Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
aa9a8ea Alexandros Kosiaris 31 October 2016, 10:41:27 UTC tendril: Supply a robots.txt disallow all robots While the site is protected behind LDAP authentication, it makes no sense for (well-behaved) robots to try and access it in case something changes. Bug: T149340 Change-Id: I120ed8102950372e640086f91f7eaf4729cfae62 31 October 2016, 10:41:27 UTC
c50284e Giuseppe Lavagetto 27 October 2016, 16:17:32 UTC base::service_unit: enable/disable the service if managed here We want units to correctly respect their WantedBy stanzas if enabled, so that i.e. services start at the server boot and not following the first puppet run. This is valid even for the other init systems, although there under debian derivatives it is mostly irrelevant in those cases. Change-Id: I6d2b50d782da5c82846888ed81a869701b0b7fbd 31 October 2016, 10:23:33 UTC
d9d06fb Daniel Zahn 27 October 2016, 22:04:35 UTC icinga: remove ServerAlias with hardcoded hostname First impulse was to update "neon" to "einsteinium", second was to replace it with "<%= @hostname %>", third was to remove the ServerAliases altogether. Or is there a need for them and we want them to exist? Currently you'll get a certificate error for https://einsteinium.wikimedia.org/ Bug: T125023 Change-Id: Ie79954982faa0d7687864f85f15d8301533d5266 31 October 2016, 08:54:08 UTC
d4c39c1 YuviPanda 31 October 2016, 04:13:49 UTC jupyterhub: Add some hardening for the notebooks Bug: T149543 Change-Id: I4e999af8351abd2e67fb337993c3ad85a796501a 31 October 2016, 04:24:02 UTC
fef09c3 Madhumitha Viswanathan 31 October 2016, 04:15:18 UTC jupyterhub: Remove venv creation from deploy script Puppet already creates the venv Change-Id: I820cf3686e3e24980a3a3f83c934574102d951e0 31 October 2016, 04:16:30 UTC
25c3efc YuviPanda 31 October 2016, 03:56:38 UTC jupyterhub: Specify proper class for config keys LocalAuthenticator doesn't exist. We could use the correct name of the class we derived, but that is unnecessary I think - the way I understand traitlets to work, this should work too. Change-Id: I6a9b7377f313f9789441ef2b192b8a8a14c87941 31 October 2016, 04:02:39 UTC
f83d40f YuviPanda 31 October 2016, 03:21:14 UTC jupyterhub: Safer defaults for authenticator We'd rather have LDAP be the default, and someone in labs not be able to get in, than dummy be the default and be accidentally enabled in prod Bug: T149543 Change-Id: I0a51bf09ab620d0333a94db393ca5a7d02527056 31 October 2016, 03:24:08 UTC
2ed1092 YuviPanda 31 October 2016, 03:20:55 UTC paws_internal: Rename hiera file to match Change-Id: I937f133fa49ee33953646aa14f04b17c71e518de 31 October 2016, 03:23:51 UTC
375e3a5 Madhumitha Viswanathan 10 May 2016, 20:43:40 UTC jupyterhub: Add module to set up Jupyterhub for paws-internal See https://wikitech.wikimedia.org/wiki/PAWS/Internal for more information. Bug: T149543 Change-Id: I33104206fe75d817531c23f10e4ccf225da81fa0 31 October 2016, 02:55:56 UTC
0643004 andrewbogott 30 October 2016, 15:55:58 UTC Fix typo in mariadb::service include This takes a 'package' arg, not a 'version' arg. Change-Id: I07e081bd8ef18bb2881bea62baa8b6070f42a481 30 October 2016, 15:55:58 UTC
9d3d295 Jcrespo 18 October 2016, 17:23:12 UTC labs dns: Add mariadb::service and changes for new package New package and class manages mysql symlinks and init.d automatically. Change-Id: Ic7b4ed6d4de9ea035c31074461fe37aea15b51c5 30 October 2016, 14:47:29 UTC
f113cef Guillaume Lederrey 27 October 2016, 09:38:28 UTC cirrus - disable the rebuild of completion indices The rebuild of completion indices is a fairly long operation. To help the reboot of terbium we can disable those crons for a short period. This change should be reverted once terbium is rebooted. Change-Id: I1b585a88257737c70dfd7d2f260fa5dc4ccfeb64 30 October 2016, 13:53:23 UTC
1175f92 Filippo Giunchedi 28 October 2016, 22:38:38 UTC Offboarding Rob Lanphier Change-Id: I650f2add0ee40b4d8614ab7ea228edc2630fcd93 28 October 2016, 23:29:59 UTC
