a83a313 | Moritz Muehlenhoff | 04 January 2017, 12:15:41 UTC | Enable systemd-timesyncd on multatuli Change-Id: I5928caaa5e2632e99a4a71129f7297dc7e3bcfff | 04 January 2017, 12:15:41 UTC |
7a79162 | Antoine Musso | 04 January 2017, 11:23:54 UTC | build: bump bundler rainbow dependency ruby 2.4 unified Fixnum and Bignum into Integer. rubocop depends on rainbow which triggers a deprecation warning: $ bundle exec rake rubocop rainbow-2.0.0/lib/rainbow/color.rb:15: warning: constant ::Fixnum is deprecated Running RuboCop... Bump rainbow dependency to 2.2.x which adds ruby 2.4 support. Change-Id: I940c3524582af09e09cc946bcb8c8b707511f46f | 04 January 2017, 11:28:00 UTC |
4246c39 | Antoine Musso | 04 January 2017, 11:05:20 UTC | build: bump bundler puppet version 3.4 -> 3.7 Will be required to migrate documentation generation from 'puppet rdoc' to 'puppet-strings' (based on yard). Puppet 3.7 is not compatible with ruby 2.2 due to an oddity with safe_yaml, include that gem to workaround the issue described at https://tickets.puppetlabs.com/browse/PUP-3796 Bug: T143233 Change-Id: Ie62581ec5b5bdd1920a42ca4788e268b74a0c08e | 04 January 2017, 11:20:47 UTC |
6eb58de | Moritz Muehlenhoff | 18 November 2016, 15:51:03 UTC | Make systemd-timesyncd available as an alternative time synchronisation provider We don't need any of ntp's advanced features on the clients and we've run into a fair share of runtime bugs (like failing to restart properly or various cases where ntp failed to start after a reboot (it gets stuck in interface activation/XFAC). This patch adds a Hiera-configurable class to use systemd-timesyncd instead. systemd-timesyncd is shipped as part the standard systemd package. It is configured via the timedatectl tool. We can then enable this for a subset of jessie servers and if it proves to be more reliable than ntpd in practice, move all jessie systems to it. Bug: T150257 Change-Id: Ie4c9ab7f82f590817f2b92d19f09cbbdda25fb95 | 04 January 2017, 10:08:20 UTC |
e637cd6 | Moritz Muehlenhoff | 09 November 2016, 00:36:41 UTC | role::mediawiki::jobrunner: Restrict to domain networks We're getting rid of $INTERNAL, since it's needlessly broad. Use $DOMAIN_NETWORKS to restrict access in production to production networks, while still allowing using it in labs. Change-Id: I9921adc40c5fc0247f0d32c54fff2c59927b786b | 04 January 2017, 09:43:09 UTC |
3412755 | Andrew Bogott | 04 January 2017, 03:42:43 UTC | Revert "Keystone: Move api service to uwsgi/nginx" This reverts commit 2e2dd27d6e40886bcd048b675e5b4befc8777cee. Change-Id: Ia28fa7a6af5a903885de49b1ddb072e594714458 | 04 January 2017, 03:42:43 UTC |
2e2dd27 | andrewbogott | 20 December 2016, 07:09:02 UTC | Keystone: Move api service to uwsgi/nginx Bug: T150774 Change-Id: Ib78140c637cd286e3686f86fc147a275eca6399d | 04 January 2017, 01:44:28 UTC |
80d718d | Andrew Bogott | 04 January 2017, 01:00:28 UTC | Revert "Keystone: Move api service to uwsgi/nginx" This works but I can't get the old keystone process to quit and relinquish the port This reverts commit 7122564873c55b8cb819c49786fc70f9c10de3df. Change-Id: Idb4143fb9cb57771a43aa2e3f9c85d5a4ac08bee | 04 January 2017, 01:00:28 UTC |
7122564 | andrewbogott | 20 December 2016, 07:09:02 UTC | Keystone: Move api service to uwsgi/nginx WIP Bug: T150774 Change-Id: I89e9076cd2c830f43b6fabe8ed545d84c425f178 | 04 January 2017, 00:33:46 UTC |
dfccd1d | andrewbogott | 03 January 2017, 19:52:10 UTC | Add mirantis backports repo for Openstack classes on Jessie This won't be used in production for a good long while, but should help with testing. Change-Id: I16fabeaf49d6897a1772b540fccc83297b1ea850 | 04 January 2017, 00:30:39 UTC |
