Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
3f12604 Guillaume Lederrey 31 August 2016, 07:50:56 UTC elastic104[4567] moved to new racks Bug: T143685 Change-Id: Id67297d999a75500de1a893f4cfbbb21ab6685e8 31 August 2016, 11:06:05 UTC
f41a3a6 Elukey 31 August 2016, 10:27:08 UTC Revert "Add analytics-admins/roots to the Druid hosts" This commit grants too much permissions to the analytics team, plus also wrong sudo permissions (for non existent daemons). Will create a new druid-admins group and I'll submit an access request. This reverts commit 9b20a1e828acd9debed78ed0c6a323ce11de52fb. Change-Id: I5e8adf0cef4f0dfc44da91b71003effdd9f143e9 31 August 2016, 10:27:08 UTC
9b20a1e elukey 31 August 2016, 10:06:51 UTC Add analytics-admins/roots to the Druid hosts Change-Id: I83a7d73a6f3588aead23248b1f0ccb36a55e05ec 31 August 2016, 10:14:48 UTC
22c5ad2 Filippo Giunchedi 24 August 2016, 13:30:57 UTC base: support for multiple syslog hosts Bug: T138073 Change-Id: I59113d1d4a19218d6c67fd1f38790fd4eee9ca37 31 August 2016, 09:35:26 UTC
3d20cd7 Filippo Giunchedi 26 August 2016, 08:55:55 UTC puppet_compiler: add script to update facts Originally at https://wikitech.wikimedia.org/wiki/Nova_Resource:Puppet3-diffs/Documentation Change-Id: I2e24adf5e88bb84d820bdb01f2586f0420a6f27e 31 August 2016, 09:22:54 UTC
552ecc8 elukey 31 August 2016, 08:03:58 UTC Clean up unused AQS to Hadoop firewall rules The Analytics team made a lot of experiments with Cassandra bulk loading from Hadoop without much success. The best course of action now is to clean up unused ferm rules. Bug: T138609 Change-Id: I2efbb66afb5d15278d11f25f85bf555c55088e53 31 August 2016, 09:19:23 UTC
06d12c4 Marko Obrovac 30 August 2016, 22:05:16 UTC Revert "Revert "Change-Prop: Rerender summary on wikidata item update"" This reverts commit edc9e0b0d1507deb4c1a2c7f8e77297d77f1e495. Change Iaded5c5f6b03ee7b5e37712bd753bb93db900657 introduced re-rendering the summary of pages that use wikidata descriptions, but after its merge all of the edits coming from wikidata.org were being rejected by Change Prop, so we reverted it. However, it turns out that the rule is correct; there was a bug in the way the service handled the response from wikidata. This has been fixed in https://github.com/wikimedia/change-propagation/pull/88 and is live in production, so it is safe to re-enable the rule. Change-Id: Ib77f28f3aa84ff86f2b1e01c93bba40d60701cf6 31 August 2016, 09:15:16 UTC
e2e809f andrewbogott 30 August 2016, 22:54:16 UTC Labs firstboot.sh: Use the new project_id setting Bug: T105891 Change-Id: I0335b5921070bf98f3ff47c5623693eb73ba5064 30 August 2016, 22:54:16 UTC
c1f4bce Madhumitha Viswanathan 31 August 2016, 01:13:52 UTC Specify minute param for git pull cdnjs cron Change-Id: I0ac70fd21ac8779f13eb0a7f54d38d326b7df3e9 31 August 2016, 01:13:52 UTC
5acfa55 Kunal Mehta 30 August 2016, 22:55:33 UTC releases: Add wikidiff2 directory This allows MediaWiki releasers to upload releases for the wikidiff2 PHP extension. Change-Id: I8df7f56326fa755f2466f491b5b48d16bedfd1c5 30 August 2016, 23:34:11 UTC
a330be8 Kunal Mehta 30 August 2016, 23:33:29 UTC releases: Set mediawiki directory to 2775 Change-Id: I802c56b463f39bc272859a471b917a769f5c2cbc 30 August 2016, 23:33:58 UTC
663155d Kunal Mehta 30 August 2016, 22:54:11 UTC releases: puppetize ownership of /srv/org/wikimedia/releases/mediawiki Change-Id: I82cfeed7699e79ef9f4979e66628d54a46740f1a 30 August 2016, 23:05:58 UTC
f181283 Thiemo Mättig (WMDE) 24 August 2016, 10:56:18 UTC Gerrit: Fix phabricator expanding links @Author of change Thiemo Mättig (WMDE) Bug: T75997 Change-Id: Icf71cdb7722293de95419e7e191efbc7684ff1af 30 August 2016, 22:45:04 UTC
f413fa4 andrewbogott 30 August 2016, 22:09:56 UTC Forward horizon config to mitaka Change-Id: I1a5574c6c85e4bc50087e2d22f7ba65267536817 30 August 2016, 22:09:56 UTC
024aa1e andrewbogott 30 August 2016, 22:03:35 UTC Typo-fix: puppet_config_backend should be an http url, not https Change-Id: Ic27c5bc29c0950c0d371d02a109ed701d2e2a3d1 30 August 2016, 22:04:54 UTC
