launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #32709
[Merge] ~alvarocs/launchpad-mojo-specs/+git/private:fetch-service-bump-to-314-prod into launchpad-mojo-specs:master
Alvaro Crespo Serrano has proposed merging ~alvarocs/launchpad-mojo-specs/+git/private:fetch-service-bump-to-314-prod into launchpad-mojo-specs:master.
Commit message:
lp-fetch-service: Bump fetch-service snap revision from 277 to 314
Requested reviews:
Canonical Launchpad Engineering (launchpad)
For more details, see:
https://code.launchpad.net/~alvarocs/launchpad-mojo-specs/+git/private/+merge/488608
bump fetch service snap revision in prod
--
Your team Launchpad code reviewers is subscribed to branch ~alvarocs/launchpad-mojo-specs/+git/private:fetch-service-bump-to-314-prod.
diff --git a/lp-builder-proxy/bundle.yaml b/lp-builder-proxy/bundle.yaml
index 7da1211..9b80842 100644
--- a/lp-builder-proxy/bundle.yaml
+++ b/lp-builder-proxy/bundle.yaml
@@ -94,6 +94,11 @@ applications:
# Platform engineering team builders
10.145.212.0/24,
{%- endif %}
+{%- if stage_name == "qastaging" %}
+ # Add new builders created inside the platform engineering team
+ # infrastructure.
+ 10.145.212.0/24,
+{%- endif %}
]
http_access: deny
# Allow certain hosts on denied networks. dstdomain is unsafe. DO
diff --git a/lp-fetch-service/README.md b/lp-fetch-service/README.md
new file mode 100644
index 0000000..1ad35cd
--- /dev/null
+++ b/lp-fetch-service/README.md
@@ -0,0 +1,21 @@
+# Launchpad fetch service
+
+This spec deploys Launchpad's fetch service.
+
+You can run it locally using Juju's LXD support and Mojo. First, configure
+your environment:
+
+ export MOJO_ROOT="$HOME/.local/share/mojo"
+ export MOJO_PROJECT=mojo-lp-fetch-service
+ export MOJO_WORKSPACE=devel
+ export MOJO_SERIES=jammy
+ export MOJO_SPEC="$HOME/spec"
+ export MOJO_STAGE=lp-fetch-service/devel
+
+Then run the spec using Mojo:
+
+ mojo project-new -c containerless
+ mojo workspace-new
+ mojo run
+
+You must have python3-yaml installed.
diff --git a/lp-fetch-service/bundle.yaml b/lp-fetch-service/bundle.yaml
new file mode 100644
index 0000000..4b1ec30
--- /dev/null
+++ b/lp-fetch-service/bundle.yaml
@@ -0,0 +1,214 @@
+{%- if stage_name == "production" %}
+{%- set devel = False %}
+{%- set fetch_service_snap_revision = 314 %}