d834730 | Alex Monk | 03 January 2017, 23:54:54 UTC | check_graphite: Fix some IndexError exceptions in Threshold.parse_result The server can return an empty list, so the 'No valid datapoints found' warning should now appear from check_data Bug: T154533 Change-Id: I4161b059eff4ea579387884add734129bea78777 | 04 January 2017, 00:16:59 UTC |
1aaa157 | Alex Monk | 03 January 2017, 23:42:11 UTC | check_graphite: Fix some KeyError exceptions in SeriesThreshold.format_message 'UNKNOWN' key will only be set if self.allow_undefined Bug: T154533 Change-Id: If6bba197d39877befb5833e91c5ac23bbc8b3002 | 04 January 2017, 00:15:42 UTC |
be97500 | Filippo Giunchedi | 14 December 2016, 20:12:20 UTC | prometheus: use key/value for gdnsd rcodes Bug: T147426 Change-Id: Ibe55d5a40359b43c253cccfac4cb89bbd51ee6fd | 03 January 2017, 23:52:38 UTC |
2bd93ff | Filippo Giunchedi | 22 December 2016, 18:38:24 UTC | prometheus: extend ops recording rules Add network-related derived metrics, plus misc additions and fixes. Change-Id: Ie1cc9baff4fcce13ce84c5d70d09aaf88cd9663f | 03 January 2017, 23:11:33 UTC |
13f4b8d | Merlijn van Deen | 07 August 2016, 11:07:27 UTC | toollabs: install opencv-data (trusty, jessie) precise: (no matches) trusty: opencv-data (2.4.8) jessie: opencv-data (2.4.9.1) Bug: T142321 Change-Id: I91aeb259c3eb131a3be13c6e20813803583b4740 | 03 January 2017, 22:20:11 UTC |
7ac299b | andrewbogott | 03 January 2017, 18:23:12 UTC | nova-network: Refresh service if config files change. Bug: T137460 Change-Id: I2825397940bc5d2513a2c5c80cfec14aca2db46b | 03 January 2017, 19:00:28 UTC |
8644bb5 | elukey | 23 December 2016, 14:53:17 UTC | Add the HHVM and Apache videoscaler clusters to Prometheus polling Bug: T147316 Bug: T147423 Change-Id: I78e29611c8fefb06f55dd69aa1d37b2f1319f4c1 | 03 January 2017, 20:03:00 UTC |
ebd3658 | Daniel Zahn | 16 December 2016, 01:59:14 UTC | phabricator: delete labs role Since Paladox and others have worked on the production role it can finally be used in labs (yay) and therefore we should delete the special labs role and just keep using the same one for labs and prod as it should be. see: T139475#2839305 Bug: T139475 Change-Id: I93748a1ce4391b5930a15f8d689aaec610d9784b | 03 January 2017, 19:52:17 UTC |
9d81ef2 | YuviPanda | 22 September 2016, 19:09:02 UTC | puppetmaster: Cleanup unused vars / crons in labs puppetmaster Change-Id: Ia615dab9b7949091c92bf0ca5617de1c45c2c5ec | 03 January 2017, 18:52:54 UTC |
9700cd7 | Stanislav Malyshev | 21 December 2016, 22:15:06 UTC | Add configuration for query endpoint URL Bug: T153897 Change-Id: I2312b1c138175d8c1f0fbb9d103a9e9dd949bffa | 03 January 2017, 18:49:41 UTC |
4172b85 | Andrew Otto | 19 December 2016, 21:36:59 UTC | Alert on EventBus service HTTP error rate Bug: T153034 Change-Id: Id8701a8ef08512488bd316b8b34872980dfa6cfe | 03 January 2017, 18:47:00 UTC |
2a228e3 | Tim Landscheidt | 31 December 2016, 07:33:44 UTC | gerrit: Indent @ssl_settings in Apache configuration Change-Id: Iab05fee2e832c825d7f9ac69d6ea53798b0482c4 | 03 January 2017, 18:04:06 UTC |
ce3b8e8 | Reedy | 03 January 2017, 17:35:45 UTC | Revert "mediawiki: disable 'generate captcha' maintenance job" This reverts commit cc582418094275bf8b341ee90935b0005587fc0d. Bug: T150029 Change-Id: If4c3662325f657fec4ae111be84de65f06a8cef0 | 03 January 2017, 17:36:10 UTC |
a993525 | amir | 27 December 2016, 03:12:25 UTC | wikilabels: install nodejs package Bug: T154122 Change-Id: Id6aa7cdd499a79d2c20f59659d40c4b7c8d6cfb7 | 03 January 2017, 16:58:48 UTC |
08a229d | Tyler Cipriani | 22 December 2016, 22:13:41 UTC | Revert "Disable l10nupdate cron" This reverts commit 4e20a1b73eaf6db12ae1456284f2927488f8d43c. Change-Id: I6be30e5f981f163b0ac3fccb6cf450f4ae33c022 | 03 January 2017, 16:04:38 UTC |
