Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
666f5f8 juniorsys 26 January 2017, 09:58:08 UTC ores/otrs/package_builder: Linting changes Use full names for class names, as relative names are not allowed in future Puppet versions Add trailing commas to abide by the Coding Style guidelines Bug: T93645 Change-Id: I7720660c061588c30a4daed22e67966da1493801 26 January 2017, 12:13:55 UTC
ff8e18c Moritz Muehlenhoff 26 January 2017, 11:37:38 UTC Add one further account expiration/extension date Also add email address. Change-Id: I4d39ccfece2bd0e1b2705495e657a85a88f9bb68 26 January 2017, 11:42:02 UTC
f00fadb Moritz Muehlenhoff 26 January 2017, 11:19:21 UTC Add more email addressed All with confirmed NDA status. Change-Id: I2c73c007ac58e372a9688d95a276194a29a1b594 26 January 2017, 11:19:21 UTC
0c3f075 Filippo Giunchedi 24 January 2017, 14:49:52 UTC prometheus: add memcached aggregation and additional rules Change-Id: Ia042fc8e99d6a09348ca0549f4757d60f77876cf 26 January 2017, 10:08:06 UTC
20bb156 Jaime Crespo 26 January 2017, 09:55:38 UTC prometheus-mysql-exporter: Change db1052 to be s1-master This will be soon automatic, mantaining it manually for now. Bug: T156008 Change-Id: I39c3c8257c8f40af24cb1ea41e151e9cd45e5697 26 January 2017, 09:55:38 UTC
2f5d552 Jaime Crespo 26 January 2017, 09:44:29 UTC mariadb: Move db1057 to be a regular slave on config after switch Bug: T156008 Change-Id: I3e9a368eddaabe892d990a9b0b881566ad1b8f8e 26 January 2017, 09:44:29 UTC
681fe58 Giuseppe Lavagetto 25 January 2017, 10:08:26 UTC profile::etcd::tlsproxy: nginx auth proxy for etcd Bug: T156009 Change-Id: I58730d217b76f36b2dc435e2f2cf683167a6b8ba 26 January 2017, 09:12:24 UTC
454301b Giuseppe Lavagetto 25 January 2017, 10:00:12 UTC wmflib: add function to calculate htpasswd entries This uses the modified md5 digest algorithm that libapr1 uses, which is considered secure, instead of crypt() as the default ruby method does. Change-Id: I926388e402630d2950936985418e0d68150ac733 26 January 2017, 07:49:28 UTC
a7b2ae1 Manuel Arostegui 25 January 2017, 08:16:43 UTC site.pp: Change active master for enwiki This changes the active enwiki master from db1057 to db1052 Bug: T156008 Change-Id: I4dd099044ba2b82cece6691273688e618c7336d8 26 January 2017, 06:34:20 UTC
b008770 Daniel Zahn 26 January 2017, 03:13:01 UTC aptrepo: fix rsyncd 'hosts allow' syntax In the rsyncd 'hosts allow' we can use either hostnames or IPs or wildcards. But this resulted in a literal 'resolve' in the rsyncd config and that was not intended and fails. Bug: T132757 Bug: T843380 Change-Id: Ibca80da18f41571e885107773011aae80f514641 26 January 2017, 03:18:56 UTC
5811eea Andrew Bogott 26 January 2017, 01:33:42 UTC Revert "Keystone: Assign more threads to the admin API uwsgi handler" This doesn't seem to help. Something else is going on with uwsgi refusing connections. This reverts commit 2c73ff74b6c307fa12f90c7b3fe919700904e4e2. Change-Id: I612bfa0ad52426d74b07cf2933656b8f45c17830 26 January 2017, 01:46:57 UTC
6c5b5e2 andrewbogott 26 January 2017, 00:51:48 UTC Designate sink: Don't use keystone to resolve project_id Now that project_id==project_name, we can leave keystone out of the whole process. That should make all of this considerably less fragile. Bug: T156297 Change-Id: Ib45a7efd70b7619c3bf3371e0a9ea02c74e7b330 26 January 2017, 00:53:26 UTC
2c73ff7 andrewbogott 26 January 2017, 00:39:08 UTC Keystone: Assign more threads to the admin API uwsgi handler Seems like this has an awful lot of threads already, but I'm seeing intermittent keystoneclient.exceptions.ConnectionRefused and this might help. Bug: T156297 Change-Id: Ib16bf9ad95a157b7fed4611d7e211b3226863565 26 January 2017, 00:40:28 UTC
