Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
69db590 YuviPanda 05 October 2015, 20:31:01 UTC tools: Add puppetmaster/client roles - Only applied on k8s related nodes - Deny access to all non-admins - Also make gitsync configurable so it can sync the puppet repositories more frequently Bug: T112005 Change-Id: I23e64a138a287fa1e69b4d2ce894cf95f1c22592 05 October 2015, 20:38:37 UTC
d1c3b4c dzahn 05 October 2015, 20:28:38 UTC lint: fix the last "variable not enclosed" Change-Id: I078fe3baa6bc8f413dd0ea3554c43fb291eb7899 05 October 2015, 20:28:38 UTC
9def247 Antoine Musso 05 October 2015, 14:50:47 UTC contint: fix bundler package name on Jessie The package has different name on Ubuntu and Jessie: ruby-bundler -> bundler Bug: T110865 Change-Id: I88431a509c8cbbb5297e036d5749773c9d410c04 05 October 2015, 20:14:41 UTC
ce61247 YuviPanda 05 October 2015, 18:54:33 UTC elasticsearch: Set nobelium cluster name explicitly To prevent it from trying to join the other cluster Change-Id: I1326a2f6f7a1e042c042e8252568ea294d72be02 05 October 2015, 19:23:41 UTC
2d16bff YuviPanda 05 October 2015, 18:20:39 UTC tools: Move toolswatcher into puppet Change-Id: I48b34f350031682891464a07d66e5c77ee3560c1 05 October 2015, 19:22:59 UTC
ac1344f dzahn 29 September 2015, 03:56:57 UTC lint: fix 'variable not enclosed' pt2 Change-Id: I0faca37d4ebf7ab300f292ebdd37aa5287d4978b 05 October 2015, 19:20:01 UTC
80e41eb RobH 05 October 2015, 18:31:15 UTC adding joal, milimetric, gwicke, eevans, mobrovac to aqs-admins adding joal, milimetric, gwicke, eevans, mobrovac to the aqs-admins group. allows admin access for aql service group T113416 T114383 Change-Id: I3efc265e2461ea5b54cb0a22ff4b37b68a51ca72 05 October 2015, 18:31:15 UTC
b652393 dzahn 02 October 2015, 23:37:47 UTC apache: remove wikimedia.xyz redirect This domain has been deactived in I33fd1180204f1caf239 so there should be no traffic anymore. Bug:T92547 Change-Id: I94637a75d0a38fa23f76bbc512231b6d5a5b80ca 05 October 2015, 18:22:27 UTC
28461ac Ori Livneh 05 October 2015, 18:16:44 UTC graphite-web: fix incorrect variable name introduced in I1e41e6e3 REMOTE_USER_AUTHENTICATION -> USE_REMOTE_USER_AUTHENTICATION Change-Id: Iaa903b411791be10ca89e32b48239b2e3631e10a 05 October 2015, 18:16:44 UTC
0f01f57 Faidon Liambotis 05 October 2015, 17:59:59 UTC lists: extend check_smtp check to TLS as well Similar to role::mail::mx. This also alerts for the certificate's expiry. Change-Id: I14613d596866882e0497f5b3cae0096621953a01 05 October 2015, 17:59:59 UTC
90dbb02 Faidon Liambotis 05 October 2015, 17:53:34 UTC Revert OCSP stapling to roles mail::mx and lists Apparently this is buggy with jessie's version of GnuTLS and makes exim4 send the status TLS extension even when not requested, breaking most clients in the process. Newer versions of exim4 (4.87+) even blacklist those buggy GnuTLS versions and refuse to enable OCSP. Exim bug #1664 has the gory details and links to upstream commit fixes: https://bugs.exim.org/show_bug.cgi?id=1664 This reverts commits: - 9614ed8ae40b0ac95ea8831960e3d2dfd81e9212 - 2fae676c247ed6f1532ed608456598e0da3cce1c Change-Id: If1f469dc32fbb44b0b0242ab2822d9129f410774 05 October 2015, 17:56:49 UTC
9614ed8 Faidon Liambotis 05 October 2015, 17:30:39 UTC lists: add OCSP stapling to role::lists Change-Id: I954111aa4bf87101fb14595e12aff85664c1b1aa 05 October 2015, 17:30:39 UTC
2fae676 Faidon Liambotis 02 October 2015, 14:23:53 UTC mail: add OCSP stapling to role::mail::mx Change-Id: I36e5e1173aa008526c86a7a9f5a8a2c3dbaed369 05 October 2015, 17:25:43 UTC
73312d6 Faidon Liambotis 02 October 2015, 15:35:18 UTC tlsproxy: inline ocsp_stapler, rename ocsp_updater Now that essentially most of the functionality has been moved to sslcert, clean up our tlsproxy abstractions and names to simplify. Change-Id: Icd22c5d83fc70b9fd35e6d5b7e1c20409776cc9c 05 October 2015, 17:25:43 UTC