b9d1a38 | Alex Monk | 01 December 2016, 18:35:57 UTC | Revert "Revert "RESTBase configuration for fi.wikivoyage.org"" This reverts commit 6665b0f48c93607f0368e7029483024b77acf6e7. Bug: T151570 Change-Id: I89bf1c7e6e7a3fdea5bdf347921de208fb646e6b | 03 January 2017, 15:38:37 UTC |
28fd5c5 | Giuseppe Lavagetto | 03 January 2017, 14:11:41 UTC | docker::baseimages: improvements to script to build alpine linux Change-Id: Ifb5adc316f2e0a0cec8461ddfcc0d82ebd05dc5f | 03 January 2017, 14:23:35 UTC |
c380154 | Giuseppe Lavagetto | 03 January 2017, 10:50:31 UTC | profile::docker::builder: add alpine linux Also, adapt the coding to our own coding standards. Change-Id: I82dc465018184d558a12864fd9a150b4782cd100 | 03 January 2017, 11:21:00 UTC |
e842b9c | Giuseppe Lavagetto | 03 January 2017, 10:43:23 UTC | docker::baseimages: add support for alpine linux Change-Id: Id5b440bcc97131110fe4a2f5c37182db93391bff | 03 January 2017, 11:12:25 UTC |
a7aae5a | Alexandros Kosiaris | 31 December 2016, 14:44:53 UTC | Revert NTP disabling for leap second Revert all commits that disabled NTP across the fleet for leap second This reverts commit 82079564388f3ae039d8de7ee66b17a8a134268f. This reverts commit 74ec817bb1e8ea5d7ecee5014e6a1205234c9cd7. This reverts commit de0769badc3f08ef01fa6d3e62bcb734b801069b. Change-Id: I187220a293e816d1363b3828ba6e0b388e882d2f | 03 January 2017, 10:17:40 UTC |
60618bd | Moritz Muehlenhoff | 22 December 2016, 13:50:49 UTC | eventbus: Restrict to domain networks We're getting rid of $INTERNAL, which is needlessly broad. Restrict eventbus to $DOMAIN_NETWORKS, so that when running in production access is restriced to production networks and when running in labs to labs networks. Change-Id: Ie9bcce8f47d1aac93e1c49684bddc67b88d29f88 | 03 January 2017, 08:25:37 UTC |
a8702d0 | Emanuele Rocca | 02 January 2017, 10:34:06 UTC | varnishxcache: port to cachestats.CacheStatsSender Bug: T151643 This reverts commit 2a6ffdb2a8253e40b894efc332457e8df9893e4e. Change-Id: I82eedf0fb7581064ba2d8d392021411eda3bd53c | 02 January 2017, 10:34:59 UTC |
de0769b | Alexandros Kosiaris | 31 December 2016, 14:39:30 UTC | nescio and maerlant are NTP servers too So don't disable ntpd on them Change-Id: Iadc6b45f13b9f7761bfd11dbb5d3984557f09bc5 | 31 December 2016, 14:39:30 UTC |
74ec817 | Alexandros Kosiaris | 31 December 2016, 14:06:15 UTC | Disable NTP checks during the leap second This is a followup for 8207956, disabling monitoring for NTP, while we got ntpd disabled across the fleet. Change-Id: Ia20eccf5abe28505ee37f0d3ea863bb2f0218d88 | 31 December 2016, 14:06:15 UTC |
8207956 | Alexandros Kosiaris | 31 December 2016, 13:55:16 UTC | Disable ntp across the fleet for leap second Just as a safeguard, disable NTP. This is probably not really warranted by after discussions, ops decided to play it safe and disable NTP across the fleet. Notable exceptions are the NTP servers themselves This is already late (NTP flag is issue 20 hours ahead of the actual change at 04:00 UTC) but we are sticking to the plan. Change-Id: If7831797fb28ddf64033726a799389d2ce642b17 | 31 December 2016, 14:00:53 UTC |
9d6588f | Alexandros Kosiaris | 29 December 2016, 18:06:17 UTC | calico: Expose puppet keys as well Calico CNI plugins need the key to the puppet cert as well, otherwise we get Failed to setup network for pod using network plugins \"cni\": open /etc/calico/ssl/server.key: no such file or directory; Skipping pod Change-Id: I382e97fc4f568945b6b59138ff6eb7371a0df15c | 29 December 2016, 18:06:17 UTC |
2734129 | Alexandros Kosiaris | 29 December 2016, 14:08:11 UTC | Enable CNI plugin on kubernetes::node profile We want to enable the kubernetes node CNI functionality for our Calico experiments. Change-Id: Ia2eefedce81caa5d8534be1f6f35b637aec2f32f | 29 December 2016, 17:58:11 UTC |