10cf90d Daniel Zahn 26 January 2017, 00:10:00 UTC switch install_server to carbon for initial rsync of APT repo data The install_server setting in Hiera influences which servers gets rsync and ferm rules to be able to rsync APT repo data (/srv/) from. Switch it to carbon temporarily to run an initial rsync from carbon to install1001 and install2001. Later switch it back to install1001 to sync from there to 2001 and stop using carbon. Bug: T843380 Bug: T132757 Change-Id: I11d8239576cf067f1a6bd679e42ff4864fb18e34 26 January 2017, 00:10:00 UTC
44cee68 Riccardo Coccioli 15 November 2016, 12:43:27 UTC icinga: raid_handler improvements - cleanup default ArgumentParser action (store) - use Nagios variable for service description, cleanup Puppet code to not pass it as parameter - add option --message-remain to include the remaining lines of the Nagios status message, if multiline - add option --skip-nrpe to not perform the NRPE call to gather the RAID status but instead use the complete Nagios status message in the task. This option is required for frack instances where an NRPE call is not possible - allow to pass 'n/a' as RAID type, if the information is not available. In this case it behaves as --skip-nrpe was set. Once merged it requires a change in secret('nagios/nsca_frack.cfg') to add the event handler for the check_raid checks with something like: event_handler raid_handler_skip_nrpe!raid-type!dcname where: - raid-type is one of ('megacli', 'hpssacli', 'mpt', 'md', 'n/a'). When using raid_handler_skip_nrpe is just used in messages and logging, so also a 'n/a' can be provided if the information is not available. - dcname is the datacenter where the host is in (i.e. eqiad), and has to match the equivalent Phabricator component (ops-$dcname). Bug: T149913 Change-Id: I1b052f01d887908d25f9555cb1ae549728c835a9 25 January 2017, 22:37:59 UTC
f4dd669 Madhumitha Viswanathan 21 January 2017, 06:34:56 UTC nfs: Make labstore1004 source for backups to secondary DC labstore1004 is the drbd secondary host right now, so we'll have the backups to codfw set up here Change-Id: Ic406babfe0c6a1ec83c7442efcc5787479867283 25 January 2017, 22:17:39 UTC
a1098f9 RobH 25 January 2017, 20:04:21 UTC fixing my last patch, wikitech-static ssl monitoring i failed to rename the service and description entries in my new lines to monitor wikitech-static T156294 Change-Id: I9b19396c4deea85c0cc1dc4dc3bb2da43e18e4c5 25 January 2017, 20:04:21 UTC
3406088 RobH 25 January 2017, 19:54:08 UTC adding ssl monitoring for wikitech-static seems this was missing, since I got the email notice for my reminder gcal entry to renew, when it wasnt alerting in icinga. T156294 Change-Id: If0aaeb4e7cf271e8888995078831c04136741c2a 25 January 2017, 19:58:21 UTC
871a550 Daniel Zahn 25 January 2017, 00:28:24 UTC apache-fast-test: replace mw1017 with mwdebug1001 As site.pp says, mwdebug1001 replaces mw1017. Let apache-fast-test use it as new default staging server. Change-Id: I1d46fa3b99b1655b641064cf5dbbcc5a7468b5d8 25 January 2017, 19:36:34 UTC
c1e78d9 Andrew Otto 25 January 2017, 19:07:13 UTC Remove extraneous trailing > Change-Id: Id93b51a3db7d3dc7f332df1dfc6143aea404570f 25 January 2017, 19:07:13 UTC
9b7181f Andrew Otto 25 January 2017, 19:02:43 UTC Allow access /srv/datasets from analytics.wikimedia.org Change-Id: I4d133c76453933774e17ef6866e4bbf00acf113c 25 January 2017, 19:03:15 UTC
faef13c Andrew Otto 25 January 2017, 18:50:19 UTC Serve analytics.wikimedia.org/datasets from /srv/datasets Bug: T132594 Change-Id: Iffa4a20f92752f57e7992960911ba201643ad731 25 January 2017, 18:57:18 UTC
59cf3ef Daniel Zahn 25 January 2017, 17:21:58 UTC multatuli: spare::system -> test::system Bug: T156208 Change-Id: I1bfa7e40f12ea8e0aabd12f1179ef8f646ad4d2f 25 January 2017, 18:48:56 UTC
8a7abac Andrew Otto 25 January 2017, 18:34:56 UTC /srv/datasets.wikimedia.org -> /srv/datasets And appropriate symlinking. Bug: T132594 T125854 Change-Id: I89843d876ef3c184362379f9801c08fea4a81307 25 January 2017, 18:36:04 UTC