b393fd0 andrewbogott 25 August 2016, 21:35:37 UTC Horizon puppet panel: Clean up config and defaults - Include PUPPET_CONFIG_BACKEND in local_settings.py - Use reasonable eqiad-local settings as setting defaults Change-Id: Ib8d8f1d269069cc56a16f385bcca9183f9f3ecc4 30 August 2016, 21:29:06 UTC
70f312c Alex Monk 14 August 2016, 23:23:59 UTC No longer set up config for our old project-id metadata creation Bug: T105891 Change-Id: I81d156fc633042940f47feef9b9e8d86d211bbae Depends-On: Id1249ecc613da45e4137b5f61c97889ffdf0b7c7 30 August 2016, 21:19:10 UTC
8539624 Madhumitha Viswanathan 30 August 2016, 21:10:44 UTC toollabs: Convert cdnjs pull cron command to one line Cron commands cannot span over multiple lines Bug: T143637 Change-Id: I70fee0ec375e3cd6207248bf518a834bb9c57789 30 August 2016, 21:17:54 UTC
a6d0eb6 Alex Monk 14 August 2016, 23:09:42 UTC labsprojectfrommetadata: Pull project_id from new field This was added in upstream. Once this is done we can pull our custom code that was setting up the custom attribute out of nova_ldap. Bug: T105891 Change-Id: I806c2b4538e4097b0dc489b54a56e45ce178645b 30 August 2016, 20:48:30 UTC
de93e39 Alex Monk 20 August 2016, 07:43:40 UTC Remove the hard-coded /a/mw-log references scattered around everywhere The default directory for these files is /srv/mw-log, but the current production setup uses /a instead of /srv (for historical reasons?) The previous state meant that using the role without setting log_directory to '/a/mw-log' resulted in udp2log working but the associated scripts failing to find anything since /a/mw-log wouldn't contain the files the scripts were looking for - /a didn't actually exist. Change-Id: I6df802b9c8bbeb8c42793c5be84f19552b5d0231 30 August 2016, 19:45:38 UTC
582caa3 Daniel Zahn 30 August 2016, 18:59:32 UTC archiva: migration class to rsync data to new host Add temporary rsync setup and ferm rule to copy data from titanium to meitnerium to replace archiva with a jessie server. Copy directly from and into /var/lib/archiva. Applied on target server. So this allows pushing to the new server and does not influence the old server. Bug:T123725 Change-Id: I5cae60e20f2f92e3af5ee55c99f4a207dd22c5ca 30 August 2016, 19:09:52 UTC
c5f4cb5 cpettet 30 August 2016, 15:49:09 UTC nodepool: bump up ready states, max, and rate T143938#2594772 In theory we have test runtimes that would allow us to squeeze a bit more out of our current pool of nodes. Our time to node spinup may be bumping up against our ready state count along with our instruction rate. We saw an influx of jobs and a bit of wait on trusty for some recently added work indicating it may benefit us to have more ready trusty nodes on hand. I am bumping up the max-servers a bit to accommodate a constant workload for jessie even w/ the possible reserved 4 for trusty and so max-servers at 12. Bug: T143938 Change-Id: Ia8826ab29b70db02138668b43a85f1974220b738 30 August 2016, 18:11:17 UTC
98589f0 Paladox 30 August 2016, 00:53:34 UTC phabricator: Set logoImagePHID and wordmarkText in fixed_settings.yaml This is for the new phabricator update and is required for the update otherwise we loose the wikimedia logo. https://phabricator.wikimedia.org/F4414835 Change-Id: Id0e3059704420d978ac94b1a7c41f73d73b71392 30 August 2016, 17:47:41 UTC
edc9e0b Marko Obrovac 30 August 2016, 17:19:03 UTC Revert "Change-Prop: Rerender summary on wikidata item update" This reverts commit 0fbd8b41ad08c5c7ff9965a7af97fa7574a2fb0c. Change-Id: Ic7d69236cffcc15d5f9b6a6d030bca2093f996af 30 August 2016, 17:19:21 UTC
21f4290 Andrew Otto 30 August 2016, 17:11:29 UTC Don't page if druid-eqiad zookeeper cluster has a server down Bug: T138263 Change-Id: Ia753dc262a5e1b9421ccee28a7bf036c2780b43a 30 August 2016, 17:12:25 UTC
b366e8b Andrew Otto 30 August 2016, 16:51:46 UTC Add druid zk host specific hiera configuration Bug: T138263 Change-Id: Ia89f3645080f71170cb4cc2c099b4ee0ef9b0a4c 30 August 2016, 16:52:57 UTC
