Thats a minor repo, and normally entirely empty. We should
be able to ignore syncing issues and still release the rest
of the AFS store successfully.
Change-Id: I96516cb8fef6ea1bdd0cf53799202e365b46142c
This is designed to run on bridge.o.o and give us an overview of the
last few ansible cron runs so we can see if there are issues.
Change-Id: I1b23cac74272af891d0b29963dc943bd54128664
Deployment of the nodepool cloud.yaml file is currently failing with
FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'rackspace_username' is undefined"}
This is because the variables in the group_vars on bridge.o.o are all
prefixed with "nodepool_". Switch to this.
Change-Id: I524cc628138d85e3a31c216d04e4f49bcfaaa4a8
It's definitely not a priori evident what all these configs that seem
to duplicate each other do; add some inline documentation to each to
hopefully explain what's going on a little more clearly for people
unfamiliar.
Change-Id: I0cc2e8773823b7d9b47d3dfd4c80827cd9929075
Add a logrotate role that allows basic configuration of a logrotate
configuration for a specific log-file.
Use this role in the ansible-cron and install-ansible roles to ensure
the log output they are generating is rotated.
This role is not intended to manage the logrotate package (mostly to
avoid the overhead of frequently checking package state when this is
expected to be called for multiple configuration files on a server).
We add it as a base package to our servers.
Tests are added for testinfra.
Change-Id: I90f59c3e42c1135d6be120de38e942ece608b761
20 is working fine with plenty of ram/cpu to spare, increase to 50
to attempt to speed up the runtime.
The environment variable should be used by default, but the "-f"
option will override that, in the one case where we need it.
Change-Id: Ie6a1d991a346702ec58cd716b0b94af5c93554ac
Package is the generic way of using package managers in Ansible. This
will be a noop.
Don't use loops for package managers, since we are able to pass lists of
packages. This will reduce the number of tasks ansible will do.
Change-Id: If7988ba81a6bf851d1b5ec9db6888ba9509ed788
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This manages the clouds.yaml files in ansible so that we can get them
updated automatically on bridge.openstack.org (which does not puppet).
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Depends-On: https://review.openstack.org/598378
Change-Id: I2071f2593f57024bc985e18eaf1ffbf6f3d38140
We have made some mirror config changes that are not being deployed here
because we have disabled puppet on this node. I do not think we need to
disable puppet here so go ahead and reenable it.
Change-Id: If7da76d24ea64db3c038bc60f64fa39a4f5f6f72
Now that we've retired the old puppetmaster server and moved the
master keychain to the new bridge server we're faced with a much
newer release of GnuPG. This change updates various commands to
their modern option equivalents and attempts to adjust the sample
output to more closely resemble what administrators will see when
following the process.
Change-Id: Ic5eaa646786c2b7fa9ade9e42026f9ea5be40c56
In order to talk to limestone clouds we need to configure a custom CA.
Do this in ansible instead of puppet.
A followup should add writing out clouds.yaml files.
Change-Id: I355df1efb31feb31e039040da4ca6088ea632b7e
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Create a parent run job and inherit from it. This reduces duplicate
'run' parameters, and corrects the omission of run-post from the
eavesdrop job.
Change-Id: Ib2a21b7190bf3611972097d6db545989cd54b3d4
Add a job which runs testinfra for the eavesdrop server. When we
have a per-hostgroup playbook, we will add it to this job too.
The puppet group is removed from the run-base job because the
groups.yaml file is now used to construct groups (as it does
in production) and will construct the group correctly.
The testinfra iptables module may throw an error if it's run
multiple times simultaneously on the same host. To avoid this,
stop using parallel execution.
Change-Id: I1a7bab5c14b0da22393ab568000d0921c28675aa
This adds a group var which should normally be the empty list but
can be overridden by the test framework to inject additional iptables
rules. It's used to add the zuul console streaming port. To
accomplish this, the base+extras pattern is adopted for
iptables public tcp/udp ports. This means all host/group vars should
use the "extra" form of the variable rather than the actual variable
defined by the role.
Change-Id: I33fe2b7de4a4ba79c25c0fb41a00e3437cee5463
And collect it on post, it is helpful to see the results.
Change-Id: I0dbecf57bf9182168eb6f99cdf88329fcdeb1bdc
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Switch to etherpad-lite 1.7.0 in production prior to the PTG. This
version brings a couple more security fixes since 1.6.6 and also
fixes the bullet list authorship misattribution bug. See
https://github.com/ether/etherpad-lite/blob/1.7.0/CHANGELOG.md for a
summary of changes. The version of NodeJS we're using now should
meet the minimum requirements (but will need to be updated prior to
the next etherpad-lite release). This version is the one currently
served from etherpad-dev.openstack.org and can be tested there as
desired.
Change-Id: If52d1b1c3dc33da56133ccb5e6adf33ebd3d2428
releasestatus is not used since December 2015, see
https://review.openstack.org/#/c/254817/ .
We can remove the disablement of releasestatus now.
Change-Id: I0c8f5f45463d563dcd6aff8135cc86091e0aa19c
We do not use pypi-mirror anymore, there's also no usage of pypimirror
in jeepyb. Remove the now obsolete module.
Related change: https://review.openstack.org/597370/
Change-Id: I13423bf55eac57da18449852e2102c9633d595bb
Talking to clarkb, it was decided we can remove this logic in favor of
having ansible-role-puppet push system-config and modules to the remote
nodes.
Change-Id: I59b8a713cdf2b4c1fede44e977c49be5e8cc08fa
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