5413089 | Alexandros Kosiaris | 29 December 2016, 17:19:47 UTC | Allow BGP between kubernetes workers Calico uses BGP (via bird) to advertiste the IP addresses of the workloads. Allow it between the hosts and also allow BGP sessions from the core eqiad routers Change-Id: I6f675fdc2f329102ce2e38721c35153463575229 | 29 December 2016, 17:19:47 UTC |
d0fbf15 | Alexandros Kosiaris | 29 December 2016, 16:39:22 UTC | calico/node needs certs bind mounted in namespace Use the standard docker mechanism to effectively bind mount a few directories containing the puppet certs since calico/node needs them Change-Id: Icaf3106a36b205866d5c0877c2fe4bd974235f4d | 29 December 2016, 16:42:50 UTC |
ac8ca09 | Alexandros Kosiaris | 29 December 2016, 16:33:30 UTC | Update calico/node version For now, test with the upstream calino/node version. We should rebuild that though and rely on a wmf build Change-Id: I8fd059a4f085312d72f2d4c83fc56162affde417 | 29 December 2016, 16:36:03 UTC |
f8aadb6 | Alexandros Kosiaris | 29 December 2016, 15:02:18 UTC | Fix ETCD_CA_CERT_FILE for calico/node It's ETCD_CA_CERT_FILE, not ETCD_CA Change-Id: I7dbbae0712ad560b6bc7b7b9de28b7ca314a5728 | 29 December 2016, 15:04:20 UTC |
ff36401 | Alexandros Kosiaris | 29 December 2016, 14:56:46 UTC | Specify the registry as well for calico/node Leaving the registry out is clearly a mistake and docker decides to try docker.io hub instead Change-Id: I9abff7f0541a2a9ae468446fd513d929888b7645 | 29 December 2016, 14:58:32 UTC |
3adf456 | Alexandros Kosiaris | 29 December 2016, 14:51:34 UTC | Bump calico CNI plugin version We have 1.5.1-1~wmf1 and not 1.5.0-1~wmf1 in our repos Change-Id: I8a9ac7ee921e3e659ed3e2193b8ab69a33fa9c9f | 29 December 2016, 14:52:46 UTC |
854669d | Alexandros Kosiaris | 29 December 2016, 14:44:23 UTC | Fix dependency to calico/node for systemd unit It's "${registry}/calico/node", not calico-node Change-Id: Ifdd84c2591256f60cb00bcee2264e8a5a66a4276 | 29 December 2016, 14:46:39 UTC |
096d2fe | Alexandros Kosiaris | 29 December 2016, 13:33:59 UTC | Enable the calico profile on kubernetes::worker Add the needed hiera keys and include the profile Change-Id: Idb39a19afd2cdf3d48263d288307b5a0d9ad0d77 | 29 December 2016, 14:35:13 UTC |
6e7d4c9 | Giuseppe Lavagetto | 28 November 2016, 11:58:56 UTC | calico: add module/profile to use as kubernetes networking Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff | 29 December 2016, 14:35:10 UTC |
e862c2c | Alexandros Kosiaris | 03 August 2016, 12:25:04 UTC | Move external_networks to network module data.yaml Use the data.yaml file to populate realm independently the external_networks variable. Change-Id: I92ca10fd86649ecf5dc6ce1006484bad83882faf | 29 December 2016, 09:57:11 UTC |
45428fb | Alexandros Kosiaris | 29 December 2016, 09:48:39 UTC | builder: Specify the newer docker-engine version Having bumped everything else in production to 1.12.5, do so as well for the docker builder Change-Id: Id2844d433fe75e761116f776564e1a9fbdb125c0 | 29 December 2016, 09:50:05 UTC |
3211529 | Alexandros Kosiaris | 29 December 2016, 09:26:26 UTC | Specify kubernetes admission controllers via hiera We want to not use the default admission controllers specified in k8s::apiserver. Specifically we want to avoid using for now the UidEnforcer and HostAutomounter and HostPathEnforcer controllers. We also want to conform to the 1.4 recommended controllers and add DefaultStorageClass for production. Not adding ServiceAccount controller yet though Change-Id: I659e8c1d862603a6eeb14face62e4c5a0786bba2 | 29 December 2016, 09:42:19 UTC |