dbf8fed Antoine Musso 28 August 2016, 18:28:42 UTC contint: stop including arcanist on Precise It is not available there, and probably will never be. Change-Id: I05409a645b800f0c47becd18eb8a652286b8f87f 30 August 2016, 16:39:57 UTC
480ac86 Antoine Musso 09 March 2016, 21:53:17 UTC hiera_lookup: recognize labs project and site We failed to extract the labs project name which is required by modules/puppetmaster/files/labs.hiera.yaml . Extract the project from the FQDN having the form <hostname>.<project>.<site>.wmflabs While at it extract the proper site, previously hardcoded to 'eqiad'. We would abort asking for --site only when site is 'wikimedia'. Also abort when site is 'nil'. Update usage doc to mention the labs FQDN format. Add an example usage for a real world labs project: $ ./hiera_lookup --fqdn=host.tools.eqiad.wmflabs classes role::aptly::client Bug: T129092 Change-Id: I69be054f03477d58de367dd259ffeca9a7a41816 30 August 2016, 16:34:37 UTC
2eabe62 Antoine Musso 19 May 2016, 11:52:23 UTC contint: bump pip 7.0.1 -> 8.1.2 Changelog: https://pip.pypa.io/en/stable/news/ 8.x has a bunch of backward incompatibility but that should be fine. Change-Id: I00be046ad56acb86c0f493b84f861c8d4b6d6574 30 August 2016, 16:26:31 UTC
0fbd8b4 Petr Pchelko 26 August 2016, 01:04:56 UTC Change-Prop: Rerender summary on wikidata item update Reading team requires wikidata description inside the summary responce. This rule will purge summary endpoint whenever wikidata item is updated. Change-Id: Iaded5c5f6b03ee7b5e37712bd753bb93db900657 30 August 2016, 16:18:47 UTC
1a92f11 Alex Monk 19 August 2016, 16:21:07 UTC logging: remove reference to deployment-fluoride Hasn't existed for a while. not quite sure where it went, but I don't think that we really need it. Change-Id: I54eeebb5f2c2b29388e2b41d1be6c147cd9e027f 30 August 2016, 16:06:08 UTC
55e49d1 Andrew Otto 30 August 2016, 15:38:57 UTC Update cdh module with zookeeper package on namenodes Change-Id: I6cf6e5899723bc9dfe6f6c75269338f0258c2d9d 30 August 2016, 15:39:30 UTC
bbfc303 Filippo Giunchedi 30 August 2016, 14:57:55 UTC prometheus: return 200 for / Even though it isn't technically correct, ProxyFetch likes 200s more than 204s. Change-Id: I1e4889b8dd84b248572a5bc11decb9674adca339 30 August 2016, 14:57:55 UTC
10d0755 Andrew Otto 30 August 2016, 14:53:09 UTC cdh submodule update with zookeeper package change Bug: T138263 Change-Id: I340668104e74dad56036957a5f1f63a41e7865cd 30 August 2016, 14:53:09 UTC
d2897fc Andrew Otto 23 August 2016, 13:09:39 UTC Set up Zookeeper cluster for Druid Druid (in test mode) was originally configured to use the production Zookeeper clusters. We would prefer to isolate those clusters from this more analytics type usage, so this patch installs a Zookeeper cluster on each of the 3 druid nodes. This cluster is colocated with the other Druid services. Bug: T138263 Change-Id: I7970af9664222287e1aa86ce00cb1d7b554c5908 30 August 2016, 14:40:53 UTC
76d891d Jcrespo 30 August 2016, 13:03:28 UTC prometheus mysqld exporter: add all pending database instances This soon will be deprecated for a script; adding it statically to identify issues with monitoring easily and validate the later script. Bug: T126757 Change-Id: Iba0c3b95b801f430c111fc6c8d755a41eed468d1 30 August 2016, 14:31:37 UTC
c4b0398 Filippo Giunchedi 25 August 2016, 15:07:12 UTC prometheus: add to LVS Also deploy service ip on prometheus eqiad/codfw. Note that lvs::realserver is applied to the hosts individually, not the "prometheus server" role. Many such roles can coexist on the same host, irrespectively of LVS, also not every prometheus server is behind LVS. Bug: T126785 Change-Id: Ibf89504a06a69aca62af3f200d93dc4615e05023 30 August 2016, 14:26:27 UTC
92b6130 Guillaume Lederrey 30 August 2016, 11:59:07 UTC reclaim nobelium - remove hiera host configuration Hiera host configuration for nobelium was left during clean up. Bug: T142581 Change-Id: Ic78d0a4fd14ef3bbde0916d08b73b881ef9fbc12 30 August 2016, 13:41:06 UTC