97e2014 Daniel Zahn 25 January 2017, 00:26:14 UTC site.pp, DHCP: remove mw1017,mw1099 The ticket that is mentioned here was already closed and had comments how they were removed from DNS. But they are still here in site.pp !? Bug: T151303 Change-Id: Iadb7eeafc766d6ace091914b4760d5fa0a7bb403 25 January 2017, 17:51:01 UTC
1169c45 Andrew Otto 25 January 2017, 17:25:24 UTC Fix case typo in datasets.wikimedia.org apache vhost Change-Id: I4e2731018d0d0b43b1b92a67328a9a5912cd2b76 25 January 2017, 17:26:20 UTC
15df295 Andrew Otto 25 January 2017, 17:14:24 UTC Cleanup existing symlinks for datasets.wikimedia.org Also mv datasets.wikimedia.org apache config file to template Step 1 for Bug: T125854 Change-Id: Iae06fbc2e21ff8eea7980c920f372565f530bde5 25 January 2017, 17:23:11 UTC
eb33f38 Giuseppe Lavagetto 24 January 2017, 11:57:49 UTC role::etcd::common: move to profile, refactor Bug: T156009 Change-Id: I505e2a05e5fc6155248e4d6ef395af5c91ac841d 25 January 2017, 17:01:30 UTC
7e7a12d andrewbogott 25 January 2017, 16:13:03 UTC Horizon: update our custom auth hacks for mitaka Change-Id: I124ee747752a0bf60d8bffb6b8b265b0a40d88e2 25 January 2017, 16:29:03 UTC
053b590 Giuseppe Lavagetto 24 January 2017, 09:55:24 UTC etcd: add ability to use a TLS/auth proxy In some cases, we might want to have an external proxy handle connections to etcd; in such cases, we want to have a different client listen URL and client advertised URL, so that clients will be told to connect to the proxy and not to etcd directly. Bug: T156009 Change-Id: I1c4a42be0664d68688bcb8f0d66d133772ee7c27 25 January 2017, 15:29:06 UTC
ae9177d Alexandros Kosiaris 25 January 2017, 13:44:32 UTC Remove the per host docker networks With the transition to calico, these are no longer required, remove them Change-Id: I18aaa7d2d52c5fbd3f76e9cb8b721d16a4783c18 25 January 2017, 13:44:32 UTC
c6ddbf1 Guillaume Lederrey 25 January 2017, 13:09:23 UTC wdqs - configure wdqs2003 (new node) Bug: T152644 Change-Id: I7cb44f81821d2a1ee4315be1f4a1c0bd91b737aa 25 January 2017, 13:18:02 UTC
e8d6670 Brian Wolff 28 October 2016, 06:18:52 UTC Expand Content-Security-Policy on upload test to fr. Slowly adding larger wikis to make sure this doesn't add more log traffic than expected. Bug: T117618 Change-Id: I3c3c0ce4d041869bbd176aaeaa4ad8c077a18731 25 January 2017, 11:28:56 UTC
ed332d4 Faidon Liambotis 24 January 2017, 09:46:21 UTC raid: also check for State: degraded in md arrays The check_raid md code currently checks just for failed disks in order to raise a CRITICAL. However, there are cases (e.g. in newly installed systems) where a member is marked as "removed" but not failed, despite the array being marked degraded. An example of such a case: root@mw2256:~# mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Thu Jan 19 22:39:50 2017 Raid Level : raid1 Array Size : 39028736 (37.22 GiB 39.97 GB) Used Dev Size : 39028736 (37.22 GiB 39.97 GB) Raid Devices : 2 Total Devices : 1 Persistence : Superblock is persistent Update Time : Tue Jan 24 09:45:12 2017 State : clean, degraded Active Devices : 1 Working Devices : 1 Failed Devices : 0 Spare Devices : 0 Name : mw2256:0 (local to host mw2256) UUID : be87f511:e7ada8dd:08f3cf8d:474961ee Events : 6062 Number Major Minor RaidDevice State 0 8 1 0 active sync /dev/sda1 2 0 0 2 removed Add code to check-raid.py to also check for the "degraded" flag in the State line. This is fairly hackish as it is, but the whole code is and is in need of a rewrite anyway. Change-Id: I412980534f9698f23c73acecb1237a0facfb4a44 25 January 2017, 10:06:52 UTC
d611514 Moritz Muehlenhoff 25 January 2017, 08:50:22 UTC Add more email addresses Change-Id: Ibb8c434d6c17bef398aae70cede35fff4df286f1 25 January 2017, 08:57:23 UTC
