| 2c9bd31 | dzahn | 20 October 2015, 20:49:59 UTC | dumps: move ssl cert and config to role Both the ssl cert install and the config settings should be in the role, in one place along with the ssl cert monitoring from Iac6b7533e8766. Change-Id: I806cfc76825732398fa4964e33ed7b5d988e2766 | 22 October 2015, 17:51:40 UTC |
| 85eda43 | Moritz Muehlenhoff | 22 October 2015, 08:33:02 UTC | Restrict access to redis on abacist I've run tcpdump for the redis port on stat1001 and the only external access originated from neon (covered by the /etc/ferm/conf.d/10_monitoring-all rule) Change-Id: I54a8e2dcb08766d7450a8da75282231942442c08 | 22 October 2015, 17:41:56 UTC |
| 95f34dd | Alexandros Kosiaris | 22 October 2015, 17:28:12 UTC | gsb: Fix typo in icinga command_line definition $ARG$1 should have been $ARG1$ Change-Id: I2d40093c6c8faa05f6cdb19f613c1e4c4b36562e | 22 October 2015, 17:28:12 UTC |
| 779e2dd | Andre Klapper | 21 October 2015, 09:33:58 UTC | Remove auth.login-message - not supported by upstream anymore Bug: T116142 Change-Id: Icc1db6719c76815d890169242925c3cce558254e | 22 October 2015, 17:22:34 UTC |
| 8132583 | Ori Livneh | 22 October 2015, 16:32:53 UTC | Add req.host rule for m.wikidata.org It isn't covered by the <lang>.m.<project> pattern. Bug: T114995 Change-Id: I51efada00199a3c1f48a56c3688b6860f15d9eaf | 22 October 2015, 16:34:09 UTC |
| fb14a67 | Alexandros Kosiaris | 22 October 2015, 14:43:51 UTC | icinga: Provide a check_gsb command and replace old commands A client for the API to check Google's safebrowsing lookup API. It needs a client_id and an API key and a URL as arguments. Populate it on the icinga server and create a check command to use with it. Use that command to replace the current gsb checks Bug: T116099 Change-Id: Iad79713b9b952929b8286674a2c574566cfe310c | 22 October 2015, 15:47:52 UTC |
| 1fbfeb0 | milimetric | 22 October 2015, 15:11:15 UTC | Exclude CentralNoticeBannerHistory from mysql The CentralNoticeBannerHistory schema can't be inserted into mysql because one of its properties is an array. If it's not blacklisted it can bring the consumer down with a SQLAlchemy error that would be hard to fix otherwise. So the easiest thing to do is blacklist it since in this shape its events would never make it into the database anyway. Bug: T116241 Change-Id: I6d1904f82e4774254672a1c2b2b33d72e76a5906 | 22 October 2015, 15:43:03 UTC |
| ccbc917 | Moritz Muehlenhoff | 22 October 2015, 15:27:39 UTC | Don't enable ferm on logstash1004 yet Needs additional changes Change-Id: Iac4d8ecccceff2c9524b3ce66ef9c9c9a2ef3cb4 | 22 October 2015, 15:27:39 UTC |
| 8c860f0 | Moritz Muehlenhoff | 22 October 2015, 15:14:41 UTC | Enable ferm on logstash1004 Change-Id: I752f7f2871010945193553b67cab72aa754ff6f8 | 22 October 2015, 15:14:41 UTC |
| 99e5d2a | Moritz Muehlenhoff | 19 October 2015, 07:34:48 UTC | subra/suhail: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I4328862ab2d621f44ac02b52cc61c891a8d8ab38 | 22 October 2015, 14:26:38 UTC |
