Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
e2b94d7 dzahn 08 July 2015, 04:45:55 UTC make icinga firewall more readable Used \ to wrap. Change-Id: I2e85ecda8826f9092e69088cbc9cbf03ccd2b370 08 July 2015, 18:10:30 UTC
25303ef andrewbogott 08 July 2015, 17:49:32 UTC Add firewall to neptunium. Bug: T102481 Change-Id: Idd5201be10c967b8288729855d47f8415aec5ee5 08 July 2015, 17:49:32 UTC
5c1bbfa Moritz Mühlenhoff 07 July 2015, 17:42:17 UTC enable ferm for neptunium Change-Id: I018e1d472722cf02336578bc75228950046b932c 08 July 2015, 17:34:03 UTC
4650c49 Filippo Giunchedi 07 July 2015, 07:48:38 UTC install_server: switch to elasticsearch 1.6 Bug: T102008 Change-Id: I7ac9ed55bd05c509f77cf8403b0cc17c0bd1c9eb 08 July 2015, 16:09:43 UTC
ddbce44 Filippo Giunchedi 08 July 2015, 15:50:06 UTC cassandra: use lock file with flock Bug: T104208 Change-Id: I28f97cf3163dc250e2c014207b717bc025dfd4bc 08 July 2015, 15:51:34 UTC
56098fc Filippo Giunchedi 02 July 2015, 00:29:34 UTC cassandra: alternative metrics collector Add a new trebuchet-deployed repository to ship a JMX-based metrics collector which pushes metrics to graphite. We've found the built-in dropwizard metrics reporter to be unreliable, given that JMX is used in cassandra to be the source of truth this reporter should provide much more reliable metrics. Bug: T104208 Change-Id: I370c699222002b62352ddcae3a0e73b72329b4b9 08 July 2015, 14:47:15 UTC
97bf2e9 Brandon Black 08 July 2015, 14:18:58 UTC test secret() again on cp1008 Change-Id: I6d10a47168e7b9749ad205fbd034df629fe57d9f 08 July 2015, 14:19:35 UTC
c9d01d1 YuviPanda 08 July 2015, 13:25:38 UTC ores: Fix typo Change-Id: I1b5a1ebd62c92c816c8777431a2df7f2fa779110 08 July 2015, 13:25:58 UTC
0ef09ec Moritz Mühlenhoff 08 July 2015, 12:52:34 UTC Deactivate packet filter on potassium nf_conntrack table full is wreaking havoc. Change-Id: I1b9ec2294d7bcf48c397937ba64489b4acc070ed 08 July 2015, 12:53:51 UTC
5c7e961 Moritz Mühlenhoff 07 July 2015, 12:16:43 UTC Enable packet filter for potassium Include base::firewall. role::poolcounter already provides the respective ferm rules (which are also already in use on subra and suhail for codfw. Change-Id: I5f76d1f491cbcb83b9f7cfeb64329baec8309a06 08 July 2015, 12:08:42 UTC
c59ccc0 Bryan Davis 07 July 2015, 19:55:02 UTC beta: include deployment-mediawiki03 in scap targets Bug: T72181 Change-Id: I7cf664a257c55dbbc15fbc772d2f57da4688c5b4 08 July 2015, 11:58:18 UTC
e7a0947 YuviPanda 08 July 2015, 10:46:25 UTC uwsgi: Update Service['uwsgi'] to more accurate Service defs Change-Id: Ic4bb4b3d93ffa01b5dfba5b3c99b8b95a15814af 08 July 2015, 10:46:25 UTC
b3daa1e YuviPanda 07 July 2015, 19:27:55 UTC uwsgi: Clean up uwsgi module - Works on Jessie! - Creates a new upstart/systemd unit per uwsgi app, instead of 'uwsgi' instances. This, IMO, is much easier to maintain and understand. - Move NRPE monitor check into the app, so we get per app checks Change-Id: I23716dec739f6c3ba2fa61ea60579de8bfd4e42c 08 July 2015, 10:39:13 UTC
5af0ba4 Giuseppe Lavagetto 07 July 2015, 15:46:59 UTC imagescalers: reimage mw1153 with HAT Since Ori fixed the 404 bug we had in I977387bf3e039, we should be finally good to go with the conversion. Bug: T84842 Change-Id: I1598646351c7f63781ffd8f0cfa8e7ddd4a0abcd 08 July 2015, 09:19:41 UTC
