path: root/per-service
AgeCommit message (Collapse)Author
2016-10-18jenkins: update to LTS 2.19.1Fathi Boudra
Change-Id: I533f814281daa1432ae6f3281ae97e620f4e3af4 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-18jenkins: plugins updateFathi Boudra
Change-Id: Ifcf22dcbd1c4e75c3920d6890c87c946168f761d Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-14cgit: move to new cgit and header.htmlAndy Doan
It looks like upstream wants me to pursue a different method for managing collapsible sections. I've updated our cgit repo and these changes correspond to that. Change-Id: I663149ae163012af0ab849a943c5fa9912f18d47 Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Paul Sokolovsky <>
2016-10-14cgit: use more ansible variables in configAndy Doan
We have some things hard-coded that will eventually be on a per-site basis. Change-Id: I66f4b92ece4eb53a6d5be9e697935358c3f18d00 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-10-09android-git: Mirror more repos.Paul Sokolovsky
Based on Change-Id: Ie494a3877b40d5975c623a8dd4fd347c39cde30e Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-10-04jenkins: increase max form sizeAndy Doan
We have hit a new threshold for TCWG Change-Id: I15d12ac1c4d9bf7a1b17024c66b225470b832655
2016-09-26Jenkins: add OpenVPN supportBen Copeland
Make sure we can manage OpenVPN connections through Ansible. Change-Id: I067612de63476a24c037de36cd84b6d487f549dd Reviewed-on: Reviewed-by: Andy Doan <>
2016-09-22git/cgit: fix bug found during deploymentAndy Doan
The CSS file wasn't being served. Change-Id: I7914f78b67edbf7089f787a667bcdcec860906bf
2016-09-21Add support for cgit UIAndy Doan
This is for evaluation mode at the moment and will run along side gitweb until we are ready to replace it. This currently only works on private repos, while I sort a way to better handle them upstream Change-Id: I7b895d26f3999e424da98676b0e091e73ad60af4 Reviewed-on: Reviewed-by: Andy Doan <>
2016-09-19apache-auth: clean-upBen Copeland
We don't need to deploy these templates, they are just a added dependency which requires /srv/{{hostname}}/errors to be created. We also don't create /etc/linaro when deploying, so should ensure it exists so it does not error out. Change-Id: Ifbc24da51a81b249423fb7d79384a6d741cb4a1e Reviewed-on: Reviewed-by: Andy Doan <>
2016-09-13Jenkins: Lint errors android-build removalBen Copeland
Fix a couple basic linting errors, and move unused roles/files related to android-build. Change-Id: I50c77ef4fc86076447534c24168e957546e6cfea Reviewed-on: Reviewed-by: Andy Doan <> Reviewed-by: Paul Sokolovsky <>
2016-09-09jenkins: update to LTS 2.7.4Fathi Boudra
Prevent File descriptor leaks when reading manifests from JARs Change-Id: I57b24f3f30fb9ccd3ca22acac905b3f4b2719e0d Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <> fix odp-staging overlayRiku Voipio
copy/paste error redirecting odp-staging uploads to linaro-staging Change-Id: Id365b3bd7cb08fa6f86a5bdc0912a55631e99a95 Signed-off-by: Riku Voipio <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-09-08jenkins: plugins updateFathi Boudra
bump yet-another-docker plugin to 0.1.0-rc23 version. it pulls credentials plugin >= 2.1.3 version. Change-Id: I394751644cf9b2be24e5d026fc4dcfda3b737482 Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-09-08jenkins: upgrade to latest LTS 2.7.3Fathi Boudra
Change-Id: I1e40303c58eb55c6dfc272fec5a3ae292e79b2ff Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <>
2016-09-05Revert "git: remove use of suexec"Andy Doan
This reverts commit 2714daa7b1b3e89af209a66375e13c1a002d59b0. We can't run efficiently w/o suexec. dev-private-git needs to call gitolite as "git" in order to see what repos a user can read. All the addition calls to sudo make the service unusable.
