opendev/system-config
Code Issues Proposed changes
e86a1c6f96
system-config/playbooks
History
Clark Boylan e86a1c6f96 Run containers on Noble with docker compose and podman 
There are two major issues we are trying to address here. The first is
that docker-compose (python implementation) is EOL and does not work
with python3.12. Instead we need to use docker compose (golang
implementation) on newer platforms like Noble. We're taking advantage of
the clean break between distro releases to do a migration of the
container management system rather than try and replace docker-compose
with docker compose in place on existing servers.

Second the docker runtime can only deal with mirrors for images hosted
on docker hub. This impacts our ability to speculatively test images
that are hosted on quay (or elsewhere) with docker since speculative
image testing currently relies on mirror configuration to provide
unreleased images to test environments. By switching the runtime to
podman instead of docker behind docker compose we fix this second
problem. Again the clean break between distro releases is a convenient
time to make ths witch rather than doing it in place.

Some design considerations include:

 * Not bothering with docker ce packaging and instead relying on
   packages in Ubuntu Noble
 * Configuring the podman service to listen on a socket located where
   docker's socket typically lives. This avoids needing environment
   overrides every time we run docker compose.
 * Not adding a special podman group for this. We effectively manage
   things as root or via sudo so we can keep this simple for now.

Future updates may include installation of docker compose and/or podman
from upstream sources. We could add a podman group. We may also switch
to using user owner podman daemons and reduce some privilege.