62c301f Daniel Zahn 21 October 2016, 23:57:51 UTC phabricator: add vcs::listen_addresses for codfw Add the phabricator VCS listen address for codfw, added to DNS in I2e1d2114a6c048e50. This will be the equivalent to iridium-vcs.eqiad.wmnet (renamed to phab1001-vcs.eqiad.wmnet) = 10.64.32.186 but for codfw. We need to adjust puppet manifests to use the right IP for the right datacenter and not the same IP on both, leading to problems like T143363. There are more changes needed but this is a start of it, compare to existing hieradata/role/eqiad/phabricator/main.yaml. Bug: T143363 Change-Id: I4c5709a2561f3af24364c76df97032fde4b19c65 28 October 2016, 23:07:45 UTC
1fcaa70 Daniel Zahn 28 October 2016, 23:02:37 UTC mgmt: add missing # in changepw script and some spaces Change-Id: I53f91162fc55896247f4dc7c0f872ed5829f4d60 28 October 2016, 23:02:37 UTC
cf186b8 pt1979 28 October 2016, 22:34:40 UTC script to change mgmt password Change-Id: Iae0ca122cc471a1623d821ed72046fab6d40e942 28 October 2016, 22:49:18 UTC
7a1700d YuviPanda 28 October 2016, 20:10:55 UTC tools: increse k8s apiserver open files limit Current limit seems to be 1024 and that is exhausted quickly Change-Id: I5f04f24aaf50007ba71904cf741677d2b735bbd2 28 October 2016, 20:13:41 UTC
140f07b cpettet 28 October 2016, 18:38:18 UTC k8s: install bridge-utils with docker::engine This package contains utilities for configuring, inspecting and debugging the Linux Ethernet bridge. Notably comes with `brctl` for debugging such as `brctl show`: bridge name bridge id STP enabled interfaces docker0 8000.024251e804d6 no veth0d74a21 veth18940d3 Change-Id: I73729b6bfca065a051773ba4242251dafc7a53cd 28 October 2016, 19:19:00 UTC
baf27a8 Filippo Giunchedi 26 October 2016, 19:11:27 UTC hieradata: add swift user for docker_registry Bug: T149098 Change-Id: I88d76f18e6069554a020ef2eec1d949107a97b61 28 October 2016, 19:06:56 UTC
2ddc822 YuviPanda 13 October 2016, 19:04:31 UTC tools: Update clush classifier prefix for static nodes Change-Id: I47e86b141fc18a9f967eae36db8fcf9e8abac917 28 October 2016, 18:27:36 UTC
f2cece0 Antoine Musso 25 October 2016, 21:29:05 UTC contint: move php5 install on jessie to nearest user On Debian Jessie, mediawiki::packages no more install the Zend PHP. That has to be done explicitly via mediawiki::packages:php5. contint::packages was/is meant to be shared between production and labs slaves, however everything now runs on labs. Move the definition to contint::packages::labs next to the include of mediawiki::packages. Change-Id: Ide58718c9da3cf1ada60e304c082704b63aa66d4 28 October 2016, 16:49:38 UTC
d32f3c8 Antoine Musso 25 October 2016, 21:15:42 UTC contint: move doxygen/graphviz to labs instances doxygen is the utility to generate online documentation. It used to be run directly on the Jenkins master (contint::packages) which is no more the case nowadays. doxygen depends on Graphviz to generate methods/function call graphs and class dependencies. We had a use for Graphviz on the production/Jenkins master which was for the "job dependency graph". As indicated on 3906dbe72, the plugin is no more used and thus we no more need Graphviz on the Jenkins master. Move 'doxygen' and 'graphviz' from contint::packages (for prod) to a new standalone class contint::packages::doxygen. Include the new class solely on the labs Jenkins slaves (contint::packages::labs). Change-Id: I8fa65a35047b0d0734a6b0a6e021e7dd053e0e58 28 October 2016, 16:37:35 UTC
fac58aa Andrew Otto 28 October 2016, 15:24:55 UTC Use same partman recipe for all kafka-main hosts Bug: T148849 Change-Id: Ifc3aac705144c607b169298a2b4463107587d66f 28 October 2016, 16:08:20 UTC
57f87aa Guillaume Lederrey 28 October 2016, 15:59:53 UTC maps / postgresql: monitoring uses template1 database Change-Id: I775de411a257891339eb525b20a8e18673a2c6e4 28 October 2016, 15:59:53 UTC
e40eea6 Emanuele Rocca 28 October 2016, 11:05:43 UTC cache_text varnishtest: set X-Carrier based on XCIP Test setting X-Carrier based on XCIP using a test version of carriers.json. Bug: T131503 Change-Id: I94f79faa7a4e5cdd8ad7a12e22d7c29fe0fd2f9f 28 October 2016, 15:03:27 UTC