2016-08-31Git: Ansible-lint errorsBen Copeland
Fix the usage of using shell when we should be using command. Change-Id: I0575ba35f5d4d11f346fe53be582d910e11dc7a2 Reviewed-on: Reviewed-by: Ben Copeland <>
2016-08-25git: remove use of suexecAndy Doan
Due to the way we manage our repos on disk (umask 0022) you don't need to run our cgi code as "git". Actually doing so makes things *less* secure since the git user has write permissions. This change allows apache to run our cgi as "nobody" and also maintain our document root permissions and ownership more sanely. gitweb.conf requires updating for private repos because we need to access gitolite APIs as the "git" user. Change-Id: If20733de2856a6ed64c5e4df79d07826c4f62d21 Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-08-18jenkins: add github-branch-source and github-organization-folder pluginsFathi Boudra
These plugins are installed by default with Jenkins 2.x and trigger a wizard if they aren't installed on Jenkins 2.x first run. Change-Id: I44b104dcb977b0f44688751e702f55a6c253b5e2 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Andy Doan <>
2016-08-18jenkins: add yet-another-docker pluginFathi Boudra Change-Id: Id089a394308a11d342aa4bc3ebea4f11fb57b962 Signed-off-by: Fathi Boudra <> Reviewed-on:
2016-08-16Jenkins: Now on OpenJDK8, we no longer need to set PermSizeBen Copeland
With the newer "metadata" memory management in OpenJDK8, we no longer need to set this setting. Change-Id: I67fae21519d709a5ce2f77b3c042184612af6025 Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-08-15jenkins: Install full JDK (not just JRE).Paul Sokolovsky
To make tools like jps, jstack, etc. available (also required to enable some features of jmelody jenkins plugin). Change-Id: I563a1129c8f36ab9dab392738cd86812a826b0d8 Reviewed-on: Reviewed-by: Fathi Boudra <>
2016-08-11jenkins: Install OpenJDK 8 from PPA (for Ubuntu 14.04).Paul Sokolovsky
To accommodate Yet Another Docker plugin requirements and at the same time trying to affect PermGen leak issue (by OpenJDK 8 not having PermGen and instead using normal heap to store classes, etc.): When upgrading to Ubuntu 16.04, PPA should be removed, as 16.04 has OpenJDK 8 as a system default. Change-Id: Ibf5613e4ff3b73c6dd3391a1783f41b78b8b4217 Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Paul Sokolovsky <>
2016-08-10gitweb: add caching logic to front pageAndy Doan has always been terrible slow (and growing) slower rendering the front page. This patch cache's the most resource intensive part of gitweb's front page code path for 90 seconds. Rough testing shows about a 2.5x performance boost. This only runs on public servers to ensure we don't accidentally share private repos Change-Id: I4d27bd103c017b398612e50df467b6f699c9c390 Reviewed-on: Reviewed-by: Andy Doan <>
2016-08-10jenkins: bump to 2.7.2Andy Doan
We are having major CPU and memory issues with 2.7.1. 2.7.2 looks like it might actually help with a couple of things, and its unlikely to make things work even worse then they are currently. Change-Id: Iee8f632d489e3c883887911a7ef6f214b472f6f0
2016-08-10jenkins: increase PermSize and add debugging measuresBen Copeland
Increase the PermSize to 512M (we have enough memory) and add Heap Dump, so when we next hit the OutOfMemoryError a heap dump will be generated. Change-Id: Iebf838ababa5e5bf54f37c3ac6035519ed8b11ae Reviewed-on: Reviewed-by: Andy Doan <>
2016-08-08git: combine apache-website role task filesAndy Doan
The main.yml and apache-website-git.yml are both so simple there's really no point keeping them separate. Change-Id: I22aa3375421247b099754abdc4d5b7a1518878f9 Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Paul Sokolovsky <>
