8e9b29a | Alex Monk | 07 September 2015, 02:05:48 UTC | tcpircbot: Also take input from files Don't start reading the data until we are in the channels though. Change-Id: I3226f93ae42863093c7ee0ca2d7f31d3080007d2 | 24 September 2015, 00:11:17 UTC |
6341d85 | Tim Landscheidt | 21 September 2015, 00:01:27 UTC | Tools: Replace reference to tools. in toolschecker.upstart Bug: T87387 Change-Id: Ida6a68a696e264805432e9890e413bf9c7cb9d24 | 23 September 2015, 23:39:58 UTC |
9847b32 | Ori Livneh | 28 April 2015, 21:17:46 UTC | Introduce apache::static_site Add a custom resource type for Apache static sites. Automatically sets up HTTPS, HSTS, firewall rule, Apache config file, and (if needed) LDAP auth. Change-Id: I8ba8d039a85a970aee0d73e259e62dc4c4f1e7ca | 23 September 2015, 22:36:58 UTC |
9fed084 | Tim Landscheidt | 23 August 2015, 02:12:09 UTC | Tools: Replace references to tools.wmflabs.org Bug: T87387 Change-Id: I6efa8ffdcf407d98a10baeca7193af1b90e53610 | 23 September 2015, 22:18:05 UTC |
f21c537 | Tim Landscheidt | 22 September 2015, 20:42:57 UTC | labs_lvm: Require parted explicitly parted is installed on instances by default as a dependency for ubuntu-standard. However, labs_lvm's dependence on it was not explicitly stated, so project administrators could uninstall it, making subsequent uses of labs_lvm fail. This change explicitly states the dependency on the parted package. Bug: T112641 Change-Id: I501aad1a9ba48ebd433369fca7fe4a1eb80bd56a | 23 September 2015, 22:14:25 UTC |
6483491 | Tim Landscheidt | 22 July 2015, 20:22:48 UTC | statsdlb: Fix strict puppet-lint check Bug: T87132 Change-Id: I42c1cac505b6c959b3016fdac5b648462fc65f7a | 23 September 2015, 22:09:37 UTC |
4bfb54a | Tim Landscheidt | 19 March 2015, 21:37:56 UTC | Ignore warnings about URLs without modules for volatile directory The volatile directory is used to serve miscellaneous files and file sets at the puppet master so that all clients can access them without them being part of this repository or the clients directly accessing the source. This change marks two references to it so that they are ignored by puppet-lint. There are other references, but so far puppet-lint does not complain about them, so there is no need to mark them as well. Bug: T87132 Change-Id: Ifddb81a4a8ec707d67207069d616532250b9878a | 23 September 2015, 22:02:29 UTC |
d3b21c9 | cpettet | 23 September 2015, 21:35:59 UTC | phab: add realserver IP This has to match https://gerrit.wikimedia.org/r/#/c/240588/ ref T100519 Change-Id: Id22c8331bf8889a2335d96469afa39eac43530af | 23 September 2015, 21:59:54 UTC |
9e64c87 | Moritz Mühlenhoff | 06 July 2015, 14:32:23 UTC | packagebuilder: add openstack-pkg-tools package When I backported python-diskimage-builder 0.1.146 for jessie, the generation of the source package failed due to missing Makefile includes in debian/rules, so add openstack-pkg-tools (which contains those) to the default packages. Change-Id: Ifd65f380d0e6d1a897ffe445792a24ac6e1c8b5d | 23 September 2015, 21:56:34 UTC |
8545a0b | Tim Landscheidt | 13 April 2015, 12:24:53 UTC | Tools: Puppetize updatetools Bug: T94858 Change-Id: I35ca9e95a62243581f4836c3ed1b7e6eae287a08 | 23 September 2015, 21:20:28 UTC |
8fe2025 | Tim Landscheidt | 02 August 2015, 19:51:57 UTC | haproxy: Move check_haproxy to module itself Bug: T87132 Change-Id: I687f9918bce9c76990ef825e86348b7ca2ab1b1b | 23 September 2015, 21:12:25 UTC |
6c072c3 | dzahn | 28 May 2015, 20:37:57 UTC | add IPv6 for ytterbium (gerrit) Adds a mapped IPv6 address to the first interface on server ytterbium (gerrit). Ia871b6ff4f363a99b adds the AAAA record Bug:T37540 Change-Id: I5190f79d89fd114033edfa08e682374164b64506 | 23 September 2015, 21:05:23 UTC |