Change-Id: Ib0a9cdb38b99521bcd7e15c17f6175aea2c042eb
2024-12-17 14:30:43 -08:00
..
filter_plugins dns_[a|aaaa] filter; use host for lookup 2018-09-13 22:50:40 +10:00
group_vars Track our OpenMetal environment HTTPS cert expiry 2024-08-16 18:32:18 +00:00
k8s Add resources for deploying rook and xtradb to kuberenets 2019-02-05 18:52:21 +00:00
library Add inline_python module 2022-05-25 18:14:21 +00:00
module_utils/facts/system Ensure apt is used on ubuntu hosts with zypper 2018-08-20 20:45:13 +00:00
periodic Correct static known_hosts entry for goaccess jobs 2023-08-07 21:27:40 +00:00
roles Run containers on Noble with docker compose and podman 2024-12-17 14:30:43 -08:00
templates/clouds Switch Rackspace Flex authentication to project_id 2024-08-23 17:30:03 +00:00
zuul Reenable Gerrit upgrade job now testing 3.10 to 3.11 2024-12-10 17:13:50 +00:00
apply-package-updates.yaml launch: use apt to update packages 2023-04-13 14:14:58 +10:00
base.yaml infra-prod: run job against linaro 2023-03-15 12:00:25 +11:00
bootstrap-bridge.yaml install-ansible: overhaul install ansible requirements 2022-12-06 13:27:46 +11:00
bootstrap-k8s-nodes.yaml Stop running k8s-on-openstack nested 2019-02-12 18:17:46 +00:00
gitea-rename-setup-org.yaml Restore setup-org.yaml 2019-09-18 12:40:19 -07:00
gitea-rename-tasks.yaml Use the gitea api in the gitea renaming playbook 2021-08-03 08:47:16 -07:00
install_puppet.yaml Handle moved puppet repos 2019-05-15 16:03:07 -07:00
letsencrypt.yaml Refactor adns variables 2023-03-10 09:36:01 +11:00
manage-projects.yaml Add comments to manage-projects about project-config syncing 2021-10-21 11:44:02 -07:00
nodepool_pull.yaml Add pull tasks for nodepool/zuul 2021-02-19 15:42:40 -08:00
nodepool_restart.yaml Add stop and start playbooks for nodepool 2020-06-16 15:48:47 -05:00
nodepool_start.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
nodepool_stop.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
remote_puppet_adhoc.yaml Clean up puppet variables and playbooks 2018-08-17 09:41:12 -05:00
remote_puppet_else.yaml Cleanup eavesdrop puppet references 2021-06-10 09:02:23 +10:00
rename_repos.yaml Move gerrit replication waiting queue aside during project renames 2024-03-06 09:25:01 -08:00
run_cloud_launcher.yaml Use zuul checkouts of ansible roles from other repos 2020-04-30 12:39:12 -05:00
run-accessbot.yaml Sync project-config before deploying accessbot 2021-07-09 23:15:52 +00:00
service-afs.yaml Refactor AFS groups 2021-02-11 13:35:16 +11:00
service-borg-backup.yaml service-borg-backup: preload backup server facts 2021-02-23 13:04:20 +11:00
service-bridge.yaml bridge: switch OSC from container to local install 2022-11-25 09:37:40 +00:00
service-codesearch.yaml encrypt-logs: turn on for all prod playbooks 2022-02-24 09:57:55 +11:00
service-dstatlogger.yaml Use dstat to record performance of system-config-run hosts 2021-02-16 14:31:30 -08:00
service-eavesdrop.yaml ptgbot: setup web interface 2021-10-06 15:39:25 +11:00
service-etherpad.yaml Make etherpad configuration more generic for multiple hosts 2023-04-05 08:36:27 -07:00
service-gitea-lb.yaml Make haproxy role more generic 2021-12-01 09:55:45 +11:00
service-gitea.yaml Use the apache-ua-filter role on Gitea servers 2020-10-16 17:45:19 +00:00
service-grafana.yaml Cleanup grafana.openstack.org 2020-10-29 07:59:42 +11:00
service-graphite.yaml Cleanup graphite01 2020-09-30 11:55:24 +10:00
service-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
service-keycloak.yaml Add a keycloak server 2021-12-03 14:17:23 -08:00
service-lists3.yaml Add a mailman3 list server 2022-11-11 23:20:19 +00:00
service-meetpad.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-mirror-update.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-mirror.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-nameserver.yaml Refactor adns variables 2023-03-10 09:36:01 +11:00
service-nodepool.yaml Auto update nodepool launchers 2022-06-16 08:23:17 -07:00
service-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
service-refstack.yaml refstack: cleanup old puppet 2021-03-17 07:06:53 +11:00
service-registry.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-review.yaml Switch router addresses for review02 to global 2021-12-17 16:32:59 +01:00
service-static.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-tracing.yaml Add Jaeger tracing server 2022-09-15 19:21:33 -07:00
service-zookeeper.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul-db.yaml Add a standalone zuul db server 2024-04-04 12:25:23 -07:00
service-zuul-lb.yaml Add Zuul load balancer 2022-02-10 13:24:42 -08:00
service-zuul-preview.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul.yaml Add clouds.yaml to zuul schedulers 2024-10-14 11:32:49 -07:00
set-hostnames.yaml Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
start-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
stop-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
sync-gitea-projects.yaml Revert "Allow gitea_create_repos always_update to be list" 2021-10-15 13:03:59 -07:00
test-borg-backup-pre.yaml backups: add retirement and purge lists 2024-11-08 22:30:49 +11:00
test-borg-backup.yaml borg-backup: implement saving a stream, use for database backups 2021-02-03 11:43:12 +11:00
test-codesearch.yaml hound: enable detect-ref 2022-02-25 17:27:35 +11:00
test-gitea.yaml Reapply "Switch Gerrit replication to a larger RSA key" 2023-12-06 09:02:17 -08:00
test-grafana.yaml grafana: take some screenshots during testing 2021-02-17 10:43:26 +11:00
test-inline-python.yaml Add inline_python module 2022-05-25 18:14:21 +00:00
test-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
test-manage-projects.yaml Don't always update gitea project descriptions 2021-03-16 13:06:16 -07:00
test-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
test-update-zuul-description.yaml Abstract name of bastion host for testing path 2022-10-20 09:00:43 +11:00
unattended_upgrades.yml Rename attended_upgrades playbook to unattended_upgrades 2016-07-19 10:41:09 +02:00
update_puppet_version.yaml Fix URLs after OpenDev rename 2020-03-18 18:23:17 +01:00
zuul_pull.yaml Run zuul-launcher 2024-09-18 16:37:40 -07:00
zuul_reboot.yaml Run zuul-launcher 2024-09-18 16:37:40 -07:00
zuul_reconfigure.yaml Stub out zuul_reconfigure playbook 2018-09-14 09:17:36 -06:00
zuul_restart.yaml Rework zuul start/stop/restart playbooks for docker 2020-04-27 09:34:50 -05:00
zuul_rolling_restart.yaml Add the start of a Zuul rolling restart playbook 2022-05-25 09:48:28 -07:00
zuul_start.yaml Run zuul-launcher 2024-09-18 16:37:40 -07:00
zuul_stop.yaml Run zuul-launcher 2024-09-18 16:37:40 -07:00