64af997 Emanuele Rocca 25 January 2017, 07:21:40 UTC icinga: do not print stacktrace when check_ripe_atlas exits with 2 Explicitly catch Exception to avoid printing a stacktrace when sys.exit(2) is called. SystemExit inherits from BaseException instead of StandardError or Exception so that it is not accidentally caught by code that catches Exception. Ref: https://docs.python.org/2/library/exceptions.html#exceptions.SystemExit Change-Id: I290c90ffa4d2a373187bcb84d7d933e13e8bcc7c 25 January 2017, 08:10:52 UTC
edbf506 elukey 24 January 2017, 14:25:34 UTC Increase retry wait time for Hadoop Yarn Nodemanager checks This particular alarm has been showing false positives during the past months, not related to any clear issue after checking in the logs. The alarm usually last for a couple of minutes, and after checking the monitoring script I suspect that some temporary "good" state of the daemon is not recognized as such triggering an alarm. Since these these daemons do not need a timely critical response, we can wait a couple of minutes more before alarming to avoid false positives. Change-Id: I72ee06971756cace3b1031e6dcbe1146324c24c3 25 January 2017, 08:02:53 UTC
41a02fa Chad Horohoe 24 January 2017, 17:35:34 UTC Remove myself from elasticsearch-roots It ain't my job anymore :P Change-Id: Icaa2dfd2768d4964b141f1b15674024e3fe74a5f 25 January 2017, 07:52:31 UTC
1385c03 juniorsys 15 January 2017, 03:50:28 UTC mediawiki module: Linting changes Use full names for class names, as relative names are not allowed in future Puppet versions Add trailing commas to abide by the Coding Style guidelines Bug: T93645 Change-Id: Ib4418247bf579bf15f489ad04e3ea13702127ae5 25 January 2017, 00:30:51 UTC
90442e8 Daniel Zahn 25 January 2017, 00:13:04 UTC site.pp, DHCP: remove analytics1015, analytics1026 Bug: T147313 Change-Id: I29648018f021ab823310b33830e5720661ccdb21 25 January 2017, 00:16:06 UTC
906f96b Tyler Cipriani 26 September 2016, 22:44:38 UTC Fix failing keyholder arming check The latest version of openssh-client no longer stores or outputs the key filenames along with the ssh public-key fingerprint as part of ssh-add -l. This changes the keyholder check script to just compare public key fingerprints rather than private-key filenames. Bug: T154943 Change-Id: Ic6784e505d4734a725bda2a278745cf53575c11f 24 January 2017, 23:10:15 UTC
3856788 Chad Horohoe 24 January 2017, 21:29:52 UTC Add .bash_profile to my homedir so my .bashrc works Change-Id: Id6af9ca88a432b44942988012d9994ef616bcaa4 24 January 2017, 22:09:15 UTC
bf82903 Chad Horohoe 19 January 2017, 19:52:37 UTC dumps: Add a favicon (using the wmf one) Change-Id: I7a2482d5ace3baa6d16ba0d1ade8d1e0fa7687e7 24 January 2017, 21:52:55 UTC
44a8d4b cpettet 24 January 2017, 21:31:13 UTC labstore: change drbd link over to /30 192.168 Here I am changing the old mechanism to stop assuming the address is to be resolved. It seems more prudent to protect the drbd.d configs from DNS issues, and also I am changing this to match the reality of the setup now post direct connection. Change-Id: Ie3dc34ba61e189b688dba0dec8727f8fa7972ad4 24 January 2017, 21:51:58 UTC
d03da42 Daniel Zahn 19 January 2017, 06:47:42 UTC openstack: designate/glance/keystone not in autoload module Change-Id: I1af45f39994e350277ded63d644c2943f80f6ead 24 January 2017, 21:44:35 UTC
56a4f2a Daniel Zahn 19 January 2017, 06:43:52 UTC openstack: instancersync not in autoload module layout Change-Id: I0e89b1be4068c705bb7bf15b8c7c15a87e1fc434 24 January 2017, 21:42:22 UTC
67ceb0b andrewbogott 24 January 2017, 21:33:40 UTC Horizon: Add mitaka version of the puppetpanel. No doubt this will require some future tweaking. Change-Id: I916270346bf4eed9bea1ff0dfe430379bb66267e 24 January 2017, 21:38:00 UTC
b0e38cf Daniel Zahn 24 January 2017, 02:53:03 UTC delete dumps.wikimedia.org SSL cert replaced by Letsencrypt. Not needed anymore. Don't forget to delete key in private repo too. Bug: T154940 Change-Id: I1cda1942704ad747b8c0e6fe0801e8a71f322f89 24 January 2017, 21:33:07 UTC
