Go to file

Jeremy Stanley c5db057901 Limit Gerrit SSH API connections to 100 per addr

Add a connlimit stanza to the firewall rules on Gerrit servers
limiting access to its SSH API port to 100 concurrent connections
per source IP address. This has been running in production on
review.openstack.org for a few months now, in the wake of a number
of incidents where runaway third-part CI systems resulted in a
denial of service incidents for our Gerrit deployment there.

Change-Id: Id92cef93c115faf88cc822ecd8e3df9ebd6fd9c3

2018-01-04 20:01:41 +00:00

doc/source

Add an authoritative hidden master

2017-12-19 08:57:33 -08:00

hiera

Add kdc04.o.o xenial node

2017-12-15 11:40:13 -05:00

launch

Launch virtualenv should be python2

2017-12-11 05:50:16 -08:00

manifests

Limit Gerrit SSH API connections to 100 per addr

2018-01-04 20:01:41 +00:00

modules/openstack_project

Add UCA Queens repo

2017-12-21 11:30:02 -07:00

playbooks

Remove additional dead jenkins related code

2017-12-19 15:07:06 -06:00

tools

Remove puppetdb / puppetboard server

2017-12-11 10:11:11 -05:00

.gitignore

Ignore ansible .retry files

2016-07-15 12:04:48 -07:00

.gitreview

Rename config to system-config in .gitreview

2014-10-17 22:31:20 +00:00

bindep.txt

Add libffi dev packages needed for ansible install

2016-10-04 15:20:00 -07:00

Gemfile

Add Gemfile

2017-05-01 15:45:33 -04:00

install_modules.sh

Retry git clones in install_modules.sh

2015-11-28 09:22:53 -05:00

install_puppet.sh

Comment out server in puppet.conf

2017-12-11 14:54:03 -05:00

make_swap.sh

Create more inodes on ephemeral partition fs

2017-10-16 17:25:34 -07:00

modules.env

Add an authoritative hidden master

2017-12-19 08:57:33 -08:00

mount_volume.sh

Add support to launch-node for cinder attach

2016-04-19 11:07:23 -07:00

Rakefile

Further changes to bring puppetboard online

2014-03-22 12:54:38 -07:00

README.md

Replace ci.o.o links with docs.o.o/infra

2015-05-14 21:38:19 +00:00

roles.yaml

Consume renamed ansible-role-puppet

2016-06-02 10:47:36 +03:00

run_all.sh

Add zuul scheduler to the git/gerrit puppet sequence

2017-12-18 09:46:36 -06:00

run_bifrost.sh

Add baremetal hpuswest node definition

2016-02-23 11:00:41 -08:00

run_cloud_launcher.sh

Run cloud-launcher every hour on puppetmaster.o.o

2017-04-17 17:28:18 -04:00

run_infracloud.sh

Split infracloud baremetal into separate playbook run

2017-04-24 11:35:45 -04:00

run_puppet.sh

Clean up bashate failures

2014-09-30 12:40:59 -07:00

setup.cfg

Replace ci.o.o links with docs.o.o/infra

2015-05-14 21:38:19 +00:00

setup.py

Update to sphinx 1.5

2017-03-02 20:09:39 +01:00

start_all_zuul.yaml

Remove zuul-launcher support

2017-10-30 20:36:53 -04:00

stop_all_zuul.yaml

Remove zuul-launcher support

2017-10-30 20:36:53 -04:00

test-requirements.txt

Don't use newer sphinx

2017-05-18 08:19:06 -07:00

tox.ini

Run ansible-lint on playbooks

2017-01-12 15:32:46 -05:00

README.md

Puppet Modules

These are a set of puppet manifests and modules that are currently being used to manage the OpenStack Project infrastructure.

The main entry point is in manifests/site.pp.

In general, most of the modules here are designed to be able to be run either in agent or apply mode.

These puppet modules require puppet 2.7 or greater. Additionally, the site.pp manifest assumes the existence of hiera.

See http://docs.openstack.org/infra/system-config for more information.

Documentation

The documentation presented at http://docs.openstack.org/infra/system-config comes from git://git.openstack.org/openstack-infra/system-config repo's docs/source. To build the documentation use

$ tox -evenv python setup.py build_sphinx

Languages

Python 37.1%

Jinja 36.7%

Shell 13.6%

Dockerfile 3.8%

JavaScript 3%

Other 5.8%