f853119 Ori Livneh 08 July 2015, 08:57:26 UTC Fix request-matching logic in varnishrls The mistake I made here was to assume that command-line options were implemented entirely by VSL_Arg(). This is not true for the 'm' arg. Adding a regex does not mean the varnishlog callback only gets called with matching requests. Instead, it means that a bit in the bitmap field will be set if the regex matched and the current log tag is the tag specified in the regex. This means that it is up to us to track whether the current log record is associated with a request which matched our conditions. We can do that by relying on the fact that for every request, RxURL comes before RxHeader which comes before TxStatus. This means that whenever we get a matching RxURL, we look for the RxHeader and TxStatus records that follow it and which have the same transaction ID. TxHeader is trickier to order relative to RxURL / RxHeader / TxStatus, so we'll just live without logging of X-Cache hits / misses for now. As Brandon pointed out, they don't necessarily correspond to cache hits / misses anyway. I tested this on cp1066 by confirming that the rate of requests it picks up matches the rate of load.php requests as reported by varnishncsa. Change-Id: I55f0c44cd5270e5a4809106514aebead63dbcf5c 08 July 2015, 09:12:53 UTC
76d4791 Moritz Mühlenhoff 02 July 2015, 15:03:18 UTC Convert firewall resource declarations to an include for consistency Change-Id: Id238052618c0fc6f255e2ea3bd5b372a8479b4dd 08 July 2015, 07:10:28 UTC
b09265c Brandon Black 08 July 2015, 03:33:41 UTC sslcert::std_cert explicit deps This prepares us for ssl::std_cert not being a wrapper of sslcert::certificate. Change-Id: I8798d91fe9af2622cda1bf254d25edf6b8009f85 08 July 2015, 03:45:13 UTC
27fd49e Brandon Black 08 July 2015, 03:17:09 UTC sslcert::certificate: no backup/show_diff on private Change-Id: I55bbbf77bcf5803a5d5b7d21363250247321d9e3 08 July 2015, 03:45:13 UTC
3a6b93a Brandon Black 08 July 2015, 02:53:15 UTC Revert "test secret()" This reverts commit e09f14c42da4647e4873fc8c66a8905df3203648. Change-Id: I70833f10e9a11748ade52d0f7aa7c3269b91523c 08 July 2015, 03:45:06 UTC
e09f14c Brandon Black 08 July 2015, 02:46:26 UTC test secret() Change-Id: Ie0fb28cf0303e588092aa1860ed8b70722ddbf05 08 July 2015, 02:46:35 UTC
c710d75 dzahn 07 July 2015, 01:36:28 UTC annualreport: remove role from zirconium Bug:T104936 Change-Id: I12fd4f064be3cc9b9358ad70eb5de05150b89da0 08 July 2015, 02:23:38 UTC
9a54d70 dzahn 07 July 2015, 01:45:00 UTC misc-web varnish: switch annualreport to bromine Bug:T104936 Change-Id: I421c9f8fbbbf12309a0118df860dd8d9d07addcb 08 July 2015, 02:09:52 UTC
ca17ef5 dzahn 08 July 2015, 01:53:02 UTC tcpircbot: allow v4 connections from mira follow-up to I722e91a9b21f60e4c57e also allow the v4 address Change-Id: I9a1ccd5643804ea9f84fd7aee44f56d864a4ce71 08 July 2015, 01:55:06 UTC
fb10fae dzahn 07 July 2015, 01:55:22 UTC annualreport: update Apache config for 2.4 syntax changed from Apache 2.2 to Apache 2.4 http://httpd.apache.org/docs/2.4/upgrading.html Do i need to have a Directory / at all? Bug:T104936 Change-Id: I12bcf3651b36b6705fee8acf81b9e662f78c93f2 08 July 2015, 01:40:58 UTC