2016-08-08git: clean up tags for apache-website-roleAndy Doan
I was doing some clean up in this area and noticed the tags to access this role were a bit awkward and went against our decision to stop doing "install" tags. This makes it part of "website-conf" Change-Id: I1cb325b3cfa0a184ce820c0c722182adfcf6d81c Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Paul Sokolovsky <>
2016-08-08jenkins: Add -XX:MaxPermSize=128M java option.Paul Sokolovsky
Following errors of "java.lang.OutOfMemoryError: PermGen space". The default is supposed to be 64M. This is a stopgap measure, we should stay alerted on this issue, as one of the causes of these error is classloading leaks. Change-Id: I6febf995d9d539f427c4a57f00845bcdef148aa7 Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-08-03jenkins: add javamelody monitoring pluginBen Copeland
Allow us to more easily understand what Jenkins is doing. Change-Id: I1ce4a682659c83d9c594dd6705b40a1898c0520c Reviewed-on: Reviewed-by: Andy Doan <>
2016-07-31jenkins: restore previous behavior of allowing any build parametersFathi Boudra
In Jenkins >= 1.651.2 or >= 2.3, only build parameters that have been explicitly defined in a job's configuration will be available by default at build time. Pass -Dhudson.model.ParametersAction.keepUndefinedParameters=true to JAVA_ARGS in order to restore previous behavior. For reference: Change-Id: Ie4bd250c7733966b027d02bef9dc272b8f00a39d Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-07-30jenkins: remove metadata pluginFathi Boudra
It has been requested by users but isn't used. Remove it. Change-Id: I1fd01979c70c9a081ebcc7ddf5cf702ebee4e44e Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Paul Sokolovsky <>
2016-07-30jenkins: Upgrade to 2.7.1 LTS.Paul Sokolovsky
Actual upgrade was done manually, as there were /etc/defaults/jenkins changes to clean up. These changes just bring the playbook in the corresponds with the actual state. Change-Id: I20a619c64ba6731dfe5f975a9b808fc1d35749d7 Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-07-19mirroring: fix typoAndy Doan
2016-07-15git mirroring: add mirror for ZephyrAndy Doan
As requested by Amit K Change-Id: I708ce2af734e308b2b9466b284bd5091be0e686d
2016-06-09colo: add an "openstack" command for dev-cloud-adminsAndy Doan
Change-Id: I1b614d65f5df6a5cadc8ca8de6185d5d03df3646
2016-06-06jenkins-plugin: downgrade matrix-projectBen Copeland
Due to a logging issue, this plugin needs downgrading to 1.6. ( ) Change-Id: I7843a29dc975c2015cf3e27b9aa345ba6093a47e Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-06-03jenkins: increase jetty max form content size to 500kFathi Boudra
Reached the current limit with the addition of TCWG docker template. Change-Id: Ia390fa27da564148fe9905ee8a720f492e57473f Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-06-01Package "acl", is required when using become_user:. Currently, inBen Copeland
Ansible 2.1, this causes a playbook failure. Change-Id: Ied0f662a1e8a1ac80c4cf6789bbb4611aa69197d Reviewed-on: Reviewed-by: Ben Copeland <>
2016-05-31jenkins: Downgrade EC2 plugin dependencies to the ones listed for 1.33.Paul Sokolovsky
Using "too new" ones led to dependency issues wrt to other plugins. Change-Id: Iad08a0a784392dc8dcd33086211616bc74d1e2ff Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-05-31jenkins: Upgrade EC2 plugin to the latest (includes bunch of dependencies).Paul Sokolovsky
