Currently the server ci-backup-rs-ord.openstack.org is not on
cacti. While there is a slight risk to the server adding cacti,
the port is already open so we are exposed to the risk without
the benefit. This patch adds the benefit.
Change-Id: Ia5823d73b65f120b725f53e5a6f3da9b68882b82
The old version of the puppet mysql module defined the "all" privilege
as all the columns in the *_priv rows in the "db" table of the "mysql"
database, which included "Grant_priv". The new version simply uses the
normal MySQL API, which defines the "all" privilege as "Grant all
privileges at specified access level except GRANT OPTION".
In order to get back the old behavior of grant permissions on single use
slaves we use the options parameter with ['GRANT'].
Change-Id: I93b9375de916ca701399aee03dfaa9ab4d197319
There are a few things that are run as part of run_all.sh that are
not logged into puppet_run_all.log - namely git cloning, module installation
and ansible role installation. Let's go ahead and do those in a playbook
so that we can see their output while we're watching the log file.
Change-Id: I6982452f1e572b7bc5a7b7d167c1ccc159c94e66
This reverts commit 925083544a688f630630bcfa88c6ab451c2c2c00.
Garbage collection in *Git* is not the same thing as garbage
collection in *Java*. We're seeing gerrit spend a lot of time in
*Java* garbage collection. We do not need to adjust *Git* garbage
collection for that.
Change-Id: Ica3cc603d9e0ed68efbb1c7606f3e7d67fddac3c
Add the Puppet OpenStack modules and their dependencies, if not already
installed, to modules.env.
Change-Id: If6247009ffcc478d5fc0b97db423ee5f8836f051
The organization changed name to remove ambiguity with puppetlabs
official community efforts.
https://voxpupuli.org/blog/2016/01/01/voxpupuli/
Change-Id: Ia5b7f6169dd783b9c6d006fd77d9018d98950877
This is the clouds.yaml file that gets used by the ansible openstack
inventory system. Setting use_hostnames to true indicates that
generally, our hostnames are expected to be unique, so ansible can
add them to the inventory based on their hostnames rather than their
uuids. In the case that we have more than one host with the same
hostname, ansible will still favor uuids.
This should cause our logs to be more readable as they will include
hostnames for most of the ansible actions.
Change-Id: Ie4c24317429a8f0ac59729a2065dfae7fc6679d9
We're specifying the accessDatabase and emailReviewers capabilities
in our Gerrit 2.11 All-Projects configuration "ACL" so document them
in the usual place.
Change-Id: I1235a8a1d9b9b579860f2d96641bacc99df409d8
The _ansible_ output (mostly consisting of puppet output) is now sent
to the puppet_run_all log file, but there is still quite a bit of
output from ancilary parts of the cron job that just gets sent in
email to infra-root every few minutes. Send it to a log file.
Change-Id: I1f382b2d376cbfc2eff430c897bd3737fd585373
This patch upgrades the mysql module version as well as upgrading the
usage of that module in openstack_project. This includes:
- upgrading the syntax to set the root password
- no longer setting bind_address anywhere since it defaults to 127.0.0.1
- upgrading the syntax to set the default storage engine using the new
override_options param
- upgrading the database and database_grant puppet resources to use the
mysql_database and mysql_grant types. These types were renamed and
are now more strict about how the title should look and what
parameters need to be specified rather than inferred from the title.
There is also no longer any reason to specify the 'mysql' provider
since they gave up on the generic database provider idea.
Changes to the system that we can expect:
- /etc/mysql/my.cnf will have its parameters reordered. The key_buffer
config parameter was renamed to key_buffer_size and the log_error
parameter was renamed to log-error. Default values haven't changed.
- The change in /etc/mysql/my.conf will trigger a mysql restart
- /root/.my.cnf now adds single quotes around the password value. This
won't change how mysql or the module reads the value, but puppet
will report the file as having changed.
This patch should not be merged until a downtime is prepared for the
paste and wiki services.
Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854
Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
Fix links to stackforge where content has moved to openstack now, adjust
links to use git.openstack.org instead of github.com since
git.openstack.org is our git master.
Fix also repo name, it's app-catalog.
Change-Id: Iec7cbe11bfc4e3536a0fee5fdc1e7d3e0c9cc321
We've moved the long list of channels for statusbot and meetbot (logging) into
the hiera/common.yaml file, updating the documentation accordingly.
Change-Id: I2337de6c82a24fabe0d428ba3a7f40c8d41a62c8
Puppet 4 from puppetlabs changed the default location of hiera.yaml. The
versions we run have the old location patched in, but let's put in the
value just to be complete.
Change-Id: I36ae190fc6758f297f3a48912f79871fd917c2e9
Currently openstack-meeting-cp is not in statusbot's reach. The
other meeting channels have access to statusbot's services. This
patch adds openstack-meeting-cp to statusbot's list of channels.
Change-Id: Id4a12de1bea8fd48f3d234f54e95c23697e83c97
Add an option to dynamically set the time interval for
"updatepuppetmaster" cron job. This will enable to tune the update
time interval differentially for different puppet masters, in
different environments, rather than setting them all to 15 min
hardcoded.
Change-Id: Ib71bbb2ff6be1576a45d6809beb1164c79328a60
Remove the local database management on paste.openstack.org now that
it's back to running with a remote Trove database again.
This reverts commit b7e352cc86bb850fa1c4d6b74253e5450165afa2.
Change-Id: I7b8513b427395f610b23e3f226109ea954ee210b
Now that we've determined how to adjust Trove configuration
parameters to override extremely short default connection timeouts
imposed by our provider, switch back to using a remote database for
the loggeit installation on paste.openstack.org.
This reverts commit 8cad8d737f3a53650159ab7c00cb8e3b4649e2fb.
Change-Id: I7f172b2b4f09703f1360aff0b1fef902fc935067
We are seeing that Gerrit is spending a lot of time garbage collecting,
possibily because the JVM is starting the garbage collection too late
and thus trying to garbage collect too much. This change schedules the
garbage collection daily which will allow Gerrit to garbage collect
in smaller chunks. Hopefully this will help maintain Gerrit performance.
Garbage collection recommendations from Collabnet[1]:
"Running JGIT gc frequently is crucial for good fetch/push performance
as well as smooth source code browsing".
[1] http://tinyurl.com/q2aw6ba
Change-Id: If9f5d5879cffc5c6349166a70b4e00429b59576b
depends-on: I73166de7008ceb42db3db4a8b22fb6e9c94e790d
We are seeing Gerrit spending lots of time garbage collecting due
to low memory. Increase the memory to help avoid this problem.
Memory recommendations from Collabnet[1]:
"You should have at least <#Cores> GB size heap allocated for Gerrit.
The largest repository on disk should fit in 1/4 of your heap. 32 GB
per 1M daily requests is pretty common".
[1] http://tinyurl.com/q2aw6ba
Change-Id: I67adb239bcb689c2b8764047fd1afefe38911c70