8e2f026 | Antoine Musso | 23 September 2015, 20:18:52 UTC | contint: bring back libav-tools on slaves The mwext-mw-selenium job has the ability to record testing session and uses avconv provided by libav-tools. https://gerrit.wikimedia.org/r/#/c/234699/ dropped libav-tools in favor of ffmpeg. As a result newly provisionned Jenkins slaves no more comes with avconv which fails the builds. Make sure libav-tools is provisionned on CI slaves. Bug: T113520 Change-Id: Ifb024c5bab3e67f9df06e259e0b6efb829a94a9e | 23 September 2015, 20:39:46 UTC |
37bff13 | Tim Landscheidt | 12 April 2015, 14:42:08 UTC | Tools: Only forward mail for project users Bug: T93526 Change-Id: Id9903e4ae7cb65530ef02cc3de4e019f243a59c5 | 23 September 2015, 20:37:46 UTC |
d5aa521 | Chad Horohoe | 27 August 2015, 18:17:39 UTC | Setup Gerrit role account for Phabricator actions Change-Id: I7221c126a8a34fe9ddde495d84c52db0a8cde341 | 23 September 2015, 20:18:54 UTC |
332aa66 | Andrew Otto | 23 September 2015, 20:13:15 UTC | Use $eventlogging_retention_days for eventlogging drop partition job Change-Id: Ieacd7b174ddb3cf2d590393b7268cf6535b465b4 | 23 September 2015, 20:13:15 UTC |
eb42573 | Bryan Davis | 08 September 2015, 03:53:53 UTC | Kibana: Fix apache::site title Use $::role::kibana::vhost as apache::site resource title rather than $::hostname. Change-Id: I2410f11618c6d0c0563aeb98a5592a3f9dcdd2dc | 23 September 2015, 20:10:30 UTC |
1295661 | Eric Evans | 23 September 2015, 17:22:55 UTC | typo s/Cassanda/Cassandra/ Change-Id: If6faae6809bfb4ee5b0a09cfe89b3a257b33904b | 23 September 2015, 20:08:41 UTC |
b7a82f1 | Madhumitha Viswanathan | 23 September 2015, 19:02:06 UTC | analytics: Add cron to drop Eventlogging data older than 90 days from hadoop Related script in refinery: https://gerrit.wikimedia.org/r/240299 Bug: T106253 Change-Id: I4578583d434c21fc61de236c414c6eea912ace2c | 23 September 2015, 20:04:51 UTC |
9508efe | John F. Lewis | 23 September 2015, 19:28:14 UTC | mailman: don't monitor shunt, monitor bounces Bug: T113326 Change-Id: Id6415e6fb12f7996668ab44032408d55c00f290a | 23 September 2015, 19:29:45 UTC |
9e7e596 | John F. Lewis | 23 September 2015, 17:47:33 UTC | mailman: sudo mailman_check_queue as list only list / root can ls the directories. Use list as delegated sudo rather than root. Bug: T113326 Change-Id: Ia617bba69d802be4f835730f9c177642cae1f508 | 23 September 2015, 19:22:14 UTC |
2b9d099 | Moritz Muehlenhoff | 18 September 2015, 08:32:59 UTC | Remove the Graphite/Diamond based conntrack saturation check d1cb79186bdf87887f3992f79839bbc162a278a4 added the NRPE-based conntrack Icinga check which is also used by the base::firewall-enabled systems across the fleet. Remove the Graphite/Diamond-based check which is unreliable (and also for consistency with the warning/error thresholds used elsewhere). Change-Id: I613055d98228d060a0a2e34bba10ae5881244984 | 23 September 2015, 18:40:27 UTC |
5618cd3 | Moritz Muehlenhoff | 23 September 2015, 06:42:19 UTC | Fix definition of deployable networks The srange of the ferm service was specified as a Puppet array, but needs to be provided in a network definition in Ferm syntax. This fixes the error spotted in Gerrit review 240083 Bug: T113351 Change-Id: Ib4bdfb8ac0fd0ed7145081e7ea68c82e2e255a6c | 23 September 2015, 17:15:08 UTC |
e4860c4 | Coren | 23 September 2015, 15:18:19 UTC | Add new shell users Bug: T113302 Bug: T113298 Change-Id: I6138e9fa95446df0d520c5d01b1c71707bda09a2 | 23 September 2015, 15:23:13 UTC |
700dc80 | Filippo Giunchedi | 23 September 2015, 08:34:40 UTC | cassandra: stop setting cluster_name as %{::site} Bug: T112257 Change-Id: I35dcc373f09197454a8d16e98716cc2cfbe5f39b | 23 September 2015, 13:51:25 UTC |