+{%- set nagios_context = "lp-prodstack-fetch-service" %}
+{%- set nagios_hostgroups = "prodstack-lp" %}
+{%- set nagios_master = "nagios.ps5.internal" %}
+{%- elif stage_name == "qastaging" %}
+{%- set devel = False %}
+{%- set fetch_service_snap_revision = 314 %}
+{%- set nagios_context = "lp-stagingstack-fetch-service" %}
+{%- set nagios_hostgroups = "stagingstack-lp" %}
+{%- set nagios_master = "devops-nagios.ps5.internal" %}
+{%- else %}
+{%- set devel = True %}
+{%- set fetch_service_snap_revision = 314 %}
+{%- set nagios_context = "lp-devel-fetch-service" %}
+{%- set nagios_hostgroups = "devel-lp" %}
+{#- The configured nagios_master doesn't have to be real, but it does have
+ to resolve. #}
+{%- set nagios_master = "localhost" %}
+{%- endif -%}
+
+series: jammy
+applications:
+ fetch-service:
+ charm: ch:fetch-service
+ channel: beta
+ revision: 20
+ num_units: 1
+ expose: true
+ options:
+ {#- Inspectors configuration for the fetch service. #}
+ inspectors: |-
+ git:
+ urls:
+ {%- if stage_name == "production" %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ {%- elif stage_name == "qastaging" %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ - https://git.qastaging.paddev.net:443/**
+ {%- else %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ - https://git.qastaging.paddev.net:443/**
+ {%- endif %}
+
+ crafts:
+ urls:
+ {%- if stage_name == "production" %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ {%- elif stage_name == "qastaging" %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ - https://git.qastaging.paddev.net:443/**
+ {%- else %}
+ - https://git.pkg.store:443/**
+ - https://git.staging.snapcraftcontent.com:443/**
+ - https://git.qastaging.paddev.net:443/**
+ {%- endif %}
+
+ snap:
+ snap-declaration:
+ - name: publisher-id
+ value: [canonical]
+
+ store:
+ urls:
+ - https://api.staging.snapcraft.io:443/v2/bins/info/**
+
+ bldbin:
+ urls:
+ - https://api.staging.snapcraft.io:443/api/v1/bins/download/**
+ - https://canonical-*.cdn.staging.snapcraftcontent.com:443/download-origin/canonical-*/**
+
+ apt:
+ repositories:
+ default:
+ urls:
+ - http://archive.ubuntu.com/ubuntu
+ - http://*.archive.ubuntu.com/ubuntu
+ - http://security.ubuntu.com/ubuntu
+ - http://ports.ubuntu.com/ubuntu-ports