0ff34db | Alexandros Kosiaris | 28 December 2016, 15:28:25 UTC | kubernetes::worker: Allow access to kubelet from master Allow the masters to reach the kubelet. Useful for attaching/execing on a container and debugging Change-Id: Iece8f5f8b5d89678a6f48529668e7500ffb86d97 | 29 December 2016, 09:41:52 UTC |
b2b20a7 | Giuseppe Lavagetto | 28 December 2016, 14:18:36 UTC | mediawiki::jobrunner: rotate log files weekly This is particularly relevant on the videoscalers where transcoding jobs can run for hours, and the size of the logs is small anyways. This will avoid overloading the servers because new jobs will be submitted upon restart. Bug: T153488 Change-Id: Ied586d2acebdc9d66e9d9ac598f1e0559697af22 | 28 December 2016, 14:18:36 UTC |
3f541f5 | Giuseppe Lavagetto | 28 December 2016, 11:21:17 UTC | videoscaler: bump up the number of running transcodes (again) This should move the number of concurrent transcodes from 30 to 48 Bug: T153488 Change-Id: I287acd05e9484b310ed141f486a55264ae6a2c70 | 28 December 2016, 11:22:55 UTC |
d91a1d2 | Tim Landscheidt | 28 December 2016, 08:51:58 UTC | wmflib: Fix typo in cron_splay() Change-Id: I6ad6286622909f084c229779523404e5adb80496 | 28 December 2016, 09:11:40 UTC |
946c629 | Tim Landscheidt | 27 December 2016, 05:42:33 UTC | puppetdb: Do not hardcode puppetmasters For Labs PuppetDB setups, it is necessary to be able to specify different puppetmasters so that they are not blocked by the firewall. In the general case, for an instance set up to serve as a PuppetDB it is most likely that "the" puppetmaster is all the puppetmasters, so this change sets it as default for Labs. Bug: T153577 Change-Id: I01874494b7a4671b4eeb00eb6766b3265574328c | 28 December 2016, 08:52:50 UTC |
60c8c36 | Alexandros Kosiaris | 27 December 2016, 17:05:17 UTC | kubernetes apiserver: Allow specifying > 1 apiserver Allow specifying the apiserver-count parameter. Default to undef in order to be backwards compatible with labs, ensuring we don't break it, and specify it for production where we already got more than one master Change-Id: I26376e5100bec1607e8b2f97fb706a6a9a99b741 | 27 December 2016, 17:05:17 UTC |
aa749fb | Alexandros Kosiaris | 27 December 2016, 16:56:18 UTC | Production kubernetes: Specify the service IP range Allow specifying the service IP range in the profile kubernetes class and set it via hiera Change-Id: Ic3ce1165c8dee4ba9f6719362efdfb2cd7bba723 | 27 December 2016, 16:58:09 UTC |
8ba3e4b | Alexandros Kosiaris | 27 December 2016, 16:16:06 UTC | kubernetes: Add /run/docker/netns/ as well in ignored disk checks Also ignore /run/docker/netns/ directories Change-Id: I13bd9f82066420c874a41d755b8d0e18e39be319 | 27 December 2016, 16:16:06 UTC |
799bcf3 | Alexandros Kosiaris | 27 December 2016, 16:10:39 UTC | kubernetes: Specify correctly the docker version Forgot the "debian" string in a previous commit Change-Id: I9ba612e853d4076aa73b72522f5338490cf7b835 | 27 December 2016, 16:12:42 UTC |
fbb148c | Giuseppe Lavagetto | 27 December 2016, 16:06:44 UTC | role::kubernetes::worker: tweak disk checks Specifically, do not look down the /var/lib/docker/containers space Change-Id: Ib40e09d3bc430f735353b183a19c077f9a33aaaf | 27 December 2016, 16:12:06 UTC |
93f2816 | Alexandros Kosiaris | 27 December 2016, 15:57:55 UTC | kubernetes::worker: Bump docker-engine version We now have 1.12.5 in our repos, bump the version in hiera Change-Id: I7766d05066125c98ca127df55b98ded5ea5be0c0 | 27 December 2016, 16:04:12 UTC |
1c9ccfd | Giuseppe Lavagetto | 27 December 2016, 14:16:00 UTC | openstack::horizon::service: use require_package for keystoneclient Solves a case of duplicate declaration; it also solves a dependency without need for setting it explicitly in our code. Change-Id: I3fedf27aba4aeedb6fb1b763f1852632b0f0e308 | 27 December 2016, 14:17:21 UTC |
