With the release of the new v2026dev2 distribution, the volume of
`aptly` has increased drastically to the point of nearly filling up
the entire disk. For this reason, the volume is being increased to
allow the publication of all the packages for this new version.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 2 weeks ago and Pablo Vigo Mas committed 1 week ago

Since April 1st, Docker Hub limits image pulls, so it’s advisable
to use an alternative registry to avoid issues when downloading
the `postgres` & `postgres-exporter` images.
The Amazon registry is configured instead.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 2 weeks ago and Pablo Vigo Mas committed 1 week ago

The Postgres version is updated to `14.17.0-debian-12-r3` in order
to align all existing databases to the same version.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

From time to time, the Aptly volume fills up due to the number of
generated packages. During rebase periods, this volume grows even
more, making it necessary to increase its size to prevent service
failures.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Since April 1st, Docker Hub limits image pulls, so it’s advisable
to use an alternative registry to avoid issues when downloading
the Postgres Exporter image. The Amazon registry is configured instead.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The Helm Chart version of Postgres was hardcoded in the Ansible
playbook, making it impossible to perform upgrade tests in
different environments.

The docker image and registry were not configured pulling the image
configured by default in the Helm Chart.

New variables have been added to the inventory file to allow
deploying different versions and different registry for `postgres-exporter`
across environments and carry out the necessary testing.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Since April 1st, Docker Hub limits image pulls, so it’s advisable
to use an alternative registry to avoid issues when downloading
the Postgres image. The Amazon registry is configured instead.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The Postgres version is updated to `14.17.0-debian-12-r3` in order
to align all existing databases to the same version.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The Helm Chart version of Postgresql was hardcoded in the Ansible
playbook, making it impossible to perform upgrade tests in
different environments.

The docker image and registry were not configured pulling the image
configured by default in the Helm Chart.

New variables have been added to the inventory file to allow
deploying different versions across environments and carry out
the necessary testing.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 1 month ago and Pablo Vigo Mas committed 1 month ago

The dev instance was using production secrets because the Ansible
playbook was not configured to support different environments.

This issue has been resolved, and it's now possible to use
separate configuration files for each instance.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 1 month ago and Pablo Vigo Mas committed 1 month ago

For a long time, there was only one instance of the `qa-report-app`,
and all the configuration resided in the values file and its Vault
secret. With the possibility of deploying a development instance, it is
necessary to decouple some variables to be configured from the
inventory file, as some configurations are specific to each environment.

This modification also makes it easier to have more than one instance
of the APP in production if needed.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Due to the large number of jobs that run during the Apertis rebase, it
is necessary to increase the number of runner instances.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Once the application was deployed, it was decided that a `StorageClassName`
with `do-block-storage-retain` should always be used. However, once deployed,
Helm is unable to modify the object, and changing that value on the fly is risky.

Fortunately, the `RECLAIM POLICY` could be manually modified to `Retain`.

Change showed running ansible --diff --check:
`+  storageClassName: do-block-storage-retain`

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

- gitlab-ci: Move to the official Skopeo image
- select_image.html: fix examples
- Use individual token per qa-report-app instance

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

- gitlab-ci: Move to the official Skopeo image
- select_image.html: fix examples
- Use individual token per qa-report-app instance

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

In qa-report-app@f9ee1e0e "Use individual token per
qa-report-app instance" the configuration syntax has been changed
due to no other reason than some confusion while introducing other
changes elsewhere.

qa-report-app!219



We have two options:

1. revert the breaking change, thus breaking all the instances already
   upgraded to use it
2. align with weirdly-named config option and keep going

Since it is not a big deal, let's go with option 2.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The data volume of aptly-repositories increases and is currently
at over 98% capacity. Therefore, increasing the volume size is
necessary to ensure smooth service performance and prevent errors.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

This will make Traefik return a 503 HTTP error instead of 404 if a
liveness probe fails for some services.

This prevents Lava workers from deleting and restarting the same jobs
repeatedly because they think the jobs were deleted on the Lava server.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The aptlyctl command is included in the Apertis Docker image to
standardize its usage and eliminate the need for local installation.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

To build a Docker image based on Bookworm, the container executing
it must also be, at a minimum, that version.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 4 months ago and Pablo Vigo Mas committed 2 months ago

To include the `aptlyctl` application in the Apertis image, the
libssl3 library needs to be added. This library is available in
the Debian Bookworm version.

adding --break-system-packages to avoid build errors
`error: externally-managed-environment`

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 3 months ago and Pablo Vigo Mas committed 2 months ago

A task title was copy from another role and the name of the task was
incorrect.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 3 months ago and Pablo Vigo Mas committed 2 months ago

When running a check, an error occurs in the `Deploy` task because
the previous download step is skipped due to the simulation mode.

`Error: failed to download "jetstack/cert-manager"`

By adding the option `check_mode: no`, the chart download is forced,
allowing it to be evaluated afterward.

Added in cert-manager, metrics-server & vector ansible roles.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 4 months ago and Emanuele Aina committed 3 months ago

First version of the documentation for interacting with Aptly
repositories using the 'aptlyctl' command.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 4 months ago and Emanuele Aina committed 4 months ago

The configuration for all services is still consolidated in a single file.

It would be beneficial to separate each service into its files and adopt
a structure similar to the one used in other playbook repositories as
it has proved to be easier to manage.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 4 months ago and Emanuele Aina committed 4 months ago

The Apertis development inventory for all services is still consolidated
in a single file.

It would be beneficial to separate each service into its files and adopt
a structure similar to the one used in other playbook repositories as
it has proved to be easier to manage.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Vector is a high-performance observability data pipeline that collect,
transform, and route all the logs, metrics, and traces to Prometheus
and Loki.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

It's necessary to add a variable to split the url of development and
production instance.

Loki configuration was not running any log retention and the Object Storage is increasing without limits.
Now log retention is setup for 6 month.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The secrets for the monitoring stack are stored in a different vault folder and must be created as a variable.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The bucket name is different in each cluster and must be created as a variable.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Standardize secrets nomenclature across all monitoring stacks.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

A new monitoring stack is deployed in Dev cluster for testing

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

It is necessary to change Grafana's deployment type because it does not allow a
rolling release. The PVC cannot be used by two different Pods simultaneously,
requiring the existing Grafana Pod to be terminated before deploying the new one.

By modifying the deployment type, Kubernetes will handle terminating the existing
Pod before deploying the new one, preventing any errors.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The new Prometheus version doesn't allow to use the
storage.tsdb.allow-overlapping-blocks flag with the following flag.

Error parsing command line arguments: unknown long flag '--storage.tsdb.allow-overlapping-blocks'
prometheus: error: unknown long flag '--storage.tsdb.allow-overlapping-blocks'

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

A new version of Grafana has been released, and it is necessary to
upgrade to the latest version along with the components of the
stack, such as Prometheus and Loki.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

The user's role will be set to the role retrieved from the auth provider upon user login.
Users make it impossible to perform administrative tasks unless you have that role assigned in Collabora.
It is necessary to disable user synchronization to manually select who will be an administrator in Grafana.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Becase we'll soon be having the rebase of Apertis

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>