ce6fcee Faidon Liambotis 02 October 2015, 14:23:37 UTC Move tlsproxy's OCSP stapler/updater to sslcert Now that the tlsproxy's OCSP stapler/updater has been made more generic, create the necessary abstractions within the sslcert module, sslcert::ocsp::conf and sslcert::ocsp::hook, and move the vast majority of the contents there. This makes it useful to other modules as well and factors out functionality that doesn't fit the tlsproxy module all that well. Change-Id: I0a050585cb5f61fae8411f8db93228e9b81078cd 05 October 2015, 17:25:43 UTC
eabfd54 RobH 05 October 2015, 17:11:24 UTC fixing junikowski's access user was mistakenly added to statistics-privatedata-users, rather than analytics-privatedata-users. fixing T113298 Change-Id: If80aa7f26f103b96f4ec68715d5093d8a46869d1 05 October 2015, 17:11:24 UTC
a3f8888 YuviPanda 05 October 2015, 16:54:40 UTC elasticsearch: Tweak nobelium parameters Since it is a single node cluster Change-Id: Ib83a215e08dba96434d4210cc885f7c1060c58de 05 October 2015, 16:54:40 UTC
ece1141 YuviPanda 05 October 2015, 16:43:44 UTC elasticsearch: Use the default elasticsearch role for nobelium Change-Id: Id9f994732f96fedd869aae59c267f0062976848e 05 October 2015, 16:43:44 UTC
3a35db9 Faidon Liambotis 02 October 2015, 15:19:53 UTC tlsproxy: add support for update-ocsp-all hooks Instead of calling "service nginx reload" directly from update-ocsp-all, create a special directory, /etc/update-ocsp.d/hooks, that is executed using run-parts(8) and so far has only one hook, one that reloads nginx. Change-Id: Ifeca1f2ebc3a04b5a2a587b6fb078c880b10c1be 05 October 2015, 15:04:27 UTC
87f6e66 Faidon Liambotis 05 October 2015, 15:02:57 UTC tlsproxy: no arguments for update-ocsp-all Change-Id: Iff1294a655c27fdec943ff70c9b80403e36f6c1f 05 October 2015, 15:02:57 UTC
1cdd5ac Faidon Liambotis 02 October 2015, 15:08:31 UTC tlsproxy: switch update-ocsp(-all) to config files Instead of saving argument lines to files and running them, save configuration files instead using update-ocsp's new capabilities. This also allows us to switch to using a proper well-readable template in .erb, which also allows template syntax in Ruby, such as map() :) While at it, switch to using /etc/update-ocsp.d/*.conf files (from /etc/ocsp_updater/*) for two reasons: one, to leave the existing files alone and two, because we plan to do more with that directory. Change-Id: Ifcc14daf6ff45692f494cd7d0d1b65177fbc1f1c 05 October 2015, 14:57:03 UTC
6ea511f Faidon Liambotis 02 October 2015, 14:53:45 UTC tlsproxy: fix a couple of OCSP-related dependencies Make the dependency of the create-ocsp exec on the particular ssl::certificate certificates instead of all of them. There is a comment in the code suggesting that this is how it should ideally be done but that it is a PITA to do so; however, it's really easy unless I'm missing something. Also, move the ordering of create-ocsp and Service['nginx'] to tlsproxy::ocsp_stapler's caller. It's equivalent but cleaner that way. Change-Id: Ic1dc0648bfc2879c8f4fe2291d20871c3037aeba 05 October 2015, 14:44:42 UTC
e0cc567 Faidon Liambotis 02 October 2015, 14:31:37 UTC sslcert: add --config argument to update-ocsp Add a --config argument to update-ocsp, which accepts an ini-style config file to supply its options instead of the command-line. Command-line arguments are still accepted and override config file ones. Change-Id: Iffc2dcc73c6b6ad2872752858397fdc070532b4e 05 October 2015, 14:43:24 UTC
75f59fd andrewbogott 05 October 2015, 14:22:50 UTC Fix a couple of recent lint regressions. Change-Id: Ic5f43e5360cbfb3bbb2f814e13e56d8940779519 05 October 2015, 14:38:27 UTC
9cf2ce1 cpettet 05 October 2015, 14:22:54 UTC icinga: define en.wb.o host ref T108081 Change-Id: I080ae69411475230a23113153f075b094fab3bdc 05 October 2015, 14:24:13 UTC