| ecd73cf | dzahn | 22 October 2015, 00:50:01 UTC | site.pp: remove virt100[1-9] These do not exist in DNS anymore, so please also remove them from puppet. It already lead to confusion about their status. for virt in $(seq 1 9); do host virt100${virt}.eqiad.wmnet; done Host virt1001.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1002.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1003.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1004.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1005.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1006.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1007.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1008.eqiad.wmnet not found: 3(NXDOMAIN) Host virt1009.eqiad.wmnet not found: 3(NXDOMAIN) Change-Id: Ie65dc039adf59119a74a503a99a7005807a88128 | 22 October 2015, 13:59:05 UTC |
| 1d96062 | Moritz Muehlenhoff | 22 October 2015, 10:50:11 UTC | Assign salt grains for parsercache Change-Id: I7afa701daa988f5624a135e1087a5aa5ab9e7c92 | 22 October 2015, 10:50:11 UTC |
| 34d372f | Moritz Muehlenhoff | 22 October 2015, 10:38:39 UTC | Assign salt grains forr ipv6relay Change-Id: I0c4bcee6b6921fc056c34308178adfffd7a24243 | 22 October 2015, 10:38:39 UTC |
| 69a0c7e | Moritz Muehlenhoff | 22 October 2015, 10:34:40 UTC | Assign salt grains for memcached Change-Id: I89303a6e5e2daa4d67db03144cc9b68365018c9f | 22 October 2015, 10:34:40 UTC |
| c8cfd9d | Moritz Muehlenhoff | 22 October 2015, 10:08:16 UTC | Remove manually set salt grains during initial testing Change-Id: I168d83e509b428fabedeece2cc39be6ccd4fb942 | 22 October 2015, 10:08:16 UTC |
| a41d689 | Moritz Muehlenhoff | 22 October 2015, 10:06:49 UTC | Assign salt grains for syslog servers Change-Id: I5d8ab41e68361670529b3da3ddbdf18937cb9181 | 22 October 2015, 10:06:49 UTC |
| 88e19ae | Moritz Muehlenhoff | 22 October 2015, 10:02:53 UTC | Assign salt grains for rec DNS servers Change-Id: I2149df3f4d30f2f7faa1fab5b55dcf7b83462b41 | 22 October 2015, 10:02:53 UTC |
| a43751c | Moritz Muehlenhoff | 21 October 2015, 17:50:35 UTC | Assign salt grains for racktables Change-Id: Icd4fc4b1a6a80129ac5c4ddc2c7f2a86720aca73 | 22 October 2015, 09:54:35 UTC |
| 784895b | Moritz Muehlenhoff | 21 October 2015, 17:50:25 UTC | Assign salt grains for package::builder Change-Id: Idd1d6e369854405c557db1481f32bac78c00b867 | 22 October 2015, 09:46:38 UTC |
| 08f9e41 | Moritz Muehlenhoff | 21 October 2015, 17:50:12 UTC | Assign salt grains for logstash Change-Id: Ib286b93e23768f43c8b1b263259a2bf51c3b3358 | 22 October 2015, 09:41:57 UTC |
| 2145f48 | Moritz Muehlenhoff | 21 October 2015, 17:49:54 UTC | Assign salt grains for logging hosts Change-Id: I8b8a5ef6b5389294cad681b2f8376288d5380d3e | 22 October 2015, 09:33:16 UTC |
| 3bfee2a | Moritz Muehlenhoff | 21 October 2015, 17:49:33 UTC | Assign salt grains for deployment servers Change-Id: I1916ee2e72c41b6ae2946093dd7b8c3698eb8d14 | 22 October 2015, 09:26:34 UTC |
| b5b7e99 | Alexandros Kosiaris | 22 October 2015, 09:19:24 UTC | LVS: another indentation fix for aqs check_command indentation error fix Change-Id: I053ac635992c6c9859211149d15805bad5cf636d | 22 October 2015, 09:19:24 UTC |
| 7598235 | Alexandros Kosiaris | 22 October 2015, 09:14:21 UTC | LVS: fix yaml indentation typo for aqs description needs to be indented Change-Id: Ib945dad08f3d249c79a13cbeb0910badb984a978 | 22 October 2015, 09:14:21 UTC |
| 3c40bb5 | Alexandros Kosiaris | 22 October 2015, 08:09:58 UTC | aqs: Add LVS configuration Add configuration for aqs LVS setup. mark it as low-traffic, set port 7232 since 7231 is already used by restbase Bug: T116245 Change-Id: I485d338e77b76486654fdd4c2d211f84e03c3bc1 | 22 October 2015, 09:02:42 UTC |