d624529 Emanuele Rocca 27 October 2016, 16:46:30 UTC VCL: allow to load test versions of netmapper JSON files Do not hardcode /var/netmapper in wikimedia-frontend.vcl.erb, use a template variable instead. Specify a different directory for the test version of wikimedia_text-frontend.vcl to allow loading test versions of carriers.json and proxies.json. Change-Id: Icca24978a200ec45638dd4ff03182b3f33f23540 28 October 2016, 14:14:04 UTC
065917e Jaime Crespo 28 October 2016, 14:07:18 UTC labsdb-tools: Fix one-entry-per-line bug on wild_ignore_table "To specify more than one table, use this option multiple times, once for each table." https://dev.mysql.com/doc/refman/5.6/en/replication-options-slave.html#option_mysqld_replicate-wild-do-table Change-Id: I890f6b9e5703f49c162a59b98a72df101287e86f 28 October 2016, 14:11:40 UTC
905187f Jaime Crespo 28 October 2016, 13:50:40 UTC labsdb-tools: Puppetize patch skipping replication on heavy hitters These 2 users do regular imports that make replication lag forever. Avoid replication those; users were already notified they will not have a backup copy in case this server fails. Change-Id: I23203f7a38c267410a47c74b49db91b9c40ae97e 28 October 2016, 13:50:40 UTC
20021b4 Moritz Muehlenhoff 17 October 2016, 14:21:33 UTC oozie: Restrict to analytics networks We're getting rid of $INTERNAL, since it's needlessly broad. oozie needs to be accessed from stat100[24], hadoop and hue, so restrict access to the analytics networks. Change-Id: If240f6d68d91410ded6f2d59cbd1e8e9a0d193ac 28 October 2016, 13:01:14 UTC
5bea4ce Jaime Crespo 28 October 2016, 11:13:59 UTC labsdb-toolsdb: Cleaning up tls certificates This is in preparation for a potential labsdb1005 failover. Bug: T123731 Change-Id: Ie9f9d3730171303a1ae2b2b487b58776b38bea6f 28 October 2016, 12:39:01 UTC
83de150 Guillaume Lederrey 28 October 2016, 09:58:22 UTC maps / postgresql: use replication user for monitoring Monitoring of pustgresql replication lag requires access to data only available from superuser or replication user. This prevents using a dedicated monitoring user. Bug: T147194 Change-Id: Iffa2dd0c26f244dcb860f9aca046a63e7ac21823 28 October 2016, 11:49:09 UTC
3dcc498 Emanuele Rocca 28 October 2016, 10:11:34 UTC varnishlog.py: remove trailing NULL byte only if present Instead of unconditionally removing the last element of the data string returned by varnishapi.VarnishLog.Dispatch we should only remove NULL bytes. Newer versions of python-varnishapi do not return a trailing NULL byte, resulting in very broken varnishlog behavior (eg: GET -> GE). Change-Id: I4de0f6a9b75db8dd395d810d39ab43e59e8233bf 28 October 2016, 10:11:36 UTC
f987ecc Emanuele Rocca 27 October 2016, 16:03:22 UTC varnishapi.py: import latest upstream version Update varnishapi.py to the latest version (d8b259a), which fixes a bug affecting the -c switch. Change-Id: I408738550f585c102c2a645c1c6e52ffc76d426c Ref: https://github.com/xcir/python-varnishapi/issues/65 28 October 2016, 09:14:21 UTC
d7d0b47 Emanuele Rocca 18 October 2016, 07:45:06 UTC Fix bashisms This commit fixes a few possible bashisms reported by checkbashisms. In most situations we were relying on bash-specific behavior, in others on dash-specific ones. When in doubt, switch back the script to using bash explicitly. Bug: T95064 Change-Id: Ifc841a52be47ca33ca8737a383ac6f7e2ed718c4 28 October 2016, 08:43:12 UTC
b803f15 Moritz Muehlenhoff 17 October 2016, 14:27:43 UTC hue_server: Restrict to production networks hue/Port 8888 is served via Varnish/cache_misc, so restrict to $PRODUCTION_NETWORKS, $INTERNAL is needlessly broad. Change-Id: Ic26d454fbb875b7e5ad70659773f098af23349ea 28 October 2016, 06:59:57 UTC
4b52d5a Filippo Giunchedi 28 October 2016, 00:39:59 UTC prometheus: change file_sd_config syntax after upgrade Change-Id: I3c3c0ce4d041869bbd176aaeaa4ad8c077a1874b 28 October 2016, 00:40:01 UTC
478f078 Filippo Giunchedi 28 October 2016, 00:30:27 UTC prometheus: fix ganglia varnish cluster name Change-Id: Ic648566f7a97e94a4152e171d468b6b4d26e99de 28 October 2016, 00:30:27 UTC