c3dce3f andrewbogott 24 January 2017, 21:20:20 UTC Horizon: Forward some custom files from liberty Change-Id: I99b29bc0195f243c13dfd313c23bb0140c820604 24 January 2017, 21:24:50 UTC
77afb54 YuviPanda 24 January 2017, 20:54:31 UTC tools: use new kubectl location for maintain-kubeusers This breaks new homedir creation for new tools! Change-Id: I85439896566c2aa439759588e8584c789cdcc170 24 January 2017, 20:57:59 UTC
669ce3b andrewbogott 21 January 2017, 21:16:17 UTC Move labtestweb openstack::version to mitaka This is an experiment to see how horizon/mitaka copes with the rest of our setup. It ought to work... Change-Id: I9321453d4a1c75bee9e43f999712334fcf159e9b 24 January 2017, 20:55:03 UTC
fab8e77 Chad Horohoe 24 January 2017, 18:29:45 UTC beta: standardize deployment.wikimedia.beta.wmflabs.org docroot Use wikimedia.org as it's a wikimedia.org docroot (and there's nothing special about it) Change-Id: Ib8a38fe292fac903a5d90125149aa697ed478471 24 January 2017, 20:40:53 UTC
9e9f80b cpettet 24 January 2017, 20:32:56 UTC tools: specify ipaddress_eth0 for HBA It seems we collected docker as a dependency on the submit hosts. This has confused the fragile mechanism in place to manage HBA as it has been assuming ip_address is fixed where puppet has it as first come first serve. Get specific with IP of eth0 only. Bug: T156168 Change-Id: I9d1fe39bd7a2f70dc900ed85dc6ff698d02d0906 24 January 2017, 20:39:26 UTC
6a5f200 Jaime Crespo 24 January 2017, 19:50:47 UTC mariadb: Set binlog_format to STATEMENT for db1052 This is in preparation for it to be set as the new master. Bug: T156008 Change-Id: Idf5c218ce32e57113291de470c8a352fd498391e 24 January 2017, 19:50:47 UTC
695258a Jaime Crespo 24 January 2017, 18:02:21 UTC MariaDB: Setting db1065 as the new master of sanitarium2 Includes row based replication. Bug: T155999 Change-Id: I2cdb5129594549e1a8f3750288a844ae51bdd503 24 January 2017, 18:02:21 UTC
77ebefd Jaime Crespo 24 January 2017, 17:58:42 UTC mariadb: Move db1072 back to a normal slave Back to use MIXED instead of ROW based replication. Bug: T155999 Change-Id: I9e1979c9dbb13e74ff61b372cb3b36f0469bfa4b 24 January 2017, 17:58:42 UTC
15033ae Moritz Muehlenhoff 18 January 2017, 14:27:32 UTC Stick with node 4.6 on maps due to karthotherian not being ready for node 6 Bug: T149331 Change-Id: I95a0430d227c517e0cfac59f07b05425fc08f5e3 24 January 2017, 17:47:59 UTC
c2c9f86 Tyler Cipriani 11 August 2016, 21:22:50 UTC Include hhvm fatals and exceptions in scap canary checks This change creates a new service for the logstash checker, "mwdeploy" that cooresponds to log events that are: - mediawiki messages in the exceptions channel that are not INFO, NOTICE, or WARNING - hhvm messages not of type INFO, NOTICE, or WARNING There are a few exceptions in this query for noisy messages that are independent of deploys. This should catch more of the catastrophic types of problems that create massive errors for all requests without, hopefully, generating false-positives. Bug: T142784 Bug: T154646 Change-Id: I129b9d4ea2bdfb1eaf27da61b63569fb0e418deb 24 January 2017, 17:42:28 UTC
893c192 YuviPanda 24 January 2017, 17:36:32 UTC tools: Get rid of kubebuilder Is done as a deb now Change-Id: I7f4934c30830afbed924d25d9d44c2409bd14100 24 January 2017, 17:39:45 UTC
fe6e70c YuviPanda 24 January 2017, 17:28:59 UTC tools: Get rid of hacky k8s deployment bash scripts Change-Id: I1288a0aa1b97edb19650761fd1f8b0a6c39de6d7 24 January 2017, 17:34:58 UTC
8ad7e9e Moritz Muehlenhoff 20 January 2017, 12:53:12 UTC Remove gehel from elasticsearch-roots I wrote a script to cross-check our authentication data; it found that Guillaume's account is present in elasticsearch-roots despite being full root cluster-wide, so remove him from elasticsearch-roots. Bug: T142836 Change-Id: I64d1e41ae529303b6b404f27950f11b6f7bb2f7f 24 January 2017, 17:31:13 UTC
