Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
3cad1da Daniel Zahn 12 May 2017, 19:44:38 UTC phabricator: convert to profile/role-structure Change-Id: If2eeff9f844a223fff460b7fe713be14f3f00ccf 13 May 2017, 00:44:46 UTC
7623476 Daniel Zahn 11 May 2017, 19:22:10 UTC webperf: move 'standard' and 'base::firewall' to role Change-Id: I3f0b6030b557d6d1b456e22ac4c5a7e808f1ac59 12 May 2017, 18:47:09 UTC
10f4068 Daniel Zahn 11 May 2017, 19:19:51 UTC dumps::zim: move 'include standard' to role Change-Id: I795afbc40d1fb3b1f176c4d4939a465e034f6f60 12 May 2017, 18:35:43 UTC
db6b56b Daniel Zahn 11 May 2017, 19:14:13 UTC piwik: move 'include standard' to role Change-Id: I253bbe4c971b39c3a7292ed6ed2013bc87eda915 12 May 2017, 18:31:17 UTC
c34ca8c Daniel Zahn 10 May 2017, 17:17:18 UTC syslog::centralserver: move 'include standard' to role Change-Id: I66b77fdd86ff5d499dda75ceaa01e9809243fbf5 12 May 2017, 18:01:02 UTC
2580043 Brandon Black 12 May 2017, 16:30:25 UTC VCL: be careful about grace/keep on 0-TTL objects... grace and keep can keep per-request objects alive a long time in transient storage. Even hit-for-pass objects that are multi-request are probably similarly-affected. This should fix up the bulk of the cases. Bug: T165063 Change-Id: Ib4708ab5da0b80cddb717fd57a6902afb89b215e 12 May 2017, 17:38:51 UTC
2a190b4 Brandon Black 12 May 2017, 17:14:30 UTC VCL: Do not assume obj.grace > grace_healthy Bug: T165063 Change-Id: I345e1e70d2c392a7073dab40c73000953269f6af 12 May 2017, 17:38:24 UTC
6b0b6bb Emanuele Rocca 12 May 2017, 16:44:24 UTC varnish: reduce keep setting on frontends Bug: T165063 Change-Id: I76de256848efc34b6dffc9f4c01efea088f94430 12 May 2017, 16:46:47 UTC
3bc2b40 Guillaume Lederrey 12 May 2017, 15:27:59 UTC logstash - cleanup of indices is done from multiple nodes for redundancy To make sure that indices are cleaned up even if a node is down, the indices cleanup cron is run from multiple nodes. An index can already be deleted, so 404 errors need to be ignored. Change-Id: If22d153f29bf3b7ee9f6b9fdd7172248aae6179e 12 May 2017, 15:27:59 UTC
afc9f8b Giuseppe Lavagetto 12 May 2017, 14:42:38 UTC docker::baseimages: fixes to the alpine build script Change-Id: Ie9d8fe706da7b1e61c0afa0c1dd5df1e3f38b6b1 12 May 2017, 14:57:44 UTC
7930cde Jeff Green 12 May 2017, 14:29:56 UTC switch indium to frlog1001 Change-Id: I2f05d398ad67a716a2ea5d4b4342453719ffdebe 12 May 2017, 14:29:56 UTC
aba2550 Giuseppe Lavagetto 11 May 2017, 11:55:41 UTC docker::baseimages: separate build script for alpine linux Since we need to be able to provide a specific version to build, separating the script will make things easier. Bug: T165024 Change-Id: I82c4f2367256f03d3753b9d5dd56a3ae0fd3f46a 12 May 2017, 13:47:13 UTC
57e741f Antoine Musso 12 May 2017, 13:38:57 UTC contint: fix apt::pin resource name The apt preference files MUST NOT contains any space. Rename the apt pinning for HHVM/experimental. Follow up 6819c23fe2590edf7d7af55734ae6750e0b9d0df Change-Id: I768985ecc486d3a1f03f1f0c25b873f53389bea3 12 May 2017, 13:38:57 UTC
f9c2780 Giuseppe Lavagetto 11 May 2017, 14:02:04 UTC role::deployment_server: generate dsh lists for zotero Change-Id: Iffc02879522a6ff0d6fcb361bf5a5f17c91f45ab 12 May 2017, 13:10:34 UTC
6819c23 Antoine Musso 12 May 2017, 12:55:09 UTC contint: pin HHVM packages to use experimental component Bug: T165074 Change-Id: Ia0e2aa58feeec723eed01277159110025541af00 12 May 2017, 12:58:43 UTC
30d7f16 Antoine Musso 12 May 2017, 10:22:27 UTC contint: move hhvm-dev to a different class Move the installation of hhvm-dev and hhvm build-dependencies from contint::packages::php to contint::packages::hhvm. The CI instances include both contint::hhvm and contint::packages::hhvm. Will make it easier to apt::pin hhvm packages later on. Change-Id: I79b72e6bb5c590921d6b86481fd2985a954a8ef8 12 May 2017, 12:44:46 UTC