aadc8f7 | Alexandros Kosiaris | 27 December 2016, 13:52:43 UTC | kubernetes::apiserver: Fix admission_control if clause By a copy/paste typo, the admission control if guard was using a wrong if clause. Fix that Change-Id: I780d808de921bb2cf4721593f9b9a1b96460c81f | 27 December 2016, 13:52:43 UTC |
48b409c | Alexandros Kosiaris | 27 December 2016, 13:43:29 UTC | Force docker bridge IP address per host Kubernetes requires that every node gives their pods a unique IP across the cluster, force the allocation manually per host to ensure that Change-Id: Iffd6a55345b39d82aa01d0fe449ec0f0dbee1ef6 | 27 December 2016, 13:50:25 UTC |
ccca4cc | Alexandros Kosiaris | 27 December 2016, 13:38:31 UTC | kubernetes: Instruct docker to not handle iptables Since we want to have iptables rules handled via kubernetes, having docker handling iptables rules will only lead to confusion. Disable that in docker default hiera settings Change-Id: I47f78146f0dad5a539503d0e28c47c9b3adea4cb | 27 December 2016, 13:38:31 UTC |
b6b2d0c | Alexandros Kosiaris | 27 December 2016, 10:05:18 UTC | k8s::apiserver: Leave authn out of authz if clause Having a authorization flag also handle authentication as well was wrong. Fix that Change-Id: I0afdaad9ef0a03a9fb3d613a2df7901f66363907 | 27 December 2016, 10:05:18 UTC |
d6767a9 | Ariel T. Glenn | 27 December 2016, 07:34:17 UTC | media title dumps: use explicit path to list of wikis with globaluseagelist Change-Id: I1e29d075cd62b8400af3f69858446c50c10ca638 | 27 December 2016, 07:34:17 UTC |
13677d2 | Ottomata | 26 December 2016, 21:20:15 UTC | Revert "Remove stat1001 from site.pp" Hm, I read the server lifecycle instructions incorrectly. This should remain as is for DC ops. This reverts commit f46a83b1876cd0a9fb0472ddbf62279476aa95c6. Change-Id: I91c0f00dac8e35d5c0f97ece5f6b93f05648ad0d | 26 December 2016, 21:20:15 UTC |
f46a83b | Andrew Otto | 26 December 2016, 21:17:27 UTC | Remove stat1001 from site.pp Bug: T149438 Change-Id: I907e3befbdf411f8a23874c774e5b7db2ea51fa2 | 26 December 2016, 21:17:27 UTC |
a71b251 | Andrew Otto | 26 December 2016, 21:01:47 UTC | stat1001 is now a spare and can be reclaimed Bug: T149438 Change-Id: I0bab2996e32f80dfd637bfc9a96e1c55b052c344 | 26 December 2016, 21:01:47 UTC |
69741af | Andrew Otto | 26 December 2016, 19:25:23 UTC | Send EventStreams rdkafka config to statsd every minute Change-Id: I2acf0615f8b01dd8ba920baa5ed592ddade6af29 | 26 December 2016, 19:25:23 UTC |
67d5e9f | Andrew Otto | 13 December 2016, 22:25:18 UTC | Add rdkafka_config deployment var to eventstreams service module and role This will allow us to configure statistics.interval.ms to send rdkafka stats to statsd Bug: T143925 Change-Id: I4da8d2307b64f38dca96972beb8e381fdd663b64 | 26 December 2016, 19:14:49 UTC |
1ecc3df | Erik Bernhardson | 14 December 2016, 11:07:22 UTC | Add libgomp1 to hadoop worker nodes libgomp1 is the GCC OpenMP support library. This is usefull for custom hadoop/yarn applications that want to utilize multiple cores. Specifically I'm trying to get https://github.com/dmlc/xgboost running on yarn, and it requires libgomp1 which is available on stat1002 but not on the worker nodes. Change-Id: I9bc0cacfa9586005dfd8819230054f3ba3dcb7fd | 26 December 2016, 17:37:39 UTC |
cddc490 | Madhumitha Viswanathan | 23 December 2016, 19:46:16 UTC | labsdb: Fix maintain-meta_p to insert correct url into wiki db Currently the urls being inserted have underscores in them Bug: T153987 Change-Id: I08f12f1bd10254dbc8268c955d39188a882ee90f | 23 December 2016, 19:47:07 UTC |
f24e3bd | Madhumitha Viswanathan | 23 December 2016, 18:31:44 UTC | labsdb: Fix wiki url construction in maintain_meta-p Bug: T153987 Change-Id: I6c70e1bf81df138d68d2a395c9273b066ca929a9 | 23 December 2016, 18:33:23 UTC |