e444b3c Alex Monk 22 January 2017, 00:39:44 UTC ssh: Don't add IPv6 address as an alias in exported resource if it's undefined Bug: T72792 Bug: T153163 Change-Id: Ifd359d9dbe750ba30bf39c52169fe56889a747a8 24 January 2017, 17:21:05 UTC
b021aca Chad Horohoe 05 January 2017, 19:59:09 UTC docroots: Swap wikidata for wikidata.org Yay standardization! Depends-On: I44d03368e59152c0e27ccb5176d556521e2316e2 Change-Id: I3d2070c727722757d18ed89b45e6533f23c5c105 24 January 2017, 17:09:56 UTC
c67a0ef Filippo Giunchedi 20 January 2017, 11:42:29 UTC scholarships: move udp2log to mwlog1001 Bug: T123728 Change-Id: Ic7dfcd6ea7b3328c5961a8d4414e7708a371ffd1 24 January 2017, 16:21:42 UTC
dc1e332 Manuel Arostegui 24 January 2017, 16:00:38 UTC site.pp: Enable RBR on db1072 db1072 is going to be db1095 new master and needs ROW based replication binlog format Bug: T156006 Change-Id: I20fd887d53e0aa5e48ad4cde44e1f0ca92eef60b 24 January 2017, 16:18:13 UTC
32333a5 Alexandros Kosiaris 24 January 2017, 16:13:29 UTC Fix typo for check_redis definition It's the second argument, not the fourth one Change-Id: I4f55f3c47adb945fbb4b25d41ee6480a975b0f85 24 January 2017, 16:13:29 UTC
4ab0b79 Alexandros Kosiaris 23 January 2017, 18:17:07 UTC redis: Allow specifying credential file for monitoring Allow specifying a credentials file, defaulting to /etc/icinga/.redis_secret. This should allow different redis installations to be monitoring without many changes to our monitoring infrastructure. Use this for ORES This reworks commit 8102ccc46e551a6481951e37bce6f95cdb7e46be. Change-Id: I6dbb79f2aed6820582b5aa0a6925e37175ed07a9 24 January 2017, 15:52:10 UTC
2c2995c Moritz Muehlenhoff 24 January 2017, 15:30:53 UTC Add contact email addresses and account expiry dates for fr contractors Change-Id: I61c54494ab214a27309f344a3d296a916729db7e 24 January 2017, 15:41:26 UTC
7c18ded YuviPanda 24 January 2017, 13:32:46 UTC tools: Use packages in k8s bastions Change-Id: Ia817c97536bd4b93bc939dca8cd88ac72c205202 24 January 2017, 15:38:29 UTC
4b1d548 YuviPanda 24 January 2017, 14:33:19 UTC tools: Use packages for kube-proxy on webproxies Change-Id: I77cd587b115124c2fcf2f92c6493eddca886cdf0 24 January 2017, 15:02:23 UTC
efd468f YuviPanda 24 January 2017, 13:37:09 UTC tools: Switch workers to using debs Get rid of initial deploy exec as well Change-Id: Ia94567204c1c6b11fcfc585dbe11d90a11491387 24 January 2017, 14:45:47 UTC
608121f YuviPanda 24 January 2017, 12:40:59 UTC tools: Switch to using packages for k8s master Change-Id: I2cbbb32f0ec35f703ff68cf385b3ad6ba3a5dac0 24 January 2017, 14:45:26 UTC
3190811 Marius Hoch 24 January 2017, 13:10:45 UTC Log time and shard number on Wikidata dump failure Might be useful for debugging. Change-Id: I9236f7f11be4cd51ffd83ce2b4818e7d80f5967b 24 January 2017, 13:10:45 UTC
a773a37 Moritz Muehlenhoff 24 January 2017, 12:11:17 UTC Add more email addresses and contacts for account extensions Change-Id: I1f03bb9b7ee78798ea678f81c09690766249cf52 24 January 2017, 12:11:17 UTC
c3521bb Moritz Muehlenhoff 24 January 2017, 10:13:37 UTC Add account expiry dates for ISI Foundation researchers Bug: T142816 Change-Id: I9c7173be0acd12de2160f9679ec9f3237ce44988 24 January 2017, 10:41:25 UTC
53a3d63 Guillaume Lederrey 23 January 2017, 17:36:27 UTC elasticsearch - increase size of GC logs Having larger logs makes it easier to analyze GC over a larger timeframe. The current 2M limit translate to ~1/2h which is too chort to be significant. A cron is added to cleanup older logs. Change-Id: I5f088473be41294b26a0960baeb5317d06661586 24 January 2017, 10:38:44 UTC
2e9b59f Moritz Muehlenhoff 24 January 2017, 09:52:31 UTC Remove access credentials for junikowski Bug: T152957 Change-Id: I1311dae98ff74348315fe7855755be992137f410 24 January 2017, 09:53:38 UTC
