AgeCommit message (Collapse)Author
2016-11-22colo: disable transparent proxyAndy Doan
This has caused some issues recently (or was at least assumed to be the cause). We'll disable this for now in hopes things improve. Change-Id: I3a020b0928dfeb818a72c384c03830ce67e5245f
2016-11-20jenkins: pin pam-auth and windows-slaves pluginsFathi Boudra
Change-Id: I4c8c2b06de0683a65a6e5885c36f86e9d4acc4f8 Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-11-20jenkins: update git pluginFathi Boudra
Change-Id: I4eb1616698c54ab3580afe7d893fdd82eed9fd2d Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-11-20jenkins: update jenkins lts to 2.19.3Fathi Boudra
Fix SECURITY-360 / CVE-2016-9299 An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. Change-Id: I7ef082865b304915c4ce818e6e813231a31ecf3b Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-11-18colo: update reservationsAndy Doan
Change-Id: I0813b5f15631ffadee954430a80e281019b308ad
2016-11-18git: update references to grokmirror manifest fileAndy Doan
Part of the cgit changes required us to make manifest.js.gz accessible via /srv/repositories. I hacked around that at the time by placing a symlink from /srv/repositories/manifest.js.gz -> /var/www/ With cgit in place on all grok master's we now need to update code references from the old location to the new one so we can get rid of this symlink hack. Change-Id: I67744f6fa2d8476ac605c7b39d919c3f3fbe0c9d Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-18jenkins: plugins updateFathi Boudra
Change-Id: I709fb84f6ee51b426e4b06cd0608e1f4779475e4 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-17colo: update conserver to export switch connectionsAndy Doan
Makes life a lot easier Change-Id: I25f3c6741e71a6a6599af18947fa4c655d16df1e
2016-11-17colo: add baud-rate option to serial console scriptAndy Doan
Change-Id: Ibb8c7e45e78605a6445aa21ea48cc1b57557233c
2016-11-17colo: add pdu information for new switchAndy Doan
Change-Id: I122e099edac81df9555794f7e127ec3319910d0f
2016-11-16jenkins: add the VPN for ART to ansibleAndy Doan
Change-Id: Ie1ada4fe4b15f6dd6012a995f61b11fcec119898
2016-11-15move hawkers to qa-net pxeAndy Doan
Change-Id: I1191a75977845af7870591b35151d21f321dbeb8
2016-11-14patchwork: ensure logins are done via httpsAndy Doan Change-Id: I3faa8e8a6c4fa3fc3b1196319e8017053a2c9bce
2016-11-11jenkins: add missing plugin dependencyBen Copeland
Change-Id: Icc7f86644c562e45edbe10d5dff7974ac754f5c9 Reviewed-on: Reviewed-by: Fathi Boudra <>
2016-11-11jenkins: plugins updateFathi Boudra
Change-Id: Ia579a59d059c9018481d444ab68e1181d3014a67 Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-11-10android-review: convert to using cgit linksAndy Doan
Change-Id: Ie0758aec5065916b5ee76e176d575545d51c6ade
2016-11-10cgit: convert android-git over to cgitAndy Doan
Change-Id: I1b24f257ddaaac23749a8bd230ad8a2538e12739 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-10android git: consolidate common group variablesAndy Doan
Each android git server has a few variables that are really common to one another. This makes it easier to manage them. Change-Id: I7dcedf9951afb2c05354bfc15b466413fa601efd Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-10cgit: add more configuration options to cgitrcAndy Doan
Android git servers need a few options defined differently. Change-Id: I0e1b1b8103e107b15bf4c094c2dabe2a7eaa3a21 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-10git: remove apache 2.2 checksAndy Doan
We've moved all servers to Trusty and no longer have to deal with Apache 2.2 Change-Id: Ic09fbae04750d5dbff31c61a07ec625d3930f8bd Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-10android git-dumb: add Last-Modified headerAndy Doan
Copying logic from: 9b85205183e495902e679a3afd246b8bb2b71f4e Change-Id: I94cb333408ba6bbc66d2916b00087adc7146458b Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-10colo: allocate r3-a12 to 16.12 testing effortAndy Doan
Change-Id: Iaf5d640bd88229a09fff880476b4c93b14542af5
2016-11-10patchwork: enable rest API for patches.l.oAndy Doan
Requested by a user and no point not enabling it right now. Change-Id: I9be55659f1e17ffa30bd7e50cf0e7c7c2e552643
2016-11-10aus-colo: add publishing-us serverBen Copeland
Change-Id: Id32de07c1ee516c5c38c30b9271292a8a61a463f Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-09publishing: improve last commitAndy Doan
The last change made running "-t update" impossible. This fixes things. Change-Id: Ia4b4525b662c285095a107e460195d9b48e24480
2016-11-08publishing: support for XenialAndy Doan
There are a couple of changes in 16.04 we need to deal with: 1) apache2-mpm-prefork is now in the apache2 package, so it doesn't need to be installed 2) python-django-openid-auth was renamed to python-django-auth-openid Change-Id: I13d1e07c34e64b98e82f4acacd4ac4c4087020b5 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-08django: update to latest LTS versionBen Copeland
1.8.16 is now out we should update to latest LTS version. Change-Id: I348191bda5730f322685e46098a0f596e3d077c1 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-08gitolite: fix repo permissionsBen Copeland
When we deploy a fresh git server, testing.git doesn't show up due to wrong permissions. Change-Id: I8140dcba57941ba49b9325922c935b3a092acd30 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-08gerrit: Add ability to install pluginsBen Copeland