99b48b7 | Faidon Liambotis | 22 September 2015, 18:44:09 UTC | mail: add inbound TLS support for main MXes Support STARTTLS on our primary mail exchanges. Also add a monitoring check for it, that also checks for the certificate's expiry date and warns 30 day in advance. Bug: T101452 Change-Id: Ia03c93948d7ffdeaedccd166fd3ed42ab05ae9a2 | 23 September 2015, 13:00:16 UTC |
b0faf85 | Faidon Liambotis | 23 September 2015, 12:54:22 UTC | Assign wiki-mail-codfw to mx2001 ...and use it across the fleet. wiki-mail-eqiad's counterpart. Change-Id: Ie9e9399646f58e297639545c3ee330b117eb882c | 23 September 2015, 12:54:22 UTC |
5ec69d3 | Ariel T. Glenn | 23 September 2015, 11:33:58 UTC | add dataset user to list of users we don't autoremove Change-Id: I170e28f702d91c9ab5b9709bb55aa9b2f971f487 | 23 September 2015, 11:45:45 UTC |
7fe2c24 | Ariel T. Glenn | 23 September 2015, 11:14:11 UTC | make datasets uid fixed, it must match across hosts Change-Id: I83b8e5af2d30b06e55c958093098072cfa1d9355 | 23 September 2015, 11:14:11 UTC |
6dc47f6 | Ariel T. Glenn | 23 September 2015, 08:58:46 UTC | enlarge root partition for snapshot hosts, no separate /srv Change-Id: Iec0788793143e7e6f672d31d6e0c3fd97648df66 | 23 September 2015, 08:58:46 UTC |
723df0d | YuviPanda | 23 September 2015, 07:17:48 UTC | elasticsearch: Rename role to fit current convention Change-Id: I2c6faacada4c28865b469cf52901ef5ff2eef36f FIXME: elasticsearch::server should just be elasticsearch | 23 September 2015, 07:17:48 UTC |
4c89839 | YuviPanda | 23 September 2015, 07:12:07 UTC | elasticsearch: New role for labsearch cluster Bug: T113282 Change-Id: I6955a2131d3aa1e425d1ced7ca481263f457ba1a | 23 September 2015, 07:13:03 UTC |
3b3808d | YuviPanda | 23 September 2015, 06:34:10 UTC | elasticsearch: Actually provision nobelium Bug: T113282 Change-Id: Ia48db169dfca9b669a93532c3725a538ad9b6933 | 23 September 2015, 06:34:39 UTC |
7396157 | YuviPanda | 23 September 2015, 06:30:27 UTC | elasticsearch: provision nobelium as labsearch cluster Bug: T113282 Change-Id: I02813c83834cda4b9f41ec4a07aa2ec661514e00 | 23 September 2015, 06:32:05 UTC |
2b806d3 | YuviPanda | 23 September 2015, 04:35:50 UTC | elasticsearch: Setup nobelium with standard roles Allows standard user logins and such Bug: T113282 Change-Id: Id4a22502d14b03e8e9fc71aefd1cf4b8da80b5e3 | 23 September 2015, 04:41:16 UTC |
4786235 | dzahn | 16 September 2015, 00:07:31 UTC | mailman: exim alias for discovery list renames Bug:T110256 Change-Id: I37f4c2c9c24fd4dfe190fdd3974772fd7a1a9f77 | 22 September 2015, 23:38:58 UTC |
69efc1c | dzahn | 16 September 2015, 00:03:44 UTC | mailman: redirects for search lists -> discovery Bug:T110256 Change-Id: Ia8d391414f744bd18ee4ba045e3ae2fa40cf5916 | 22 September 2015, 23:37:40 UTC |
01bde94 | dzahn | 22 September 2015, 01:07:04 UTC | mailman: script to rename list This is a script that automates the instructions from: https://wikitech.wikimedia.org/wiki/Mailman#Rename_a_mailing_list Change-Id: I29e9e4dc0113698fe1c44b84c9bd618a20aee48d | 22 September 2015, 23:34:58 UTC |
128274c | cpettet | 22 September 2015, 20:57:11 UTC | elastic: update rack location for 1005 and 1030 ref T112559 Change-Id: If2f3ff84cfbe473f86986ce9ec1b8cda501c4835 | 22 September 2015, 20:59:57 UTC |
75eeb6c | andrewbogott | 22 September 2015, 20:37:50 UTC | toolschecker: Give services 10 seconds to stop as well as start. Change-Id: I67a3c0f90a89fd23704a88303a54b261fb278511 | 22 September 2015, 20:39:34 UTC |
92bd39b | andrewbogott | 24 June 2015, 16:09:27 UTC | Remove some uses of scope.lookupvar by passing args more explicitly. Change-Id: If4d1612a7b291e0f4fdaa43c3703efb7fee90588 | 22 September 2015, 20:16:33 UTC |