3a162b6 | Alexandros Kosiaris | 23 December 2016, 17:46:49 UTC | Use the correct require function in in k8s::proxy Due to a typo require was used instead of require_package. Change-Id: Ibac3a5a9b09b0fbcdcdde21c0b440c54a7a72a4d | 23 December 2016, 17:46:49 UTC |
d003a55 | Alexandros Kosiaris | 23 December 2016, 17:40:34 UTC | Use packages for kube-proxy in production Pass the use_package parameter to force using packages for kube-proxy Change-Id: Ic31733de5e0517e269174131f6622af2f5f9e418 | 23 December 2016, 17:40:34 UTC |
b9a7316 | Alexandros Kosiaris | 23 December 2016, 17:35:46 UTC | profile::kubernetes::node: Set certs owned by root No point in having them owned by kubernetes user as kubelet and kubeproxy run as root Change-Id: Id559cfb49de5181a9ce89d6906de9aaf27aafda0 | 23 December 2016, 17:35:46 UTC |
2a6ffdb | Emanuele Rocca | 23 December 2016, 16:17:25 UTC | Revert "varnishxcache: port to cachestats.CacheStatsSender" The metric name needs to be fixed. This reverts commit 5c0d5fbce6a78e6cfb370a6ee7bc47c80942f5dd. Change-Id: I8dca280914f42a80ed8e4bb9988ac50ea801aa9e | 23 December 2016, 16:18:55 UTC |
b36acd8 | Emanuele Rocca | 19 December 2016, 15:25:53 UTC | varnishxcache: port to cachestats.CacheStatsSender Bug: T151643 Change-Id: Iff63681676af65f40c762ddcb56052a7bd10dc77 | 23 December 2016, 16:07:19 UTC |
b32439f | Alexandros Kosiaris | 29 November 2016, 15:52:13 UTC | Include ::profile::kubernetes::node in role::kubernetes::worker And the corresponding hiera variables Change-Id: I326f2657c84b7f650b98fc75939385a48dbca50a | 23 December 2016, 13:16:26 UTC |
684ebc8 | Alexandros Kosiaris | 29 November 2016, 15:47:09 UTC | Add profile::kubernetes::node profile class Include kubelet and kubeproxy classes to set up the node parts of a kubernetes cluster Change-Id: I1c91a32a26273eba7367c4f1b1ca7fa2663110af | 23 December 2016, 13:16:25 UTC |
5884532 | Alexandros Kosiaris | 23 December 2016, 11:34:29 UTC | profile::kubernetes::master: Specify no authz_mode For production, we are going to rely for starters on ferm rules to block access to the apiserver and evaluate authorization models later on. So for now specify authz_mode to empty string to default to the AllowAll mode and fix the ferm rules Change-Id: Ia17f68ea6a58d75ffd350d123fc31f35f24496d7 | 23 December 2016, 11:57:29 UTC |
46c4b8b | Alexandros Kosiaris | 23 December 2016, 11:31:28 UTC | k8s::apiserver: Allow overriding the authorization Add an authz_mode defaulting to 'abac' that allows setting the authorization mode used by kubernetes appserver Change-Id: Ie73398349a50cfb3aca35e97d6621574791f497a | 23 December 2016, 11:33:14 UTC |
3879884 | Ariel T. Glenn | 23 December 2016, 11:15:14 UTC | add twentyafterfour to gerrit-root group Bug: T152236 Change-Id: Ic47fa88859844477f357912f7b105b731b8100e9 | 23 December 2016, 11:15:44 UTC |
4e20a1b | Tyler Cipriani | 22 December 2016, 21:47:42 UTC | Disable l10nupdate cron Disabled for the December deployment freeze. Change-Id: I07ae9e2ee0011a8981558f76d1f88cdf7806cd3d | 22 December 2016, 21:47:42 UTC |
eee9cb9 | Filippo Giunchedi | 22 December 2016, 18:51:03 UTC | swift: drain thumbor traffic Given that Thumbor sometimes suffers from resource exhaustion, pull all traffic until debugging work is resumed. Bug: T151851 Change-Id: I7396fe51ec44d58b8b5297f5f7a13a0d89d964d2 | 22 December 2016, 18:51:04 UTC |
7efa220 | Federico Leva | 22 December 2016, 09:42:06 UTC | [Planet Wikimedia] Update .mau. feed URL on Italian planet The generic feed is full of off-topic. Now has a nice Wordpress feed. Change-Id: Icd2db9eac992362bd9fbc15a839796fe9dcbd4ee | 22 December 2016, 16:30:52 UTC |
