We want to trigger ansible runs on bridge.o.o from zuul jobs. First
iteration of this tried to login as root but this is not allowed by our
ssh config. That config seems reasonable so we add a zuul user instead
which we can ssh in as then run things as root from zuul jobs. This
makes use of our existing user management system.
Change-Id: I257ebb6ffbade4eb645a08d3602a7024069e60b3
Ansible task execution can be a bit slow - so the noop case where
we don't end up doing anything can still be costly. Instead, put
the when on the loop call, which will apply to each iteration of
the loop, not running the loop itself. This way we should only
include_tasks if we need to.
In order for the utility playbook to keep working, we also run all
of the iterations of the loop if gitea_always_update is true. This
will make a sync run take a long time but be comprehensive.
Change-Id: Ib60c736d46d8253e603de097eb80bc84b3366310
We normally only do project settings when we create the project.
Add a playbook we can use to do a manual sync from project-config.
Change-Id: I5260f2de697420a01d796acc3128be00705a53ee
This is 404ing. It's not strictly needed for the moment, let's
come back to it.
This reverts commit 266b2dd3fc4bcbe2416f77f34540705a6ba6cdde.
Change-Id: Id9ab3c233753025d7a01eb4664ecee6d102bbf19
If, for some reason, a repo gets created via gerrit replication
instead of via the api, the default branch setting can be incorrectly
inferred. While we're setting things, just set master to be the default
branch everywhere.
Change-Id: I388afe670221bd8ec28fbba71041ab460e66411b
This uses the form post approach also used in repo renaming. There
is no official REST API for this yet, so the form post values were
taken from what the web ui does.
We should submit a patch upstream to get an actual api call for this.
Run it idempotently, submitting the settings for every repo every time.
Change-Id: I9265837039df962e85f11d16419e043fb9a56ff8
We are currently attempting to create repos which already exist. This
fails.
The reason for this is we set the gitea_org_repos fact for each org
overriding the last org. This means only the last org processed has any
projects in this list. We then check against this list when creating
projects so that we only create projects if they aren't in the list.
Meaning any project for repos not in the last org attempts to get
recreated.
We can address this by keeping a global list of repos regardless of org
then checking against that.
An alternative solution would be to process projects for each org
separately. Or to have gitea give us the global list so we don't have to
build it ourselves.
Change-Id: Id9a480634918dad2160a4e040a41ce6226ae67d8
Switch to a heredoc for the gitea sql_statement so that we don't have to
figure out multiple levels of "" quoting.
Change-Id: I734640936a9d15d03026fc3b05b5fbc221957b94
Go ahead and actually clone project-config on bridge, because
we're going to read the projects.yaml file with a lookup. Because
it's a local action, not a remote action.
Change-Id: I77454bcb10b797ce5b48018caef7fecb31947b97
We need to make sure repos are created in gitea before gerrit so
that we can safely create to gerrit and have it replicate.
Change-Id: If3efc7ed0d7995f1ef6f52cd2eefb9260193e020
Story: 2004627
Task: 29703
When we're booting boot-from-volume servers and there are errors,
we leave the root volume around. Clean up after ourselves.
Change-Id: I6341cdbf21d659d043592f92ddf8ecf6be997802
We have replaced health.openstack.org with health01.openstack.org
(CNAMEd to by health.openstack.org). Remove reference to the old server.
Note that this updates references to health01.openstack.org to use the
full openstack.org to make it clear that this is not an opendev service.
Change-Id: Ifa21dc4a82258974857da2a843f67c5234736c47
This adds a script that will wrap emacs with gpg-agent when editing the
secrets file. This avoids issues with rogue gpg-agents running on the
system.
Change-Id: Ic3cc73b5c25eab2ede41d8ca05b5695b817973d9
This is a new Xenial server to replace our old Trusty server. Note we
keep this server in the openstack domain as it is a fairly openstack
specific service in its current setup.
Change-Id: Ie1f068847f22ddabc52b3e9203a790c2ac17ae20
When launching a new server we should make sure that all available
package updates are installed before we reboot the server. This way we
get available security updates applied to things like our kernel.
This change adds a new playbook that runs the unattended-upgrade command
on debuntu servers. Will need to add support for other platforms in a
followup change.
Change-Id: Idc88dc33afdd209c388452493e6a7f5731fa0974
This reverts commit 0cddc2ae9b23a6d44ff6e0761c70126dc0923970.
This server is going to remain in the openstack.org domain.
Change-Id: I0d5a4f1e07d9782085bdbe875f466c564b1c681c
This is necessary for the proper group lookup of heira data to happen
from the puppet side of the config. The ansible side is already
configured properly via inventory/groups.yaml.
Change-Id: I8ceb6733c2052a7cf29a344a12ab7312e8739191