2b13a65 dzahn 08 July 2015, 01:23:29 UTC tcpircbot: allow connections from mira On top of ferm rules (I8df023c1a789c) we also need to allow mira to connect in tcpircbot config itself so we can let the bot report deployments from codfw. Bug:T95436 Change-Id: I722e91a9b21f60e4c57e0d3ee1c6ac9c71ddd180 08 July 2015, 01:28:43 UTC
bbccedf dzahn 08 July 2015, 00:56:53 UTC icinga: fix ferm rules on neon In I667a95ec7e5d79ebd2 the ESAMS public network was renamed, leading to this when trying to apply an unrelated change: * Stopping Firewall ferm Error in /etc/ferm/conf.d/10_ncsa_allowed line 8: no such variable: $ESAMS_PUBLIC_PUBLIC_SERVICES Change-Id: I6670906c18ac56d939f94681e84e48649efd163f 08 July 2015, 01:01:03 UTC
46d989f dzahn 07 July 2015, 23:58:45 UTC allow mira to connect to tcpircbot on neon When deploying, the deployment server connects to tcpircbot on neon to announce the sync. This was allowed for tin and we want it to work for mira in codfw. Add v4 AND v6 address. Bug:T95436 Change-Id: I8df023c1a789c9a9f521211fa856759246c978a8 08 July 2015, 00:22:32 UTC
b2003ee dzahn 07 July 2015, 01:41:38 UTC annualreport: add role on bromine Bug:T104936 Change-Id: I493d8ec4dd5f079eac7eda475749e6a2cb192e0b 07 July 2015, 23:21:36 UTC
0b621b3 John F. Lewis 07 July 2015, 23:05:16 UTC mailman: add missing language templates including missing yet translated language templates which are a part of mailman's i18n. There are more, but these do not exist to mailman. This adds all languages which completes the language change over. Bug: T71858 Change-Id: I4c3db85bbd0726810bdbb498f3ef904070ae89ef 07 July 2015, 23:05:16 UTC
fe127f1 RobH 23 June 2015, 16:43:47 UTC star.planet.wikimedia.org sha256 ssl cert replacing the sha1 in use on misc-web. Do not push this unless you are prepared to babysit the merge on misc-web cluster. T73156 Change-Id: I7b1868d412de65d510aa9615a27144f4ecbe5af2 07 July 2015, 22:35:10 UTC
290b106 Brandon Black 07 July 2015, 21:41:08 UTC chain fixes: ganglia, icinga, lists, rt, tendril, wikitech, gerrit Change-Id: Id372d6e8bc5925cfdf15dc8ee374e3df14b4eef1 07 July 2015, 22:32:08 UTC
2b5e2d9 dzahn 07 July 2015, 21:05:46 UTC deployment::server: move backup code into role Backing up /home directories is a feature of a deployment::server, so put it in the role to keep deployment servers identical in both DCs. Change-Id: I68843128c415d8644bf821e1ce7486cb3f3fc1fc 07 July 2015, 22:10:50 UTC
2113cf4 Brandon Black 07 July 2015, 21:26:27 UTC remove GeoTrust_Global_CA => absent Change-Id: I885d7a006510d8ef563c543d8500a063c66a4b05 07 July 2015, 22:00:48 UTC
ef6aa0d dzahn 07 July 2015, 21:01:47 UTC move 'include mysql' into role deployment::server This should be included because it is a deployment server, not separately on the node, so we keep deployment servers identical. Also reverts I39678df0fdae which wasn't necessary, as long as this is part of the role as it should be. Change-Id: I0b18bf20c9d3cebed1b5d3b425363eae32901ca0 07 July 2015, 21:44:00 UTC
f0f1a4a dzahn 07 July 2015, 20:53:49 UTC mira - deploy codfw - adjust roles to be like tin Include all the exact same roles that tin includes to make both deployment servers in eqiad and codfw the same. Move classes around to make the differences more obvious (it's only that tin doesn't have base::firewall yet, we'll do that after it's proven to work to deploy from mira) Change-Id: Iee1a444754eb0c533d83e7f69119984d242a7692 07 July 2015, 21:39:21 UTC