ba991e6 Filippo Giunchedi 28 October 2016, 00:21:52 UTC prometheus: move get_clusters to varnish_config.erb Same approach as modules/role/templates/prometheus/node_site.yaml.erb Change-Id: Id969a368ddc15fbcfcd2796e941dac8258117996 28 October 2016, 00:23:13 UTC
8ad7431 Filippo Giunchedi 28 October 2016, 00:11:02 UTC prometheus: use lists as arguments for selectors for get_clusters The error generated is: Detail: undefined method `[]' for nil:NilClass at /etc/puppet/modules/prometheus/manifests/varnish_config.pp:46 on node prometheus2001.codfw.wmnet Change-Id: I002da329eae4b72df70b6e704e21e6c4a4c7267f 28 October 2016, 00:11:03 UTC
bb46b3c Filippo Giunchedi 27 October 2016, 23:58:29 UTC prometheus: swap cluster/site returned by get_clusters The error is this: Detail: undefined method `[]' for nil:NilClass at /etc/puppet/modules/prometheus/manifests/varnish_config.pp:46 on node prometheus2001.codfw.wmnet Change-Id: I8b2970f16bc85e6f0d70e74379dcd63277b18300 27 October 2016, 23:59:23 UTC
c8c12ed Filippo Giunchedi 27 October 2016, 23:44:09 UTC prometheus: quote hash keys in varnish_config template Getting an error similar to: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template prometheus/varnish_config.erb: Filepath: /usr/lib/ruby/vendor_ruby/puppet/parser/templatewrapper.rb Line: 82 Detail: Could not find value for 'targets' at /etc/puppet/modules/prometheus/templates/varnish_config.erb:5 at /etc/puppet/modules/prometheus/manifests/varnish_config.pp:46 on node prometheus2001.codfw.wmnet Change-Id: Ie13ea9bcef5d0d2855f3f7a638f90490664b30f5 27 October 2016, 23:47:07 UTC
51079ca Stephen Niedzielski 15 January 2016, 17:58:59 UTC contint: add module xdummy for Jenkins' Android emulation tests Xdummy is an Xorg virtual display that X11 clients may show windows on just like a desktop machine. This functionality is needed by the Jenkins' Android emulation tests which include view tests that are screen captured. Xvfb does not support GLX extensions, which the Android emulator requires, so it cannot be used. Bug: T133183 Change-Id: I41f4dac74da20aeb36509d9f2cd267f1ccc5c729 27 October 2016, 23:40:57 UTC
4190d38 pt1979 27 October 2016, 16:28:42 UTC Introduce role/class to manage mgmt interfaces Working on a script to be able to change the mgmt password and sshpass is needed to execute remote racadm and ilo commands from the hosts running the script . The script will be added in a follow-up patch, this is to introduce the role and put it on neodymium, the salt master, so that sshpass gets installed there as a pre-requisite for the script to work. Change-Id: I1367ad13b1fb34b77e2f2bb58b18cef762d429e1 27 October 2016, 23:30:16 UTC
84b7297 Filippo Giunchedi 10 October 2016, 14:40:02 UTC prometheus: generate Varnish targets Bug: T147424 Change-Id: I45ef6f6ba0b5aebb1abcf8d0120051f4e83871a3 27 October 2016, 23:20:09 UTC
47695fa Filippo Giunchedi 15 September 2016, 08:52:08 UTC prometheus: generate varnish targets from get_clusters() Pull a map of varnish host => varnish cluster from conftool data, use that map to generate Prometheus per-varnish-cluster targets configuration. Our varnish configuration is 2layer everywhere, therefore also 'service' is used to distinguish frontend varnish from backend varnish. Two instances of prometheus-varnish-exporter are ran per machine, one for each fe/be. Bug: T147424 Change-Id: I76acecafdc5cc4a9472a79b5f3514daebf043471 27 October 2016, 23:11:45 UTC
5fa9410 andrewbogott 27 October 2016, 22:38:03 UTC Openstack: typo fix Change-Id: Ie473088cc25c88763808e051da9916045bd0c711 27 October 2016, 22:38:03 UTC
27a468d Faidon Liambotis 27 October 2016, 22:19:41 UTC Add user faidon to analytics-privatedata-users Already a member of a higher-privileged group (root), and thus this isn't an access elevation that requires approval. This is just to make HDFS happy. Change-Id: I42cc55d3d3b51fe80b96ad93c2940bac80a96645 27 October 2016, 22:21:31 UTC
31b0147 addshore 04 October 2016, 16:22:27 UTC Enable simple-json-datasource on prod Grafana Bug: T147329 Change-Id: I9b99d9fd394b1cc88e9c62f0d33bf55a7b33a06f 27 October 2016, 22:01:32 UTC