240f016 Antoine Musso 12 May 2017, 10:42:44 UTC contint: experimental component for nodepool instances So we can selectively pick packages from /experimental. Pin it to priority 1 to ensure nothing get installed from it unless explicitly required. Change-Id: I086c218ba908c3c36af443e9d0800c2f28431525 12 May 2017, 12:28:35 UTC
db9e994 Alexandros Kosiaris 12 May 2017, 08:59:52 UTC varnish: Rename planet1001 director to planet Having a director named planet1001 is misleading given that the backends are planet1001 and planet2001. Rename to planet to depict that the director works for both DCs Change-Id: I4b2617d5e6fa4f3856e301b736f2fc42e8ef1566 12 May 2017, 11:14:30 UTC
eb16b54 Arzhel Younsi 12 May 2017, 09:25:00 UTC Add logstash-syslog-tcp LVS service Listening on port tcp/10514 Bug: T151971 Change-Id: Ia1594b06a77c00f98de8eed35b1cdf637579fd0c 12 May 2017, 09:35:34 UTC
96654e3 Daniel Zahn 11 May 2017, 19:27:37 UTC backup::offsite: move 'include standard' to role Change-Id: I8ca09c29f0c4b90820d24ed23a7a895d34e13b4a 12 May 2017, 08:55:21 UTC
38c203d Daniel Zahn 11 May 2017, 19:25:48 UTC backup: remove duplicate 'standard'-include In this case the include of standard is already in the role. So it's duplicate on the node. Change-Id: I91585c63f05cb7b265bcceded1f50611bcc124c9 12 May 2017, 08:54:53 UTC
550922e Arzhel Younsi 10 May 2017, 14:56:17 UTC Various LibreNMS improvements - [WARN] Your RRD directory is not set to 0775 - Add daily.sh cron job - Add billing module - Enable Globe Frontpage - Add location mapping - set "email_from" for better email filtering - Use maps.wikimedia.org for tiles - Ignore noisy fatal syslog messages - IRC bot inital configuration Bug: T164911 Change-Id: I4507b0ba2027baa9ac640c1608782afaee223a6a 12 May 2017, 08:39:23 UTC
6cb095e Moritz Muehlenhoff 09 May 2017, 06:17:01 UTC Drop cache/LVS NFS override nfs-common and rpcbind were installed as part of the base d-i installation (prior to the first puppet run). 386ac51a3b85ef3876e60c7a36bf9ff65d091876 now removes it during the initial installation and (so new jessie installations are fine) and the roles which explicitly need NFS on the client or server side have gained explicit puppet declarations via 328f3c67a56394b5e4288513f14b8278bb5b073c and 535988c8162b8f459bebc15c91f26b8d8a600fb3. So we can drop that workaround for LVS/CP (to avoid puppet failures nfs-common and rpcbind need to removed shortly before merging the puppet change) Bug: T106477 Change-Id: I943f4de0a856f5fea8434544608dd0f83e965bfb 12 May 2017, 06:18:42 UTC
1b1732e Andre Klapper 14 April 2017, 19:42:06 UTC Phabricator monthly email: Also include Differential user activity Change-Id: I183675e5a4c880cc10f7368fd65d54ae5f79a843 11 May 2017, 18:33:57 UTC
d97024b Daniel Zahn 10 May 2017, 01:49:20 UTC udp2log: use logrotate::conf for logrotate Change-Id: Ie8057d30153c217492fc0563e3d3562066470270 11 May 2017, 17:14:23 UTC
ea9e569 pt1979 10 May 2017, 16:16:50 UTC DHCP/partman: Add dhcp and partman entries for kubernetes200[1-4] Bug:T164851 Change-Id: I79b5d2dd935479f782964f75e81371452437f758 11 May 2017, 16:49:44 UTC
d89dfcf Faidon Liambotis 27 April 2017, 21:56:08 UTC lvs: remove support for <= trusty All LVS systems are now running jessie, so remove legacy/dead code that was there for older systems. This removes the only "if ! os_version()" occurence in the tree which is probably an antipattern as it's harder to grep for. Change-Id: I68acf28e70f7aca5f98525c8faef41aa76f5ac83 11 May 2017, 16:06:01 UTC
