Skip to main content

Browse the archive

https://github.com/wikimedia/operations-puppet
12 April 2024, 10:39:33 UTC
sort by:
Revision Author Date Message Commit Date
696b6fa Giuseppe Lavagetto 17 July 2017, 16:12:08 UTC systemd: add defines to manage systemd units A simpler, less integrated approach to manage systemd-related files than the one proposed by base::system_unit, which is mostly a (complicated) attempt at supporting multiple init systems. For systemd-only catalogs, a simpler, leaner series of defines should make things clearer and reduce the level of indirection we have. Specifically: * We do not handle the Service definition, that is handled externally. * A single exec is defined for daemon-reload, so we can avoid doing multiple daemon-reloads. * A separate define handles systemd overrides and systemd unit files Change-Id: Ia4199b149804641bcc7d1957e7a0065fb7d5fa8b 18 July 2017, 13:47:31 UTC
6615fda Moritz Muehlenhoff 18 July 2017, 08:14:10 UTC Add extended account data for mkroetzsch Change-Id: Ic3908e1486e12178ac9f696dba701d5b071a1335 18 July 2017, 08:18:11 UTC
0f33d9d Emanuele Rocca 13 July 2017, 14:55:33 UTC Linux kernel module handling Add a new puppet module called 'kmod' allowing to: - insert/remove a Linux kernel module - blacklist the given modules - set module options Change-Id: Ib2bd63df23dcc6e33ad51b444c45cc731ea25f0c 18 July 2017, 08:16:54 UTC
3b4beed elukey 18 July 2017, 07:42:23 UTC role::mariadb::grants: fix grants for user eventlogcleaner Change-Id: I02f5c0e5b93ad8d75f345bc7e76317d69c0790f6 18 July 2017, 07:50:33 UTC
b44167a Moritz Muehlenhoff 18 July 2017, 07:15:22 UTC Reduce account expiration warning to seven days With 14 days we've often pinged people while the renewal was already in progress, reduce this to seven days from now on. Change-Id: Ib977fe566104372809b54c397594885eab53ed5c 18 July 2017, 07:15:22 UTC
8f958d0 Daniel Zahn 18 July 2017, 04:22:20 UTC rsync::quickdatacopy: avoid duplicate declaration errors If rsync::quickdatacopy is used in more than one role and these are applied on the same host (example netmon2001) we get puppet errors because "duplicate declaration" of resource Cron[sync-rsync-data]. Add $title to the resource name to avoid that. Change-Id: Icbadf9902f54831a96ce4d7cc13d4dc1a92687d5 18 July 2017, 04:42:12 UTC
6144b00 Daniel Zahn 18 July 2017, 03:30:41 UTC smokeping: sync data to netmon2001, use quickdatacopy, in role Copy smokeping rrd data from netmon1002 to netmon2001 to switch it over. Use the new rsync::quickdatacopy class and move it to the role out of the module. Bug: T166180 Change-Id: I1b0cf931f279b00798004ce4ae7fb225f4b3d966 18 July 2017, 03:53:39 UTC
c8dd9de Daniel Zahn 18 July 2017, 03:04:41 UTC cache::misc: add director for netmon2001 Bug: T166180 Change-Id: I927353b9adcdacb628280965dad03f16ed3a0542 18 July 2017, 03:08:08 UTC
ee221e5 Daniel Zahn 18 July 2017, 01:59:42 UTC puppetdb: remove postgres::ganglia from puppetdb role This doesn't work on puppetdb servers and just causes logspam. See ticket for more details. Bug: T169953 Change-Id: Ia87a8dbed34f054018c94cdc6b53daf494d09728 18 July 2017, 02:05:28 UTC
dc66966 Daniel Zahn 18 July 2017, 00:23:17 UTC labtestservices2002/2003: add mapped IPv6 address Change Ia600c1d3c6af1803e intended to do this (see PS1) but after a rebase on PS2 and on merge it added it to just labtestservices2001 and labweb* instead. Change-Id: Id51c1c59e16483dd0620b36a4d29b1af9049f746 18 July 2017, 01:19:46 UTC
07b562c Eric Evans 13 July 2017, 18:47:20 UTC restbase: Configure an additional data file directory (dev) Bug: T170276 Change-Id: I67edd8d78a6522c82e9dd1a7fe1d3bf41faeed27 17 July 2017, 22:08:55 UTC
5e4d490 Reedy 19 May 2017, 21:23:49 UTC mediawiki: Remove wikimedia-periodic-update.sh Follows-up ec405bad8376a. mediawiki::maintenance::update_flaggedrev_stats does this Change-Id: I9fa798a13ee6a93cc5981e9f23e8860f6b8bacec 17 July 2017, 21:45:00 UTC