| f37c54a | Marko Obrovac | 22 October 2015, 08:40:42 UTC | RESTBase: make the port fully configurable and change for AQS to 7232 There are some places where we make the assumption of RESTBase running on port 7231. However, with the introduction of AQS, we need to be able to fully configure it, as they both can't have the same port due to LVS. Also: conftool-data/services/services.yaml defined zotero's port as 7231 for some reason. This patch changes it to 1969. Bug: T116245 Change-Id: Ibaecb8f6ee5491362100fe32be2b65d755032b27 | 22 October 2015, 08:51:15 UTC |
| 88ea067 | Kartik Mistry | 21 October 2015, 12:01:04 UTC | cxserver: Add JWT token support Bug: T116134 Change-Id: I338070364e5b723274c9627bfae42a1975011a9a | 22 October 2015, 08:48:32 UTC |
| 9c60bf3 | Yuri Astrakhan | 10 October 2015, 14:13:07 UTC | tilerator should not expose admin UI When running, tilerator should only process jobs, not handle admin web requests. For that, we are introducing tileratorui service which will handle that function. Change-Id: Ibac0eb7f65438004c0ee557ebae8b4f87975574d | 22 October 2015, 07:35:48 UTC |
| 655ac6c | Ori Livneh | 22 October 2015, 07:24:01 UTC | ~ori: updated deployment scripts Change-Id: I1a805ed22e2b3fe51b2ac2dd377b06c16ac4c03e | 22 October 2015, 07:26:27 UTC |
| e68f338 | Alexandros Kosiaris | 22 October 2015, 07:15:07 UTC | service::node: use repo value for CWD and Env Since we now allow a user to define the used repo, have values for Working Directory and Environment settings set to that instead of the previous default Change-Id: Ie76ad944b94d243968cda5834bba73fa36d19eb8 | 22 October 2015, 07:16:28 UTC |
| e675b56 | Alexandros Kosiaris | 08 October 2015, 11:46:44 UTC | maps: Add tileratorui service tileratorui is a service to be used to allow a human to view tiles and schedule build/rebuild/deletes and so on. It shares the same code repo with tilerator and the only change is the configuration and users Bug: T116062 Change-Id: Ifd1f3d586bc8794c59c768424f804bcaf445f06e | 22 October 2015, 07:07:26 UTC |
| 46c74d6 | Ori Livneh | 22 October 2015, 01:23:38 UTC | Fix typo in HHVM APC collector Change-Id: I00210acf5b52ccb9d54733efa5ee1fd2992bd8b8 | 22 October 2015, 01:23:46 UTC |
| 7464ca2 | dzahn | 19 October 2015, 20:36:19 UTC | admin: add tjones to analytics-privatedata-users shell account: tjones reason: "I'd like to have access to webrequests data in hive in order to analyze search traffic, pageviews, and various data related to search." "I have access to stat1002 but when I want to run a hive query it fails with this error:.." ebernhardson said: "I believe tjones needs to be added to analytics-privatedata-users group in puppet, but IIRC otto mentioned there is something in addition that needs to be done so hive works properly." Bug:T115880 Change-Id: I41b7e790c1a8180e6d9aff978f07d66bd27a083d | 22 October 2015, 01:22:55 UTC |
| 60fe4b8 | Ori Livneh | 22 October 2015, 01:20:56 UTC | Follow-up for I87682f90: tweak metric path Change-Id: I90d6f89dd96344a46f67d769739fd231fce7c683 | 22 October 2015, 01:20:56 UTC |
| 6719ec0 | Ori Livneh | 22 October 2015, 01:09:56 UTC | Fix typo in HHVM APC collector Change-Id: I52f43e8ec9c631c6824e85f2c9024c2ed2ded41c | 22 October 2015, 01:09:56 UTC |
| 750e9a7 | Ori Livneh | 22 October 2015, 00:58:28 UTC | Follow-up for I87682f90: tweak metric path Change-Id: Iaa8f2ffc9713fc70721bc8cebbab0c7c990d49d8 | 22 October 2015, 00:58:28 UTC |
