From 76baae4e3f242c92242ae548c345bb24102781d2 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 11 Oct 2021 13:22:50 -0700 Subject: [PATCH] Replace testing group vars with host vars for review02 Previously we had a test specific group vars file for the review Ansible group. This provided junk secrets to our test installations of Gerrit then we relied on the review02.opendev.org production host vars file to set values that are public. Unfortunately, this meant we were using the production heapLimit value which is far too large for our test instances leading to the occasionaly failure: There is insufficient memory for the Java Runtime Environment to continue. Native memory allocation (mmap) failed to map 9596567552 bytes for committing reserved memory. We cannot set the heapLimit in the group var file because the hostvar file overrides those values. To fix this we need to replace the test specific group var contents with a test specific host var file instead. To avoid repeating ourselves we also create a new review.yaml group_vars file to capture common settings between testing and prod. Note we should look at combining this new file with the gerrit.yaml group_vars. On the testing side of things we set the heapLimit to 6GB, we change the serverid value to prevent any unexpected notedb confusion, and we remove replication config. Change-Id: Id8ec5cae967cc38acf79ecf18d3a0faac3a9c4b3 --- inventory/service/group_vars/gerrit.yaml | 3 +++ inventory/service/group_vars/review.yaml | 19 +++++++++++++++++++ .../host_vars/review02.opendev.org.yaml | 18 ------------------ playbooks/zuul/run-base.yaml | 2 +- .../review02.opendev.org.yaml.j2} | 13 +++++++++++++ zuul.d/infra-prod.yaml | 1 + zuul.d/project.yaml | 1 + zuul.d/system-config-run.yaml | 4 ++-- 8 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 inventory/service/group_vars/review.yaml rename playbooks/zuul/templates/{group_vars/review.yaml.j2 => host_vars/review02.opendev.org.yaml.j2} (95%) diff --git a/inventory/service/group_vars/gerrit.yaml b/inventory/service/group_vars/gerrit.yaml index 477b3d450e..06d8c11673 100644 --- a/inventory/service/group_vars/gerrit.yaml +++ b/inventory/service/group_vars/gerrit.yaml @@ -1,3 +1,6 @@ +# TODO can we combine this with the review.yaml group vars? +# the review group seems to be what we use to match in the service-review.yaml +# playbook which would make it canonical? exim_extra_aliases: gerrit2: root iptables_rules: diff --git a/inventory/service/group_vars/review.yaml b/inventory/service/group_vars/review.yaml new file mode 100644 index 0000000000..cc88b92522 --- /dev/null +++ b/inventory/service/group_vars/review.yaml @@ -0,0 +1,19 @@ +# See TODO in the gerrit.yaml group vars. +gerrit_vhost_name: review.opendev.org +gerrit_redirect_vhost: review.openstack.org +gerrit_storyboard_url: https://storyboard.openstack.org +# We have to set the letsencrypt_gid to something that isn't 3000 +# to not conflict with gerrit2's gid. +# Also, on review01.openstack.org, 3001 is openstackwatch and +# 3002 is github. +letsencrypt_gid: 3003 +borg_backup_excludes_extra: + - /home/gerrit2/.launchpadlib/cache/* + - /home/gerrit2/review_site/cache/* + - /home/gerrit2/review_site/tmp/* + - /home/gerrit2/review_site/index/* + # scratch location for admins + - /home/gerrit2/tmp/* + # live db when used with mariadb_container; dumped by separate job + # using mysqldump + - /home/gerrit2/reviewdb/* diff --git a/inventory/service/host_vars/review02.opendev.org.yaml b/inventory/service/host_vars/review02.opendev.org.yaml index d4ed6987b0..3bbe62f6a4 100644 --- a/inventory/service/host_vars/review02.opendev.org.yaml +++ b/inventory/service/host_vars/review02.opendev.org.yaml @@ -63,28 +63,10 @@ gerrit_replication: mirror: true threads: '4' timeout: '900' -gerrit_storyboard_url: https://storyboard.openstack.org -gerrit_vhost_name: review.opendev.org gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543 -gerrit_redirect_vhost: review.openstack.org