908cb6d Faidon Liambotis 10 May 2017, 15:38:46 UTC Move all add_ip6_mapped calls to site.pp Most of the add_ip6_mapped calls are in site.pp but a few have creeped in to roles and profiles. Move them all back to site.pp, as a) Labs doesn't have IPv6, rendering those role/profiles unusable in Labs and b) IPv6 addressing is really a host config, not something tied to a particular profile/role (and one that we expect to eventually move to base or deprecate entirely). Change-Id: I63692a84426982a75c99b29f43f274c41a2e2dfe 11 May 2017, 15:47:52 UTC
41c3964 Faidon Liambotis 27 April 2017, 22:06:50 UTC Remove c/p interface argument to add_ip6_mapped interface::add_ip6_mapped is being used with an argument of interface => eth0 all across the tree (and one occurence of "eth2"). This is probably because it was copy/pasted around, since the interface parameter has always been optional and defaulting to the first interface found so in all but the eth2 case, it was redundant. As of recently it's defaulting to the "interface_primary" fact, which makes the option entirely redundant. Remove it across the tree. Bug: T163196 Change-Id: Ie89e84aa820160c91a4363f7bcd278cfc83f181c 11 May 2017, 15:00:41 UTC
9bfc166 Faidon Liambotis 30 March 2017, 13:55:01 UTC Switch add_ip6_mapped to use interface_primary Use the 'interface_primary' and the new 'ipaddress' facts in add_ip6_mapped, paving the road to not passing any arguments by default and thus potentially including it on all hosts. Also, cleanup and comment a little bit while we're there. Bug: T163196 Change-Id: Ic163ee735977cf8d3e85eb8d73727c91fb556196 11 May 2017, 14:42:12 UTC
71d934f andrewbogott 06 May 2017, 02:33:04 UTC Nova policy: Open up quota-related queries It would probably be ok to open up "compute_extension:quota_classes" as well but I can't figure out what that does so am erring on the safe side unless we turn out to need it. Bug: T164332 Change-Id: I4cbaeb4bd5eb5b4d0d7b154c2c5677b9b605117b 11 May 2017, 14:08:02 UTC
f0cf0d8 Faidon Liambotis 27 April 2017, 21:51:05 UTC labs: remove the _eth0 suffix from ipaddress facts Our new ipaddress/ipaddress6 facts do the right thing and there is no reason to explicitly use the value of ipaddress_eth0. Remove those mentiions from all Labs/ToolLabs manifests. Bug: T163196 Change-Id: Iefb1464a2b33a2daa7871b6ec561d240c02a87d0 11 May 2017, 12:45:08 UTC
5d62720 Riccardo Coccioli 11 May 2017, 08:29:27 UTC LVS: move pybal config to a separate class - lvs::configuration is included in many places, but the $pybal configuration is actually used only by pybal. Moreover the values in there makes no sense when applied to non-LVS hosts. - this fixes also the errors in deployment-prep due to missing IPv6 Bug: T163196 Change-Id: I035e0192faea4385a470451ddce88afa4b736eb8 11 May 2017, 12:05:26 UTC
1140978 Moritz Muehlenhoff 11 May 2017, 10:57:18 UTC role::mariadb::wikitech: Switch to ferm constants Prevents errors like the one fixed in a7d62a6008c4bd2f2c4e3d2cb265ae69aff69661 Change-Id: I68637a34b614d6da49261801b8a010b5ae576262 11 May 2017, 10:57:18 UTC
a7d62a6 Moritz Muehlenhoff 11 May 2017, 10:26:21 UTC Remove mira from role::mariadb::wikitech ferm rule 478bd1a14653127f62fe787aa9f3c6af00b48b8f in ops/dns removed the DNS entry for mira, but 1a903481607ebf822ebe3d573253cb26d55c171a didn't remove it from the ferm host list for mariadb::wikitech. This leads to a ferm startup failure on labtestwiki/silver (silver hasn't reloaded yet, so it's not a live error yet, but would trigger with the next ferm reload): Error in /etc/ferm/conf.d/10_mysql_deployment_terbium line 4: tin.eqiad.wmnet mira.codfw.wmnet naos.codfw.wmnet terbium.eqiad.wmnet wasat.codfw.wmnet ) ) <-- DNS query for 'mira.codfw.wmnet' failed: NXDOMAIN Bug: T164588 Change-Id: Ie52fa3a40194436fd8365a9add3239ab5cd17c92 11 May 2017, 10:37:32 UTC