| 81c1ad3 | Ori Livneh | 22 October 2015, 00:52:20 UTC | Add Diamond collector for HHVM APC stats Bug: T116255 Change-Id: I87682f905a151df29eb38e705d154181bdd6c4c7 | 22 October 2015, 00:56:18 UTC |
| 02e7be3 | Dzahn | 22 October 2015, 00:30:13 UTC | Revert "openldap: add SSL cert expiry check" SSL CRITICAL - failed to connect or SSL handshake:IO::Socket::SSL: connect: Connection refused puppet says: "port => '389', # Yes, explicitly not supporting LDAPS (port 636)" This reverts commit 033dcdaefe35ac6ea95b037d1e5f06892b996462. Change-Id: I60969a12fa5040701a985f936da0f2883ec27d54 | 22 October 2015, 00:31:03 UTC |
| 76c97c5 | RobH | 22 October 2015, 00:20:20 UTC | Reclaim einsteinium.eqiad.wmnet for spares removing from site.pp and install_server module files T116252 Change-Id: I9a7543a6308dbee197e4d8bec7901c515ab37c5c | 22 October 2015, 00:20:20 UTC |
| 9ade91b | dzahn | 22 October 2015, 00:05:49 UTC | wmfusercontent.org - add ssl cert expiry check This is used for user content uploads on Phabricator. Also check SSL cert expiration for T114059. Change-Id: I1c91c970c8f6efc1ff4dda69acacfb57181b7e2e | 22 October 2015, 00:09:41 UTC |
| 033dcda | dzahn | 21 October 2015, 23:37:02 UTC | openldap: add SSL cert expiry check Monitor the corp/OIT LDAP mirror server for expiring SSL cert. One more on the list for T114059. Change-Id: If6d58c406c63d890616fd7e6872ea7a238453eeb | 21 October 2015, 23:41:44 UTC |
| 2df6b60 | dzahn | 21 October 2015, 22:52:46 UTC | ldap: top-scope variable, mini lint fix Change-Id: I6be6ca079956c34ce747236885ccdb35ba536d12 | 21 October 2015, 22:53:31 UTC |
| 0736c00 | Tyler Cipriani | 20 October 2015, 21:05:16 UTC | Remove trebuchet user from wikidev group Since user is subsequently removed from the wikidev group by admin::groupmembers. Bug: T115760 Change-Id: Ia76c63dda9452569002330ce526d39bba7635d55 | 21 October 2015, 22:51:55 UTC |
| 7be7062 | dzahn | 21 October 2015, 22:45:06 UTC | ldap: add ssl cert expiry check Also check the (labs) LDAP servers for expiring SSL certs. Use the existing check that is just like the https check just on port 636. Just one more thing to complete T114059. Change-Id: I1b98e32d7b0266751ddd5df21c602b83f2a0e670 | 21 October 2015, 22:49:28 UTC |
| abbeac8 | Ori Livneh | 21 October 2015, 22:26:17 UTC | grafana: automate the creation of the Anonymous user Add a simple Python exec that creates the Anonymous user by directly inserting it into Grafana's sqlite database. Add an explanatory comment to go with it. Change-Id: Ifdefd64ec517bea02fd7c22efa21ff6cdf345650 | 21 October 2015, 22:38:25 UTC |
| bb537ff | dzahn | 21 October 2015, 22:29:43 UTC | wmflabs.org - add ssl cert expiry check One more on the list for T114059. Check the *.wmflabs.org ssl cert for expiration. Change-Id: I9f4c5d5b55f7363c2f74c7fba2e34e26b876caf9 | 21 October 2015, 22:32:51 UTC |
| 3d0678a | dzahn | 21 October 2015, 19:53:41 UTC | planet: add ssl cert expiry check Another one for the list on T114059. Change-Id: I134f86e5b3e9926d8cc0a0ee98989611fb172e00 | 21 October 2015, 21:58:52 UTC |
| b944380 | dzahn | 21 October 2015, 19:51:52 UTC | toolserver.org - add SSL cert expiry check Another one on the list for T114059. Change-Id: Ide5fa5f4466464514dc875eea742a13732dc829a | 21 October 2015, 21:52:09 UTC |
| a505e53 | dzahn | 21 October 2015, 19:50:36 UTC | eventdonations: add SSL cert expiry check Another one on the list for T114059. Change-Id: I221d7c655fd7b67ea6d5b1ad4f3d239078d3c35d | 21 October 2015, 21:43:30 UTC |