8b7a411 | Andrew Otto | 22 September 2015, 20:05:59 UTC | Increase max_allowed_packet and set temporarily read_only = 1 for analytics mysql meta read_only will be 1 until we are ready to promote this instance to master Change-Id: Iefe23fdd7d2352f1bfb2b5caecd09ef195e05e3b | 22 September 2015, 20:05:59 UTC |
ef73fa9 | andrewbogott | 22 September 2015, 19:34:51 UTC | toolschecker: correct the location of 'webservice' Change-Id: Id2d75e63dc14b4b2111a0aa4411d2027ceb383f4 | 22 September 2015, 19:34:51 UTC |
29ff090 | andrewbogott | 22 September 2015, 19:26:52 UTC | Toolschecker: fix a few typos Change-Id: I909d3e28a0e45b9e2217041b165ac72ff1d01099 | 22 September 2015, 19:26:52 UTC |
a06f23a | dzahn | 22 September 2015, 05:29:31 UTC | mira: remove inclusion of releases::upload In Ica21c2a4cc0c57e1 this include moved into the role but as commented by Alex Monk it was only removed from tin, not from mira. The point was to have it in the role and not on the nodes to avoid differences. Change-Id: Ifef3c210664226a34c636246d2edc77222e03887 | 22 September 2015, 19:05:52 UTC |
848c849 | andrewbogott | 18 September 2015, 21:42:26 UTC | toolschecker: Add tests for starting/stopping web services Change-Id: If42fd5b999fb4a90e18ef8a358bad7e662af539b | 22 September 2015, 18:38:09 UTC |
bcc5076 | Faidon Liambotis | 22 September 2015, 18:10:59 UTC | exim: fix exim4::dkim's content parameter It was typo'ed to defining "content" to $source. Bug: T113051 Change-Id: Ie18f2d736ef938572eb0980f6c4095a65de0a9e8 | 22 September 2015, 18:10:59 UTC |
c3b25b4 | Faidon Liambotis | 22 September 2015, 18:05:40 UTC | Install mail.wikimedia.org certificate Not used yet. Change-Id: I55e6a63c2bbddd13d5e5bb8505ccb596050599f9 | 22 September 2015, 18:06:13 UTC |
651e8e0 | Andrew Otto | 22 September 2015, 17:54:07 UTC | Don't hardcode llama uid Bug: T100678 Change-Id: Id2786622f1486e8d78efed4b3241437774ca19c8 | 22 September 2015, 17:54:37 UTC |
ca32030 | Stanislav Malyshev | 10 August 2015, 04:14:14 UTC | Create real URIs for wikidata RDF URIs Bug: T97195 Change-Id: I965dea788b848c183f79286811ea987462fbd8c3 | 22 September 2015, 16:41:01 UTC |
c2f52c7 | Faidon Liambotis | 22 September 2015, 14:49:00 UTC | Switch the wiki-mail-eqiad service IP to mx1001 Change-Id: If12d21f86f191773b88ab18388ecb379f38d620a | 22 September 2015, 16:36:47 UTC |
fb35e11 | Jan Zerebecki | 18 September 2015, 13:08:29 UTC | Make link in dataset relative This will fix T112892 Bug: T112892 Change-Id: Ife4dcdb80f9a6ac268409589c888604d44120c56 | 22 September 2015, 16:27:10 UTC |
2f01c8e | Jan Zerebecki | 05 August 2015, 17:31:19 UTC | Change docs and integration.m.o to rewrite Bug: T84060 Change-Id: I94d15363a18f31bed5d02de41e2e3d009fcc662c | 22 September 2015, 16:17:37 UTC |
d21184d | Gergő Tisza | 13 September 2015, 06:14:57 UTC | Basic role for Sentry Depends on I7a0ce9e087dee1b95f916288785470b1423f5435 and I2cfacb4544f99df9f5e6c30dc2824e8b153e27b2 Bug: T84956 Change-Id: I1207235f0ee97c253b1a1e9e2bfa89eb79665290 | 22 September 2015, 16:13:34 UTC |
075b470 | Alex Monk | 17 September 2015, 20:48:26 UTC | Redirect et.wikimedia.org to ee.wikimedia.org Also remove old RESTBase entry Bug: T31919 Change-Id: I0785923766914f856dc863e745f9fb8ab7f2fe0b | 22 September 2015, 16:08:06 UTC |
a81f27a | Andrew Otto | 22 September 2015, 15:59:45 UTC | Set system => true for llama user Bug: T100678 Change-Id: I3d7e691807fc5b03b81edb3baedb8e8a3efb12f5 | 22 September 2015, 16:00:17 UTC |
889b053 | Alexandros Kosiaris | 22 September 2015, 15:12:57 UTC | Mute OTRS cronspam Use the clobber redirect operator instead of the append one since we are anyway redirecting to /dev/null. Also redirect the stderr, effectively muting failing cronspam Change-Id: I8eb5ef4eb335f7239a852f1075a0278361346194 | 22 September 2015, 15:52:09 UTC |