Plugins can now be installed into gerrit via Ansible. It requires a user to upload the .jar file in following format {{url}}/{{gerrit_version}}/plugin.jar. When we upgrade versions of gerrit, the plugin.jar will get overwritten with the newer version. Change-Id: I682afc9981d5c83a72dde419be26ee52f9af8a37 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-08ansible-lint: Temp fix for ANSIBLE0016Ben Copeland
Due to quite a bit of time needed to fix ANSIBLE0016, for now lets exclude the check from lint. Change-Id: Idbcf3c2f4d58f289d9b69226676bd4cc1430b4cc Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-08llp: add s3_purge crontabBen Copeland
Add crontab entry for the s3_purge script. Change-Id: I89fcfb9e45e6eb9132ac5620cfd6bfe4f30bf6a5 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-07gerrit: update default versionBen Copeland
We should upgrade to 2.13.2, this commit just updates our playbook to the current version. Change-Id: I596846617955c68b79dd546ae4c2375be2bc26a8 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-07gerrit: fix playbook orderingBen Copeland
Due to the current ordering, a fresh deployment of gerrit fails due to not being able to enable proxy_http. Change-Id: I7d0c0ccdc071de3e5958ede871f67492feec2786 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-05jenkins: plugins updateFathi Boudra
Change-Id: Ia0f14f31f16effdce7887ae12748f507d33691ab Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-11-05jenkins: plugins updateFathi Boudra
Change-Id: I508d910098491082c34ef7ef80c7c21c6b6f830f Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-05jenkins: update to LTS 2.19.2Fathi Boudra
Change-Id: I782b0604f67f5840f996348550a07cf7dfa90174 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-11-04colo: add a new reservationAndy Doan
Change-Id: I5e64d737a10b803964c55c44e092c93495f2bdc7
2016-11-04colo: move another server over to qa-netAndy Doan
Change-Id: Ie8b5506b04cdaef48cf12d019c0f5290eb5ece78
2016-11-04ansible-lint: Fix linting error ANSIBLE0017Ben Copeland
When using become_user, become: True must be set, otherwise the role will fail. Change-Id: Ia0b2925fa0dc66144f86d7fe4a14d22bcde52796 Reviewed-on: Reviewed-by: Andy Doan <>
2016-11-03colo: move r1-a30 to qa-net pxeAndy Doan
also fix the pxe server address for qa-net Change-Id: I0b7b9e924e1feb245e7a0858b35c9b7ab75b6103
2016-10-31elk: fix crontab issueBen Copeland
Change-Id: I4527b41f629df1f816b2c20274000839b4f2886a Reviewed-on: Reviewed-by: Andy Doan <>
2016-10-30jenkins: plugins updateFathi Boudra
Update plugins to their latest version except gerrit trigger plugin. Downgrade gerrit plugin to previous known working wersion since there's several reports about comments-added event support is broken. Change-Id: Ibf714cf7e5a483313d63db2e729a718ad3911893 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-29cgit: provide real readme supportAndy Doan
readme support with gitweb and git-mirrors has been broken forever. gitweb requires a readme.html file in a given repo which doesn't get mirrored by grokmirror. With the move to cgit, we can now make a gitolite local command that puts the readme in a "hidden" type branch (like a gerrit review works). This will then get sunk to all mirror servers. Change-Id: I1d44e97bdfb792f263b14abbb7fd2a8e3077a6f5 Reviewed-on: Reviewed-by: Andy Doan <>
2016-10-28git-dumb: add Last-Modified headerAndy Doan
The change to move the manifest location to repo_root: Requires that last-modified headers be available when browsing that directory. I found a good source about git http hosting and they say Last-Modified is fine to provide: Change-Id: I7c992d2e56184339d5ad4249ed394e6ae1ebbd5e Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-28gerrit: update to use new cgit urlsAndy Doan
Change-Id: I863bc93dbea38cb92be54b2429485e55d51026a4
2016-10-28cgit/grok: enable manifest.js.gz linkAndy Doan
Now that we don't server /var/www/git.l.o we need to make the link to our grok manifest http://git.l.o/manifest.js.gz accessible. This is actually a 2 part change. This is the simple part that stops the bleeding. It actually required me to put an adhoc symlink from /srv/reposistories/manifest.js.gz to the file under /var/www/git.l.o The next part is the more complex one, where I have to actually update all grokmirror hooks to use this new file location and not require the symlink. Change-Id: Iefa94c3151d100d07d63044995e74bcd0d15cd74 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-28cgit: fix the git-http-backendAndy Doan
Now that we don't expose the old gitweb apache directory, we need to handle git http smart protocol requests. This copies the template and task from the apache-website role. Once we convert everything over to cgit, there will be no need for this role, so I think this is the easiest path forward. Change-Id: I58c9657d7cb2ea16504a3aa4d1ad9f4509e42ea0 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-28cgit: fix virtual-rootAndy Doan
cgit is now served at the root of git.l.o, so this needs to match that. Change-Id: I17053e0afe7e44cd11a0990f9fb7337d69b772f5 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-28cgit: chown back to rootAndy Doan
Now that we no longer use suexec in our apache config, we can keep files sensibly owned by root Change-Id: I8f691f207c36de3cea5003c6eb4e4aed0021d372 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-28cgit: add rewrite rule for old gitweb "raw" linksAndy Doan
People have bookmarks to "raw" file downloads and we also have a lot of CI tooling built around old gitweb links. This preserves backwards compatibility while we go around and fix them. Change-Id: Ic29edc3bdd2c7b14f51bc269854090ef216bbb9a Reviewed-on: Reviewed-by: Ben Copeland <>