Remove most linaro cloud resources

This removes ansible configuration for the linaro cloud itself and the
linaro cloud mirror. This cloud is in the process of going away and
having these nodes in our inventory is creating base jobs failures due
to unreachable nodes. This then dominoes into not running the LE refresh
job and now some certs are not getting renewed. Clean this all up so
that the rest of our systems are happy.

Note that we don't fully clean up the idea of an unmanaged group as
there may be other locations we want to do something similar (OpenMetal
perhaps?). We also don't remove the openstack clouds.yaml entries for
the linaro cloud yet. It isn't entirely clear when things will go
offline, but it may be as late as August 10 so we keep those credentials
around as they may be useful until then.

Change-Id: Idd6b455de8da2aa9901bf989b1d131f1f4533420

doc/source/letsencrypt.rst

@@ -151,50 +151,3 @@ the next Ansible pulse to renew.
    # tail -f /var/log/acme.sh/acme.sh.log
    ... watch and should be renewed on next pulse
    # rm *.conf.old
-
-Linaro ARM64 Cloud Cert Renewal
-===============================
-
-The Linaro ARM64 cloud relies on Let's Encrypt certs for API endpoints,
-but these certs are not automatically provisioned. The reason for this
-is that cloud is not completely enrolled into our Ansible automation
-(we share management of this install with Linaro and full integration
-has not be done). We can manually refresh the SSL certs in this cloud
-though.
-
-To access the cloud backend ssh via bridge as root to
-``openinfraci.linaro.cloud``.
-
-First we provision a new certificate using acme.sh on the cloud node:
-
-.. code-block:: console
-
-  /root/acme.sh/acme.sh --server letsencrypt --issue \
-    --dns dns_aws -d openinfraci.linaro.cloud
-
-Next backup the old cert:
-
-.. code-block:: console
-
-  cp /root/us.linaro.cloud/secret/openinfraci.linaro.cloud.pem \
-    /root/us.linaro.cloud/secret/openinfraci.linaro.cloud.pem.$DATE
-
-Copy the new cert into the kolla-ansible secrets:
-
-.. code-block:: console
-
-  cat /root/.acme.sh/openinfraci.linaro.cloud/openinfraci.linaro.cloud.key \
-    /root/.acme.sh/openinfraci.linaro.cloud/fullchain.cer \
-    > /root/us.linaro.cloud/secret/openinfraci.linaro.cloud.pem
-
-Activate the kolla-ansible virtualenv to run ansible:
-
-.. code-block:: console
-
-  source /root/venv3/bin/activate
-
-Run kolla-ansible to deploy the cert:
-
-.. code-block:: console
-
-  /root/venv3/bin/kolla-ansible -i ~/all-in-one deploy