da19dee Andrew Otto 30 August 2016, 12:48:25 UTC Rsync pageviews to labs nfs hosts Bug: T142671 Change-Id: I0ba59b078170fb8782797fcdeba5120b9135832b 30 August 2016, 12:54:00 UTC
297085b Brandon Black 30 August 2016, 12:40:05 UTC upload VCL: workaround borked client Range: headers Change-Id: I8b93542a1a0e77eb580e9ef6dcfb7bc18e2958f0 30 August 2016, 12:41:10 UTC
52d8ce8 Jcrespo 30 August 2016, 10:39:41 UTC labsdb: Add firewall to new labsdb databases Add base::firewall to labsdb1009, labsdb1010 and labsdb1011. Older dbs have a different, deprecated class. Change-Id: I9ea32d963bf00269e586acd7c0dc1a44120a9a14 30 August 2016, 10:43:50 UTC
c38c86e elukey 30 August 2016, 08:50:24 UTC Raise the Varnishkafka maximum timeout for incomplete records to 1500 Background: during the upload migration to Varnish 4 we discovered occurrences of the VSL store overflow error, namely more than 1000 (default) incomplete log transactions waiting for a End tag. We raised the 1000 limit to 5000, but now occurrences of the VSL timeout issue appeared again. The store overflow errors were probably hiding them triggering beforehand. Change-Id: Ie289e1ee7d3538b5a7d2bc4f538deb4d216a0bcd 30 August 2016, 08:50:24 UTC
219d1d1 Jcrespo 30 August 2016, 08:22:47 UTC prometheus mysqld exporter: add a bunch of selected slaves from core Bug: T126757 Change-Id: I2379b41355c7c257b3d4b71dd9ccaadf741d1bce 30 August 2016, 08:22:47 UTC
541c9f5 Alexandros Kosiaris 29 August 2016, 13:47:11 UTC ganglia: Use ferm::service instead of ferm::rule ferm::service is more explicit in stating the required rule and avoids exposing the user to the syntax of ferm which should not be a requirement for writing a rule. Those 2 rules are simple enough to warrant writing them in ferm::service parlance instead of ferm::rule Change-Id: I4bda8b6e3802a2cc5a1c785b31b4125f76fa34b5 30 August 2016, 08:01:13 UTC
ffc7303 Alexandros Kosiaris 29 August 2016, 13:39:55 UTC site.pp: Remove $ganglia_aggregator node scope variables $ganglia_aggregator is an old and now redundant node scope variable that was used to differentiate a ganglia node from a ganglia aggregator. Since this now happens explicitly via the ganglia::monitor::aggregator class, remove the last remnants of the old construct Change-Id: I9b7ed30fe92d83323e6ba61ab2880d07a1f77cce 30 August 2016, 08:00:33 UTC
0ec7ad8 Moritz Muehlenhoff 29 August 2016, 11:04:26 UTC Provide a systemd override unit for hhvm The default service file shipped by the HHVM Debian package needs to be extended with a few site-specific changes. Previously these were overwritten entirely, but that led to problems when upgrading the HHVM package: After an update it was running with incorrect settings until the next Puppet run. This patch provides an override file with our customisations. A few vendor settings need to be overwritten entirely, which is done with an initial blank config line like "ExecStart=". The settings can be displayed with "systemctl cat hhvm.service". This doesn't fully display the effective settings, though. That's still TBD on upstream's side: https://github.com/systemd/systemd/issues/2654 (This change is identical to 4353f287136f5db78ed2fe9558168de9cdb80d93, which I reverted in b8a8f51fe23a264f5dfdc5c2e4b9ddac62d0da5f; during the merge of the patch on the trusty hosts I noticed an apparent regression (which turned out to be a benign difference between the upstart and systemd jobs)). Bug: T143210 Change-Id: I2e58d21373fc098ccd5e31b8c1ad42383b04cceb 30 August 2016, 07:47:40 UTC
9070ae1 Guillaume Lederrey 18 August 2016, 15:25:38 UTC elasticsearch - check shards via the service, not via each individual node Checking cluster state on each node is redundant and generate a lot of noise. Cluster wide checks are now done on the service only. The logstash cluster is left unchanged as it does not have LVS. The relforge cluster is at the moment left unmonitored. This will be fixed once a cleanup of the different elasticsearch roles is done (see https://gerrit.wikimedia.org/r/#/c/304067/). Bug: T133844 Change-Id: Ica721152c10d777003726e80fa03ed82c69c8a10 30 August 2016, 07:45:17 UTC