a470b5b cpettet 05 October 2015, 14:08:07 UTC check legal html for en.wikibooks as requests * copyright * privacy policy * terms of service ref T108081 Change-Id: Ie1bc6f663e6ae67f386fb62c45bfb8576284ff96 05 October 2015, 14:10:25 UTC
819098a Željko Filipin 12 September 2015, 08:49:50 UTC Move Ruby related packages to a separate file contint::packages::ruby will let us install old ruby related things in the Nodepool disk images. Bug: T110865 Change-Id: I5d6741a5c83293908a2d5eed01c74bd6400e2d2a 05 October 2015, 14:06:48 UTC
6846e20 Antoine Musso 05 October 2015, 13:27:35 UTC contint: resurect contint::browsertests The class takes care of installing dependencies for the Selenium browsertests applied via role::ci::slave::browsertests. The include has been removed in some previous refactoring. Include contint::browsertests from role::ci::slave::browsertests. Change-Id: I1f1709e5c20e7034b9e03290ca35f2ecb0cd58f2 05 October 2015, 14:05:26 UTC
946d96e Alexandros Kosiaris 02 October 2015, 14:16:11 UTC otrs: disable the scheduler watchdog OTRS normally ships a watchdog scheduler cron entry that watches the scheduler and restarts it if it dies. That mode unfortunately is not compatible with systemd. Purge the scheduler and rely on systemd to watch over the scheduler. Also pass --force to both start and stop to avoid the PID handling issues that may arise with the scheduler and which are not possible to happen under systemd Change-Id: Iae3b8a6288856ba789756be04e4555608050afe8 05 October 2015, 13:58:14 UTC
5f803d5 Moritz Muehlenhoff 05 October 2015, 09:57:05 UTC Move ferm rules out of the module, part 2 This allows more fine-grained configuration of rules for the respective roles in a followup commit. This is a followup to 0397b6e4dde668754ddc1dda64cb9ca29822e806 which added replacements inside the roles using the module. Now that all are replaced, but rule in the module can be dropped. Change-Id: I5f7233916cd7ae4db9f9cf55b7e621bc345dc949 05 October 2015, 10:56:05 UTC
e38c0b9 Alexandros Kosiaris 05 October 2015, 10:50:00 UTC aqs: change contact group to analytics analytics group already exists and is populated. While a per service group approach is the correct path here, it should be done consistently. For now assign the analytics group here and re-examine during the techops offsite Change-Id: Ia4dd8139000bf7e3872e7eb452333b1ae008362c 05 October 2015, 10:52:46 UTC
d7086ed Faidon Liambotis 02 October 2015, 14:23:01 UTC sslcert: add preamble for sslcert::dhparam Change-Id: I411e00a97f8f07f0a681d6caa0d18496c30245b2 05 October 2015, 10:24:51 UTC
a93c308 Brandon Black 03 October 2015, 15:03:30 UTC remove last vcl_config fe default all varnish instances now set "layer" explicitly to either "frontend" or "backend", so we shouldn't confusingly default it anymore. (depending on merge order this might not seem like the "last" one, but the others are covered in other concurrent gerrit patchsets which are independent) Change-Id: Ib4ce7dd7818ef4ebe9b1e0a59be906a01023045f 05 October 2015, 10:19:46 UTC
0397b6e Moritz Muehlenhoff 01 October 2015, 15:09:07 UTC Move ferm rules out of the module This allows more fine-grained configuration of rules for the respective roles in a followup commit. (The rule in the module will be removed in a subsequent commit after double-checking that all rules are in place) Change-Id: Ie78719ba91004ab34960ca3eacfb028c37391a82 05 October 2015, 09:50:27 UTC
29bd45f Filippo Giunchedi 01 October 2015, 13:35:53 UTC cassandra: add multi-instance support, disabled partially merge https://gerrit.wikimedia.org/r/231512 with multi-instance support but do not enable it yet with cassandra::instance class Bug: T95253 Change-Id: Ic6495dcea8e586bbd5f5029f507b5f7b0e7175ba 05 October 2015, 09:15:25 UTC