a443e0b | Alexandros Kosiaris | 22 September 2015, 15:31:35 UTC | Backup home_pmtpa on bast1001 Set up backups for /srv/home_pmtpa on bast1001. This is the final step before fully removing it and will soon be reverted Bug: T113265 Change-Id: I21f717b6fe3f9daa5af9182db60f6fff0a02d436 | 22 September 2015, 15:47:55 UTC |
41719df | Filippo Giunchedi | 22 September 2015, 09:25:37 UTC | cassandra: add codfw production hosts Bug: T108613 Change-Id: Ib778e9ec74e6cb7634d56f6bdb711b7a0d9f577b | 22 September 2015, 15:40:43 UTC |
519e614 | Andrew Otto | 22 September 2015, 15:28:05 UTC | Set umask to 0002 for wikidev users on stat boxes Bug: T111956 Change-Id: Ia1823d3284feb45cc8187af3bb160006e4fcc82e | 22 September 2015, 15:28:05 UTC |
9d03ad0 | Andrew Otto | 22 September 2015, 15:08:34 UTC | Manage llama user in puppet to work around package bug Bug: T100678 Change-Id: I21fee97b00e6966845a330faf9c07a4e1b6cfc4f | 22 September 2015, 15:09:41 UTC |
e04a0f0 | Faidon Liambotis | 22 September 2015, 13:34:19 UTC | Switch mail smarthosts to mx1001/mx2001 Switch to the new MXes, from the old polonium/lead. Now that we have one in codfw as well, make the smarthost dependent on $::site and prefer the local one. Change-Id: I39a64fefd047e2a886b2d4c4e8808bf541958914 | 22 September 2015, 14:13:31 UTC |
bb8569c | Moritz Muehlenhoff | 22 September 2015, 09:45:35 UTC | Enable ferm on oxygen The logging::kafkatee::webrequest::ops role doesn't need any ports covered in rules, so we're fine with the standard ports as provided by base::firewall. Bug: T83597 Change-Id: I6ba2ae1c7cce2f1861a2c1305acb73c82344f9f0 | 22 September 2015, 14:03:54 UTC |
0cd7bd5 | Giuseppe Lavagetto | 22 September 2015, 12:18:25 UTC | videoscaler: raise connection_timeout_seconds as well As HHVM in fastcgi mode does use it as a global timeout. Change-Id: Ie0fe0dcb71960cb492fc03b78c87ec3ffb7ed24a | 22 September 2015, 13:39:10 UTC |
6c24c64 | Moritz Muehlenhoff | 22 September 2015, 10:56:00 UTC | snapshots: Allow SSH from deployment hosts Change-Id: I35261ed6a51de865a30f4398cea8d09ef2adb075 | 22 September 2015, 13:10:24 UTC |
4819a55 | Alex Monk | 22 September 2015, 12:29:24 UTC | Fully qualify expanddblist path in foreachwikiindblist Otherwise cronjobs are broken Change-Id: I223adbd322df677d0ac6dcd63c2726e4cf1abd97 | 22 September 2015, 12:30:01 UTC |
cb3332b | Moritz Muehlenhoff | 22 September 2015, 09:50:48 UTC | Enable ferm on mw1152 Change-Id: I5d77f48dec53bcf3cb070f1956fbbbc8d6976e0c | 22 September 2015, 10:15:29 UTC |
afd49e2 | Moritz Muehlenhoff | 22 September 2015, 09:50:28 UTC | Enable ferm on mw1259 Change-Id: If381e6792544eaaf10bf2eaddeca51af69957e09 | 22 September 2015, 09:56:12 UTC |
ea37532 | Moritz Muehlenhoff | 21 September 2015, 14:44:10 UTC | Move base::firewall include into the roles All occurances of restbase/cassandra are now ferm-enabled, so move the base::firewall include into the roles. Change-Id: Id2ecbe1614aa283ae3efa1dbaa7d09ffb2de0b35 | 22 September 2015, 08:48:41 UTC |
2d06693 | Moritz Muehlenhoff | 22 September 2015, 07:59:20 UTC | Enable ferm on remaining snapshot hosts Move the base::firewall include directly into the role now. Bug: T104991 Change-Id: I280dc1ddc98ba489af3eb52b66089654d197d79b | 22 September 2015, 07:59:20 UTC |
b9419e3 | Moritz Muehlenhoff | 11 September 2015, 09:57:10 UTC | Enable ferm on snapshot1001 The snapshot hosts have a number of NFS-related processes installed and running, but don't provide NFS them selves (only a mount on dataset1001). The nutcracker port listening on 22223 is only required for stats processing by Diamond and only needed on localhost, I had filed T111934 to make it only listen on localhost. We can only enable the snapshot* hosts while no snapshot is running, since the setup of ferm would disrupt an ongoing dump, so this needs to be merged in an inactive phase. Bug: T104991 Change-Id: I5d9fa8db7487630a2cb5170f5b82534bb7dff88c | 22 September 2015, 07:33:50 UTC |