+ - http://ftpmaster.internal/ubuntu
+ dists:
+ - "*"
+ components:
+ - "*"
+ public-key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+ mQINBFufwdoBEADv/Gxytx/LcSXYuM0MwKojbBye81s0G1nEx+lz6VAUpIUZnbkq
+ dXBHC+dwrGS/CeeLuAjPRLU8AoxE/jjvZVp8xFGEWHYdklqXGZ/gJfP5d3fIUBtZ
+ HZEJl8B8m9pMHf/AQQdsC+YzizSG5t5Mhnotw044LXtdEEkx2t6Jz0OGrh+5Ioxq
+ X7pZiq6Cv19BohaUioKMdp7ES6RYfN7ol6HSLFlrMXtVfh/ijpN9j3ZhVGVeRC8k
+ KHQsJ5PkIbmvxBiUh7SJmfZUx0IQhNMaDHXfdZAGNtnhzzNReb1FqNLSVkrS/Pns
+ AQzMhG1BDm2VOSF64jebKXffFqM5LXRQTeqTLsjUbbrqR6s/GCO8UF7jfUj6I7ta
+ LygmsHO/JD4jpKRC0gbpUBfaiJyLvuepx3kWoqL3sN0LhlMI80+fA7GTvoOx4tpq
+ VlzlE6TajYu+jfW3QpOFS5ewEMdL26hzxsZg/geZvTbArcP+OsJKRmhv4kNo6Ayd
+ yHQ/3ZV/f3X9mT3/SPLbJaumkgp3Yzd6t5PeBu+ZQk/mN5WNNuaihNEV7llb1Zhv
+ Y0Fxu9BVd/BNl0rzuxp3rIinB2TX2SCg7wE5xXkwXuQ/2eTDE0v0HlGntkuZjGow
+ DZkxHZQSxZVOzdZCRVaX/WEFLpKa2AQpw5RJrQ4oZ/OfifXyJzP27o03wQARAQAB
+ tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTgpIDxm
+ dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwEKACIFAlufwdoCGwMGCwkIBwMCBhUI
+ AgkKCwQWAgMBAh4BAheAAAoJEIcZINGZG8k8LHMQAKS2cnxz/5WaoCOWArf5g6UH
+ beOCgc5DBm0hCuFDZWWv427aGei3CPuLw0DGLCXZdyc5dqE8mvjMlOmmAKKlj1uG
+ g3TYCbQWjWPeMnBPZbkFgkZoXJ7/6CB7bWRht1sHzpt1LTZ+SYDwOwJ68QRp7DRa
+ Zl9Y6QiUbeuhq2DUcTofVbBxbhrckN4ZteLvm+/nG9m/ciopc66LwRdkxqfJ32Cy
+ q+1TS5VaIJDG7DWziG+Kbu6qCDM4QNlg3LH7p14CrRxAbc4lvohRgsV4eQqsIcdF
+ kuVY5HPPj2K8TqpY6STe8Gh0aprG1RV8ZKay3KSMpnyV1fAKn4fM9byiLzQAovC0
+ LZ9MMMsrAS/45AvC3IEKSShjLFn1X1dRCiO6/7jmZEoZtAp53hkf8SMBsi78hVNr
+ BumZwfIdBA1v22+LY4xQK8q4XCoRcA9G+pvzU9YVW7cRnDZZGl0uwOw7z9PkQBF5
+ KFKjWDz4fCk+K6+YtGpovGKekGBb8I7EA6UpvPgqA/QdI0t1IBP0N06RQcs1fUaA
+ QEtz6DGy5zkRhR4pGSZn+dFET7PdAjEK84y7BdY4t+U1jcSIvBj0F2B7LwRL7xGp
+ SpIKi/ekAXLs117bvFHaCvmUYN7JVp1GMmVFxhIdx6CFm3fxG8QjNb5tere/YqK+
+ uOgcXny1UlwtCUzlrSaP
+ =9AdM
+ -----END PGP PUBLIC KEY BLOCK-----
+ esm:
+ urls:
+ - https://esm.ubuntu.com:443/*/ubuntu
+ dists:
+ - "*"
+ components:
+ - "*"
+ public-key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Comment: Hostname:
+ Version: Hockeypuck 2.2
+
+ xsFNBF3WVA4BEAC7MDr8HClfKptSd4VeB12Vy+Ao/4NpY2ITdkRed4vfh/4eBWWn
+ 3+in6So2ekweifACSxScB/M9zVObsI1cab7QPMkIiATNUfIyOEP7iNWLX4+AytM1
+ LP3bZo8OpghnLZNstCGbiRUO4CDNmCI04DOPCu9EVEO4WWNuWIMRwCLShDSf7Cid
+ J2fn2TT/7vsmA4eI3YnAne+u8g4X2zMHQFkHANhylB0lPyThXo5jaxHImzm4wf/2