ec92b31 Alexandros Kosiaris 05 October 2015, 07:45:54 UTC dbstore: Set Replication alerts to not page Replication alerts for dbstore boxes should not page as those boxes get delayed replication for the entire database fleet and it is possible that replication may lag occasionally, but the lag is not critical for their operation Change-Id: I3b05cb1bbb3b0bacb46b70c871abb71bbc0c9a5a 05 October 2015, 07:45:54 UTC
5d5dff3 Ori Livneh 03 October 2015, 20:57:06 UTC xenon-grep: add `--slice` arg; support 'all' entrypoint Change-Id: Ic6d7b7a5327bb187c058be09b4449c612b4725fc 03 October 2015, 20:57:06 UTC
c735af6 Ori Livneh 03 October 2015, 20:10:12 UTC graphite-web: Handle boolean values correctly for `remote_user_auth` Follow-up for I1e41e6e361. Change-Id: Ib5d426c74291d8e25bbf3e279e8b1b4c33f5dbd2 03 October 2015, 20:12:00 UTC
7abf93e Ori Livneh 03 October 2015, 20:04:08 UTC graphite-web: set REMOTE_USER_AUTHENTICATION = True Follow-up for I5ad49ebe7238b. Change-Id: I1e41e6e361ae03877a67751f87b14ac2a9d0e56d 03 October 2015, 20:08:17 UTC
e36d5cc Ori.livneh 03 October 2015, 19:52:30 UTC Revert "graphite: make compatible with Apache 2.4" This left Graphite unprotected, as Apache stopped checking ACLs as soon as it encountered "require all granted". This reverts commit 5fb3ca11b6b46d6c17caa954ac85d3f2611e95d2. Change-Id: Ie6c5eeddec5ca0854a1464bc16179efcb68ec05b 03 October 2015, 20:05:19 UTC
ae6ead3 Jcrespo 03 October 2015, 08:28:57 UTC Changing tmpdir from /tmp to /srv/labsdb/tmp Having the tmp mysql dir on the root partition creates space disk problems when doing large transactions, breaking replication or making / run out of space. Change-Id: I498e3843fbed0af8166b4844fcfc89f15f3ff650 References: T88718 03 October 2015, 14:28:17 UTC
2fc8a28 Jcrespo 03 October 2015, 08:38:37 UTC Add automatic buffer pool dumping for tools These are only compatible with 5.6/10, but only take effect when restarting. If we restart tool, we should upgrade it to 5.6/10 anyway. Not having this, however, will make the restart much slower on 5.6/ 10 due to the long warmup phase. Change-Id: Ib5ad9bca69aef93d0916b86d93b10ec232b9267e References: T88718 03 October 2015, 14:25:58 UTC
74f0155 Marius Hoch 03 October 2015, 14:04:00 UTC Include nutcracker in snapshot::packages Needed after 9a77edb629e Bug: T114571 Change-Id: I7b61e0c56836c5bf4878ba5566fee0b5a7a2f0a9 03 October 2015, 14:04:00 UTC
91cb7a6 Ori Livneh 03 October 2015, 04:06:30 UTC graphite-web: enable Django's REMOTE_USER auth middleware With I36d9dd397, we told Apache's mod_authnz_ldap to set REMOTE_USER to the LDAP user's CN. Now we can configure graphite-web's Django app to use that to authenticate users. Change-Id: I5ad49ebe7238b9eb507fc8fa437386ff51091e98 03 October 2015, 04:08:34 UTC
f91a368 Ori Livneh 03 October 2015, 04:01:58 UTC Tell graphite-web's apache to set REMOTE_USER to LDAP user's uid Set `AuthLDAPRemoteUserAttribute uid`, which tells Apache to set REMOTE_USER to the user's id. This can then be picked up by Django's RemoteUserMiddleware and used for authentication. Change-Id: I36d9dd3973785a072b2eb03013668007ca5b0fa4 03 October 2015, 04:04:04 UTC
1d0edcb Ariel T. Glenn 02 October 2015, 22:30:40 UTC dumps monitor config: skip labswiki, not reachable from snapshots Change-Id: I52da70819c22e0e462777e178e2e4ddf64cacdfd 02 October 2015, 22:30:40 UTC
860ed15 Andrew Otto 02 October 2015, 22:01:08 UTC Set datacenters in aqs restbase config Change-Id: I4face0849360dbf1bda81d598d9514ab89a79659 02 October 2015, 22:01:08 UTC
39375f9 Ariel T. Glenn 02 October 2015, 21:23:15 UTC create cache dir for staged dump runs Change-Id: I27dbd4fdb8614fbb2d861804ea7af5d8ec6d1da9 02 October 2015, 21:23:15 UTC
530b401 Andrew Otto 02 October 2015, 18:59:42 UTC Add aqs ganglia cluster Change-Id: I814f89bea0856824e25e6c7a7a6c11efc14413a7 02 October 2015, 18:59:42 UTC