f47d4b5 Moritz Muehlenhoff 20 January 2017, 12:59:38 UTC Remove otto and elukey from eventlogging-admins I wrote a script to cross-check our authentication data; these two ops accounts have cluster-wide access anyway. Bug: T142836 Change-Id: I12b34999c011057a7297fd980b4ec88db4dde7ba 24 January 2017, 08:16:41 UTC
5648158 Manuel Arostegui 16 January 2017, 11:28:27 UTC mariadb: Split dbstore role classes * Split the dbstore class out from mariadb.pp into two differnt files * dbstore.pp will be used for the original dbstore hosts that still run TokuDB as an engine. * dbstore2.pp will be used for the new dbstore servers that no longer use TokuDB as an engine but use InnoDB. * dbstore2.my.cnf.erb: Enabled gtid_domain_id flag. Currently this only applies to dbstore2001 and dbstore2002 which already have it enabled manually Bug: T130128 Bug: T150850 Bug: T149418 Change-Id: I2e87640257fc58ec16a02c825927129cfd4520eb 24 January 2017, 07:58:50 UTC
e2c710d Daniel Zahn 24 January 2017, 02:10:27 UTC aptrepo:rsync: fix 'Invalid relationship' and ferm syntax Can't absent the rsync fragment when rsync server is not in catalog. "Invalid relationship" Do not add /32 in ferm rule. wrong syntax. Change-Id: I5a452c3e7349bffc0ee9ed8a42e8a001e268bf2d 24 January 2017, 02:14:20 UTC
1a50f85 Daniel Zahn 23 January 2017, 16:41:59 UTC aptrepo: setup rsync between 2 APT servers So far we just have a single APT repo, apt.wikimedia.org points to carbon. But we want to retire carbon and replace it fully with 2 servers, one per each DC, install1001 and install2001. As a first step one of them will be the "live" server that DNS points to and the other one will be warm stand-by. To ensure it is "warm" we setup rsyncd to keep /srv/wikimedia with the actual package data in sync between the 2 servers. For this we put rsyncd on the target, the one that is NOT live, and add a firewall hole to allow connections from the source, the live server, which pushes data to the failover server. Decide which server is which with a simple switch in Hiera. Bug: T84380 Bug: T132757 Change-Id: Idd9c51f93b8cb46a7f00fa44f9061ff5a8e133cb 24 January 2017, 01:56:39 UTC
7cf7a62 Daniel Zahn 24 January 2017, 01:41:49 UTC gerrit/lists/microsite/rolematcher: fix "rysnc", "wikimeda" typos Change-Id: I8a0efd847aa2ac8c854ba0f01a24d2bc6a4057b0 24 January 2017, 01:47:09 UTC
c986af1 Daniel Zahn 24 January 2017, 01:11:15 UTC typos: add rysnc, rsnyc, wikimeda I _just_ did the "rysnc" thing, and wikimeda is also one i remember more than once. Change-Id: I80de38224afd68519fa13dbeb20acd0e4009dfdd 24 January 2017, 01:38:40 UTC
2791f51 cpettet 23 January 2017, 22:05:09 UTC nfsclient: remove temporary absents from migration This should no longer be necessary and is actually problematic as it is a directive to absent a path that is otherwise managed as symlink in the correct cases, and not managed at all in the incorrect case. We are absenting 'mount_path' now here which is still the older model direct '/home' and '/data/project'. These on NFS activated projects will never return as an actual mount anymore as these symlinks do not show up in /proc/mounts. Change-Id: Iee99acd6bb731fda065957a56d12a6d1a8ca3957 23 January 2017, 22:07:53 UTC
c60fba1 cpettet 23 January 2017, 21:52:56 UTC nfs_mount: protect absent the same as present We currently apply nfsclient everywhere and use white listing to do the actual application at a second layer. Right now the 'absent' mechanism here does not follow the same process and so is not predictable. Change-Id: Ic9ff1434f305cc6994ffa42ef288a5da20bccb6d 23 January 2017, 22:07:42 UTC
a07f31e Daniel Zahn 19 January 2017, 06:52:30 UTC labspuppetbackend: optional parameter before required fixes lint warning: " WARNING: optional parameter listed before required parameter on line" Change-Id: I40a80abd7b1dee241bb2df77951eb4fcdbb10329 23 January 2017, 20:08:52 UTC