665adb0 Arzhel Younsi 11 May 2017, 10:08:57 UTC Workaround for puppet/icinga issue Where Icinga looks for logstash.svc.codfw.wmnet while it doesn't exist Bug: T151971 Change-Id: I9739294e7fc76785e523c75491ab89e96784faf4 11 May 2017, 10:23:41 UTC
a3aba08 Moritz Muehlenhoff 11 May 2017, 09:48:38 UTC Remove mira from tcpircbot config 478bd1a14653127f62fe787aa9f3c6af00b48b8f in ops/dns removed the DNS entry for mira, but 1a903481607ebf822ebe3d573253cb26d55c171a didn't remove it from the ferm host list for tcpircbot. This leads to a ferm startup failure on tegmen: May 10 18:13:30 tegmen ferm[45700]: Starting Firewall: fermError in /etc/ferm/conf.d/10_tcpircbot_allowed line 4: May 10 18:13:30 tegmen ferm[45700]: eventlog1001.eqiad.wmnet tin.eqiad.wmnet mira.codfw.wmnet naos.codfw.wmnet puppetmaster1001.eqiad.wmnet puppetmaster2001.codfw.wmnet tMay 10 18:13:30 tegmen ferm[45700]: ) May 10 18:13:30 tegmen ferm[45700]: , AAAA May 10 18:13:30 tegmen ferm[45700]: ) May 10 18:13:30 tegmen ferm[45700]: <-- May 10 18:13:30 tegmen ferm[45700]: DNS query for 'mira.codfw.wmnet' failed: NXDOMAIN Bug: T164588 Change-Id: Ifd4537c63d36cf9f3bd188ac62ffedc64f9c1ed9 11 May 2017, 10:06:58 UTC
8799f57 Arzhel Younsi 11 May 2017, 09:47:38 UTC Ferm to allow tcp/10514 on logstash nodes Bug: T151971 Change-Id: I8081da7158b205986a13ed6f0a54d7d63919767b 11 May 2017, 09:47:38 UTC
57353a9 Erik Bernhardson 10 May 2017, 18:38:19 UTC Logstash match_mapping_type still uses string, not text In elasticsearch 5.x the string mapping was deprecated, in favor of text and keyword mappings. It turns out this was only deprecated for the actual mapping though, and not for the match_mapping_type part of mapping templates. Upating this to "string" should bring back the old index format, with '*.raw' fields so all our existing dashboards continue to work as expected. Bug: T164823 Change-Id: I651ce56964d6326cadda29244de259b7b5d203b4 11 May 2017, 09:12:20 UTC
70f76bd Daniel Zahn 10 May 2017, 17:09:58 UTC thumbor: move 'include standard' to role Change-Id: I4a6b2e0a275ce517911288e350d0acc34322b53a 11 May 2017, 09:00:20 UTC
582e4f1 Daniel Zahn 10 May 2017, 17:06:26 UTC parsoid: move 'include standard' to role Change-Id: Ifd355e418d3343f59758a9badab253eaeeaa9557 11 May 2017, 08:59:14 UTC
24336bf Daniel Zahn 10 May 2017, 17:14:09 UTC puppetmaster::backend: move 'include standard' to role Change-Id: I09d073bd10232a0fba51890cdfe2661c0ef95856 11 May 2017, 08:58:14 UTC
f460f0c Daniel Zahn 10 May 2017, 17:11:41 UTC poolcounter: move 'include standard' to role Change-Id: I221f6cdae9fb62e8dc291732405592a118453b6f 11 May 2017, 08:57:20 UTC
6038792 Daniel Zahn 10 May 2017, 01:46:43 UTC apertium: use logrotate::conf for logrotate Change-Id: I54f9356ce5c1b17d9239acbdb9b4c0413c1c02e6 11 May 2017, 08:56:46 UTC
3736d9e Daniel Zahn 10 May 2017, 17:19:09 UTC ganeti: move 'include standard' to role Change-Id: I504d1c74c7b7fb6a46d52976abd24ae9841f0732 11 May 2017, 08:55:34 UTC
d74a00d Arzhel Younsi 10 May 2017, 13:13:25 UTC Add new logstash LVS service Based on the listeners listed in modules/role/manifests/logstash/collector.pp Inspired by https://gerrit.wikimedia.org/r/#/c/324371/ Bug: T151971 Change-Id: I048e38080e6055b107d5ce767b0e9d7c235fabf1 11 May 2017, 08:37:08 UTC
9923d2e Giuseppe Lavagetto 11 May 2017, 06:09:10 UTC role::deployment::mediawiki: include ::profile::conftool::client Needed for D600 Bug: T163565 Change-Id: Ied739da8f77539249b64994d8000dcd96b4e2a48 11 May 2017, 06:09:10 UTC