717e9d5 milimetric 14 August 2015, 15:25:31 UTC Add Analytics Query Service role The goal of this patch is to host a separate instance of RESTBase that the current instance of RESTBase will proxy for analytics requests. A new domain would be set up on the existing instance, and called something like analytics.wikimedia.org and requests would look like this: /analytics.wikimedia.org/v1/pageviews/top/desktop/2015/02/all-days We talked to the services team and the reason for a separate instance is because they expressed concern about running this alongside the existing RESTBase. Just in case something goes wrong, they didn't want one to potentially take down the other, nor use up each other's resources. The way Cassandra storage is configured with both of these instances is that it just runs on the same machines that RESTBase runs on. Gabriel recommended we stick to that pattern instead of using a remote Cassandra cluster. Bug: T107056 Change-Id: I29c872ed6a811cf1fd1ca9e5242bf513cba401ba 02 October 2015, 18:16:13 UTC
4cc0b27 Andrew Otto 02 October 2015, 17:44:40 UTC Update cdh submodule with python3 + spark fix Bug: T113419 Change-Id: Ifc35cf5abe7adab7361d5307d792186ce8e67440 02 October 2015, 17:44:40 UTC
6538eb2 Ori Livneh 02 October 2015, 17:22:29 UTC admin/ori: update deployment scripts for new branch name format Change-Id: Idec89cfd7b785f0c0b0c47c00217456d2c3f9e0b 02 October 2015, 17:25:22 UTC
85f1a9b Coren 02 October 2015, 15:55:40 UTC Labstore: fix disk check false positive - check_disk -i argument is a regex, not a glob. That appeared to work from the command-line because the glob was (correctly) expanded by the shell, making it a regex without metachars. - Add an exclusion for /exp/ which contains no "real" filesystems and simply makes the actual output confusing. Bug: T113435 Change-Id: I9cee8101ef520f202c8746961c43e745da7617c1 02 October 2015, 16:01:03 UTC
0a7c18f Ariel T. Glenn 02 October 2015, 15:55:16 UTC addschanges dumps: skip labswiki, not reachable from snapshots Change-Id: I721423e05503b92e068a0fdd5813c6327f7b2f7f 02 October 2015, 15:55:16 UTC
83de3ee John F. Lewis 29 September 2015, 15:31:50 UTC admin: add dpatrick to statistics-users Bug: T114119 Change-Id: Iaa3fec8e6282fe8f1cd3da0639ed3d029cab183c 02 October 2015, 15:29:23 UTC
e7229ab Ariel T. Glenn 02 October 2015, 15:22:09 UTC dumps: skip labswiki for media listings, snpashots have no access Change-Id: I03897d56ac4e8d01677c3a20d1699959f41c7ffc 02 October 2015, 15:22:09 UTC
5c221a6 RobH 30 September 2015, 15:20:52 UTC adding spage to analytics-privatedata-users spage added to analytics-privatedata-users 3 DAY WAIT IN PROGRESS, DO NOT MERGE This should only be merged by an Opsen after checking for the 3 day wait and objections via linked task. T114150 Change-Id: Ica10e8245a2f625125cf462b7206b49bd6cecf10 02 October 2015, 15:09:22 UTC
e2c0dc5 Ariel T. Glenn 02 October 2015, 11:26:49 UTC page title dumps: skip labswiki, it's not accessible to snapshots Change-Id: I72bf0b0cf9b290fc0aa191d92198a239951e04e2 02 October 2015, 15:04:01 UTC
c41b180 andrewbogott 02 October 2015, 14:01:16 UTC puppet-lint: Turn on --no-puppet_url_without_modules-check ...which is to say, stop checking for that. 100% of the remaining warnings are this one. Bug: T87132 Change-Id: Ibefd3c89007e5646555f1d6acffa56a11e9b3e17 02 October 2015, 14:43:55 UTC
5485e20 andrewbogott 02 October 2015, 14:10:09 UTC analytics: modernize the ensure => link syntax in a couple of places. Change-Id: Ieaa58328a80021a389aa5eb314f3ae6b72a1e839 02 October 2015, 14:31:42 UTC
abea997 andrewbogott 02 October 2015, 14:07:34 UTC labstore: rearrange args to cleanup_snapshots Previously we had an optional arg before a required one, which doesn't make a ton of sense. Only called in one place which is unaffected by this change. Change-Id: I6c39427c5d868ba47bb1563915d10649bda7ed68 02 October 2015, 14:31:36 UTC