| 10b27e5 | dzahn | 21 October 2015, 21:06:05 UTC | icinga: ssl cert checks for external services,pt.2 Can't just use one virtual host for all these service checks, need one for each of them to get proper results and not stuff like "failed to verify blog.wikimedia.org against icinga.wikimedia.org". follow-up for T114059 for external services. Change-Id: I33bd4bb382b524c16bd6ef514ccadacade614899 | 21 October 2015, 21:10:53 UTC |
| b04790b | dzahn | 21 October 2015, 19:42:59 UTC | icinga: ssl cert monitoring for external services Adds a virtual host in Icinga to add these SSL cert expiry checks to that are not associated with one of our nodes via a role class, because they live externally. This way we can still have monitoring, just needs to belong to something in Icinga. Adds a new class to Icinga and checks for blog.wikimedia.org and policy.wikimedia.org. Other special cases will follow-up when these work. Bug:T114059 Change-Id: I7f97dda664aedefc391898308cae74ca5fb33f8a | 21 October 2015, 20:12:41 UTC |
| 3e545b9 | Ori Livneh | 21 October 2015, 20:11:29 UTC | update dotfiles Change-Id: I75d07df4b46d9cb87741cf0a9847dce708013471 | 21 October 2015, 20:11:47 UTC |
| d0abb25 | Alexandros Kosiaris | 21 October 2015, 18:01:53 UTC | gsb: Another try at fixing it Need to quote the url now due to the & character in it Change-Id: I7eceb7977e0db1ca5bea31eb7c520f1afb6bcf51 | 21 October 2015, 18:01:53 UTC |
| 9ec53e0 | dzahn | 21 October 2015, 17:22:24 UTC | rcstream: add ssl cert expiry check One more on the list for T114059. Change-Id: I97f5b9a5409f3951cbc8e7cde4feebc8c642e932 | 21 October 2015, 17:28:33 UTC |
| 22e1908 | Timo Tijhof | 24 September 2015, 23:21:07 UTC | beta: Remove commented out rules for www2.knams.wikimedia.org/stats This doesn't apply to beta, but also just in general doesn't exist anymore. Change-Id: Idb339553de2362917d0377788c236b5933d9e99f | 21 October 2015, 17:23:19 UTC |
| 970280a | dzahn | 21 October 2015, 16:40:45 UTC | archiva: add ssl cert expiry check One more cert check on the list for T114059. Change-Id: Icf632ff861e916b9a92c04f40034ba0da89542e5 | 21 October 2015, 16:44:38 UTC |
| 78bd295 | andrewbogott | 21 October 2015, 16:14:58 UTC | Allow wikitech-static to drift a bit more than two days away from wikitech. This means we won't get an alert unless the sync fails twice in a row. Bug: T101803 Change-Id: I5548e2c6228d404251872c92106cc19c91a375c0 | 21 October 2015, 16:19:49 UTC |
| e430039 | Alexandros Kosiaris | 21 October 2015, 14:43:24 UTC | service::node support overriding the repository service node hardcodes the repository to clone from to "${title}/deploy". However there are cases like tilerator::ui where we want to override that and specify a different repo. Also add an if guard check to avoid duplicate definitions allowing different projects on the same node to share repositories Change-Id: I6a9d54b2d99e1d3206dc124307f02a96ba5a8fa9 | 21 October 2015, 16:18:50 UTC |
| 878caba | Alexandros Kosiaris | 21 October 2015, 15:47:38 UTC | mw1083: depooled, remove from dsh Bug: T116184 Change-Id: I74b06681eba98e91578448a1792e0efebbb2b271 | 21 October 2015, 16:00:14 UTC |