db01b7e Daniel Zahn 10 May 2017, 01:50:53 UTC kafkatee: use logrotate::conf for logrotate Part of a general cleanup to use logrotate::conf all over the repo where we have /etc/logrotate.d snippets. Tested on oxygen.eqiad.wmnet. Change-Id: I90e08609701430e229db5a84b22bf10f5e6735fd 10 May 2017, 23:45:26 UTC
d15beda Daniel Zahn 10 May 2017, 17:03:49 UTC site.pp: consistent quoting for role names Change-Id: I7c267e233d5a93fd4178ec180ba5a158f2b8ea7e 10 May 2017, 23:40:42 UTC
ae91eff Daniel Zahn 10 May 2017, 01:52:58 UTC hadoop: use logrotate::conf for logrotate Part of a general cleanup to use logrotate::conf all across the repo. Compiled and checked on analytics1003. Change-Id: I31c9c1f8367a5e3d5db249960f260449e043edf4 10 May 2017, 23:34:06 UTC
5ad7f49 Daniel Zahn 08 May 2017, 20:03:15 UTC dynamicproxy: use logrotate::conf for logrotate Change-Id: I80c36606536463af15e6814dc07e90e1c21cc8c1 10 May 2017, 23:13:51 UTC
f982f9b Timo Tijhof 10 May 2017, 16:46:03 UTC webperf: Remove remnants of webperf::asset_check Follows-up 35d45f78d7. Bug: T164419 Change-Id: I363335dd022f36be2cfff1251be2b90defb31ca7 10 May 2017, 22:27:10 UTC
c285b48 Paladox 10 May 2017, 15:43:17 UTC deployment_server: Fix misspelt variable Change-Id: I45e968a0dc013311e66f2fbc04b2bdab10ea252b 10 May 2017, 22:08:54 UTC
2ef980c Daniel Zahn 08 May 2017, 18:44:28 UTC openstack: use logrotate::conf for logrotate Change-Id: I71776e0ccf7e2549d01292f4609e811ec2862dd5 10 May 2017, 21:15:28 UTC
d487b23 Daniel Zahn 10 May 2017, 20:30:02 UTC deployment::server: move add_ip6_mapped back to site.pp The "add_ip6_mapped" calls should go back from profiles into site.pp. I tried to consolidate but it's breaking the roles in labs, since labs does not have IPv6. This is like d1512074fc28a10cf but doing it only for deployment servers to fix deployment-tin/mira specifically before touching all roles. Change-Id: Ibaf10e16a903b8341c7923135f531b745025dffe 10 May 2017, 20:40:16 UTC
1a90348 RobH 10 May 2017, 17:28:28 UTC decommission mira out of warranty host, no longer in service for deployment master, replaced by naos. removal of all old puppet references Bug:T164588 Change-Id: Iaa81d059c1105897edbeedf9c64d7cb2b81d22d6 10 May 2017, 17:46:15 UTC
c9ab3a4 andrewbogott 10 May 2017, 16:36:48 UTC Californium: include ldap client tools This will let us query ldap for sudo info &c. Bug: T162097 Change-Id: Ida9e5db684716dee2dee14666422f4dab3d5c8ff 10 May 2017, 17:12:05 UTC
f636b81 andrewbogott 10 May 2017, 15:22:01 UTC Horizon: add novaadmin ldap creds to the horizon config I don't love doing this but I need horizon to read/write ldap and getting the properly-scoped user creds into an ldap session would be extremely complex. Instead we'll protect this access via the policy.json rules. Bug: T162097 Change-Id: If497920ab7257a8f3ed98b2a08ec5e12556b080c 10 May 2017, 15:28:38 UTC
abb91e5 Alexandros Kosiaris 10 May 2017, 15:22:38 UTC Revert "Fix user/group ownership for kubernetes certs" This reverts commit 2dca5e301576ac6a89fd4820efffbb998ed7051e. Change-Id: I1ecd327839611526a1f7a87e4f3e5599be7e0eb1 10 May 2017, 15:22:47 UTC
52868d8 Faidon Liambotis 27 April 2017, 21:48:58 UTC dnsrecursor: use ipaddress6, not ipaddress6_eth0 The ipaddress6 fact should DTRT right now and there is no reason anymore to be hardcoding the interface name in there. While at it, move to $facts instead of the top-scoped variables for facts. Bug: T163196 Change-Id: I771346267a76fe692375c0e664eb13dbef3ee7d6 10 May 2017, 15:10:28 UTC
888c32d Jaime Crespo 10 May 2017, 13:23:48 UTC mariadb-install_server: Allow temporary full reimage of db1056 Change-Id: I7e404dbdcb818c96a397d76bc9f7f7af6321af87 10 May 2017, 15:05:21 UTC