b23b186 Brandon Black 07 July 2015, 21:24:21 UTC switch ticket.wm.o to proper chain.crt file Change-Id: I6f5fdd295eb2ef43870cdd48987a9cfbcdf102cf 07 July 2015, 21:24:21 UTC
76fa591 Brandon Black 07 July 2015, 20:57:23 UTC sslcert: output both kinds of chain(ed) files Change-Id: Iff9caf764a99495a972d2816191501edc0323c15 07 July 2015, 21:04:55 UTC
911c58e dzahn 03 July 2015, 03:03:41 UTC install mysql-client in role::deployment:server tin has it installed but it's not puppetized, so mira did not get it even though including the same role(s). T95436#1423748 says deployers are expecting to have mysql-client on deployment servers. "This is an empty package that depends on the current "best" version of mysql-client (currently mysql-client-5.5), as determined by the MySQL maintainers. Install this package if in doubt about which MySQL version you want, as this is the one we consider to be in the best shape." Bug:T95436 Change-Id: I39678df0fdae4f21f631eee9ae5a93b51893d7b7 07 July 2015, 20:22:46 UTC
b926ce3 Chad Horohoe 06 July 2015, 20:48:23 UTC Gitblit: Remove ssl cert stuff Gitblit doesn't support running its own cert stuff anymore, needs to be behind misc-lb Change-Id: I68fc31267aa042aea4c0ccf3670a80afb957543e 07 July 2015, 20:07:49 UTC
a6e2138 Brandon Black 07 July 2015, 19:54:31 UTC Wipe bad Equifax-signed GeoTrust_Global_CA (ca-certificates has better installed) Change-Id: Ic153a01e2843926423c033db3640bbfe956230ec 07 July 2015, 19:54:39 UTC
6db1a6b Bryan Davis 06 July 2015, 21:27:33 UTC beta: Replace deployment-logstash1 with deployment-logstash2 Bug: T101541 Change-Id: Iffc3e62439d6bbccf7f5e215c1bfb56eab6f33c0 07 July 2015, 19:39:45 UTC
d67ceaf Bryan Davis 06 July 2015, 20:48:18 UTC logstash: Enable user & group authz modules for Kibana Bug: T103804 Change-Id: I751ad63828e9c7a26bb8b07804310bd3c056ada3 07 July 2015, 19:39:32 UTC
3eee71c YuviPanda 07 July 2015, 18:14:34 UTC uwsgi: Do not use custom startup script for jessie Change-Id: Id2565756602364e8784307ad0203b964ed251967 07 July 2015, 18:16:11 UTC
f42677e Moritz Mühlenhoff 07 July 2015, 17:39:41 UTC enable ferm for nembus Change-Id: I6f73e99954367adbe6c1c3b6f091694720e2b5c8 07 July 2015, 17:54:27 UTC
ec64eb3 Chad Horohoe 07 July 2015, 17:04:15 UTC Phabricator: Remove php5 from manifest It's redundant as all the various extensions will already include it, as will libapache2-mod-php5 Change-Id: I39100cc05361db26f7fbbf835e0f0d84cc7b9ab8 07 July 2015, 17:06:50 UTC
352063b Antoine Musso 09 June 2015, 13:53:10 UTC contint: install python3-tk pywikibot/core has documentation runs via Tox / python3 on Trusty instances. That requires the python3-tk package installed on our slaves. Since the package is available on Precise, Trusty and Jessie, install it everywhere. Bug: T101697 Change-Id: I9a561239f01fa0ae1b6856ed81633d1fc845534a 07 July 2015, 17:05:46 UTC
dcbecb4 RobH 26 June 2015, 18:03:29 UTC updating ticket.wikimedia.org cert with sha256 old sha1 cert replacement, uses same key. DO NOT SIMPLY MERGE. This change needs to be confirmed to work with OTRS, and the config files may need updating. Bug:T91504 Change-Id: Ifd20227518e90eb1e6b2c78e23029b5f16859cca 07 July 2015, 17:02:56 UTC
