Fix the reported stat name for the mirror playbook.
Run the mirror job in gate.
Set follow=false so that we're telling Ansible to set the perms
on the link rather than the target (which is the default).
Change-Id: Id594cf3f7ab1dacae423cd2b7e158a701d086af6
Tumbleweed is only rarely used in the openStack CI, so mirroring it
fully is not worth the time/space overhead. a caching proxy
should be good enough. Add it to the directories to clean up
and remove the older entries because they will no longer be
matching.
Change-Id: I987da098cf4a7330cdec8da9ae3cfbff2f330bf8
We ignore E006 which is line lenght longer than 79 characters. We don't
actually care about that. Fix E042 in run_all.sh this represents a
potential real issue in bash as it will hide errors.
This makes the bashate output much cleaner which should make it easier
for people to understand why it fails when it fails in check.
Change-Id: I2249b76e33003b57a1d2ab5fcdb17eda4e5cd7ad
This removes the groups servers from our inventory as well as our
manifests/modules. We don't run the groups service anymore as many
groups migrated to meetup.com independent of us and the others have
transitioned there.
Change-Id: I7cb76611e6d30e7189821923f36a38dec9ea7241
The current version wil now skip performing expensive operations
on unknown refs, so it is safe to push refs/notes and refs/changes
to gitea.
Change-Id: I8f08f3341e0ff603f8579870bd862b5fd6c5a9c1
The current gitea master has our change to avoid indexing extra
refs, so we can start replicating refs/changes and refs/notes to
it. It also fixes a bug we observed when viewing the index of
the starlingx/integ repo.
This also switches us back to the upstream repo, though since
we're using an intermediate commit, the version displayed in
the web ui will be "6eb53ac570ab9af51fc9cbd79f1db782edce57e0".
The docker entrypoint script has moved, so the Dockerfile is updated
to reflect that.
Change-Id: I47769fc1ca62a39122d96a1fc0c1bfc2caca6a4f
Per [1] ansible_date_time is NOT actually the date/time -- it is the
time cached from the facts. It seems this can not be changed because,
of course, things have started depending on this behaviour.
This is particuarly incorrect if you're using this as a serial number
for DNS and it is not incrementing across runs, and thus bind is
refusing to load the new entries in the acme.opendev.org zone during
letsencrypt runs, and the TXT authentication fails.
Use the suggested work-around in the issue which is an external call
to date.
[1] https://github.com/ansible/ansible/issues/22561
Change-Id: Ic3f12f52e8fbb87a7cd673c37c6c4280c56c2b0f
This is a bionic host, so requires this to run as it has no
/usr/bin/python. This is the same as the other bionic hosts, I just
forgot it.
Change-Id: Ifdd1df2fa83dd25dcc20596ce17e2f0c88279c62
I'm certain I copied this from somewhere out of date; it should be
"ensure" not "state" for puppet4
Change-Id: I18272db219a7d047bc58728b1d09355fd0100881
This has a few emergency local patches while we wait for them to
appear in an upstream release.
This updates the modified templates to match the changes in 1.8.0
upstream.
This also disables the oauth2 service, which is new in 1.8.0.
Without disabling this, gitea tries to generate a JWT secret and
write it to the file, which in our case is read only. If we want
to enable it, we need to add a new JWT_SECRET setting.
Change-Id: I969682bce6ff25b7614ce9265097307ee9cbc6cb
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
This is an initial host for testing opendev.org mirrors
Change-Id: I26b9ed1e21e2111f48bc7ecc384880c274eed213
Depends-On: https://review.opendev.org/660235
This impelements mirrors to live in the opendev.org namespace. The
implementation is Ansible native for deployment on a Bionic node.
The hostname prefix remains the same (mirrorXX.region.provider.) but
the groups.yaml splits the opendev.org mirrors into a separate group.
The matches in the puppet group are also updated so to not run puppet
on the hosts.
The kerberos and openafs client parts do not need any updating and
works on the Bionic host.
The hosts are setup to provision certificates for themselves from
letsencrypt. Note we've added a new handler for mirror nodes to use
that restarts apache on certificate issue/renewal.
The new "mirror" role is a port of the existing puppet mirror.pp. It
installs apache, sets up some modules, makes some symlinks, sets up a
cleanup cron job and installs the apache vhost configuration.
The vhost configuration is also ported from the extant puppet. It is
simplified somewhat; but the biggest change is that we have extracted
the main port 80 configuration into a macro which is applied to both
port 80 and 443; i.e. the host will have SSL support. The other ports
are left alone for now, but can be updated in due course.
Thus we should be able to CNAME the existing mirrors to new nodes, and
any existing http access can continue. We can update our mirror setup
scripts to point to https resources as appropriate.
Change-Id: Iec576d631dd5b02f6b9fb445ee600be060f9cf1e