6b79a54 Faidon Liambotis 27 April 2017, 12:58:41 UTC lvs: replace $::ipaddress_eth0 by $::ipaddress The ipaddress fact should DTRT right now and there is no reason anymore to be hardcoding the interface name in there. Bug: T163196 Change-Id: I7f58cd4353424e48fb3b1010fad1f0ba4a68ca9a 10 May 2017, 14:34:47 UTC
50a9683 Gilles Dubuc 10 May 2017, 14:28:05 UTC Whitelist X-Content-Dimensions in swift Bug: T150741 Change-Id: I47261f28411bfbd1f3713c3e186297430c1976ab 10 May 2017, 14:28:22 UTC
1e46187 Giuseppe Lavagetto 10 May 2017, 14:16:15 UTC service::node: report timing data from check-service to statsd Change-Id: I1f2fb44ad44d0831f2e53776fc714344b3e974a9 10 May 2017, 14:25:37 UTC
40bf969 Brandon Black 10 May 2017, 14:15:10 UTC maps->upload: keep the upload sec-related headers upload-only The maps backend (kartotherian) does set some of these headers, so let's not overwrite them with stuff we were using in the upload case. Bug: T164608 Change-Id: I57e279a6b54e069a02ac681e978d0e36a3d23c52 10 May 2017, 14:16:17 UTC
e7553f7 Emanuele Rocca 10 May 2017, 13:34:15 UTC cache_upload VTC tests: update to reflect the <1K exception In 19213ec89cd1b69ab9ec77ad5cb54a6fadaacc41 we have added a VCL conditional to avoid caching small objects. Update VTC tests to reflect that. Change-Id: Ia8e8dffdf77e1ccba9c93d23ac25b168e0793d44 10 May 2017, 14:02:55 UTC
f69e04b Brandon Black 10 May 2017, 13:55:34 UTC maps->upload: fix kartotherian be_opts forgot to port over the (previously defaults at the maps-cluster level) backend port number and max_connections settings in e46f7c0a Bug: T164608 Change-Id: Id903cedf69752485f06b91bd5311d9fadfffedfb 10 May 2017, 13:55:34 UTC
6ca0bf1 Alexandros Kosiaris 08 May 2017, 12:11:28 UTC Migrate to using kubemaster.svc.$site.wmnet Use the LVS service's IP address instead of using the fqdn of the very first host from the master hosts. Change-Id: Ic42087bf72e4d54e1ef703612693d64301d6488f 10 May 2017, 13:42:11 UTC
e46f7c0 Brandon Black 03 May 2017, 15:54:50 UTC maps->upload functional cluster-level changes Note that many bits of upload-specific VCL are left in play for both cases, as they're ultimately not going to do much. We'd rather avoid excess VCL conditional complexity than try to cut all of these out of the maps request path. varnishmedia: filters for /thumbs/ which continues to do its job webrequest: needs discussion with analytics, as maps reqs will move to the webrequest_upload data source (but differentiable on request hostname) Bug: T164608 Change-Id: I2963112222a64b5349415813f347abea20547655 10 May 2017, 13:36:30 UTC
673e4d4 Alexandros Kosiaris 10 May 2017, 10:56:52 UTC Add role::lvs::realserver to role::kubernetes::master Include the role for lvs realserver in role::kubernetes::master and provide the hiera needed for it Change-Id: I8a0e48235f506a1eae5ea48bcfc5c610667212e2 10 May 2017, 13:03:38 UTC
4772c31 Faidon Liambotis 25 April 2017, 17:21:35 UTC Replace $::main_ipaddress by the new ipaddress fact $::main_ipaddress was a top-scope variable that was created in order to address the shortcomings of the ipaddress fact. It didn't really pick up and was only used in very few places across the tree. The ipaddress (and ipaddress6) fact were replaced by our own implementations that don't suffer from the same shortcomings. Replace $::main_ipaddress with $::ipaddress (or $facts['ipaddress']) where applicable. Bug: T163196 Change-Id: I3fba82e5be3a59791e04dbb2d91f5525d3264cdd 10 May 2017, 10:58:16 UTC
69d0fef Alexandros Kosiaris 08 May 2017, 12:40:32 UTC lvs: Add the kubernetes master service/cluster Add a conftool cluster called kubernetes, and add the first service for it, namely master. Listen on port 6443 for it, but don't enable ProxyFetch or icinga monitoring for now, until we figure out a proper way of authn/authz for monitoring requests. Also open the ferm firewall rules in order allow monitoring from pybal Bug: T162040 Change-Id: I5f7518e8923b44c8e203d463bcc206280812021f 10 May 2017, 10:39:57 UTC