2bc52ab Merlijn van Deen 15 August 2016, 07:34:31 UTC toollabs: install pdf2djvu Bug: T130138 Change-Id: Ib75973e95b59c3ab5794563a1dbeaf7ffb55f6d0 30 August 2016, 05:52:12 UTC
188a69d Filippo Giunchedi 29 August 2016, 09:57:44 UTC cassandra: add ssl monitoring only for ssl-enabled hosts Bug: T120662 Change-Id: Ib9fcf8ce260b08d44585c570138232eb71c88fb2 30 August 2016, 01:41:46 UTC
7f39a31 Daniel Zahn 25 August 2016, 18:19:14 UTC installserver: put aptrepo role also on install2001 Let install2001 also use the role that sets up the APT repo, so it's like install1001, which is going to replace carbon. As T132757 says we'll want them to match and possibly make APT HA later. Change-Id: Ia86aa856c8fb004067991395d5527ba9f66bf10e 30 August 2016, 01:15:33 UTC
31fc089 cpettet 29 August 2016, 21:31:50 UTC rabbitmq: add rabbitmqadmin for control via mgmt plugin Change-Id: I49f48fccb48ff27b802f166678f749d85dd10d81 29 August 2016, 21:38:15 UTC
3053cc8 cpettet 29 August 2016, 20:42:56 UTC openstack: remove old OpenDJ log file parser Change-Id: If28dd377db05ef0cabb8957ad31d3446a5bceaf4 29 August 2016, 21:36:39 UTC
9fcb5be andrewbogott 25 August 2016, 20:23:47 UTC Install openstack::horizon::puppetpanel on labtestweb2001 Change-Id: Icf6f1a8ea76ed651249761386b6d8d44f155bc0e 25 August 2016, 20:27:48 UTC
ee1a81c Andrew Bogott 14 June 2016, 15:52:09 UTC Horizon tab for modifying instance puppet config - Display available roles with docs and params - Display applied roles with params - Display miscellaneous hiera settings - Edit miscellaneous hiera settings - Apply/Removes puppet roles Bug: T91990 Change-Id: I7f064073ba93ffb53369117f30db14772b0ab2de 29 August 2016, 20:35:28 UTC
aa9f851 Alex Monk 03 August 2016, 21:45:23 UTC labnet: Merge site_address and network_public_ip in novaconfig Change-Id: Ib47441e39cff0c57cc55cb88b0e815bcc14e50c8 29 August 2016, 20:30:35 UTC
120b943 Jcrespo 26 August 2016, 15:20:53 UTC es2001-4: add node exporter to this standalones hosts These are not really databases, but they are still part of the mysql cluster, until they are decommed in aproximately 1 year. Bug: T126757 Change-Id: I110ad51ad4c33901ead7ddee52f027411a014aed 29 August 2016, 18:12:32 UTC
3d29466 Guillaume Lederrey 25 August 2016, 19:26:34 UTC maps - grant privileges on sequences to all known users While we already grant privileges on all tables in the gis database, we do not yet grant privileges to sequences. There is at the moment a single sequence (water_polygons_gid_seq). Change-Id: I3109d8fc18caeec2ff5001460f9f602c110a87f2 29 August 2016, 18:04:35 UTC
34a7843 cmjohnson 29 August 2016, 16:29:44 UTC Adding users flemmerich and psinger to analytics-privatedata-users group. Change-Id: I5eac09dc27fd0d425d5ae059e682794f413ad5b9 29 August 2016, 18:02:09 UTC
f8bb73b Madhumitha Viswanathan 29 August 2016, 17:55:30 UTC toollabs: Set timeout 0 on cdnjs git clone exec Bug: T134896 Change-Id: I75227927261359cef8e58ff9de1f4a41e4385304 29 August 2016, 17:55:53 UTC
cabfcf3 Madhumitha Viswanathan 29 August 2016, 17:35:56 UTC toollabs: Remove puppet dependencies on git clone cdnjs Bug: T134896 Change-Id: I9f182f55db42b177e2fbadcd45a8888a603f3f6d 29 August 2016, 17:37:39 UTC
c0365e7 Madhumitha Viswanathan 26 August 2016, 17:50:48 UTC toollabs: Convert puppet clone of cdnjs to cron Bug: T143637 Change-Id: Iacaac250f9f641b5981ca366c90f731802170eec 29 August 2016, 17:15:42 UTC
046ec69 cpettet 29 August 2016, 16:33:18 UTC phab: ip bans for sockpuppet accounts Change-Id: If019712152fdf708da01d4f98729b834c1fe8609 29 August 2016, 16:34:28 UTC
d07daac RobH 29 August 2016, 15:04:55 UTC Revert "robh on vacation next week, remove from paging" Rob is back to work. This reverts commit 7b053196599c2b72722ffd58f3c0b1e174f7fb59. Change-Id: I0967f9ba5632ceec2d1085ee290ba00f4b8022b8 29 August 2016, 15:05:02 UTC