9513729 Filippo Giunchedi 19 October 2016, 09:15:17 UTC site: add varnish_exporter to ulsfo/codfw maps/misc Change-Id: Iba57f435b8cde7f89492258088a468fe5d44cc28 27 October 2016, 21:41:56 UTC
26dcadf Filippo Giunchedi 27 October 2016, 21:01:43 UTC prometheus::tools: fix tls_config(s) Change-Id: I72c9d3aa6ee6c0af96544aa70c5440da2325d7be 27 October 2016, 21:03:59 UTC
51ed796 Filippo Giunchedi 27 October 2016, 01:24:06 UTC prometheus::tools: fix k8s discovery after upgrade Newer Prometheus k8s discovery shuffled things around and discovery 'type' selection is done in the configuration itself. Also split in two jobs between apiserver and nodes, this allows e.g. to force insecure https and other settings only where needed. Finally, drop spammy metrics where cardinality would be out of control, e.g. rest_client_request_status_codes{code="Get https://k8s-master.tools.wmflabs.org:6443/api/v1/watch/services?resourceVersion=41811919&timeoutSeconds=377: dial tcp 10.68.17.142:6443: getsockopt: connection refused",host="k8s-master.tools.wmflabs.org:6443",method="GET"} 1 Bug: T147207 Change-Id: I36dbc5c58f7619d8785b28201efc7c9b73b1c884 27 October 2016, 19:58:57 UTC
77dfb15 elukey 26 October 2016, 10:00:43 UTC Force Content-type for files without extensions (noc.w.o) Bug: T146421 Change-Id: I29820d95b0bf77af591352a1e9fbae5e3bf2731f 27 October 2016, 16:57:57 UTC
70cb2c3 RobH 27 October 2016, 16:30:23 UTC decom aqs100[123] removing from install_server T147926 Change-Id: Iba9bf1a747ff5a8c3e1303ba76251914d343127d 27 October 2016, 16:31:56 UTC
e2ec28b Antoine Musso 25 September 2016, 18:35:24 UTC puppetmaster: git-sync-upstream early abort After having fetched the origin reference, skip attempting a rebase if our current copy is a direct ancestor, ie it is up-to-date. Would help with the surge of puppet errors we are seeing on beta which I suspect is due to a race between the rebase and puppet master both mangling the same files. Note that the recursive merge strategy always cause rebase to rebase. Skipping unneeded rebase will surely help the suspected race. Bug: T131946 Change-Id: I6bfe51c94800fd6c21bd7390320553c986393219 27 October 2016, 16:22:12 UTC
82e3aa1 Antoine Musso 25 September 2016, 17:08:29 UTC puppetmaster: polish git-sync-upstream Remove unused variables: * Drop STATSD_HOST, monitoring got moved to a Diamond collector with 1edac88. * Repository name is no more needed for same reason. * HAVE_STASH which never get used apparently * Reorder rebase options * Inside function, change exit to return Double quote variables and use $(..) Change-Id: I9433feef9762eddec6bb96f56574ff468c248c4d 27 October 2016, 16:12:49 UTC
a19d115 Antoine Musso 27 October 2016, 10:17:43 UTC contint: kvm groupadd is only for android testing The CI Trusty slaves fail puppet due to a duplicate declaration: Exec[jenkins-deploy kvm membership] That is needed for the Android testing which ihas a dedicated role role::ci::slave::android, however the resource is defined in both: * contint::packages::labs, shared by all slaves * contint::packages::androidsdk (which also include the previous class) Move the kvm groupadd at the role level to role::ci::slave::android and remove it from the shared class contint::packages::labs Drop it from the contint::packages::androisdk so it now only install debian packages. Stop including the Android SDK packages on all slaves. The job is running on dedicated slaves that have role::ci::slave::android, the packages are useless on other slaves. Bug: T149294 Change-Id: Icef5d1c48b9b43ced1f044c79a93c5dcd685fa91 27 October 2016, 16:07:26 UTC
ee9fd98 Emanuele Rocca 27 October 2016, 12:59:51 UTC cache_text varnishtest: insecure POST forbidden Bug: T131503 Change-Id: I2242cf1c24648ff573ddea54a0f45b49c2c1194a 27 October 2016, 14:53:56 UTC
fd7830e Emanuele Rocca 27 October 2016, 10:56:40 UTC cache_text varnishtest: frontend response headers Add 02-frontend-headers.vtc to check for cache_text response headers, including proper generation of the GeoIP cookie. Bug: T131503 Change-Id: I4fc0a7f5a97641b9bf33768058fea2fdba810063 27 October 2016, 14:53:33 UTC