+ LF8f1Y1nRQObS2jcvYc3fm9B7iOGpyNAw3h6hrPKH5T9tY/ZoMtFHqn66J1CBSHb
+ hDkEvA46X50su4yAHeSiEG/hMYG7SoHzmAsjEXnvkTIE41WhmxlidQnRs2uWy34U
+ 7VmOpaidWn3R99fNHYOtSOB6bpIvls8snWSQ63jcFXnt05nVZsp/Ixzl0Oqitynx
+ DFwoxEwt3ZuCHwxbx2vZ+FiZXVFN7I0IyBDOEL6XS27FNaMCZ7Q/6z/ckdWto55E
+ 264OWf9lnw31bXFXHWSusRXWzD6FK8dqWgjtrWwRxlvF4jm688lqpjac6fFES3UK
+ BhjyHXFGL/+HHZ9CNxlLYF5QnXq1mGR0Ykw975u8KoOFSLBqsx+1a21m6dfzujY7
+ 2Gq6Sju+9Yo1aOF+CNvTMYdRBoDL4sFj6VAmUsszMA5aAb+82pOCaDvGJQARAQAB
+ zTVVYnVudHUgQXBwcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGVzbUBjYW5vbmlj
+ YWwuY29tPsLBeAQTAQIAIgUCXdZUDgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
+ F4AACgkQqwGhAdtTkHuTOw/8Czv42TSpwHz+eNtl3ZFyxta9rR/qWC3h+vMu0R/l
+ 5KU3aQQOygWOoUcr1QTPSSg3v/H+v/8vqVq2UuUxSIfpMxBj2kIX2vqskv6Roez7
+ xR8lVDa0a47z/NYMfKpxrEJxOLh/c7I6aAsa597bTqDHtucHL/22BvfUJJqw6jq1
+ 7SswP5lqKPBFz7x+E2hgfJE7Vn7h0ICm29FkWnOeTKfj8VwTAeKXKUI9Hw6+aqr9
+ 29Y2NdLsYZ57mpivRLNM9sBZoF3avP1pUC2k0IwP3dwh4AxUMXjRRPh173iXBfR2
+ yAf1lWET/5+8dSBrfFIZSo+FF/EEBmqIVtJpHkq8+YxUbCLbkoikRi2kwrgyXLEn
+ FqxSU2Ab0xurFHiHcJoCGVD38xjznO5cQl7H4K9+B/rFpTTowOHbOcFpKAzpYqB5
+ 8rnR1yRSsB33zac8xesUIfzYWRtLc5/VIb5mOkWlb62d8emILx2XuRFVjKq6mKki
+ oGckhDUOuEFrjW1cQq+PWBBxyJoXcy6wGSoPJ/ELeaf9zg8SF0jwuN6BPHVBeJ/E
+ W53zR5iV0N9fRT+M2JN5tc5HenO92xLgPAh+GPWLYmPdTmHu+kFozqsHx/NUw2iP
+ PBL6Q1VZytt2Uf6qLPUx7GpYMKf42Vldb0feFo/YA/lzOgPlY29pDLKXbse6o+Sr
+ kmnCwPMEEAEKAB0WIQSuFW2FH6EUY505Vy5peOGN+xAtAgUCZYHw2QAKCRBpeOGN
+ +xAtAsFGC/sElB6xJDM0taBAqAis+PuRQ82HyB9a5DuvkaKqDX49TEM2yq+ikYQl
+ LfG4rJTHusbK6YbK/phXlo0VmNYWQc1VFqKSUzSWPAKDmzAajDpXU6PCKk+MHsY2
+ pi8DnGfAjHbe3HHXm3/53eoAFNJLtM21D2f/70pWngIRYrcOWck1NzPgONxHiA8i
+ EyC+CD6xTVTeXX0jRdqTApmkhfSEi1/1ornevzgGVQscUzkLgdtLc7hzCC+S3Hv4
+ lDjh4O27LZNiYy2pShMM5znGNLEace1zvcL+qau4xg/p3ZohopcfsECvBZcjtIHN
+ UDDGwSkFzPN7mtRihdS0JEZTnzDF9lJoSCTiynJgaR9rGILwRBXhLC5b78hBUKxH
+ IYre9rrmr0OpfKxRPJEUZkhn4lzCRscmoFX7yDUYCUmzJM2RLXZ4NRJk0oMfQExw
+ tzSX2TxxAm4nTPmqimFY2BWofbus0wpivyXLKnmfbdXarPlV+nRj1uVbMoyiEZ4f
+ hGtjjxVBWvfOwU0EXdZUDgEQAKBoUuIvCP2R5LLd9AKQoDPfDW7zcr8jywLx1ph3
+ U3rYJ/liMKv+xTQ0DYvqo3ROTe5oQ2+haJ4Ns0bkynSMg+48tgrnu7iYmJ8L1ZdG
+ V8HxhTVh9zvSwQpoz5JdJ5FEGo5t2/whGdQfJvp8orzK7bUA2MORtN6s7iWDHZKu
+ tEZrYztniir+0zA6Fq4RmE0xwsTOYaVmqBiCDWZujIE4tccOBOuvd2yBu6j6EITJ