22e2551 dzahn 07 July 2015, 05:29:46 UTC protactinium: add base::firewall not being used? slap firewall on it, next service using it should add holes in their role Change-Id: I44bb1c54f9bf34c6e3d2f72e174ad187795e8d9f 07 July 2015, 16:31:51 UTC
c77457a andrewbogott 26 June 2015, 03:20:40 UTC Remove the wait-on-NFS code from labs instance firstboot. Bug: T102544 Change-Id: Ief93f459e7affc48926baffec84590a15911b145 07 July 2015, 06:41:45 UTC
881576d andrewbogott 07 July 2015, 06:39:50 UTC Check for exports every second rather than every 5. Let's get this done as soon as possible. Change-Id: I99a86056e07a4301f3c537aa87e8de5d7d754610 07 July 2015, 06:41:45 UTC
d68716c Brandon Black 07 July 2015, 14:56:21 UTC varnish: enable dynamic directors in esams Bug: T97029 Change-Id: Ifed5c618adf822e928235749f1dc3df98149c731 07 July 2015, 15:54:58 UTC
ab998b8 andrewbogott 07 July 2015, 06:32:34 UTC Don't set -e in block-for-export A command failing is expected behavior! Change-Id: I7ff967664112d484e7b2c8da738de83bebaacb14 07 July 2015, 06:33:43 UTC
0fc5dc2 andrewbogott 07 July 2015, 06:15:14 UTC Install nfs-no-idmap before probing nfs for exports. Change-Id: Ieffc0ee834e5b7cd8fe04066a2df4f123697d87c 07 July 2015, 06:17:00 UTC
e7cb80a RobH 01 July 2015, 19:55:44 UTC EventLogging access for maxsem Adding maxsem to statistics-users, analytics-privatedata-users and researchers groups. DO NOT MERGE WITHOUT CHECKING TASK! All criteria and approvals must be confirmed on task before this is merged. Bug:T104482 Change-Id: I6935ea4da2076e0141b09286486e04953f52fc66 07 July 2015, 15:30:23 UTC
ede70dd andrewbogott 26 June 2015, 03:14:51 UTC Wait for a minute for NFS exports before trying to mount requested volumes. Once this is in place we can remove the equivalent block that happens during instance creation. Bug: T102544 Change-Id: I5f8f97eac84f01854846ca8105980b729768d194 07 July 2015, 15:08:32 UTC
b4aec71 Kartik Mistry 06 July 2015, 15:41:29 UTC CX: Add 'en' as target wikis and MT support Bug: T94123 Change-Id: I4d55aa42f3e1167beee36dfe7759a5ce28cbdeb0 07 July 2015, 15:06:08 UTC
11264ee Brandon Black 07 July 2015, 05:54:50 UTC ciphersuites: update strong desc for accuracy Change-Id: Ie73437ae07b5b571a1b00902116fa58414de9314 07 July 2015, 05:54:50 UTC
61cbfbc Brandon Black 07 July 2015, 04:30:39 UTC fix for ce421097: quote echo in update cron Change-Id: I17c440dced6e577b7428b249bb3a0e0c76dbe534 07 July 2015, 04:30:39 UTC
8746c01 Brandon Black 07 July 2015, 04:23:56 UTC fix for ce421097: .crt suffix for $ocsp_args Change-Id: I35acc324c7d047d654967bad8dba82a48c9106fc 07 July 2015, 04:23:56 UTC
16b09ab Brandon Black 07 July 2015, 04:15:07 UTC fix for ce421097: kill dep loop This was unecessary, as the previous dependency on nginx was just an indirection for getting cert/ocsp initially created. Those are now direct deps anyways. Change-Id: Id5722e090fddf4944e33608f377780025c8b6129 07 July 2015, 04:15:09 UTC
