We're wanting to more properly set permissions on the ansible puppet
role manifest dir. This ends up setting mode 0755 with ownership of
root:root on the dir. As a result sudo is necessary to move these
contents later.
Change-Id: I6b6aa79e8e8b63f4665679ab183a8551f0dd521e
bup is going crazy and filling the disk when making its backups. We
have moved this into the borg backup group and run some backups, so
rather than spending time debugging this, we are just going to disable
bup on the server.
Change-Id: I1daad4eb05f8222131dc84c12577dec924874466
The database dumps are ~3gb each, so are starting to fill up the disk.
Reduce on-disk rotations to 2 and rely on remote backups more.
Change-Id: Ie8fc8fd7c4c36ca37e6813104f4c711ea55186ab
testinfra was project moved and renamed at the same time. Only
the package name was renamed, the module installed is still the same
testinfra and there are no known side effects.
Change-Id: If041f61ba00c8fb8d2d52e07654283d3c4a238f0
Backups have been going well on ethercalc02, so add borg backup runs
to all backed-up servers. Port in some additional excludes for Zuul
and slightly modify the /var/ matching.
Change-Id: Ic3adfd162fa9bedd84402e3c25b5c1bebb21f3cb
The gerrit 2.16 and 3.0 releases have been updated. Bump the plugin
versions to match which will rebuild those images on top of the latest
releases.
Change-Id: Icabb786560c71ac664aaadc0c0518a426e7f3392
Currently the http site redirects to https://grafana01.opendev.org
which is a bit confusing. Change this to redirect to the CNAME
grafana.opendev.org.
Change-Id: I174ce06af036a8f74ace6b4d95edaaf85f63fa27
Add the FUSE dependencies for our hosts backed up with borg, along
with a small script to make mounting the backups easier. This is the
best way to recover something quickly in what is sure to be a
stressful situation.
Documentation and testing is updated.
Change-Id: I1f409b2df952281deedff2ff8f09e3132a2aff08
The ssh config and cron job will overwrite each other when we have
multiple backup servers.
Ensure the markers are different.
Change-Id: I1736fa9c72c90a357b2229bc86c33b33a2bb321c
The rdnc reload should notify the child nameservers which will update
quickly, but for general sanity pause 1 minute to allow for
propagation of the added authentication records before continuing.
Change-Id: Ic0f9398e056df77c96824eff8215395947997d82
As done for ORD, see Ic1e64a9f0de7bca2659404243d3a004b70888e89
Change-Id: I01a0d259abfed00745dd4cf5957ee3cfd14b9449
Depends-On: https://review.opendev.org/760493
The config should use the full path to the config directory, append
/etc/reprepro to the job.
Currently all the reprepro jobs hash to the same start time because it
uses the hostname as a seed. Use the unique string name as the seed
so each job starts at a unique time.
Change-Id: If2745d0cd274f390dbff6337b7a44093b5919908
Our Gerrit admins follow this model of access management now, in
order to shield Administrators permission from external identity
provider risks.
Change-Id: I3070c28c26548d364da38d366bfa2ac8b2fb4668
We don't need a duplicate name, we need a mirror-int.ord.rax.opendev.org
name. I think this was copy pasting failure. Simple fix.
Change-Id: Ibe079da6d9393d30e8a664cc67355336d27105e4
Logs show that the nameservers are being notified via ipv6 and
rejecting the request:
nsd[18851]: notify for acme.opendev.org. \
from 2001:4800:7819:104:be76:4eff:fe04:43d0 refused, no acl matches.
Modify the nsd ACL to allow the ipv6 of the master to trigger updates.
This is important for the letsencrypt process, where we need the
acme.opendev.org domain updated in a timely fashion so that TXT
authentication works.
Change-Id: I785f9636dd05e15b8ffd211845f439be7e8344a3
This converts the reprepro mirror script to use the common functions
for timestamps and vos release. This function ssh's to the AFS server
and runs vos release directly there, avoiding many issues with
kerberos timeouts. This has been working successfully for the rsync
mirrors. This will also send stats back so we can keep an eye on the
timing.
Change-Id: I1be29f2d9ecaad03b22c87819e5ae8d16c4f177e
These volumes were removed with
I050f737521fa6837f3b6b52b8028a839a29f7bd2 but I forgot to remove them
from this list.
Change-Id: I6b7f4a3aef55627d523eca2183379dff15554046