b47a786 Giuseppe Lavagetto 26 October 2016, 08:26:45 UTC docker::registry: drop http host setting As I understand it, it's useless now that we proxy through nginx Change-Id: I6e1d68a0e9e8568f654bc6463d0221fb10fb9030 27 October 2016, 14:52:38 UTC
9e6ca26 Filippo Giunchedi 26 October 2016, 21:38:48 UTC role::logstash::elasticsearch: include base::firewall Change-Id: I5ddd58bb7241c7ded410ea4e46d5befabad65692 27 October 2016, 14:50:51 UTC
a2fd3b8 Filippo Giunchedi 26 October 2016, 21:32:32 UTC site: remove explicit role prometheus::node_exporter Now deployed via 'standard' module. Change-Id: I4f76e218f0aa1672b5ee2c361037c45759d7d668 27 October 2016, 14:48:54 UTC
f9eb668 Giuseppe Lavagetto 26 October 2016, 08:26:08 UTC docker::registry: allow passing configurations Change-Id: I04063f7ad6e409e3c2fa03a9f8a3ea3d746ed928 27 October 2016, 14:43:54 UTC
6de1e1c Giuseppe Lavagetto 26 October 2016, 08:20:14 UTC docker::registry::web: allow using puppet certs As in production we will use the puppet certs, let's offer the alternative here. Change-Id: I7a7093bc88152ff09b8da60333b4c7b023c8668e 27 October 2016, 14:35:18 UTC
82417ab Brandon Black 27 October 2016, 14:00:58 UTC rcstream: log xcip as well for analysis Change-Id: I55296db470a8f40ca48259bc12198ee32ce6c463 27 October 2016, 14:01:07 UTC
02919d7 andrewbogott 25 October 2016, 05:40:47 UTC Add 'remember me' checkbox to Horizon auth. The SESSION_TIMEOUT setting in Horizon is used in multiple places as a maximum timeout. This patch cranks that up to 7 days, but then adds a new setting SESSION_SHORT_TIMEOUT which is used for transient sessions (when the user doesn't tick 'remember me'.) Will this introduce the wikitech bug where the horizon session outlast the keystone token and we're dropped into a contentless-yet- still-logged-in limbo? Maybe. Bug: T149036 Change-Id: Ica5b962cc807df45f537801d8080f84f488ec235 27 October 2016, 13:55:13 UTC
09824fe Guillaume Lederrey 27 October 2016, 12:59:18 UTC maps / postgresql: corrected hiera key for replication password Bug: T147194 Change-Id: If3a2731a14595143ae98a542991f6e21ddb1388d 27 October 2016, 12:59:18 UTC
b19bd5a Guillaume Lederrey 27 October 2016, 12:55:15 UTC maps / postgresql: corrected hiera key for replication password Bug: T147194 Change-Id: I28dd56e5a8e9176e963e6a925e16a285f50f818e 27 October 2016, 12:55:15 UTC
61e41a2 Guillaume Lederrey 27 October 2016, 12:49:36 UTC maps / postgresql: new configuration format for slaves Bug: T147194 Change-Id: I3fbba7352bdf79e0d4abaca586bb2c7b09268d42 27 October 2016, 12:49:36 UTC
ca8a94e Guillaume Lederrey 11 October 2016, 14:01:23 UTC Maps - cleanup postgres user creation Previous hiera configuration contained some duplication (the attributes of replication users are all the same) and failed to expose higher level abstraction. This change allow to just have a list of the postgresql slaves and their IP address in hiera, and treat other parameters as our puppet model, not as configuration. Previous hiera structure: maps::postgres_slaves: replication@maps-test2002-v4: user: replication password: 123456 cidr: 4.3.2.1/32 pgversion: 9.4 attrs: REPLICATION database: replication replication@maps-test2003-v4: user: replication password: 123456 cidr: 4.3.2.2/32 pgversion: 9.4 attrs: REPLICATION database: replication New hiera structure: maps::postgresql_replication_pass: 123456 maps::postgresql_monitoring_pass: 654321 maps::postgres_slaves: maps-test2002: ip_address: 4.3.2.1 maps-test2003: ip_address: 4.3.2.2 The passwords need to stay in private repo, but most of the slave configuration can now be moved in the standard hiera files. The hiera configuration in private repo needs to be adapted before merging this change. Bug: T147194 Change-Id: I7fa7b5cc202dd17de007bb0f4e10ffefa7187c1b 27 October 2016, 12:36:50 UTC
9755e97 Giuseppe Lavagetto 26 October 2016, 08:09:15 UTC docker::web: allow defining multiple build servers Change-Id: I64edad7ee3cdc694d6f1a82afdce1d7d7e1208c4 27 October 2016, 12:09:58 UTC