ce42109 Brandon Black 01 July 2015, 07:12:50 UTC tlsproxy: multi-cert support, including ocsp This updates tlsproxy::localssl and all callers to support an array of certs for a single nginx-level "site", for e.g. matching ECDSA+RSA keys that are otherwise-identical. This includes updates to the stapling stuff to support multiple certificates in a single ssl_stapling_file response. The stapling updater cron was relatedly refactored to use a set of input configuration files instead of just refreshing whatever it finds in the ouput directory. Actually using more than one certificate in a site's cert array requires special non-standard nginx patches at this time. Bug: T86654 Change-Id: I996b7f958d17df1516c8f011001518c5397cd5e2 07 July 2015, 04:03:29 UTC
f2e1909 Brandon Black 07 July 2015, 04:02:19 UTC Remove unused r::c::ssl::sni Change-Id: I095c202508ac1382e7fb0bc69add342bcfbbc92d 07 July 2015, 04:02:19 UTC
f5b8dcd Brandon Black 07 July 2015, 03:35:05 UTC remove deprecated "compat-dhe" (no users) Change-Id: Ie108c63b03822b2cbd6726c4277dffd56974a672 07 July 2015, 03:35:17 UTC
cf56211 Brandon Black 07 July 2015, 03:34:36 UTC switch tlsproxy back to "compat"; dhe is now implicit Change-Id: I617a429ea94131154ce96bd2bfb9fc084d5c4782 07 July 2015, 03:34:36 UTC
59ae3a3 Brandon Black 07 July 2015, 02:25:17 UTC ciperhsuites: refactor DHE support This blends DHE ciphers into the strong/mid lists as appropriate (just below otherwise-similar entries for ECDHE-RSA), and makes DHE an automatic feature of all 3 basic options (strong, mid, compat) on servers which support setting a custom dhparam file (currently nginx, apache2.4-on-jessie). Warns when used with DHE-incompatible servers. Change-Id: Iec83da43362984ffe2f7550b995963c6e53f450f 07 July 2015, 02:28:41 UTC
9cb9433 Sean Pringle 07 July 2015, 01:09:33 UTC upgrade db1041 to trusty + mariadb 10 Change-Id: Iffae73963fe5fd69577ae83e95f8e06277d06ec0 07 July 2015, 01:34:45 UTC
024bbf9 Brandon Black 04 July 2015, 18:45:00 UTC Move dhparam support from tlsproxy to sslcert/ciphersuite This moves the distribution of the dhparam file to the sslcert module, where it will be installed at a standard path for any machine that installs server certificates, regardless of whether it's really needed Separately, ssl_ciphersuite decides whether DHE-based ciphers are acceptable (apache versions are key here) and configures the use of the dhparam file if applicable. Change-Id: I443d9ac682d31142ad4fe5ebba839ec63dd44c19 07 July 2015, 01:15:01 UTC
d6803a2 Brandon Black 06 July 2015, 23:51:36 UTC HSTS: preload for all certs except wiki[pm]edia.org Bug: T104244 Change-Id: Ie731a1da4f149060aa83a9a1e840bb4e3c6bdddd 07 July 2015, 00:05:43 UTC
34cb00f Brandon Black 06 July 2015, 23:50:58 UTC fix minor regex bug in HTTPS redirect conditional Change-Id: I5ca5fd5b79af2d74fa1c6bb562c0d3dcabea627a 06 July 2015, 23:52:07 UTC
32c66f1 Brandon Black 06 July 2015, 23:35:08 UTC ciphersuites: experimentally expand DHE options This increases our list of DHE-based ciphers for 'compat-dhe' to include all of the available DHE variants that match our selections in strong/mid/compat. The initial DHE test with just DHE-RSA-AES128-SHA seems to have picked up most of the previous clients selecting non-forward-secret options like AES128-SHA. If any of the ciphers enabled in this change allows us to convert significant fractions of the remaining clients to forward-secrecy, we should probably keep them. Change-Id: I437643435377e0d7e759407808e07eb687e221c5 06 July 2015, 23:39:17 UTC