324294a Alexandros Kosiaris 29 August 2016, 12:13:32 UTC nrpe: remove redundant ferm::rule We have a redundant ferm::rule for nrpe connections from monitoring hosts. The rule is redundant cause all monitoring hosts get full access anyway by being whitelisted in a allow all rule. So, remove the redundant NRPE specific rule Change-Id: I013d8a6070b30c4506914cb4409208d1b4f3737b 29 August 2016, 15:04:16 UTC
d83678b Alexandros Kosiaris 29 August 2016, 12:10:37 UTC logging::mediawiki: Remove redundant NRPE ferm::rule The ferm rule to allow NRPE in logging::mediawiki is redundant since the one in the nrpe module takes anyway precedence and is the exact same rule Change-Id: I04588960e781b857c3eff4c58de63cc3fe130416 29 August 2016, 15:03:53 UTC
1f85abd Tyler Cipriani 26 August 2016, 23:15:27 UTC Bump scap version to 3.2.4-1 Change-Id: I39b6bbc2abd519fdef7e1254ac230c09a79f766f 29 August 2016, 14:59:40 UTC
a0fd883 Jcrespo 29 August 2016, 14:46:14 UTC prometheus mysqld exporter: disable labsdb1005 because "precise" Bug: T126757 Change-Id: I805183b0d918ffee63fc4b46a297c57b4c0efe89 29 August 2016, 14:55:37 UTC
0fb5aac Jcrespo 29 August 2016, 14:31:55 UTC prometheus mysqld exporter: Add dbstore-eqiad hosts Bug: T126757 Change-Id: I688924097a2feb84f0e1488a582f4bf8dcb2a45c 29 August 2016, 14:53:51 UTC
3d2240d Jcrespo 29 August 2016, 10:06:05 UTC prometheus: add misc eqiad hosts to mysqld exporter Bug: T126757 Change-Id: I80304f9ab76cc7e7cc6dbefa2bbaf1f834562a18 29 August 2016, 14:48:30 UTC
c808d96 Alex Monk 14 August 2016, 23:26:55 UTC openstack: Delete old juno files from the repository Change-Id: Ie02b2b7eebcfc9a24860e589355b500829b98b0e 29 August 2016, 14:44:32 UTC
6f2862f Jcrespo 29 August 2016, 13:10:53 UTC prometheus exporter: avoid still existing precise hosts We do not need precise support; the hosts that are still on precise will be deprecated soon. Bug: T126757 Change-Id: I592ac63f86dab412e2268b638ecec58c5221085d 29 August 2016, 14:03:13 UTC
9c173fe andrewbogott 07 August 2016, 16:02:26 UTC Nova: update api-paste.ini.erb to conform with Liberty defaults This is a straight dump of api-paste.ini.dpkg-dist from a Liberty package, plus our customized keystone auth bits at the end. This should be a no-op but will allow us to adopt the 2.1 API once it is in place. Change-Id: I982593e83d95558b6a059f075e2b1ff98e540956 29 August 2016, 13:49:23 UTC
54c4870 Filippo Giunchedi 25 August 2016, 14:58:18 UTC prometheus: return 204 on / No reason to try and list root Change-Id: I7fe93cabb22c2bf979efd3e0c8c93e5d3d877480 29 August 2016, 13:05:51 UTC
550bab7 Filippo Giunchedi 29 August 2016, 12:44:28 UTC hieradata: add prometheus_nodes for ulsfo/esams For firewalling purposes, even though the hosts are not actually polled. Change-Id: If231c43ad6a7a4709d0a123c69ed9d01c1dfada5 29 August 2016, 12:57:23 UTC
43b91a1 Antoine Musso 28 October 2015, 20:06:30 UTC cache: vary statsd_server with hiera On the beta cluster the Varnish caches have a few process that reference the prodution statsd host: /usr/local/bin/varnishstatsd --statsd-server=statsd.eqiad.wmnet \ --key-prefix=varnish.eqiad.backends /usr/local/bin/varnishxcps --statsd-server=statsd.eqiad.wmnet /usr/local/bin/varnishrls --statsd-server=statsd.eqiad.wmnet Update the role::cache::* classes to use the generic hiera key 'statsd' which is defined with: hieradata/labs.yaml:# Labs statsd instance hieradata/labs.yaml:statsd: labmon1001.eqiad.wmnet:8125 hieradata/common.yaml:# Main statsd instance hieradata/common.yaml:statsd: statsd.eqiad.wmnet:8125 The three python scripts are in modules/varnish/files they recognize the 'host:port' format and default the port to 8125. The change for production would be: - --statsd-server=statsd.eqiad.wmnet + --statsd-server=statsd.eqiad.wmnet:8125 Such a change could have impacted an Icinga check_proc commands that are defined in modules/varnish/manifests/logging/ , but they are invoked with '-a' and the name of the process, eg they don't look at the extra arguments. Bug: T116898 Change-Id: I51c754fbec577a73e258922d4fc2054e9b1a854a 29 August 2016, 12:50:26 UTC