A rather old version we used to use now conflicts with fersh BouncyCastle SSL library used by other fresh plugins. Change-Id: Iaccf7e80568802690e1720e00a829d61837e5e8b Reviewed-on: Reviewed-by: Ben Copeland <> Reviewed-by: Vishal Bhoj <> Reviewed-by: Andy Doan <>
2016-05-31git-mirror: mirror linux-next and linuxAndy Doan
As part of: we need to enable mirroring of these two kernel repos to make it easy for people to use the upcoming gitolite "track" command. Change-Id: Ic39379c0a167f4a1f6849945abb89cde28df550d Reviewed-on: Reviewed-by: Paul Sokolovsky <> Reviewed-by: Ben Copeland <>
2016-05-31gerrit: don't update grok manifest with gitolite-adminAndy Doan
This repo gets skipped when pushing via gitolite, but gets added to our manifest when we do code reviews. Then our regional mirrors try to clone the repo, but can't and complain. Change-Id: I0b68aa0e819afab5f248ef5397b7f105a967a1d8 Reviewed-on: Reviewed-by: Paul Sokolovsky <> Reviewed-by: Ben Copeland <>
2016-05-30jenkins: Add Pipeline plugins dependency hell.Paul Sokolovsky
Change-Id: If574a4d65c8f14b6bbf8988c898ba7699e192e8a Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-05-30jenkins: Add Structs plugin, dependency of Gerrit Trigger 2.20.Paul Sokolovsky
Change-Id: I996325bf229525b36f3e3adfb14702f2c1cf4c93 Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-05-30jenkins: update pluginsFathi Boudra
Plugins updated: Ant Plugin 1.3 Build Monitor View 1.9+build.201605021413 Build Name Setter Plugin 1.6.5 Copy Artifact Plugin 1.38 Credentials Plugin 2.0.7 Durable Task Plugin 1.10 Email Extension Plugin 2.42 Folders Plugin 5.11 Gerrit Trigger 2.20.0 GitHub API Plugin 1.75 GitHub plugin 1.19.1 Job Configuration History Plugin 2.14 JUnit Plugin 1.13 LDAP Plugin 1.12 Mailer Plugin 1.17 MapDB API Plugin Matrix Authorization Strategy Plugin 1.4 Matrix Project Plugin 1.7 Maven Integration plugin 2.13 Multiple SCMs plugin 0.6 Pipeline 2.1 Pipeline: API 2.0 Pipeline: Basic Steps 2.0 Pipeline: Groovy 2.4 Pipeline: Job 2.2 Pipeline: Nodes and Processes 2.0 Pipeline: SCM Step 2.0 Pipeline: Shared Groovy Libraries 2.0 Pipeline: Step API 2.1 Pipeline: Supporting APIs 2.0 Plain Credentials Plugin 1.2 SCM API Plugin 1.2 Script Security Plugin 1.19 SSH Credentials Plugin 1.12 SSH Slaves plugin 1.11 Throttle Concurrent Builds Plug-in 1.9.0 Timestamper 1.8.2 Translation Assistance plugin 1.14 Warnings Plug-in 4.53 Workspace Cleanup Plugin 0.29 Change-Id: I5f2434b54e02f00158146c7e814c6304b4a9e8db Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Paul Sokolovsky <>
2016-05-30jenkins: upgrade Jenkins to 1.651.1 LTSFathi Boudra
Avoid 1.651.2 until all the incompatible plugins are updated. Change-Id: Iebe4c60f2bf73794561c6d7501449c5ec55cdd78 Signed-off-by: Fathi Boudra <> Reviewed-on: Reviewed-by: Paul Sokolovsky <> Reviewed-by: Ricardo Salveti <>
2016-05-30gerrit: Activate parent projects automatic update cronjob.Paul Sokolovsky
Change-Id: I4f2ec72e4454ef4980906b9b11c5929d326f98de Reviewed-on: Reviewed-by: Ben Copeland <>
2016-05-27gerrit: Add new role "gerrit-automate" for automated maintenance cronjobs.Paul Sokolovsky
Previously, sync keys, groups cronjob setup was part of "gerrit-setup" role, and that doesn't fit well with task of setting up (pristine) gerrit per se. Also, separate one-line crontabs were used for each job. Use a common crontab for related jobs instead. This change is prerequisite for adding cronjob. Change-Id: I30d9185014287203913515a729c1a5c4f214e1c3 Reviewed-on: Reviewed-by: Andy Doan <>
2016-05-27gerrit-setup/templates/gerrit.config: Use default port of 8080.Paul Sokolovsky
For consistency with majority of servers. Change-Id: Ieff3fe22eecc1bef7488635c2f91b450134173be