opendev/system-config
Code Issues Proposed changes

Merge "mirror-update: update docs for mirror-update.opendev.org"

Browse Source
This commit is contained in:
Zuul 2019-07-18 20:54:03 +00:00 committed by Gerrit Code Review
commit 40c53a796a
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
doc/source/afs.rst
View File

@ -26,10 +26,15 @@ At a Glance
* afs01.dfw.openstack.org (a fileserver in DFW)
* afs02.dfw.openstack.org (a second fileserver in DFW)
* afs01.ord.openstack.org (a fileserver in ORD)
* mirror-update.openstack.org (host running legacy mirror update jobs)
* mirror-update01.opendev.org (host running mirror update jobs)
:Puppet:
* https://opendev.org/opendev/puppet-openafs
* :git_file:`modules/openstack_project/manifests/afsdb.pp`
* :git_file:`modules/openstack_project/manifests/afsfs.pp`
:Ansible:
* :git_file:`playbooks/service-mirror.yaml`
* :git_file:`playbooks/service-mirror-update.yaml`
:Projects:
* http://openafs.org/
:Bugs:
@ -321,7 +326,7 @@ In order to establish a new mirror, do the following:
* The following commands need to be run authenticated on a host with
kerberos and AFS setup (see `afs_client`_; admins can run the
commands on ``mirror-update.openstack.org``). Firstly ``kinit`` and
commands on ``mirror-update.opendev.org``). Firstly ``kinit`` and
``aklog`` to get tokens.
* Create the mirror volume. See `Creating a Volume`_ for details.
@ -381,14 +386,14 @@ read-write volumes.
kadmin: addprinc -randkey service/foo-mirror@OPENSTACK.ORG
kadmin: ktadd -k /path/to/foo.keytab service/foo-mirror@OPENSTACK.ORG
* Add the service principal's keytab to hiera. Copy the binary key to
``bridge.openstack.org`` and then use ``hieraedit`` to update
the files
* Add the service principal's keytab to Ansible secrets. Copy the
binary key to ``bridge.openstack.org`` and then use ``hieraedit`` to
update the files
.. code-block:: console
root@bridge:~# /opt/system-config/tools/hieraedit.py \
--yaml /etc/ansible/hosts/host_vars/mirror-update.openstack.org.yaml \
--yaml /etc/ansible/hosts/host_vars/mirror-update01.opendev.org.yaml \
-f /path/to/foo.keytab KEYNAME
(don't forget to ``git commit`` and save the change; you can remove
@ -398,8 +403,12 @@ read-write volumes.
cat /path/to/foo.keytab | base64
* Add the new key to ``mirror-update.openstack.org`` in
``manifests/site.pp`` for the mirror scripts to use during update.
* Ensure the values in this new variable are written to disk as the
keytab on ``mirror-update.opendev.org`` by adding it to the
``mirror-update`` role for the mirror scripts to use during update.
You should check this with ``testinfra`` in
``testinfra/test_mirror-update.py`` (note this involves defining a
"dummy" keytab for testing; see the other examples).
* Create an AFS user for the service principal::
@ -437,7 +446,7 @@ membership if our needs change.
Because the initial replication may take more time than we allocate in
our mirror update cron jobs, manually perform the first mirror update:
* In screen, obtain the lock on ``mirror-update.openstack.org``::
* In screen, obtain the lock on ``mirror-update01.opendev.org``::
flock -n /var/run/foo-mirror/mirror.lock bash