| 0ca50e0 | Alexandros Kosiaris | 21 October 2015, 15:31:15 UTC | gsb: Amend check command Seems like safe browsing's "API" now uses JSONP, otherwise it redirects to the actual site. pass output=jsonp and and look for "type": 4 which seems to be the "Not dangerous" designation. Change-Id: I143129804192bfbe706940fe2696861673b5ff81 | 21 October 2015, 15:58:27 UTC |
| 5209dcb | Moritz Muehlenhoff | 21 October 2015, 15:44:58 UTC | Assign salt grain for mw_rc_irc Change-Id: I96a2db20d44bc6c2f5dd1676683be57393ce1155 | 21 October 2015, 15:46:14 UTC |
| a7def43 | Ori Livneh | 21 October 2015, 00:17:42 UTC | ~ori: add `branchdir` script Change-Id: Ie9211ecab017dd1a79f7efb52f5b7d3cbbba29a8 | 21 October 2015, 15:31:32 UTC |
| 38a1e93 | Moritz Muehlenhoff | 16 October 2015, 21:00:26 UTC | fluorine: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: If4fc6dcc557e5c8e00fc09ceccafab7528eb1b5f | 21 October 2015, 14:57:00 UTC |
| 96417cf | Moritz Muehlenhoff | 16 October 2015, 20:34:57 UTC | archiva: use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I2dc7efe159f76d410c41e430e8568b75570e716f | 21 October 2015, 14:45:02 UTC |
| 73eaf2f | Moritz Muehlenhoff | 21 October 2015, 12:52:44 UTC | Assign salt grains for elasticsearch Change-Id: I7f3c55f1f184f0f7d112b1971ee7e38b9f521f66 | 21 October 2015, 14:40:24 UTC |
| e687405 | Moritz Muehlenhoff | 21 October 2015, 12:32:13 UTC | Assign salt grains for grafana Change-Id: I24ab2c23fdcb57c1c3cfefde28d198c9adcf0ec2 | 21 October 2015, 14:34:43 UTC |
| 08ee54f | Moritz Muehlenhoff | 21 October 2015, 12:27:06 UTC | Assign salt grains for kafka brokers Change-Id: I8377168384a33d843ab28e8d56f8bb50c1217505 | 21 October 2015, 14:30:43 UTC |
| 377f015 | Alexandros Kosiaris | 21 October 2015, 14:17:14 UTC | ldap: group sudo-ldap settings and comment them Have all sudo-ldap settings present in /etc/ldap/ldap.conf together and comment them accordingly Change-Id: I08016b3d736a8f662ecacb7a7b141cd610889835 | 21 October 2015, 14:23:15 UTC |
| 28b9d35 | Moritz Muehlenhoff | 21 October 2015, 12:20:58 UTC | Drop salt grains from initial testing Change-Id: I5afd423b6305be9ea04288198364dde7c8cacec4 | 21 October 2015, 14:17:13 UTC |
| 1433a0f | Moritz Muehlenhoff | 16 October 2015, 21:01:16 UTC | gadolinium: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I837df5d33091064ac9edbe7bf75bc09ecf1dc22e | 21 October 2015, 13:57:11 UTC |
| 9e80cb9 | Moritz Muehlenhoff | 16 October 2015, 20:55:30 UTC | erbium: Move to using the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Ic6115645ff176c77b94c0c672b02b1a42d48e636 | 21 October 2015, 13:55:47 UTC |
| 52eaa89 | Moritz Muehlenhoff | 16 October 2015, 20:59:03 UTC | eventlog1001: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Id00d23dade0f5d5621654f0e2e479a94747c8b53 | 21 October 2015, 13:53:04 UTC |
| 893a345 | Nuria Ruiz | 12 October 2015, 17:17:46 UTC | Mark incoming requests without cookies in x-analytics If a request comes without any cookies we mark it as such. This could be a cheap proxy to identify robots but it will also catch "fresh" sessions and users browsing with cookies disabled. Analytics team to run numbers after we deploy these changes to see the impact of this change on reporting unique clients per month. https://wikitech.wikimedia.org/wiki/Analytics/Unique_clients/Last_access_solution Bug: T114370 Change-Id: Iadaf106f396e9bc906e5c87b350ea2ccc58617c4 | 21 October 2015, 13:28:48 UTC |