24399a9 Coren 28 September 2015, 15:14:27 UTC Disable NFS lookup cache on NFS client instances This disables the lookup cache (which is very aggresive by default on Trusty) to return NFS semantics closer to close-to-open. Bug: T106170 Change-Id: Ia20062ddd0aeae39c601177a4f12b2eb0e84fcb2 02 October 2015, 14:21:48 UTC
abe7a8a Antoine Musso 25 September 2015, 18:38:05 UTC puppet-lint: enable quoted_booleans-check Because mixing quoted booleans and unquoted ones are a source of confusion and nasty errors. Bug: T113783 Change-Id: Ia783c5fc0c8314809065f0fcb2412e1b66f42f86 02 October 2015, 13:55:12 UTC
f0f92b7 andrewbogott 02 October 2015, 00:00:43 UTC Varnish: Add lint:ignore:quoted_booleans around a boolean that needs quoting. Bug: T113783 Change-Id: Icbe2be0235038b40c2584f221ae23a90c1a2ecb6 02 October 2015, 13:53:02 UTC
1423255 andrewbogott 24 September 2015, 16:45:56 UTC Cassandra: dequote some booleans. Note that in e.g. https://svn.apache.org/repos/asf/cassandra/trunk/conf/cassandra.yaml booleans are left naked. Erb should handle that just fine. Bug: T113783 Change-Id: I7c9363a9546c63b5204998a876a7f117798903f3 02 October 2015, 13:29:36 UTC
b4628e0 Alexandros Kosiaris 02 October 2015, 12:18:47 UTC otrs: Fix typo in scheduler cron entry missing the /otrs/ part Change-Id: Id05cd96b5435e723b50c44142dcc66d86c829f57 02 October 2015, 12:20:40 UTC
e40ab97 Moritz Muehlenhoff 10 September 2015, 08:30:35 UTC Create ferm rules for Hadoop NameNode and ResourceManager for master and standby Also remove previously created temporary permissive rules from the masters, they don't run Yarn applications, so won't ever have an ApplicationMaster started, and don't suffer from the ephemeral port bug that workers do. We can use restrictive rules for these. Change-Id: I3784547d91de89f60755beb3e1b040b5f3871c4a 02 October 2015, 12:11:24 UTC
77540ed Alexandros Kosiaris 02 October 2015, 11:59:53 UTC otrs: scheduler is forking, set Type accordingly Set systemd unit type to forking since that the OTRS scheduler's model Change-Id: I006c6d2ebd57702de02dab0ce0f99b7ff72c9560 02 October 2015, 11:59:53 UTC
963bb9f Alexandros Kosiaris 02 October 2015, 11:49:18 UTC otrs: move systemd unit file into correct location It was placed in the wrong directory Change-Id: Iaa55e1b24e9c1f4b2033adb9dcdd0eaf56d30a85 02 October 2015, 11:49:18 UTC
a155fd7 Alexandros Kosiaris 29 September 2015, 16:40:18 UTC Add the new OTRS scheduler watchdog cron entry OTRS since 3.3.6 needs a cron entry for the otrs.Scheduler to work as a watchdog Change-Id: If68bd98cb6d4ecfed7c50d375d6a360130419ab5 02 October 2015, 11:37:11 UTC
ce786ea Alexandros Kosiaris 01 October 2015, 11:48:24 UTC otrs: Ship systemd unit file for OTRS scheduler Versions of OTRS > 3.3.x require an OTRS scheduler to run as a service under the otrs user. Ship a systemd file to enable that behavior. The daemon does not have a restart command Change-Id: I380b5a6a173b61e1551c07d6fae49cf8bf7d6f01 02 October 2015, 11:32:47 UTC
b8c96ac Faidon Liambotis 01 October 2015, 13:45:34 UTC sslcert: fix update-ocsp's non-proxy mode update-ocsp already had code to deal with not passing a --proxy argument but it was impossible to reach with the current argparse config. Fix this and also add support for passing the Host header so that this works against e.g. GlobalSign's OCSP servers. While at it, fix a couple of bugs in the error handling path that probably wasn't previously exercised until I started poking at it. Change-Id: I9194227439d7c8f5ff320596aad9bafbbb072cdc 02 October 2015, 10:23:33 UTC
46b5dd4 Jcrespo 02 October 2015, 09:48:22 UTC Adding ferm::mariadb role to labsdb1004 (tools slave) This will allow remote administration and monitoring from the 10.x network, and potentially, replication. Change-Id: I604865ed451a9b5478b13465be749004e30d8032 References: T88718 02 October 2015, 09:56:44 UTC