9f13729 Emanuele Rocca 29 August 2016, 11:45:00 UTC Upgrade upload ulsfo to Varnish 4 Bug: T131502 Change-Id: I8e3ce213b43c735cdf1567dad4412c57837a2505 29 August 2016, 11:45:00 UTC
b8a8f51 Moritz Muehlenhoff 29 August 2016, 10:28:26 UTC Revert "Provide a systemd override unit for hhvm" This reverts commit 4353f287136f5db78ed2fe9558168de9cdb80d93. Change-Id: Ic05e8ae8fe8e57b3648a2b7c17d5e63a5d929bc0 29 August 2016, 10:29:13 UTC
4353f28 Moritz Muehlenhoff 23 August 2016, 15:06:53 UTC Provide a systemd override unit for hhvm The default service file shipped by the HHVM Debian package needs to be extended with a few site-specific changes. Previously these were overwritten entirely, but that led to problems when upgrading the HHVM package: After an update it was running with incorrect settings until the next Puppet run. This patch provides an override file with our customisations. A few vendor settings need to be overwritten entirely, which is done with an initial blank config line like "ExecStart=". The settings can be displayed with "systemctl cat hhvm.service". This doesn't fully display the effective settings, though. That's still TBD on upstream's side: https://github.com/systemd/systemd/issues/2654 Bug: T143210 Change-Id: I7c9dab14b96682a6947882730143da56b63c3db1 29 August 2016, 10:20:52 UTC
c025c85 Jcrespo 29 August 2016, 09:48:10 UTC prometheus: Add parsercaches on eqiad (and fix the ones on codfw) Bug: T126757 Change-Id: I3f4f7a11014d7d5cd26e4172a7ed23b94784ab5c 29 August 2016, 09:48:10 UTC
cb9a1c3 Jcrespo 29 August 2016, 09:45:31 UTC prometheus: add labsdb eqiad hosts to monitoring It includes production replicas, labs-support replicas, and tools hosts. Bug: T126757 Change-Id: Ib37d05e60580fb5b64febc2f74ca89bb9a46d695 29 August 2016, 09:45:31 UTC
9521857 Jcrespo 11 August 2016, 11:58:46 UTC Remove unused accounts from unneeded functionalities with large uid * dbmon: monitoring utility decomissioned Change-Id: I38d768da0c532cd8bf3aa3a6a195b67d3872a907 29 August 2016, 09:36:47 UTC
218385d Jcrespo 26 July 2016, 10:37:29 UTC Update regex to include new labsdb and proxy machines Change-Id: Ie722aceeb0c0fd530d0eaa83b442fb9c6a30a4b9 29 August 2016, 09:35:51 UTC
3f80f1c Emanuele Rocca 29 August 2016, 09:15:06 UTC Upgrade cp4007 (ulsfo cache_upload) to Varnish 4 Bug: T131502 Change-Id: I9edc17ae2e812a789855e03829fd387571427d4e 29 August 2016, 09:30:08 UTC
a0b3aaf Jcrespo 26 August 2016, 13:35:44 UTC mysql: Clean up puppet code related to code databases * Move all firewall setups for mariadb::core to the role (It was finally applied to all core databases.) * Remove iron exception as it is no longer in use. * Firewall is only pending on some misc systems. Change-Id: I8ff6b8e67c8cecf1b0759a1844335825b2b8c7ee 29 August 2016, 09:07:54 UTC
da28852 elukey 29 August 2016, 08:32:47 UTC Raise the Varnishkafka maximum incomplete transactions to 5000 Varnishkafka's VSL query can keep, by default, up to 1000 incomplete records in memory (i.e. the ones without a Begin tag but not a End one). We have raised the maximum timeout with -T to 700 seconds a while ago to overcome timeouts in misc, but upload's traffic requires more tuning. Change-Id: Idb3c76980c31d03aaf93888c48d479e3bc309dd1 29 August 2016, 08:52:28 UTC
897ef7e Jcrespo 26 August 2016, 15:02:18 UTC Labsdb: include labs salt groups and prometheus monitoring for dbs Bug: T126757 Change-Id: Ibec339faeff2b44eae89b7fbe5e50ab1b6ed8be0 29 August 2016, 08:48:50 UTC
566d6e7 amir 25 August 2016, 23:10:26 UTC ores: Define extra config for ores Bug: T143567 Change-Id: Ic1f4b4936d95c77e2bfbba65bad1994524515ba1 29 August 2016, 08:36:35 UTC