| 160315b | Alexandros Kosiaris | 21 October 2015, 13:19:28 UTC | ldap: revert the rest of fba5006 Turns out /etc/sudo-ldap.conf is a symlink to /etc/ldap/ldap.conf and of course it does honor the settings not honored by OpenLDAP. Those 2 files should be eventually split up but for now just revert the change and add a comment Change-Id: Ibb5c905d4d9b9beda47009e9a7ebac428757af3d | 21 October 2015, 13:23:41 UTC |
| cdb843d | Alexandros Kosiaris | 21 October 2015, 12:54:13 UTC | ldap: partially revert fba5006 fba5006 apart from removing BINDDN and BINDDW also had ERB trim whitespace at the end of the last line which presumably is the reason for T116148. Revert that part of the change Bug: T116148 Change-Id: I44f61e6f552e0b527f4ab632ca642c4cece0fb84 | 21 October 2015, 12:54:13 UTC |
| 9db5ee3 | Alexandros Kosiaris | 21 October 2015, 12:22:35 UTC | hiera: fix corner case in role backend There is a corner case in the role backend when an empty yaml file is accessed where "data" is nil and does not have an empty? method causing a traceback and failing catalog compilation. Guard against that by checking if data is nil. Change-Id: Ica25cf4d84f0a61ceef71acf434357ec84646776 | 21 October 2015, 12:22:35 UTC |
| 7507c80 | Moritz Muehlenhoff | 21 October 2015, 11:39:48 UTC | Assign salt grains for stat servers Change-Id: I812c362c3ffd8043568d8c656c9d7a7a80c90e4b | 21 October 2015, 11:39:48 UTC |
| 36c8be7 | Moritz Muehlenhoff | 21 October 2015, 11:37:08 UTC | Assign salt grains for horizon Change-Id: I445f5de64af93f9719df24746462cb63a83bc099 | 21 October 2015, 11:37:08 UTC |
| 493d1a1 | Moritz Muehlenhoff | 21 October 2015, 11:34:15 UTC | Assign salt grains for planet Change-Id: I06e8bd9f12f4b9aae7fc66650363f93316c02d6d | 21 October 2015, 11:34:15 UTC |
| 2860a31 | Moritz Muehlenhoff | 21 October 2015, 11:32:12 UTC | Assign salt grains for nova manager Change-Id: Ib0bf9b64cc861a1a9396a125268e7b276953b14d | 21 October 2015, 11:32:12 UTC |
| 2dd55de | Moritz Muehlenhoff | 21 October 2015, 11:28:45 UTC | Assign salt grains for authdns Change-Id: I10e37537500c75d11b6b8c46a44f64e3cde09453 | 21 October 2015, 11:28:45 UTC |
| e5cf37b | Moritz Muehlenhoff | 19 October 2015, 07:44:24 UTC | Move the authdns servers to the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I4851adbc81c2faa04ce079de5f9995cfb3e98164 | 21 October 2015, 11:14:01 UTC |
| d86f707 | Moritz Muehlenhoff | 19 October 2015, 07:41:57 UTC | Use the role keyword for puppetmaster backends We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Ic3aa76b4b69f6d128b54d40a3ac0463d706df372 | 21 October 2015, 11:08:38 UTC |
| 56675d8 | Moritz Muehlenhoff | 19 October 2015, 07:33:48 UTC | statistics::cruncher: Move standard and base::firewall includes into the role Change-Id: I43a1e324f405aa1a7106161264f1206c48645024 | 21 October 2015, 11:01:30 UTC |
| 7bf0817 | Moritz Muehlenhoff | 19 October 2015, 07:39:50 UTC | Use role keyword for dbstore hosts We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Idaf300e16d27e07185e3101123ac679d298c2cd5 | 21 October 2015, 10:52:26 UTC |
| 8b914af | Moritz Muehlenhoff | 13 October 2015, 19:00:10 UTC | Move base::firewall include into the otrs role Change-Id: Iac33aa702c5e0f30ec7b3e0cf8670f07c2afa68b | 21 October 2015, 10:44:41 UTC |
| 825f0ef | Moritz Muehlenhoff | 16 October 2015, 20:51:51 UTC | db1047: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I99d904e5dc54ee1030c88a9bc836889b32afb9dd | 21 October 2015, 10:37:06 UTC |