2885d4f Jcrespo 29 September 2015, 18:01:25 UTC Adding wikiuser and wikiadmin grants to read the heartbeat table Change-Id: I4b4c93c07c5fe8595f9a966aa07dd2d6d62b49b5 References: T111266 02 October 2015, 09:01:11 UTC
f346e12 Moritz Muehlenhoff 23 September 2015, 12:13:49 UTC Add ferm rules for Spark Bug: T83597 Change-Id: Icadb64ca8ee994b81a55e21fabf295fa270b2992 02 October 2015, 06:25:39 UTC
d6c4128 YuviPanda 02 October 2015, 05:05:34 UTC k8s: Make kubelet serve/register with fqdn Change-Id: Ic8d91ae4679e806372e6de592d580a3e02e07410 02 October 2015, 05:05:34 UTC
14cfdf8 YuviPanda 01 October 2015, 23:07:04 UTC labs: Failover tools-webproxy to tools-proxy-02 Should automate this Change-Id: Ic2428a25665d9db1e732a2602d619dd9540897b8 01 October 2015, 23:07:04 UTC
6297d7f YuviPanda 01 October 2015, 22:41:01 UTC k8s: Try out the pure iptables proxy Change-Id: Ia8ae783b95070b01536859239997f73232ec62a0 01 October 2015, 22:41:01 UTC
cfcb917 Brandon Black 01 October 2015, 22:20:40 UTC move zerofetcher to r::c::base Because we'll be making the XFF-decoding logic that uses its netmapper databases universal to all the clusters... Bug: T89177 Bug: T109286 Change-Id: I7ad6478758582a7e2fa3ed26fd57847a202dcfed 01 October 2015, 22:21:16 UTC
d58adb6 Brandon Black 01 October 2015, 21:49:21 UTC re-enable zerofetcher for cache_text T111045 Change-Id: Ie8b8057b35a6aad8c664d033ff9dd19776687c5f 01 October 2015, 21:49:21 UTC
b32cf7f Brandon Black 01 October 2015, 21:45:34 UTC fix minutes for zero cron Bugfix for 61643b83 Change-Id: Ib266a008fbceeb1487e6b05b60cb69545beb132b 01 October 2015, 21:45:37 UTC
61643b8 Brandon Black 01 October 2015, 13:52:54 UTC zero_update: randomize cron every 15 minutes Previously the zero updater cron ran every 5 minutes per cache node, on exact 5-minute clock boundaries. With 12-16 hosts running it, this never presented a huge problem, but when we attempted earlier this month to expand the set of cache hosts running this script to ~60+ machines, it resulted in lots of login failures due to throttling. This is probably due to greatly increased odds of several caches being partially-complete with the two-phase login process in parallel. Hopefully by randomizing the timing and spreading it over 15 minutes, the odds of several parallel logins will be reduced to a reasonable level (worst case we'll be averaging one login every 9 seconds or so, between all of the involved cache clusters globally). Bug: T111045 Change-Id: I1443fb46596bff6855fc7b1cf1c2c124f76414d9 01 October 2015, 21:41:02 UTC
1fd5de9 andrewbogott 01 October 2015, 20:55:27 UTC Typo fix: s/abenst/absent Change-Id: Iacd2946dd4b3e62dbca3da2042c9089eb8592b2f 01 October 2015, 20:55:27 UTC
894963a RobH 01 October 2015, 21:04:37 UTC disable user handrade contractor no longer with foundation Change-Id: I1e01eef9b096697167418f20a1c2a6dbcc64264e 01 October 2015, 21:04:37 UTC
61d6bf8 Antoine Musso 25 September 2015, 08:45:47 UTC nodepool: switch info logs from hourly to daily The image.log and nodepool.log INFO logs are quite small. So instead of keeping 96 hourly logs, change it to 15 daily logs. Less files to dig around in /var/log/nodepool. Keep debug.log to 96 hourly logs though, since that one is quite spammy. Change-Id: If511bd3901d74a999d040077d47ed57a0ce1b0ea 01 October 2015, 20:48:34 UTC
1dd6fb7 dzahn 29 September 2015, 03:46:54 UTC lint: fix 'variable not enclosed' warnings We globally disabled this puppet-lint check in puppet-lint.rc. The comment right above it is "Variables should be enclosed in {}". Nowadays there are actually just about 68 of these to fix in the entire repository and if we do that we can re-enable this check. Change-Id: I1526f6387254919ad492cdb969b0c1c748ba4d4f 01 October 2015, 20:44:06 UTC