3d63967 Moritz Muehlenhoff 26 August 2016, 11:57:35 UTC Disable unprivileged user namespaces on labvirt nodes running 4.4 HWE kernels By default trusty allows the creation of user namespaces by unprivileged users (Debian defaulted to disallowing these since the feature was introduced for security reasons) Unprivileged user namespaces are not something we need in general (and especially not in trusty where support for namespaces is incomplete) and was the source for several local privilege escalation vulnerabilities. The 4.4 HWE kernel for trusty contains a backport of the Debian patch allowing to disable the creation of user namespaces via a sysctl, so disable to limit the attack footprint Bug: T142567 Change-Id: Ib7fe25db280b12744aec5b0cf3bbd523ef5155a2 29 August 2016, 08:09:09 UTC
247db01 Moritz Muehlenhoff 26 August 2016, 11:06:41 UTC Ship a script to rewrite group memberships after enabling the memberof overlay The memberof overlay annotates group memberships on the respective user objects in "memberOf" attributes. This is useful to query group memberships of a user without parsing the members attribute of a group. Enabling the overlay does not amend existing attributes. This script provides a tool which retrieves the membership information of a group, empties the group and readds all users, thus adding the memberOf attribute for all members. Bug: T142817 Change-Id: I4832e6c11c59a64d6a4fb1d46451833767a44563 29 August 2016, 06:47:23 UTC
fdc799b Andrew Bogott 27 August 2016, 02:34:22 UTC Forward horizon settings to mitaka, for LabTest Change-Id: Ie21af8fbd47ec76865bd718d6e835bbd801c5d89 27 August 2016, 02:37:47 UTC
cc4a6f1 Andrew Bogott 27 August 2016, 02:24:56 UTC Specify a path for the django compression exec Change-Id: I36ae5e8212f4cb981395b24cbc5de4c83a19a332 27 August 2016, 02:25:16 UTC
7f77824 Andrew Bogott 27 August 2016, 01:59:04 UTC Compress static content for Horizon This is a modest config change, but also requires us to refresh and recompress the cache any time something is changed or a new component installed. Change-Id: Ie99f029624d96998ee32e358d99525705cd25292 27 August 2016, 02:19:48 UTC
41ba78a YuviPanda 26 August 2016, 23:57:38 UTC clush: Put clush config in correct location Change-Id: I94d69d4454cb4012e34812eccb15927bd56c9fc5 26 August 2016, 23:57:38 UTC
766218b YuviPanda 26 August 2016, 22:14:43 UTC tools: Add a wrapper script to enforce clush access Make sure we log accesses to a log file, and that people are running it as their own users rather than as root interactively. Note that this isn't foolproof - but can't really foolproof against people with root! Change-Id: I57156bb99dbc4a7e42c05efe06156ff001c1216b 26 August 2016, 23:24:36 UTC
0b5232b andrewbogott 25 August 2016, 02:44:01 UTC Added filtertags to labs role descriptions. This is an experiment to spruce up role filtering for the new labs puppet GUI Bug: T91990 Change-Id: Ic25662a110068969240083f6f4f9986628388898 25 August 2016, 03:06:41 UTC
d8fea15 Brandon Black 26 August 2016, 15:06:05 UTC text VCL: limited redirect for awful TLS negotiations Change-Id: Ib3319aa2338f2bf91c0b6ea93d96a952d8f4d805 26 August 2016, 19:32:14 UTC
7959306 YuviPanda 26 August 2016, 17:39:41 UTC clush: Fixup missing dependency + secret Not entirely sure how they got lost. Also enforce use only in labs. Running this in production has a lot of other challenges. Change-Id: Ia39f7b9672b90c462bb4312b1facfdefda46e098 26 August 2016, 17:58:57 UTC
c4e4ddc YuviPanda 20 August 2016, 18:59:36 UTC Introduce 'clush' module and toollabs role Change-Id: I6f3ffa16b759ddb4c2fd6bf5753b82796d84c6d8 26 August 2016, 16:54:49 UTC
a65a6e6 Ariel T. Glenn 26 August 2016, 10:55:44 UTC add max_allowed_packet to xml/sql dump config so mysqldump doesn't whine the default value was 24M, the servers had 32M, and this finally caused a dump of the commons image table to break Change-Id: I52e0c6e0ebefe2520b0b159d3c68090368819436 26 August 2016, 15:56:18 UTC
6c5a64d Giuseppe Lavagetto 25 August 2016, 22:00:34 UTC puppetmaster::frontend: get workers from hiera Also fill in the values for eqiad and codfw Bug: T143869 Change-Id: Id11e82f7deee9dcabd4c2ea6e74960032f1b9ceb 26 August 2016, 14:21:33 UTC
back to top