32e857a Daniel Zahn 19 January 2017, 06:51:47 UTC proxysql: optional parameter before required parameter fixes lint warning: "WARNING: optional parameter listed before required parameter on line" Change-Id: Ic9e57692f4dcf06402f7fa2a0aab54c9b2728889 23 January 2017, 20:06:33 UTC
52d9190 Daniel Zahn 19 January 2017, 06:49:49 UTC kartotherian: optional parameter listed before required WARNING: optional parameter listed before required parameter on line 29, 33, 35 .. Change-Id: I86fb9681abeffe2381465560b9f0d6b39380c349 23 January 2017, 19:59:41 UTC
b4c46eb Moritz Muehlenhoff 23 January 2017, 13:10:20 UTC Add remaining staff email addresses to data.yaml Add most of the missing email addresses from staff. External adresses to come in a subsequent commit. Bug: T142826 Change-Id: I5974eebfc7629e91672c7e7acbe8f40ca20906f8 23 January 2017, 19:41:16 UTC
27d3eab YuviPanda 23 January 2017, 18:00:32 UTC labs: Dump instance info somewhere that exists Change-Id: I418808d72814b2ec9c40ccce2d72adaf6400e313 23 January 2017, 18:32:58 UTC
8102ccc Alexandros Kosiaris 23 January 2017, 18:12:54 UTC Revert "redis: Allow specifying password for monitoring" Flawed insecure approach, reverting This reverts commit c0566dbd4262bfe9cd94b42b357127ac2f84d337. Change-Id: I62d4b6bb5bf9e8f5a34e09bb526bf84fc4c1fb63 23 January 2017, 18:12:58 UTC
c0566db Alexandros Kosiaris 17 January 2017, 09:03:24 UTC redis: Allow specifying password for monitoring Specify a new nagios command for checking a redis installation providing a password. While this is clearly less secure than the credentials file approach, the latter clearly does not scale well to multiple installation. Change-Id: I0b05a0e0b67c66c75be3b68e90bacfe6d09612f3 23 January 2017, 18:01:57 UTC
20fdc3e Antoine Musso 23 January 2017, 16:49:01 UTC squid3: switch to puppetlabs_spec_helper/rake_tasks Remove our custom cruft in favor of puppetlabs_spec_helper rake task. Populate the stdlib and wmflib modules via .fixtures.yml. Drop empty site.pp fixture, it is created on demand. Change-Id: I7340b10b567c4cb79dae0e19da3d05f552c1b32b 23 January 2017, 17:14:33 UTC
99ac741 Alexandros Kosiaris 23 January 2017, 16:43:47 UTC redis monitoring: Add a more descriptive description Add the replication string Change-Id: Ie9dfdd5ee39038a0e7b6d70c5f930fd846dedab3 23 January 2017, 16:53:54 UTC
c431d1a Alexandros Kosiaris 23 January 2017, 15:42:12 UTC redis monitoring: Use the correct variable Use $port instead of $title since that is what we use to check against It's a noop, but still, more readable. Also couple in a few minor small lints Change-Id: I5fb1eb5f28111aa947bf6002421fc431da55b6d3 23 January 2017, 16:53:31 UTC
c6f22b5 Brandon Black 23 January 2017, 16:28:33 UTC syntax fixup for 3ca8aeec (double-quote) Change-Id: Ice35cc7e09a317a28a4afc7bd2e7530e6cf7f216 23 January 2017, 16:28:33 UTC
3ca8aee Brandon Black 19 December 2016, 16:22:32 UTC TLS: reduce scope of stream.wm.o redirect exception Bug: T143925 Change-Id: I11c7154833d0c334fda20a0857a8f35f1a19a209 23 January 2017, 16:06:05 UTC
74e3e5b Giuseppe Lavagetto 23 January 2017, 15:54:37 UTC profile::base::labs: do not require profile::base This should fix compiling on VMs with a trusty puppetmaster Change-Id: Iae16fcdd532a3caf5d2503de23ae00f5de37865f 23 January 2017, 15:54:37 UTC
d480c16 andrewbogott 21 January 2017, 04:51:14 UTC wmfsink: Only handle delete messages We're only doing cleanup right now, no need to accept notifications about instance creation. Bug: T148781 Change-Id: I221bb230232cb7eaa24dc71799e9cf86d7c90c71 21 January 2017, 04:51:14 UTC
aa26213 andrewbogott 13 January 2017, 17:16:38 UTC wmf_sink: Remove all ldap handling We no longer care about ldap host records. Bug: T148781 Change-Id: I1c9e725ec40825c87b6ff90a3ef4bfb2f88bfb5b 23 January 2017, 15:13:19 UTC
back to top