efce8bd | Moritz Muehlenhoff | 02 September 2015, 12:00:09 UTC | Enable ferm for role::mariadb::analytics Change-Id: Ie7857e9da56367b029b21b512abd4a11d90d9424 | 22 September 2015, 07:00:07 UTC |
9d2cc3f | Giuseppe Lavagetto | 22 September 2015, 05:24:24 UTC | jobrunner/videoscaler: raise max_execution_time to 20 minutes Both jobrunners and videoscalers might be running long-running jobs. Change-Id: I88fb28eff17374312ae54b5ddc01e2f0f84004a6 | 22 September 2015, 05:24:24 UTC |
df90a43 | Madhumitha Viswanathan | 21 September 2015, 23:30:47 UTC | logstash: Enable logging via stashbot in irc channel wikimedia-analytics This will help logs from the analytics channel show up in https://tools.wmflabs.org/sal/analytics This will also need a change in https://wikitech.wikimedia.org/wiki/Hiera:Stashbot to work. role::logstash::stashbot::channels should include #wikimedia-analytics. Bug: T111393 Change-Id: Ic219a1c8c4fb52989569c0d0a393a47e2d85450c | 22 September 2015, 00:52:52 UTC |
0d4a9f8 | Faidon Liambotis | 21 September 2015, 23:52:00 UTC | Revert "block POSTs to pretty wiki URLs..." This reverts commit 51b957cda0f8e4430f721288a690e93cb9d98d7d. Bug: T113319 Change-Id: I56a2981104589346667bf81c5a9d768dd9f3a073 | 21 September 2015, 23:52:00 UTC |
51b957c | Brandon Black | 21 September 2015, 23:17:53 UTC | block POSTs to pretty wiki URLs... Change-Id: Icf7d133a0ddf1fb40191e2785adca5818c1338c8 | 21 September 2015, 23:18:49 UTC |
12db81d | YuviPanda | 21 September 2015, 22:27:16 UTC | tools: Don't explicitly install git Is installed by standard-packages Change-Id: I694f8288365b4d086a6deba0da82ad041ffa1231 | 21 September 2015, 22:32:53 UTC |
cf24c41 | Christian Aistleitner | 11 September 2015, 21:20:00 UTC | Make gerrit offer newer key exchange algorithms for new sshs OpenSSH 7 onwards has gerrit's default key exchange algorithm deprecated. Hence, people with a recent OpenSSH can no longer push to gerrit over ssh without adapting the ssh configs. This is on the one hand annoying, on the other, we really should offer recent secure algorithms. Hence, we make gerrit use BounceCastle, which (even for our old gerrit) offers key exchange algorithms that OpenSSH >=7 still accepts. Bug: T112025 Change-Id: I48b9385cbf67f64c4299a41005bc8ca094cfc96f | 21 September 2015, 22:21:40 UTC |
0ee08ff | Christian Aistleitner | 16 September 2015, 21:12:11 UTC | Ensure gerrit's plugins are kept in sync with plugin repo It seems at some point in the past Gerrit's plugin repo went out of sync with what is really deployed in Gerrit. This makes it unnecessarily hard to recover in case the machine dies. To improve on that, we make sure that the clone is current, so we at least notice if we're running out of sync with the plugin repo. Change-Id: Icb0e5997fc70bb2bfbc1ffa90bf460e84af4dbff | 21 September 2015, 22:18:18 UTC |
2195113 | Faidon Liambotis | 25 August 2015, 21:28:10 UTC | Replace Package['git-core'] with Package['git'] The package has been renamed upstream. The last Wikimedia release that did not have the package renamed was lucid and now that is gone so we can proceed with the rename. Change-Id: If812909df17eacc24f1e9bb67d93e5903b32b80d | 21 September 2015, 22:13:38 UTC |
0c17f00 | Faidon Liambotis | 10 July 2015, 14:22:52 UTC | Remove support for Ubuntu Lucid/10.04 Change-Id: I49b16d717559c8126e2517bb5131dc0ae88e27bd | 21 September 2015, 22:03:36 UTC |