+ oaFn981tDFd4WzDWBIJhllH2u3QgzizXG8QswlI52FARHEg8Vin9sAz/jqEo9qCb
+ SX+SpYQdgSMvCKJSC0tFZD9kKSEjZEjXLeB3yQ5BOaLa5q6hDd6xbSTS4yt9lDw/
+ gb2ZQtu4kNZikib+4S8dOyYiLhoBWU6E4vWL8DEKYhY3MiicFdGtDd4pudajru9+
+ bnooBClhjllcW2k3zrNc2uyfSSQF0zXNtmqrkmHmDKrn/bybcQs4mU4Owt8R5nkX
+ efYVYd/zA19yQFSJLne+Thzjyl4v04onYW5CkGxpO9Ol+sjnyhgSlf/PNrv4hj1a
+ /RDX4292g3zxCE9W8jThXRO6Xuo3CwIUk6Ad2Fuud+D7NWIo3nTpBi+Z7KwkxuPJ
+ x5LPvNBwwyjw7tokavaxVWC7qbIWTq6ZiUrOzTgG0By1FHbzBfAZ0UADGDSxeKtY
+ 4lkTABEBAAHCwV8EGAECAAkFAl3WVA4CGwwACgkQqwGhAdtTkHs4exAAhxMLSXtG
+ NWsb3K02AOZpdJs68RPJsk47XbnfqZa7LaCxtxlIFU94i1l0j3TvRNm6AEoAnvzq
+ ZL3fz0mupVDEE3rO7+UY3aUeEaa21GcDFwTtTzp5haGCggv9Qt6k9tqoQg7ibA/u
+ bDWWZXOrhnS+0TlFdYdgbjXGt0Ld6IT8ldECWoMROdG0/goOweiYK0At4mrPcEF4
+ PdaK0zzuff9F2rfUkWD6ltqdshgv8OvIKrKowdy3z39JJo1niDqIgt076CyXzlUh
+ uAzEy+tYitgmMLA1VgsbdWYcTl2yPpZaivITiaQYgIcXSBCCwQbeNhrzSfCrt/p3
+ egB6m4gzrrGax1VLRlPayC+g70wHkg6YipCawwPGLbh4PeVxXBSG6NTJi9TVGWiL
+ glRf8hMqwlaYCpCbhtCqbres6M+KS7b8EIzSlYcwzzjChHRyTq5awXQK+D7DzeG2
+ OGqu0BDRo6SCJxJRnvjqkJ6nLTYGYo8ZZRrCDpUeoT75GmYyXo5jpzVoQC5FHC9N
+ jgVGSjmBTHLQWXFiS7L8QF9H5pGVWqfDNxF3T7k1lh6A5UH71y+ASzisUUU+0erC
+ HhCzCnXmXxMAz3DC+bgApSecJcKy9Yth5XLA7Y+9Ol0GK4Hg9AMG8KlRVomllE52
+ gW1RgFwq9IQ21MOzB9P6bUCyfF3cBYjgVT4=
+ =tskY
+ -----END PGP PUBLIC KEY BLOCK-----
+ {#- Revision configuration for the fetch service snap. #}
+ revision: {{ fetch_service_snap_revision }}
+ log_hosts_allow: "launchpad-bastion-ps5.internal"
+ log.file: "fetch-service.log"
+ nrpe:
+ charm: ch:nrpe
+ channel: stable
+ revision: 121
+ options:
+ export_nagios_definitions: true
+ hostgroups: "{{ nagios_hostgroups }}"
+ nagios_host_context: "{{ nagios_context }}"
+ nagios_master: "{{ nagios_master }}"
+ telegraf:
+ charm: ch:telegraf
+ channel: stable
+ revision: 75
+ expose: true
+ options:
+ install_method: snap
+
+relations:
+- ["nrpe", "fetch-service"]
+- ["telegraf:juju-info", "fetch-service:juju-info"]
diff --git a/lp-fetch-service/configs/custom-secgroups-staging.yaml b/lp-fetch-service/configs/custom-secgroups-staging.yaml
new file mode 100644
index 0000000..78f1546
--- /dev/null
+++ b/lp-fetch-service/configs/custom-secgroups-staging.yaml
@@ -0,0 +1,9 @@
+applications:
+ fetch-service:
+ type: neutron
+ rules:
+ - rsync-logs
+rules:
+ rsync-logs:
+ # Allow launchpad-bastion-ps5 to fetch logs.