5a1a01a | Moritz Muehlenhoff | 22 December 2016, 13:33:18 UTC | hive/metastore: Restrict to analytics networks We're getting rid of $INTERNAL, which is needlessly broad. Restrict to the analytics networks instead. Change-Id: I4aa19b599452d7577a72fe733263fe56a3a90c11 | 22 December 2016, 15:18:06 UTC |
d569def | Alexandros Kosiaris | 22 December 2016, 13:56:35 UTC | kubernetes::master: Fix typo in hiera for etcd urls Port ius 2379, not 2739 Change-Id: I671c9c24c90126611bca68b32a4cd75c17519167 | 22 December 2016, 13:56:35 UTC |
2b2f97b | Alexandros Kosiaris | 22 December 2016, 12:33:50 UTC | k8s::apiserver: Remove redundant --tls-cert-file It was specified twice, remove the latter Change-Id: I819e49d00ba032f067b46391b0e58aa791862920 | 22 December 2016, 12:33:50 UTC |
ffd7405 | Alexandros Kosiaris | 22 December 2016, 11:48:20 UTC | profile::kubernetes: Specify use_package parameter The kubernetes production profiles should be using the packages, specify that in the calls to these classes Change-Id: I777091c5e0cc4e14f7e990560c146613f68f6b3e | 22 December 2016, 12:12:01 UTC |
74791d7 | Moritz Muehlenhoff | 22 December 2016, 11:27:41 UTC | yarn web ui: Restrict to analytics networks $INTERNAL is too broad and scheduled for removal, restrict to the analytics networks. Change-Id: Ieb6590d5e2d7f24f14c1218ac6aa0094575bcb93 | 22 December 2016, 11:59:38 UTC |
48ea2bb | Alexandros Kosiaris | 22 December 2016, 11:45:57 UTC | Add dbmonitor1001, dbmonitor2001 to network::constants After tegmen, einsteinium Change-Id: Id2decb5de3f1d757fbca5f3b52fe306104c8e963 | 22 December 2016, 11:45:57 UTC |
23bb35a | Alexandros Kosiaris | 22 December 2016, 11:14:42 UTC | tendril: Add all the required apache modules Tendril requires: * mod_rewrite (for forcing SSL) * mod_ssl (for SSL) * mod_php5 (it is PHP) * mod_authnz_ldap (for authenticating/authorizing users) * mod_headers (for unsetting the Proxy header as an HTTPoxy safeguard) Also add the required ferm rules in the role Change-Id: I4ad25f1ef7044c8451af77af53de6de8e1cc5a35 | 22 December 2016, 11:19:39 UTC |
658e40a | Alexandros Kosiaris | 19 December 2016, 14:47:33 UTC | Create and assign the kubernetes::master role Add the kubernetes master role, just a role including the one profile class plus the basics Change-Id: I14a752e33389f8cb8e248c00cdfe689fe19b25c7 | 22 December 2016, 11:00:37 UTC |
f5bdfe4 | Alexandros Kosiaris | 19 December 2016, 14:43:46 UTC | kubernetes::master: Introduce the kubernetes profile Add a kubernetes profile class, heavily resembling the toollabs one from which it is mostly inspired Use the puppet certificates for kubernetes API TLS. That should allow easy and seamless integration Change-Id: I03cda08f7b8b48b98aded30afd076b39d84a3b5f | 22 December 2016, 10:59:34 UTC |
df1198e | Alexandros Kosiaris | 21 December 2016, 17:39:04 UTC | k8s::apiserver: Allow specifying the SSL file paths Instead of hardcoding the SSL path, allow to specify the, defaulting to the previous hardcoded values for backwards compatibility Change-Id: I12478ffc77ae9d09cbf3aec25f4d7d2dce6853bb | 22 December 2016, 10:58:14 UTC |
103275a | Alexandros Kosiaris | 21 December 2016, 13:05:51 UTC | Introduce dbmonitor1001, dbmonitor2001 DHCP/TFTP and site.pp changes required to get these VMs up and running Bug: T149557 Change-Id: I6f1f34ceb41839dc9d996bd6742e15a6815a69f1 | 22 December 2016, 08:08:26 UTC |
9fff7ef | Daniel Zahn | 22 December 2016, 00:28:35 UTC | wmflib: replace carbon with install1001 in ipresolve tests Bug: T123733 Change-Id: I2f2d84e6d9acded711d809607bb395201ca2581c | 22 December 2016, 07:51:43 UTC |
3aedeb4 | Matanya Moses | 21 December 2016, 23:19:08 UTC | remove absented file long gone Change-Id: Idb67dc632a5258a426f8b52b5adb0950f534dd3d | 21 December 2016, 23:19:08 UTC |