d4cb7c2 Andrew Otto 06 July 2015, 21:50:28 UTC Temporarily disable puppetization of EL processor on analytics1010 for testing Change-Id: I567bfdf18cdc529fdddc8e2f24a4bd38471857d0 06 July 2015, 21:50:28 UTC
c2493bf Brandon Black 30 June 2015, 22:42:27 UTC tlsproxy: enable DHE-2048 FS for Android 2.x, etc. Bug: T104281 Change-Id: I648aaf21e35a6f9fe54e96f85fade0b269a8f7aa 06 July 2015, 21:47:06 UTC
3e0d0fb Matanya Moses 02 July 2015, 08:07:50 UTC access: grant David Causse deployment rights bug: T104546 Change-Id: I04666b5ddbe894c0be3a205e9be63aeba281e07c 06 July 2015, 20:56:47 UTC
5adc015 Matanya Moses 30 June 2015, 19:35:57 UTC access: Grant dcausse root on the search cluster bug: T104222 Change-Id: Icbc10021d24205401edec20641ecad43c106d988 06 July 2015, 20:52:20 UTC
d910f3f YuviPanda 06 July 2015, 20:49:34 UTC uwsgi: Fix ruby plugin version for jessie Change-Id: Ie1fce75666ec80998120fb7e14f4758d27b9b79c 06 July 2015, 20:50:18 UTC
353bb89 YuviPanda 06 July 2015, 20:42:34 UTC celery: Specify template_name for systemd unit explicitly Change-Id: I8c42c7a446f5f807af560ddd780c113160713067 06 July 2015, 20:43:41 UTC
f884b04 YuviPanda 06 July 2015, 20:39:43 UTC celery: Make celery::worker a define rather than a class Change-Id: I13b188cad343babcfa63b4f7da00cb20a44a6924 06 July 2015, 20:40:12 UTC
f23b273 Matanya Moses 30 June 2015, 19:31:37 UTC access: add DCausse shell account bug: T104222 Change-Id: I419e2508c262423bab84b504215bb960d2cc6ad6 06 July 2015, 20:38:25 UTC
9cedc97 dzahn 01 July 2015, 22:32:53 UTC switch static-bugzilla to backend bromine Move static-bugzilla from zirconium to new backend bromine, a ganeti VM. Bug:T101734 Change-Id: I529d658eb578f4cb2c2a8815def207d07a0e10ce 06 July 2015, 20:33:46 UTC
312eb9b YuviPanda 06 July 2015, 20:32:39 UTC ores: Vim has its problems, I must admit Change-Id: I76e22f8f8e547f3a4db159cd440f0e05529b43b5 06 July 2015, 20:33:14 UTC
bd6bc51 YuviPanda 06 July 2015, 20:30:13 UTC ores: Fix conflict on including ores::base Change-Id: I98543886a7e6e37299cafac5a78b9eb70587f4f8 06 July 2015, 20:30:52 UTC
5d7e146 dzahn 03 July 2015, 19:16:25 UTC static-bugzilla: update Apache config for 2.4 Bug:T101734 Change-Id: I91b8d3d9e604fabcecb092b7352c3330f466a722 06 July 2015, 20:28:07 UTC
5085eb2 YuviPanda 06 July 2015, 20:23:31 UTC uwsgi: Do not setup nrpe monitor in labs Change-Id: Ia257354914892516dbf184c58a48a9c66ffe7dd2 06 July 2015, 20:23:31 UTC
888d4f9 YuviPanda 05 July 2015, 15:50:00 UTC ores: worker role to do celery processing Change-Id: Ia8dd63709cb8aaf097881bc7f825683cf1b51ae4 06 July 2015, 20:02:18 UTC
dd8a03f dzahn 06 July 2015, 18:14:43 UTC static-bugzilla: remove role from zirconium Bug:T101734 Change-Id: I48c25926b172740acb0c2a28ab700397b2f4121c 06 July 2015, 19:58:35 UTC
b7cc506 YuviPanda 06 July 2015, 19:54:08 UTC labstore: Remove NFS from puppet3-diffs project Bug: T103760 Change-Id: I58ae88b23098487db9a5067259a3b4d8793d5614 06 July 2015, 19:55:59 UTC
1d4e49e Negative24 06 July 2015, 19:07:48 UTC Revert "hiera: phab-pup-testing ssh on port 222" This reverts commit cb23e9f14c8bba72741fdccb302d0e3dfe54dcf6. Change-Id: Ib79deaa3e246743cb8f5446744ef48772e316fc6 06 July 2015, 19:14:28 UTC