gerrit_heap_limit: 96g letsencrypt_certs: review02-opendev-org-main: - review.opendev.org - review02.opendev.org - review.openstack.org -# We have to set the letsencrypt_gid to something that isn't 3000 -# to not conflict with gerrit2's gid. -# Also, on review01.openstack.org, 3001 is openstackwatch and -# 3002 is github. -letsencrypt_gid: 3003 -borg_backup_excludes_extra: - - /home/gerrit2/.launchpadlib/cache/* - - /home/gerrit2/review_site/cache/* - - /home/gerrit2/review_site/tmp/* - - /home/gerrit2/review_site/index/* - # scratch location for admins - - /home/gerrit2/tmp/* - # live db when used with mariadb_container; dumped by separate job - # using mysqldump - - /home/gerrit2/reviewdb/* diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index e5b71b100d..c2961db036 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -65,7 +65,6 @@ - group_vars/nodepool-launcher.yaml - group_vars/refstack.yaml - group_vars/registry.yaml - - group_vars/review.yaml - group_vars/control-plane-clouds.yaml - group_vars/afs-client.yaml - group_vars/zuul.yaml @@ -87,6 +86,7 @@ - host_vars/mirror-update01.opendev.org.yaml - host_vars/paste01.opendev.org.yaml - host_vars/refstack01.openstack.org.yaml + - host_vars/review02.opendev.org.yaml - name: Display group membership command: ansible localhost -m debug -a 'var=groups' - name: Run base.yaml diff --git a/playbooks/zuul/templates/group_vars/review.yaml.j2 b/playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2 similarity index 95% rename from playbooks/zuul/templates/group_vars/review.yaml.j2 rename to playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2 index f652021709..e6412d60ce 100644 --- a/playbooks/zuul/templates/group_vars/review.yaml.j2 +++ b/playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2 @@ -1,3 +1,4 @@ +# Private vars gerrit_ssh_rsa_key_contents: | -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAvqQkJUwEGJgqzmOmj2728ikA3Dgl4mzzRiI5zzzLhCLQktL7 @@ -102,3 +103,15 @@ gerrit_launchpad_auth: access_token: 'token' access_secret: 'secret' consumer_key: 'consumer_key' + +# Public var overrides for testing. +# Common entries between prod and testing should live in the review.yaml +# group vars file if they are not host specific. +gerrit_replication: [] +gerrit_serverid: a3593e8f-50c5-4336-a802-c2ffa22ba0fa +gerrit_heap_limit: 6g +letsencrypt_certs: + review02-opendev-org-main: + - review.opendev.org + - review02.opendev.org + - review.openstack.org diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 80f6e0d279..85b0e8f2ed 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -397,6 +397,7 @@ - inventory/base - playbooks/service-review.yaml - inventory/service/group_vars/gerrit.yaml + - inventory/service/group_vars/review.yaml - inventory/service/host_vars/review01.openstack.org.yaml - playbooks/roles/pip3/ - playbooks/roles/install-docker/ diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 569717dd68..02dc88c1ce 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -365,6 +365,7 @@ - inventory/.* - playbooks/manage-projects.yaml - inventory/service/group_vars/gerrit.yaml + - inventory/service/group_vars/review.yaml - inventory/service/group_vars/gitea.yaml - inventory/service/host_vars/gitea - inventory/service/host_vars/review diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index 90ee1568fb..bb35fde50a 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -875,14 +875,14 @@ - playbooks/service-review.*.yaml - playbooks/test-review.yaml - playbooks/rename_repos.yaml + - inventory/service/group_vars/gerrit.yaml - inventory/service/group_vars/review.yaml - - inventory/service/host_vars/review\d+.openstack.org.yaml - playbooks/roles/pip3/ - playbooks/roles/install-docker/ - playbooks/roles/letsencrypt - playbooks/roles/gerrit/ - playbooks/zuul/gerrit/ - - playbooks/zuul/templates/group_vars/review.yaml.j2 + - playbooks/zuul/templates/host_vars/review02.opendev.org.yaml.j2 - roles/bazelisk-build/ - testinfra/test_gerrit.py - docker/gerrit/