5be836a | Ori Livneh | 15 September 2015, 20:11:32 UTC | Increase Varnish's `shm_reclen` from 1024 to 2048 The 1024 byte limit is a tad too short for some EventLogging URLs. Internet Explorer up to and including version 10 limits URLs to 2083 characters, so the 2048 limit would not only be sufficient for now, but for the foreseeable future as well. This also increases shm_workspace from the default of 8192 to 16384. varnishstat on various clusters indicates we were already having to flush this fairly regularly (in some cases, up to ~4x per second), so it probably deserves an increase anyways. Because not all URLs are of (either) maximum size, doubling the workspace should more than make up for any shm flush impact from the shm_reclen increase, and flush rate should still drop after this change. Note that we should apply these parameters via varnish daemon restarts slowly across the clusters, rather than at runtime, as the timing and sanity of increasing these at runtime via varnishadm is questionable. Bug: T112002 Bug: T91347 Change-Id: I8f398936350d0e240a1b55d6a12076a2fd341935 | 21 September 2015, 21:51:45 UTC |
0b7f024 | John F. Lewis | 18 September 2015, 16:44:28 UTC | Remove sodium from puppet (spare/decom) Bug: T110142 Change-Id: I6f04b2bcd86519921edf3ed3c4d452fbedaaf2ff | 21 September 2015, 21:43:32 UTC |
739bdd0 | Dzahn | 04 September 2015, 05:03:16 UTC | Revert "mailman: ferm, allow rsync from sodium for migration" This reverts commit 9c0d9fdb7723ce6b481b4942f47052eb7a6599c0. Change-Id: Id82319868a3a949b7c8fc46c8e23bff1f317adaa | 21 September 2015, 21:37:02 UTC |
296b39a | RobH | 21 September 2015, 20:16:31 UTC | setting up install params for nobelium nobelium to be an elasticsearch test server in labs T113282 Change-Id: I2b85f59b35ea1baa4c6a4a94852fa92dfdb5eb56 | 21 September 2015, 20:16:31 UTC |
cd7a198 | dzahn | 21 September 2015, 19:51:16 UTC | lists: fix duplicate definition re: status module Trying to disable the status module like this causes a duplicate definition. It is already defined in the apache module. So instead we are denying access to it. Change-Id: I94c343dfc910e863fb5888938d353f4c3509cf9a | 21 September 2015, 19:54:25 UTC |
ee34aad | YuviPanda | 21 September 2015, 19:50:12 UTC | k8s: Make kubelet use the puppet SSL cert Change-Id: Icd6ce97a2cff1000f61cfae042c0442f144a61fd | 21 September 2015, 19:53:43 UTC |
2cc2990 | cpettet | 21 September 2015, 19:50:03 UTC | elastic: add diamond monitoring to eqiad ref T111573 Change-Id: I1effd8aea7a9cf8a558081bcd96b885c46eb8b22 | 21 September 2015, 19:50:03 UTC |
1db98dc | cpettet | 21 September 2015, 19:22:40 UTC | elastic: apply elasticsearch::monitor::diamond to codfw ref T111573 Change-Id: I5dad611275e7796ff4b42bcbfb6a45a6a5c7fba0 | 21 September 2015, 19:22:40 UTC |
dde673d | cpettet | 18 September 2015, 22:53:59 UTC | elastic: sane diamond collector for WMF ref T111573 Change-Id: I9cefed6ee1ac7cbcf39a28e611bbe28bcff402f4 | 21 September 2015, 19:19:36 UTC |
e562e29 | andrewbogott | 18 September 2015, 23:21:10 UTC | Labs: Include python-openstackclient on the controller host. This is the new catch-all commandline client. Change-Id: Ic6f8655ea1def6bc6f76327fa08c19ae26c0a673 | 21 September 2015, 18:58:33 UTC |
34d7297 | dzahn | 21 September 2015, 18:47:31 UTC | lists: don't load mod status The status module is not desired on the list server. Change-Id: I61921bbdf512fef5d772ab6913459b0013b889d9 | 21 September 2015, 18:51:34 UTC |
46db875 | Timo Tijhof | 04 September 2015, 01:28:28 UTC | asset-check: Use mwLoadEvent hook instead of polling modules directly Follows-up 41b37bc. Depends on Ic0b1fb64ee in MediaWiki core. Change-Id: Iaa3f2fc305753da67d01eca185e5e0b13f122675 | 21 September 2015, 18:51:06 UTC |