inventory/base/hosts.yaml

@@ -395,16 +395,6 @@ all:
         - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCVcT1kdEvQz9+baAg8kTJ3UyIdSuH7U1fu++QXWgm0yAMkwktljytgQA8AgjclFrdsgme7CSxmGQ8xFie5r4sfWiO+TP4WRi4ylAAoRPX8xR5nrrVU4JiOiI74/5WONTRlK5MonAzA1qbtZJtKaSJcGdxC1pryyeSjqUf3QdGliKD1xh5NzmlPeQ4z/UUJlR8xyYpqqXUOcVmEx5R32WIeNWxCzwNNhBy5+e2NoQHqGucRSlNq/OuoG7AiNKixz4mjsAgxJ4cDYoBraYhKT5z9BIV+pJ8kDF4zgQVqgTfTwomEafcl2za1QnJG0nx9+l2kosn2y4YIh0U7lWnnpfskePxkhoFdKk6g3TGHRHg5yGTGGf0i+NBVrFpFgvy+6SuoonxPdUN+NwNoIgXauKe67rxPY+XzLbFw95xH/j6Bg6aswTGnuUZh+HNk0HVtHp9Bittg+GgwXkR+80m7LvXxfpSDuYM0RdK6ckUZQmrklfXXTKqP2tygMwk9HG9MBcM='
         - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGmfQrjbtpQLaOzQWgfmkDAWMxUyr+gHwcKXzuHzGpjqzWUsBpAw2LQw1DIbnpIF2c2nAr7BEg8Fi6Q9Fe1FMUE='
         - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINA8ajkyUlXiclmsCD9pEdAL2HW+ns2eIj5BWctByaiF'
-    mirror01.regionone.linaro.opendev.org:
-      ansible_host: 147.28.149.111
-      location:
-        cloud: opendevci-linaro
-        region_name: RegionOne
-      public_v4: 147.28.149.111
-      host_keys:
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDE+Ivd+4A7P3uYxymn1AdcunE94llD7ZOm7RIWfoL6paAFqX/ySbtZ3OGQICr7z2BEvKkD9SW+O2J1g7jj/BONkCJ9GjdjpRyqO/o8DaNJIu3ZTlrIiRWsVqO6nsgac4q7XMF5exEJRU7vwTjH7UfxuBuaZ+s9s8WcrsWReYyIuGZ1M8a+HfF7abmRNQBr4A85dD5EnqKqrCYgTgxtmqi9PPBJLRJrE666aRs50427wdQ64qXFhhgAsmiKEjIIjUlciKA4EMtJmdfKoNF8MvgmxHELELA4fRoeXD7zQ4Poa+Dxd3JP/sXg64AHlnmgbZ2Ul4xPspdlsnuPUB7/w4i2AthDlqT61wNJUpnBYuB8W4gRnkhH0m0EgYA9G1GJ2NTC6WvGHCCFV3YHbSz1N2RTGSzg5oH56b90toLYltPHqAdVl1xtnIx2gykX+FTKQbmM0PlfKPL3wTF52hBDJlnJIfShG/9igRw+6W7wnHqcvSgPsZBxTvsEEJRrMznzm3U='
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKcrLy5+mi4FzqL3jqj9VZc+CF9dUf58HJMFx8nC2+4TJDc2VH6c3Udq3oAVyTKqViuqRqGfYIVdAhID6aE7P38='
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1ydhnETmFh9UPeRStC0ZMcvWju3HJ9P4R4nezY+4RK'
     mirror02.ord.rax.opendev.org:
       ansible_host: 23.253.20.59
       location:
@@ -964,16 +954,3 @@ all:
         - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKLGqwSmj46QBLtpBdEX2S8l78FKnOdNqdtQwDG5LJr0Lo6+OaFIU1DX5ebRac2vQuH1kqyIfI5kiMBE4AHkTrY=
         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDvQQdj/ivFSVWHcdzlsjMwbn5lD4Mm+ZW2VIHZQvcCP2EI6x/HDdtsi6a6aMwW6v0jd2leaO1Q0MPel3b1FcQshyEfSNYq9DqgMV1Hpc6Xaa9YeJUe+yosxXAPktpNR6qBUFJcLajiKT7LVmMwq35EzoqxK1KM3JYfTPFHWQ9dSeVPlJ+fL4f1gyVyonBC6u9YA+QzyEFFzqLhMQxj4wGE/RNr/jMBaxCwWFJ7tLxlskxw1nT7S+6wzUkNrSlSpg1oPDLZcM1s5xWO2515nzOkkJ4RIju1+FVrwiWYzJW0FJg0b8R6BhjKcthXb9c9fBrqZG9gQsSnz+3z2QzCS6oAIvv/TMjodaIpBmqKypbt8ZCPKUDD+jiFp7AZNfn1Wbr673JdNjkoETJaD1oWcKX1M3s3xSV+DbgGghdGaBtdWQUvHMcQZpsqFxt07kyHrLaCD7DjcCc7dJsWehmlCccxbwN3F9LK+Mr2zIdoRPk/20bJDOoiER6hOzetnN8JZc=
         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJv4rnJCRwIkPHSYWO9Fg7Uc5nioX62YpzmQfT3YfWeU
-    # NOTE - the following hosts are "partially managed" in that we
-    # don't run the full base deployment on them, but rather a
-    # specific subset of hand-picked roles, etc.
-    openinfraci.linaro.cloud:
-      ansible_host: 147.75.35.206
-      location:
-        cloud: opendevci-linaro
-        region_name: RegionOne
-      public_v4: 147.75.35.206
-      host_keys:
-        - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4VJyWg7kQTXQ+j2J2U1yrh61VAeZTTIerpc5tu5R+I+ebxZzcE9AAvqDLgflaCGDfv02Ds5BRGsD43sUHNzr/RtxNREqkTe713+dZGFuIdhDJSIz56iOzKmT6woc1n4wh4r8JEjTyiEGFimJYclkIHHx3RZyQroy/ntMr7lQSMfYeMr65LIahJzxOLHM1SEa/fMaMBqerdPsit56tnqfPxEM4iEUkN/Rfc8t94JgtB52VzqKWtvpFHy5DIP0MilrPI2xf/2PMycl1hj+LL4AO+mgSqRtv5TmPjv4KTH6ro0edFXm7vWZEl+8OXCUOErmPwSHFwLVIyuCsV4vI/nUGIZ7ttxUv8ZsKTC8yrzZBZen/0xF+kcLKhm3A3poR/KN8yqoCO542Wl+zwDcXiYvdDVS908796JSlfqf59mMnmuDg4gGGRYGEeRmPkdwwm1Lm8tgkwJX3HAx7ziEZbZ2hu1v3yg2DKI+K1OEhp+eucL0OkaBmdvAAvVMQEn1FbJ8='
-        - 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGnFxrjQah1S64D3hNzdWl8FmQR93gkw4zsgkCE+ZY1Bc5bdrfS/xQeTuxIpBP6L/7UlCe8ks48qc8caJ5vmy+0='
-        - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5xRCcYInStxHXEhkVws5RmqzUc0S/4wi1zOtd6zlUB'

inventory/service/group_vars/bastion.yaml

@@ -213,21 +213,6 @@ cloud_launcher_clouds:
     profiles:
       - openstackci-keypairs
 