+ - {"protocol": "tcp", "family": "IPv4", "port": 873, "cidr": "10.131.10.100/32"}
diff --git a/lp-fetch-service/manifest b/lp-fetch-service/manifest
new file mode 120000
index 0000000..e1c38b1
--- /dev/null
+++ b/lp-fetch-service/manifest
@@ -0,0 +1 @@
+manifests/deploy
\ No newline at end of file
diff --git a/lp-fetch-service/manifest-perform-autodeploy b/lp-fetch-service/manifest-perform-autodeploy
new file mode 120000
index 0000000..e1c38b1
--- /dev/null
+++ b/lp-fetch-service/manifest-perform-autodeploy
@@ -0,0 +1 @@
+manifests/deploy
\ No newline at end of file
diff --git a/lp-fetch-service/manifest-verify b/lp-fetch-service/manifest-verify
new file mode 120000
index 0000000..6e02de4
--- /dev/null
+++ b/lp-fetch-service/manifest-verify
@@ -0,0 +1 @@
+manifests/verify
\ No newline at end of file
diff --git a/lp-fetch-service/manifests/deploy b/lp-fetch-service/manifests/deploy
new file mode 100644
index 0000000..2d52196
--- /dev/null
+++ b/lp-fetch-service/manifests/deploy
@@ -0,0 +1,5 @@
+script config=predeploy
+bundle config=bundle.yaml max-wait=900 local=deploy-secrets
+juju-check-wait
+include config=manifests/secgroups
+include config=manifests/verify
diff --git a/lp-fetch-service/manifests/secgroups b/lp-fetch-service/manifests/secgroups
new file mode 100644
index 0000000..8c438ee
--- /dev/null
+++ b/lp-fetch-service/manifests/secgroups
@@ -0,0 +1 @@
+script config=utils/custom-secgroups.py SKIP_STAGES=devel
diff --git a/lp-fetch-service/manifests/verify b/lp-fetch-service/manifests/verify
new file mode 100644
index 0000000..f25f902
--- /dev/null
+++ b/lp-fetch-service/manifests/verify
@@ -0,0 +1,4 @@
+juju-check-wait
+# It occasionally takes a little while for all the servers to start
+# accepting connections.
+verify retry=3
diff --git a/lp-fetch-service/predeploy b/lp-fetch-service/predeploy
new file mode 100755
index 0000000..e6e2fbc
--- /dev/null
+++ b/lp-fetch-service/predeploy
@@ -0,0 +1,3 @@
+#! /bin/sh
+set -e
+exit 0
diff --git a/lp-fetch-service/utils b/lp-fetch-service/utils
new file mode 120000
index 0000000..468ba70
--- /dev/null
+++ b/lp-fetch-service/utils
@@ -0,0 +1 @@
+../utils
\ No newline at end of file
diff --git a/lp-fetch-service/verify b/lp-fetch-service/verify
new file mode 100755
index 0000000..df9e6ef
--- /dev/null
+++ b/lp-fetch-service/verify
@@ -0,0 +1,8 @@
+#! /bin/sh
+set -e
+
+TOP="${0%/*}"
+
+export EXTRA_SKIP_CHECKS="check_swap${EXTRA_SKIP_CHECKS:+|${EXTRA_SKIP_CHECKS}}"
+
+exec "$TOP/utils/verify"
Follow ups