| 0520296 | Alexandros Kosiaris | 16 October 2015, 21:49:13 UTC | hiera_lookup: Use sub instead of tr The use of tr there means that dashes in the arguments get wiped out and not only the leading dashes in front of the arguments. Use sub instead and just remove the two leading dashes Change-Id: I3a207c9197fe419f296a10746d28e5561e04d741 | 21 October 2015, 10:35:28 UTC |
| b2462aa | Moritz Muehlenhoff | 16 October 2015, 20:53:37 UTC | db1069: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: If5a9288abe1a57a7800d31a1799ceae289849ddd | 21 October 2015, 10:33:23 UTC |
| 669f855 | Moritz Muehlenhoff | 14 October 2015, 15:07:09 UTC | Move dnsrecursor to the role keyword We need that for role-based assignment of Hiera data for debdeploy. Change-Id: Ie7d7531a2ef37a902ea1987b3014f37316249d3e | 21 October 2015, 10:25:32 UTC |
| 5dd42c7 | Moritz Muehlenhoff | 19 October 2015, 07:33:04 UTC | stat1001: Fully use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I737188238a2c188553310213b62ef4a0f4271456 | 21 October 2015, 10:20:05 UTC |
| c180d70 | dzahn | 16 October 2015, 21:59:57 UTC | maps: move hieradata from codfw to role/common Change-Id: I237e2b46f025b1c7981f6eaa669cdbc524fcf9d4 | 21 October 2015, 10:18:33 UTC |
| fba5006 | Alexandros Kosiaris | 14 October 2015, 14:45:46 UTC | ldap.conf: Remove openldap unused parameters OpenLDAP does not honor BINDDN in ldap.conf. It will only honor it in .ldaprc files and we don't populate these right now. BINDPW is not honored at all by OpenLDAP. Also have ERB trim it's trailing whiteline Change-Id: I3ab361609e3d603aecc5a1853d41ddd04cace3b2 | 21 October 2015, 09:57:46 UTC |
| 8649cb5 | Moritz Muehlenhoff | 19 October 2015, 07:17:42 UTC | labsdb100[1-3]: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Ibddc09b7c1f49f3bbcfba3e5a276201e60ea4aa4 | 21 October 2015, 09:51:56 UTC |
| 82171db | Moritz Muehlenhoff | 19 October 2015, 07:36:44 UTC | terbium: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I90f9303d57aa8ddee5ce91d086dd1110d885c523 | 21 October 2015, 09:38:51 UTC |
| b4db7ce | Moritz Muehlenhoff | 19 October 2015, 07:27:37 UTC | pc100*: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: I970ef692ac5238ccf8c13527e9369c18e81538af | 21 October 2015, 09:29:29 UTC |
| b29495b | Jcrespo | 21 October 2015, 09:28:11 UTC | Revert "Enabling performance schema experimentally on db1018" This reverts commit b1bc8b528912f37f7fa9f4d938f8b47b927288cc. Change-Id: Iaeda860c55d1f6bee8809b7e374f00644cbc63aa | 21 October 2015, 09:28:18 UTC |
| 9fe414b | Moritz Muehlenhoff | 19 October 2015, 07:01:54 UTC | hafnium: Use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Ic5ea6d48bc7e279df292a0a5c8261a085cdd14aa | 21 October 2015, 09:25:30 UTC |
| b1bc8b5 | Jcrespo | 20 October 2015, 17:37:39 UTC | Enabling performance schema experimentally on db1018 db1018 is currently depooled. Solify its configuration to enable performance_schema running on it. If the test works successfuly, we will enable performance_schema by default on all hosts, but we need to measure (performance) regressions first. Bug: T99485 Change-Id: I0e3e36efb8338209717ffaadd8b46d945017d94a | 21 October 2015, 09:23:49 UTC |
| 1387aca | Moritz Muehlenhoff | 16 October 2015, 20:50:40 UTC | conf*: Convert to fully use the role keyword We need this for Hiera-based assignment of Salt grains for debdeploy Change-Id: Ifb429c673a9eb07ac8e48d0b7187cccf67b592d0 | 21 October 2015, 09:21:02 UTC |
