers are offline and in the
emergency file so we should go ahead and remove them from the inventory.
A followup change will remove config management for the subunit workers.
Change-Id: Ic8ecee9f459385fa4de54c5050f0eb8766158368
Git was recently updated to fix a security issue that prevents git from
operating on a repo as userA if the repo is owned by userB. In our gitea
tests we use our local zuul repo clone of system-config to push back
into gitea to get some real content into gitea. We were operating as
root but zuul owns that repo. Update the commands to run as zuul to
workaround the git error.
Change-Id: I87105bae4bdd69465cce4d5bc412241dc1c88623