a3e858f Daniel Zahn 26 October 2016, 00:49:52 UTC icinga: let icinga own /var/log/icinga Let icinga own /var/log/icinga and set the permissions similar to but not exactly as they were on neon. On einsteinium the log dir was owned by 'nagios' and that meant the irc.log, raid_handler.log files could not be written, so icinga-wm was silent on IRC. Puppetize the manual fix. Change-Id: Ibec3aa9ae5f92e300f9efb9ea17311eba05226bb 27 October 2016, 12:03:08 UTC
447acd6 Guillaume Lederrey 26 October 2016, 09:00:52 UTC elasticsearch - enable garbage collection logs on relforge servers This change adds an option to enable GC logs on elasticsearch. This option is turned off by default and only relforge server is configured to activate the GC logs. Once we validate that this has no negative impact, we can generalize this configuration. Bug: T134853 Change-Id: I21a0a6f27304bf6188f69834c6c96ba4d982d0e7 27 October 2016, 11:58:08 UTC
b57bdf9 Giuseppe Lavagetto 26 October 2016, 08:07:03 UTC docker::registry::web: listen on ipv6 as well Change-Id: I880b587284d68abaa27d092953c265a0a52ff13c 27 October 2016, 11:53:13 UTC
1f43c75 Giuseppe Lavagetto 26 October 2016, 08:02:20 UTC docker::registry: separate nginx config from the main one Change-Id: I212ef253ff1ab1c9e63ba06fe9f6955ebaca5e9e 27 October 2016, 11:48:50 UTC
18a13ee Riccardo Coccioli 27 October 2016, 10:04:18 UTC Icinga: fix raid_handler ACK persistence Bug: T149229 Change-Id: I8b88e34b97e6161482150c3ba685ed75df9e44c6 27 October 2016, 10:04:18 UTC
5baaf40 Riccardo Coccioli 26 October 2016, 14:03:59 UTC Icinga: raid_handler improve failure detection Bug: T142085 Change-Id: Ie89d0ea765d271681a08d9f39b0aa93bc482d27a 27 October 2016, 10:00:44 UTC
7aa74d6 Alexandros Kosiaris 27 April 2016, 09:52:00 UTC service::node: only rotate log files Otherwise we might end up also matching .*gz files Bug: T148436 Change-Id: I8ed0030d17dd4c6b5608440423838761d0af7d29 27 October 2016, 09:17:23 UTC
ae8a96a Giuseppe Lavagetto 27 October 2016, 08:03:04 UTC install_server: add darmstadtium Bug: T148961 Change-Id: I144aaffa7f4206d8e9a72246b0112a8f1c7fa7e2 27 October 2016, 08:03:04 UTC
33e7f66 Alexandros Kosiaris 27 October 2016, 07:38:48 UTC tendril: Remove the apache 2.4 specific directives They are not really needed anyway. In 2.4 and onwards, IP based authorization is just one more Require line and in this specific case it adds no value Change-Id: I2b8f0412a1a21f6703e3264c32e9de25808182ec 27 October 2016, 07:38:48 UTC
7be3ba6 Giuseppe Lavagetto 27 October 2016, 06:48:45 UTC tendril: require auth in apache 2.4 Change-Id: I5fa6a9c43151d46635e21161886677ac5352f976 27 October 2016, 06:48:45 UTC
90f752a Faidon Liambotis 27 October 2016, 00:55:56 UTC Remove references to psw1-eqiad, decom'ed Bug: T149224 Change-Id: Id6894474efb26ad767e57911678c393a0d45e38f 27 October 2016, 00:56:45 UTC
f846305 Antoine Musso 25 October 2016, 21:24:32 UTC contint: drop useless require_package contint::packages is meant to be shared between production and labs slaves. It installs openjdk-7-jdk which is redundant with: jenkins::slave which installs the openjdk-7-jdk-headless for the jenkins agent that runs on the instances. contint::packages::java installed on all slaved and meant to represent the requirement to run a java/maven project. Drop openjdk-7-jdk from contint::packages. Change-Id: I1659311d10eaeed62816f38652cbdeeb341a8d1e 27 October 2016, 00:52:51 UTC
74524c7 Antoine Musso 06 October 2016, 14:09:33 UTC contint: add phpdbg for code coverage mediawiki-core-code-coverage is still running on PHP5.5 with XDebug. PHP_CodeCoverage supports PHP7 with phpdbg which is order of magnitude faster. Install php7.0-phpdbg on Jessie slaves. Will let us run something like: php70-phpdbg -qrr phpunit --coverage Bug: T147778 Change-Id: I56864cf7a354e07263a38c90d6000f0ce2c44eac 27 October 2016, 00:45:49 UTC
fd1a173 Madhumitha Viswanathan 26 October 2016, 23:38:41 UTC dynamicproxy: Fix health check endpoint location Bug: T143638 Change-Id: I0705074e38fafb3d374901101f68378bb0e4d1a8 26 October 2016, 23:39:19 UTC
31b1794 Madhumitha Viswanathan 07 October 2016, 14:23:38 UTC tools proxy: Add health check and icinga monitoring Bug: T143638 Change-Id: If89260a3320315ee4cce2a70be0d7b83b21f3646 26 October 2016, 23:17:19 UTC