2dca5e3 Alexandros Kosiaris 10 May 2017, 10:26:55 UTC Fix user/group ownership for kubernetes certs Use the kubernetes user/group instead of the homegrown kube one Change-Id: I1473945ead10fccdee1d5025ab372566fba3455c 10 May 2017, 10:26:55 UTC
7aa7565 Alexandros Kosiaris 10 May 2017, 10:14:45 UTC Fix the kubemaster.svc.$site.wmnet key path s/localcerts/private/ Change-Id: I1011e489fae9c8eefb9c4df5a8d1500b25a35285 10 May 2017, 10:14:45 UTC
554dbaf Alexandros Kosiaris 09 May 2017, 16:03:20 UTC Use a service cert for kubernetes masters Populate and use a service certificate for kubemaster.svc.$site.wmnet Change-Id: Iaf4ddf2fa6933c9231c24856853fa0ffeb45469f 10 May 2017, 10:12:37 UTC
72901c1 Daniel Zahn 10 May 2017, 01:43:44 UTC etcd: use logrotate::conf for logrotate Change-Id: I6765e7e970347b211fae5bc20bbc3af7c293f724 10 May 2017, 09:57:24 UTC
8707d9f Moritz Mühlenhoff 10 May 2017, 09:24:26 UTC Update comment It was removed from labnodepool Change-Id: I7f9b5b9a5981369092744d51a2c5bc4ce2b16fc2 10 May 2017, 09:24:26 UTC
eef3ea7 Jaime Crespo 10 May 2017, 08:07:04 UTC Enble puppet on db2062- a one-time experiment for mariadb 10.1 db2062 was experimentally upgraded to 10.1. It was going to be a temporary test, so puppet was disabled. As there is no bandwidth to either continue testing, supporting it, or reverting the change, make a horrible hard-coded exception, aiming for proper support in the future, which is part of T148507. Bug: T116557 Change-Id: Ia9ab2884234d193d996baa960a78c81b209d7fa3 10 May 2017, 08:26:28 UTC
4a9d350 Antoine Musso 10 May 2017, 08:12:26 UTC nodepool: do not install Package[libguestfs-tools] libguestfs-tools provides utilities to inspect disk images. It is better done directly on our machines. Change-Id: Id71cd797b6048c3c26af7577c0b677e0cdc392e7 10 May 2017, 08:12:26 UTC
aa90cb2 elukey 10 May 2017, 07:39:04 UTC Fix logrotate config for analytics1003 to avoid cronspam Bug: T132324 Change-Id: Id0b668eb3b36067ecb3b4c83d23651650dfa25f2 10 May 2017, 07:47:52 UTC
b773e32 Faidon Liambotis 10 May 2017, 07:41:14 UTC Revert "base::standard_packages: Remove ubuntu precise check" This was obviously broken and misguided. os_version("ubuntu => precise") returns false on Debian systems and as was obvious by the commit message that introduced this, this was there to avoid being applied on jessie systems. This currently breaks labnodepool1001, which uninstalls libguestfs-tools on even puppet runs, only to reinstall it on odd ones. This reverts commit a8b64a73f30a93ecdff7d3835d8eca95985f6422. Change-Id: I1728ba340ebdf82c11ec3f5ef2f5f7f2ec783182 10 May 2017, 07:43:12 UTC
5c4f02d Daniel Zahn 25 March 2017, 00:02:19 UTC deployment::server: convert to profile/role Moving this role towards a role/profile structure to follow current puppet code organization practices. https://wikitech.wikimedia.org/wiki/Puppet_coding#Organization Change-Id: Ieac6487d603b1edf715364bec2a0ef8c04be94ea 10 May 2017, 01:28:31 UTC
fa97aaa Daniel Zahn 08 May 2017, 20:05:01 UTC profile::base: use logrotate::conf for logrotate Change-Id: I264ec3699acc3f83fdf1d6c6ff7d925eaca696f2 10 May 2017, 01:13:03 UTC
0993a46 Daniel Zahn 08 May 2017, 20:01:42 UTC salt: use logrotate::conf for logrotate Change-Id: I56db810f588eb389c4a24b71d28dff376ce58e3d 10 May 2017, 00:47:22 UTC
fff6d4a Daniel Zahn 03 May 2017, 19:44:51 UTC systemd: use logrotate::conf for logrotate config Change-Id: I9b8742cfdc70f7b4fd87d9c54c09735460510fb3 10 May 2017, 00:36:04 UTC