-  # Linaro
-  - name: opendevci-linaro
-    oscc_cloud: opendevci-linaro
-    region_name: RegionOne
-    profiles:
-      - openstackci-keypairs
-      - openstackci-security
-
-  - name: opendevzuul-linaro
-    oscc_cloud: opendevzuul-linaro
-    region_name: RegionOne
-    profiles:
-      - openstackci-keypairs
-      - openstackci-security
-
   # OSUOSL
   - name: opendevci-osuosl
     oscc_cloud: opendevci-osuosl

inventory/service/groups.yaml

@@ -155,8 +155,7 @@ groups:
   translate:
     - translate[0-9]*.open*.org
   # This group does not run the base jobs
-  unmanaged:
+  unmanaged: []
-    - openinfraci.linaro.cloud
   webservers:
     - cacti[0-9]*.open*.org
     - codesearch[0-9]*.opendev.org

inventory/service/host_vars/mirror01.regionone.linaro.opendev.org.yaml

@@ -1,11 +0,0 @@
-letsencrypt_certs:
-  mirror01-regionone-linaro-main:
-    - mirror01.regionone.linaro.opendev.org
-    - mirror.regionone.linaro.opendev.org
-
-# Allocated 100GB volume for this mirror, so openafs cache has to be <
-# 95%; we go for 45gb
-afs_client_cache_size: '45000000'
-# Simiarly we need to limit the size of the apache mirror to < 50GB
-# and the default is 60000M.
-mirror_apache_cache_limit: '40000M'

playbooks/group_vars/certcheck.yaml

@@ -3,5 +3,4 @@ letsencrypt_certcheck_additional_domains:
   - wiki.openstack.org 443
   - openstack.org 443
   - www.openstack.org 443
-  - openinfraci.linaro.cloud 5000
   - download.cirros-cloud.net 443

playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml

@@ -22,7 +22,7 @@ results:
     - letsencrypt
     - webservers
 
-  mirror01.regionone.linaro.opendev.org:
+  mirror01.regionone.osuosl.opendev.org:
     - afs-client
     - kerberos-client
     - letsencrypt

playbooks/roles/letsencrypt-create-certs/handlers/main.yaml

@@ -203,9 +203,6 @@
 - name: letsencrypt updated mirror03-gra1-ovh-main
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 
-- name: letsencrypt updated mirror01-regionone-linaro-main
-  include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
-
 - name: letsencrypt updated mirror01-sjc1-vexxhost-main
   include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
 

playbooks/service-cloud-linaro.yaml

@@ -1,6 +0,0 @@
-- hosts: "openinfraci.linaro.cloud"
-  tasks:
-
-    - name: Initial task
-      debug:
-        msg: "This is a placeholder"

zuul.d/infra-prod.yaml

@@ -673,14 +673,3 @@
     files:
       - playbooks/run_cloud_launcher.yaml
       - inventory/service/group_vars/bastion.yaml
-
-- job:
-    name: infra-prod-cloud-linaro
-    parent: infra-prod-service-base
-    description: Run management tasks against Linaro
-    vars:
-      playbook_name: service-cloud-linaro.yaml
-    required-projects:
-      - opendev/system-config
-    files:
-      - playbooks/service-cloud-linaro.yaml

zuul.d/project.yaml

@@ -410,11 +410,6 @@
               - name: infra-prod-base
                 soft: true
 
-        - infra-prod-cloud-linaro: &infra-prod-cloud-linaro
-            dependencies:
-              - name: infra-prod-base
-                soft: true
-
         #
         # Hosts using certificates and backups
         #
@@ -630,7 +625,6 @@
         - infra-prod-service-afs: *infra-prod-service-afs
         - infra-prod-service-nameserver: *infra-prod-service-nameserver
         - infra-prod-service-mirror-update: *infra-prod-service-mirror-update
-        - infra-prod-cloud-linaro: *infra-prod-cloud-linaro
         - infra-prod-service-borg-backup: *infra-prod-service-borg-backup
         - infra-prod-letsencrypt: *infra-prod-letsencrypt
         - infra-prod-service-codesearch: *infra-prod-service-codesearch