7a93e8e Moritz Mühlenhoff 03 July 2015, 11:19:30 UTC Limit LDAP access to internal Note that the current ldap::firewall rules are not yet activated, they're only defined, but ferm is not enabled on neptunium or nembus Bug: T102481 Change-Id: Idb3bfed0f3677bbfaf2a47e6e4fef4df0523085c 06 July 2015, 19:12:31 UTC
cb23e9f Jamison Lofthouse 06 July 2015, 19:03:35 UTC hiera: phab-pup-testing ssh on port 222 Change-Id: I6d2345903b4b377481e6e7a1261253bf422751da 06 July 2015, 19:03:35 UTC
0e56d5e YuviPanda 06 July 2015, 18:06:24 UTC labstore: Remove nfs from dwl project Bug: T103864 Change-Id: Ia8860946d12df42f4aab57270b8301c55c836b46 06 July 2015, 18:06:51 UTC
d5026a8 cmjohnson 06 July 2015, 16:50:21 UTC Adding labnet1002 to netboot.cfg Change-Id: I7fe35c31043a2d598124f9ce17f45500da8f9ded 06 July 2015, 16:54:36 UTC
ee9f662 Chmarkine 06 July 2015, 16:27:49 UTC HSTS preload for Mediawiki and Wikimediafoundation All subdomains of mediawiki.org and wikimediafoundation.org are covered by the TLS certificate now (If010437c). So they are ready to be preloaded. Bug: T104244 Change-Id: Icb98ddb75a46b7c6d170ec5c4e6eb0c1032d22db 06 July 2015, 16:27:49 UTC
abd1164 Brandon Black 06 July 2015, 16:19:01 UTC Remove dead donate hostnames from redirects This matches up with If010437cc on the DNS side. Bug: T102827 Change-Id: Iad132dd143ad022f6d31fe3a570d70d0b4d42a14 06 July 2015, 16:20:10 UTC
12f4aa5 Giuseppe Lavagetto 06 July 2015, 14:12:28 UTC varnish: enable dynamic directors in ulsfo Bug: T97029 Change-Id: I0d7a6dc3c5d79817a90fbf3761310ee0beee771b 06 July 2015, 15:12:14 UTC
ad629e1 YuviPanda 06 July 2015, 14:19:59 UTC labstore: Remove NFS from cephtest project Bug: T102381 Change-Id: Id701e39000db0de6b41221f8ed27bf791296d642 06 July 2015, 14:20:59 UTC
f52b54c YuviPanda 06 July 2015, 14:12:54 UTC labstore: Delete unneeded exports.d files Change-Id: I1ceb68cbd6ebd4c08cc6efac127ed0e76f3ead29 06 July 2015, 14:17:40 UTC
9b96084 Giuseppe Lavagetto 06 July 2015, 14:08:06 UTC varnish: enable dynamic directors for a subset of ulsfo hosts Bug: T97029 Change-Id: I38588ed362a6545e70228755d37973246a3b7547 06 July 2015, 14:11:23 UTC
7fdad2b YuviPanda 06 July 2015, 12:47:36 UTC labstore: Consolidate NFS exporting into daemon - Rename nfs-projects-daemon to nfs-exports-daemon - Handles public *and* private exports - Simplify puppet setup to reflect new reality Change-Id: Ib5d55e784daa603812a97815b4ef44d9906eb2a1 06 July 2015, 13:55:14 UTC
631377f Antoine Musso 03 July 2015, 13:34:31 UTC Remove Gerrit replication to lanthanum.eqiad.wmnet The host should no more run any slave, and definitely does not run any job still relying on the Gerrit replication. Remove Gerrit replication to lanthanum.eqiad.wmnet. Bug: T86658 Bug: T86661 Change-Id: I63727298916faaded2b5e38c737eb50479669345 06 July 2015, 13:34:36 UTC
8ce752f Antoine Musso 11 June 2015, 10:24:32 UTC contint: do not install zuul on light slaves There is no zuul package for Jessie yet thus applying role::ci::slave::labs::light fails puppet. Move the zuul install out of the common class to the more specific classes. Bug: T94836 Change-Id: I849fa59683f09a99e2a5a5cd058bf9e60faeadce 06 July 2015, 13:30:51 UTC
back to top