Merge "mirror-update: update docs for mirror-update.opendev.org"

doc/source/afs.rst

@@ -26,10 +26,15 @@ At a Glance
   * afs01.dfw.openstack.org (a fileserver in DFW)
   * afs02.dfw.openstack.org (a second fileserver in DFW)
   * afs01.ord.openstack.org (a fileserver in ORD)
+  * mirror-update.openstack.org (host running legacy mirror update jobs)
+  * mirror-update01.opendev.org (host running mirror update jobs)
 :Puppet:
   * https://opendev.org/opendev/puppet-openafs
   * :git_file:`modules/openstack_project/manifests/afsdb.pp`
   * :git_file:`modules/openstack_project/manifests/afsfs.pp`
+:Ansible:
+  * :git_file:`playbooks/service-mirror.yaml`
+  * :git_file:`playbooks/service-mirror-update.yaml`
 :Projects:
   * http://openafs.org/
 :Bugs:
@@ -321,7 +326,7 @@ In order to establish a new mirror, do the following:
 
 * The following commands need to be run authenticated on a host with
   kerberos and AFS setup (see `afs_client`_; admins can run the
-  commands on ``mirror-update.openstack.org``).  Firstly ``kinit`` and
+  commands on ``mirror-update.opendev.org``).  Firstly ``kinit`` and
   ``aklog`` to get tokens.
 
 * Create the mirror volume.  See `Creating a Volume`_ for details.
@@ -381,14 +386,14 @@ read-write volumes.
     kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG
     kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG
 
-* Add the service principal's keytab to hiera.  Copy the binary key to
+* Add the service principal's keytab to Ansible secrets.  Copy the
-  ``bridge.openstack.org`` and then use ``hieraedit`` to update
+  binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to
-  the files
+  update the files
 
   .. code-block:: console
 
     root@bridge:~# /opt/system-config/tools/hieraedit.py \
-      --yaml /etc/ansible/hosts/host_vars/mirror-update.openstack.org.yaml \
+      --yaml /etc/ansible/hosts/host_vars/mirror-update01.opendev.org.yaml \
       -f /path/to/foo.keytab KEYNAME
 
   (don't forget to ``git commit`` and save the change; you can remove
@@ -398,8 +403,12 @@ read-write volumes.
 
     cat /path/to/foo.keytab | base64
 
-* Add the new key to ``mirror-update.openstack.org`` in
+* Ensure the values in this new variable are written to disk as the
-  ``manifests/site.pp`` for the mirror scripts to use during update.
+  keytab on ``mirror-update.opendev.org`` by adding it to the
+  ``mirror-update`` role for the mirror scripts to use during update.
+  You should check this with ``testinfra`` in
+  ``testinfra/test_mirror-update.py`` (note this involves defining a
+  "dummy" keytab for testing; see the other examples).
 
 * Create an AFS user for the service principal::
 
@@ -437,7 +446,7 @@ membership if our needs change.
 Because the initial replication may take more time than we allocate in
 our mirror update cron jobs, manually perform the first mirror update:
 
-* In screen, obtain the lock on ``mirror-update.openstack.org``::
+* In screen, obtain the lock on ``mirror-update01.opendev.org``::
 
     flock -n /var/run/foo-mirror/mirror.lock bash