7d925a6 Antoine Musso 25 October 2016, 21:10:54 UTC contint: remove python-requests We have python-requests installed on gallium which was to fulfill a dependency to auto sync the VisualEditor repository in Gerrit. That was to workaround a bug in Gerrit which no more apply nowaday. The sync script has been removed and the dependency is no more needed. Bug: T51846 Change-Id: I0b7a42c34cf9671c515b843dd3fe9849356005f8 26 October 2016, 23:09:25 UTC
7a16b01 Filippo Giunchedi 25 October 2016, 20:34:01 UTC prometheus: upgrade to new config syntax The configuration keys changed in 0.20. Bug: T147207 Change-Id: I63ae7d23f061b421e825bffc77e67c17487bde05 26 October 2016, 23:02:42 UTC
ae73ffe Brandon Black 26 October 2016, 21:54:50 UTC cp1008: disable do_ocsp_int while experimenting with nginx packages Change-Id: I26c7e7d3a6ad04c6ff0a1b837c9dfea72aac5e4c 26 October 2016, 21:55:08 UTC
48f3e93 Jaime Crespo 26 October 2016, 20:27:46 UTC mariadb: set secure_file_priv to /dev/null This will disable arbitrary export/imports to any directory, even if someone had FILE privileges by accident. Change-Id: Ie15950a19da254f9011d46a0f6ff006b46476a64 26 October 2016, 20:49:37 UTC
840200d Daniel Zahn 26 October 2016, 01:58:48 UTC decom lead (ex-gerrit) lead used to be a gerrit server until T147905 happened, then it got replaced with cobalt. Bug: T147905 Change-Id: I10c613e55aa8fe0789746cbb4c834e1b27bc521f 26 October 2016, 18:03:49 UTC
ddcd0f9 Chad Horohoe 26 October 2016, 17:38:11 UTC CI firewall: remove lead from the ferm rule, it doesn't exist Already decommend in favor of cobalt Change-Id: Id40a9b17c214edabd4b87c9d66b819b5fcba4c24 26 October 2016, 17:38:48 UTC
4b51c1e Moritz Muehlenhoff 25 October 2016, 11:20:16 UTC Assign debdeploy grain for url_downloader via the role We now have aluminium and alsafi as specific hosts for these roles. Change-Id: If240b67249fa0196902cb9a31b07c7c3db26e415 26 October 2016, 17:27:49 UTC
e5494d9 Filippo Giunchedi 26 October 2016, 17:05:48 UTC swift: don't track connection to backend services We've seen close to exhaustion for conntrack also due to many connections to swift backend services, set notrack for those. Change-Id: Ie182894a41cd24aec50141908bcc14618406713c 26 October 2016, 17:20:02 UTC
065d1c7 Giuseppe Lavagetto 26 October 2016, 07:55:51 UTC docker::registry: move htpasswd file to /etc/nginx Change-Id: Iae652d9f4869db0f5671e88c95a6b06052985e2b 26 October 2016, 15:15:53 UTC
26c9cbd Brandon Black 26 October 2016, 15:09:07 UTC confd: start on boot, not just via puppet Change-Id: I30a79510a668f29559f9b0773e4099a10ad15575 26 October 2016, 15:09:16 UTC
aa09782 andrewbogott 25 October 2016, 06:37:19 UTC Move some hacked horizon files forms.py and wmtotp.py are dropped directly into the openstack_auth directory, so organize them in puppet. Also add backend.py, directly from the upstream. I'm going to modify it in a future patch and want the diff to show up here. Change-Id: I7ca2efb6405ef2a9a707725f1a8b3f7d74ff16b7 26 October 2016, 14:38:21 UTC
fb51424 Antoine Musso 24 September 2016, 19:48:01 UTC mariadb: fix class dependency on beta On beta the labs_lvm volume had a wrong dependency, I guess the class got renamed at some point. s/mariadb::packages/mariadb::packages_wmf/ Follow up 09758159 Change-Id: Ie5c73bab7b44a68ad3cf6256549495d9de9df1bc 26 October 2016, 14:27:25 UTC
8132dbb Paladox 26 October 2016, 09:24:18 UTC Gerrit: Adding option -XX:+PrintGCApplicationStoppedTime to gc logging This new option was suggested by @Gehel https://gerrit.wikimedia.org/r/#/c/317582/7/modules/gerrit/manifests/jetty.pp Bug: T148478 Change-Id: I7d6f1b672393b42b07e3191f89708b904563a0fb 26 October 2016, 13:57:04 UTC
bd9b82f Ariel T. Glenn 26 October 2016, 12:58:03 UTC clean up instructions for adding new snapshot host one less thing needed now Change-Id: Iedde55f8d5150380c5840ee650eaf9a72489d9e4 26 October 2016, 13:04:44 UTC
5741b1d Ariel T. Glenn 26 October 2016, 12:49:45 UTC add snapshot1001 to list of nfs exports for dataset1001 Change-Id: I7c558372cace70563e576870128457f9f3991af7 26 October 2016, 12:49:45 UTC
back to top