bf6f165 andrewbogott 25 September 2015, 08:23:59 UTC Change a few rsync params from true/false to yes/no We use 'yes'/'no' for this setting everywhere else. Change-Id: I40378e5fd11bada6d2cec6104608df7ef7341d1f 01 October 2015, 20:30:32 UTC
815e1d7 andrewbogott 25 September 2015, 08:21:49 UTC dataset: Remove needless quotes around a 'true' A regular old boolean will suit us fine, and the check in the template as written is broken for a quoted boolean anyway. Bug: T113783 Change-Id: I768686f22dd512feafbac0b4de8d18e8064d004a 01 October 2015, 20:27:04 UTC
bef5a00 andrewbogott 25 September 2015, 08:19:02 UTC Dequote one more nrpe critical setting Bug: T113783 Change-Id: Id487d41f10ca4cfa37978797b219c5453e605546 01 October 2015, 20:13:10 UTC
705e2cd andrewbogott 24 September 2015, 17:28:41 UTC Disable quoted_boolean lint check around is_virtual refs. This seems to come from elsewhere, as a string. Bug: T113783 Change-Id: I9540ff7afc3c9ddcf0ad4e0cdc57453c9e243059 01 October 2015, 20:11:12 UTC
6669c74 andrewbogott 24 September 2015, 17:27:11 UTC Diamond: Turn off lint check for quoted bools. Bug: T113783 Change-Id: I6c802c2ea9d8962bcf31f640c01c170ba76834c8 01 October 2015, 20:09:09 UTC
1053589 RobH 01 October 2015, 19:59:04 UTC junikowski's stat1002 access had bastions overlooked user wasnt added to bastions, so added now. T113298 Change-Id: I9e39fec60478ef2f42bf8b98a1537633294714c3 01 October 2015, 20:07:40 UTC
8409861 andrewbogott 24 September 2015, 17:15:06 UTC Webserver ca: disable the quoted-bool lint check This is for a value that's passed on to a config. Bug: T113783 Change-Id: I764f17965864812c373b409cc11b87322f035048 01 October 2015, 20:04:47 UTC
585b5a1 andrewbogott 24 September 2015, 17:10:05 UTC webserver::php5 unquote a boolean. This was clearly a mistake, it's compared to an unquoted boolean further down. Bug: T113783 Change-Id: I04e3833d041b021e83f5ccd43e1d116b6c0f9af0 01 October 2015, 20:00:05 UTC
90a7c44 andrewbogott 24 September 2015, 17:05:55 UTC Mark salt grain bool values with # lint:ignore:quoted_booleans It looks like we need these quote marks, alas. Bug: T113783 Change-Id: I71aacede537d14d71ea9ae25a262378382476d3f 01 October 2015, 19:55:05 UTC
c93c975 andrewbogott 24 September 2015, 16:58:49 UTC Gerrit role: dequote booleans The config file generated from this is meant to be in the format of a git config, which does not quote booleans. Erb should be able to insert bools just fine. Bug: T113783 Change-Id: I1e9c8f2d9c80c7f44367b51024f3e8747075027d 01 October 2015, 19:48:01 UTC
c65f952 andrewbogott 24 September 2015, 16:53:14 UTC Grafana: dequote booleans. Sample file here shows booleans without quotes: https://github.com/grafana/grafana/blob/v1.8.1/src/config.sample.js Bug: T113783 Change-Id: Ie74c2ca363dfb459727bf021a2fd87d113d8d571 01 October 2015, 19:43:12 UTC
e7e3341 andrewbogott 24 September 2015, 16:30:32 UTC interface: dequote booleans Bug: T113783 Change-Id: If09e398387473e5430f54373bd62b0454a703172 01 October 2015, 19:23:45 UTC
c82beff Antoine Musso 01 October 2015, 19:06:29 UTC nodepool: rename ssh keys files to default The ssh key pair used by Nodepool to connect to instances have a prefix of `dib_jenkins_`. Thus as user nodepool, whenever we want to connect to an instance we have to use: ssh -i .ssh/dib_jenkins_id_rsa jenkins@10.x.x.x Rename the files to the default value for ssh -i. ie: id_rsa. This way we can just: ssh jenkins@10.x.x.x Change-Id: Idae7a538908c8e4d8a6bde82409b8dca81e3a78f 01 October 2015, 19:06:29 UTC
671718b RobH 01 October 2015, 17:57:09 UTC setting up dan foy's shell access wmf employee dan foy shell access for bastion and stat1002 for hivedata T113324 Change-Id: I12763779bb65a638d1fbfddbe78448bde219705c 01 October 2015, 18:00:12 UTC
back to top