3a37f7b | andrewbogott | 17 September 2015, 16:02:48 UTC | toolschecker: read/write test for labsdb1004 Bug: T107449 Bug: T97748 Change-Id: I9c2e5a2375c12542d4f17cd9ae05c6b754921196 | 19 September 2015, 10:35:52 UTC |
4a8998b | andrewbogott | 19 September 2015, 10:27:25 UTC | mm_cfg.py: Reformatted comments to make pep8 happy. Why wasn't this failing before? Change-Id: If9b25abc2b59298961674abe1bb655f8b18ed79d | 21 September 2015, 18:40:30 UTC |
c063acf | Yuvipanda | 21 September 2015, 17:56:16 UTC | Revert "admin: Allow aklapper to reset user auths and delete accounts in Phab" Andre too busy to verify until after Gerrit Cleanup day, reverting until then. Re-revert any time! This reverts commit ecfe544d895e72c06a44cb9d75cc0c4ddfb1fb31. Change-Id: I6dc4fbbfc158d84a67b1b1a4a0675c3e5ea81e37 | 21 September 2015, 18:31:35 UTC |
4c6565a | Antoine Musso | 28 August 2015, 14:35:15 UTC | admin: let contint-admins run puppet When a patch is merged in Gerrit and on the puppetmaster, it is convenient for contint admins to run puppet since we most probably are already logged on the machine. By giving us the ability to run /usr/local/sbin/puppet-run ops would not need to head to the server to force run puppet. The script stdout/stderr is sent to /var/log/puppet.log which is only readable by root. So even if puppet apply some sensitive information, the contint admins will not see them. Grant a sudo rule to contint-admins to let us run /usr/local/sbin/puppet-run Bug: T110943 Change-Id: I54aefea6796934f97fbca39ac06f77a98efb65a2 | 21 September 2015, 18:19:15 UTC |
1ed45f8 | Timo Tijhof | 19 September 2015, 02:00:55 UTC | varnish: Don't disable Cache-Control for all mobile traffic Mobile-frontend traffic is currently overwriting Cache-Control on all requests. One branch preserves some small amount of s-maxage (for third-party proxies, no idea which or why). But both branches of this code disabled "max-age" which is what browsers use. The end result is that it forbid browsers to ever use local cache for load.php requests. Since there is no "no-store" pragma here, browsers do still store it for a short period of time. But much shorter than the otherwise-allowed 30 days and since it has max-age=0 and must-revalidate the browser is forced to rerequest all resources on every page view (usually getting "304 Not Modified"). This code appears related to the s-maxage stripping we have in text-frontend (which exists to counter-act $wgUseSquid, which is only desired within the data centre, not outside). However I'm not sure it really is that since it didn't set it to 0 but to 300. This code was introduced in 2011 with e1e13ed3d6. It wasn't a problem then because we had load.php on bits.wikimedia.org. In May 2015 we migrated bits to wiki domains. But mobile pages accidentally got configured to use load.php from the desktop domain. Last month we fixed that (T106966) and the inevitable finally happened. That switch increased load.php traffic by 30% from ~ 1.1M to 1.4M reqs/minute. And it raised HTTP 304 ratio from under 1% to over 60%. Bug: T113007 Change-Id: Icbcc04efaff41134bd406cf498e062c7edf41956 | 21 September 2015, 18:16:48 UTC |
52d1bd3 | dzahn | 18 September 2015, 23:04:56 UTC | remove mw1031 from dsh groups and DHCP Bug:T113079 Change-Id: I990bcd5497ec0596a10b7d6eaaa257320b607eae | 21 September 2015, 17:56:16 UTC |
ecfe544 | Andre Klapper | 18 June 2015, 11:38:59 UTC | admin: Allow aklapper to reset user auths and delete accounts in Phab as such requests come up from time to time. Related documentation: https://wikitech.wikimedia.org/wiki/Phabricator Bug: T113124 Change-Id: Ie28a37d3837a4e6f5ae5769c485da93390c2c976 | 21 September 2015, 16:58:52 UTC |