f0b77485ec
Zuul is publishing lovely container images, so we should go ahead and start using them. We can't use containers for zuul-executor because of the docker->bubblewrap->AFS issue, so install from pip there. Don't start any of the containers by default, which should let us safely roll this out and then do a rolling restart. For things (like web or mergers) where it's safe to do so, a followup change will swap the flag. Change-Id: I37dcce3a67477ad3b2c36f2fd3657af18bc25c40
152 lines
5.1 KiB
YAML
152 lines
5.1 KiB
YAML
iptables_extra_public_tcp_ports:
|
|
- 79
|
|
- 80
|
|
- 443
|
|
iptables_extra_allowed_hosts:
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze01.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze02.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze03.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze04.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze05.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze06.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze07.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze08.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze09.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze10.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze11.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: ze12.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm01.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm02.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm03.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm04.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm05.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm06.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm07.openstack.org
|
|
- protocol: tcp
|
|
port: 4730
|
|
hostname: zm08.openstack.org
|
|
zuul_connections:
|
|
- name: 'smtp'
|
|
driver: 'smtp'
|
|
server: 'localhost'
|
|
port: '25'
|
|
default_from: 'zuul@zuul.openstack.org'
|
|
default_to: 'zuul.reports@zuul.openstack.org'
|
|
|
|
- name: 'gerrit'
|
|
driver: 'gerrit'
|
|
server: 'review.opendev.org'
|
|
canonical_hostname: 'opendev.org'
|
|
user: 'zuul'
|
|
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
|
gitweb_url_template: 'https://opendev.org/{project.name}/commit/{sha}'
|
|
auth_type: 'digest'
|
|
|
|
- name: 'opendaylight'
|
|
driver: 'gerrit'
|
|
server: 'git.opendaylight.org'
|
|
baseurl: 'git.opendaylight.org/gerrit'
|
|
user: 'openstack-zuul'
|
|
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
|
|
|
- name: 'mysql'
|
|
driver: 'sql'
|
|
|
|
- name: 'github'
|
|
driver: 'github'
|
|
app_key: '/etc/zuul/github.key'
|
|
rate_limit_logging: 'false'
|
|
|
|
- name: 'googlesource'
|
|
driver: 'gerrit'
|
|
server: 'gerrit-review.googlesource.com'
|
|
canonical_hostname: 'gerrit.googlesource.com'
|
|
user: 'git-infra-root.openstack.org'
|
|
stream_events: 'false'
|
|
auth_type: 'basic'
|
|
|
|
gearman_server_ssl_cert: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
|
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
|
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
|
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
|
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
|
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
|
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
|
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
|
|
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
|
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
|
|
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
|
|
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
|
|
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
|
|
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
|
|
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
|
|
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
|
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
|
|
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
|
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
|
|
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
|
|
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
|
|
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
|
|
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
|
|
1GRv9pIfENRRHOiC57p0RSQZZ/2V
|
|
-----END CERTIFICATE-----
|
|
zuul_ssl_cert_file_contents: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
|
|
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
|
|
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
|
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
|
|
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
|
|
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
|
|
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
|
|
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
|
|
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
|
|
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
|
|
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
|
|
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
|
|
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
|
|
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
|
|
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
|
|
M+Q=
|
|
-----END CERTIFICATE-----
|