a77add4 Daniel Zahn 08 May 2017, 18:57:40 UTC base::puppet: use logrotate::conf for logrotate Change-Id: Id59e584428057b95315651252722439c13958b52 10 May 2017, 00:30:29 UTC
e7133c1 Daniel Zahn 08 May 2017, 18:53:42 UTC mediawiki::jobrunner: use logrotate::conf for logrotate Change-Id: I69d5a3f22a6100145abadbd7e9e5f26cb7624546 10 May 2017, 00:24:18 UTC
9486d03 Daniel Zahn 08 May 2017, 18:40:51 UTC elasticsearch: use logrotate::conf for logrotate Change-Id: I30ee0bb74e2c96f333b70f4b08964e284518691c 10 May 2017, 00:19:13 UTC
1d04135 Daniel Zahn 08 May 2017, 18:55:46 UTC graphite: use logrotate::conf for logrotate Change-Id: Ic18762b977618269ea083604b7ff6abc5ac76d3c 10 May 2017, 00:07:21 UTC
3a8013a Daniel Zahn 08 May 2017, 19:47:18 UTC camus: use logrotate::conf for logrotate Change-Id: I5107f4acf60479e1bbd8108a5dc3714fa90a9448 10 May 2017, 00:03:34 UTC
0472671 Daniel Zahn 08 May 2017, 19:58:34 UTC rsyslog: use logrotate::conf for logrotate Change-Id: I14a50980be6b1f55f78727a71a92db0f589b410a 09 May 2017, 23:43:20 UTC
0d2fa20 Daniel Zahn 09 May 2017, 23:17:32 UTC site.pp: remove db1040, decom Bug: T164057 Change-Id: Ifcdce0a3edd164a027024911c9913a181467bc03 09 May 2017, 23:29:35 UTC
b9e6512 Daniel Zahn 09 May 2017, 23:02:48 UTC site.pp: remove analytics1027, decom Bug:T161597 Change-Id: I3e99f1ef9d0a557127d849092bcf5cf805ea865f 09 May 2017, 23:04:32 UTC
df82f3c Daniel Zahn 08 May 2017, 20:00:09 UTC snapshot: use logrotate::conf for logrotate Change-Id: I6e281faa6bb169d0fbe4bd87674d5214d16971b2 09 May 2017, 21:21:29 UTC
02763d9 Brandon Black 09 May 2017, 20:54:53 UTC sslcert: regenerate dhparam.pem It's been ~6 months, may as well! Change-Id: I8ed50ebfeb8e5ca1d8872eb2c6c9ae5a264c68a2 09 May 2017, 20:57:16 UTC
aeb1902 Brandon Black 09 May 2017, 20:26:05 UTC ssl_ciphersuite: remove DHE-RSA-AES128-GCM-SHA256 This is one of our last two remaining DHE-based suites and its 30d usage sits at a modest 0.068%. The other is DHE-RSA-AES128-SHA, which enjoys a relatively-robust popularity of 0.712% due primarily to Android 2.x and is at the very end of our forward-secret list. None of the current users of the cipher to be removed cipher will lose connectivity. Ciphersuite simulations on past real traffic indicate the users of the removed cipher will primarily switch to the other DHE alternative above, although a small fraction will instead switch to ECDHE-RSA-AES128-SHA (which is preferable anyways). Removing this has a chance to increase our compatibility with a tiny percentage of clients who may be stuck on the DHE > 1024 issue, at an acceptably-tiny loss to our overall AEAD stats. It also gets our "high" list for TLSv1.2 aligned with our expected TLSv1.3 offerings (later this year), which will simplify future analysis, and paves the way for eventually disabling the final DHE cipher (probably after we've removed both of our legacy non-forward-secret options and disabled TLSv1.0, so probably no earlier than late 2018 at best). Change-Id: I22ab2b15251396a0bfef3ac6d7455e622332d92b 09 May 2017, 20:40:12 UTC
8508e5c Daniel Zahn 08 May 2017, 20:12:26 UTC ocg: use logrotate::conf for logrotate Change-Id: I9dc445f9f37be5d047a2acbeda531e7c2fd8ee2c 09 May 2017, 20:14:20 UTC
0b3ac5d Brandon Black 09 May 2017, 13:24:58 UTC varnish: move nuke/lru and exp_thread stuff to all clusters Change-Id: If361a58c79e8e866f9b7da8415a764e5777962a5 09 May 2017, 18:36:18 UTC
bb94f9a elukey 12 April 2017, 15:02:31 UTC check_hadoop_yarn_node_state: add syslog logging for CRITICAL states Change-Id: I996bb680b3bb5dbd3d121e3d617295a99bf2bd40 09 May 2017, 16:54:18 UTC
b2f9e6a cmjohnson 09 May 2017, 15:46:17 UTC Removing analytics1027 from dhcpd file T161597 Change-Id: I7c095d00446f2ae30061d5256e28f03615f025c3 09 May 2017, 15:46:17 UTC
back to top