1c9550d cpettet 17 July 2017, 21:28:44 UTC localrun: add hiera_config path and show_diff Change-Id: I09502ea67dfd517f6e6dbdad5d6ff562554910a8 17 July 2017, 21:28:44 UTC
8f72215 Ottomata 17 July 2017, 19:15:28 UTC Move reportupdater jobs from stat1003 -> stat1006 Bug: T152712 Change-Id: Ic58c4c42890c51b056adf27e4489393fb3e426c7 17 July 2017, 19:16:59 UTC
b4b3527 Daniel Zahn 17 July 2017, 18:25:04 UTC install_server: update MAC address of mw2201 in DHCP The mainboard on this server has been replaced, so the MAC address has changed. Update it so we get our IP again. Bug: T170307 Change-Id: If600cd39ac7925cfe9b2ddb18e84aa12c0be222c 17 July 2017, 18:28:32 UTC
851f873 Ottomata 17 July 2017, 18:24:33 UTC Remove dependency on geowiki public data job Bug: T152712 Change-Id: Id7d54c3e32b1d5484edbd52d1fe23bce03aaf53c 17 July 2017, 18:24:33 UTC
7d58c4a Ottomata 17 July 2017, 18:16:01 UTC Remove public data geowiki push This is no longer used Bug: T152712 Change-Id: I0d66c8b66a1200d47a0506e4d1a3dcaa5069bf19 17 July 2017, 18:16:01 UTC
3f3f32e Ottomata 17 July 2017, 18:11:03 UTC Set up rsync module for /home on stat boxes This will be used for new stat box migration, as well as allowing users to copy files between boxes more easily Bug: T152712 Change-Id: I7c186a57320a3dd62a4826eafa1349e575146955 17 July 2017, 18:11:25 UTC
6965c80 Ottomata 17 July 2017, 17:54:06 UTC Use https gerrit url to clone geowiki data-public on stat1006 Bug: T152712 Change-Id: I1c02771bfcafe6624d4501ff98a1e2a8658c205b 17 July 2017, 17:55:00 UTC
289e0a1 Addshore 17 July 2017, 17:44:01 UTC Revert "Remove time command from statistics::wmde crons" This reverts commit 9aa81c9ab49e8ac13a738133956c24768f9569ee. Change-Id: Ie422227b6ee927420777ce39b072b43aebc797d8 17 July 2017, 17:44:11 UTC
3dda154 Ottomata 17 July 2017, 16:35:09 UTC Move geowiki from stat1003 to stat1006 Bug: T152712 Change-Id: I3f134e9b9deffb8b23eb8f701760aebe8b1dcfaa 17 July 2017, 17:32:49 UTC
824f606 Faidon Liambotis 17 July 2017, 16:22:55 UTC aptrepo: drop files/log, use templates/log.erb For some reason the aptrepo repository had both a files/log file, and a templates/log.erb template, with the former one being used and the latter one just being unused. Switch the puppet code to use the latter. The only variable that is needed by the template is notify_address and it looks like this one is set in the manifest already (presumably for this exact purpose). Change-Id: I46b0502f5fe19748199c0c69cb171c62e99e6875 17 July 2017, 17:32:25 UTC
d11e2f7 RobH 17 July 2017, 17:19:28 UTC adding nschaaf to two sudo groups Added Nathaniel Schaaf to both the deploy-service and recommenation-admin groups. These group additions were reviewed and approved in the operations team meeting on 2017-07-17. Bug: T170592 Change-Id: I61cb101e0f3d5dffb15b01cfafe1535881d352a5 17 July 2017, 17:29:37 UTC
084c838 Daniel Zahn 15 July 2017, 04:21:29 UTC cache::misc: remove unused director netmon1001 This director should now not be used by anything anymore and can be removed. Change-Id: I23aa4300258630402b67f93c314db121e173a754 17 July 2017, 17:16:49 UTC
7b06eb6 elukey 17 July 2017, 16:22:05 UTC profile::piwik::database: relax disk flush policy to reduce iowait Bug: T164073 Change-Id: I0611553607e76998918fcd5ef38aa105791de749 17 July 2017, 16:23:39 UTC
d9ffad4 Ottomata 17 July 2017, 15:09:57 UTC logrotate reportupdater logs as proper user/group Fixes some cronspam Bug: T152712 Change-Id: I48253399f83dbd89ea48057d42e037e89ff16c60 17 July 2017, 16:21:39 UTC
04dc057 Antoine Musso 17 July 2017, 14:31:30 UTC Introduce commit-message-validator for nice commit messages Add a new tox environment that invokes the MediaWiki commit message validator. Has been in use at least on VisualEditor and helps formatting nice commit message. Ref: https://www.mediawiki.org/wiki/Commit-message-validator https://www.mediawiki.org/wiki/Gerrit/Commit_message_guidelines Change-Id: Ia032b4f672b1c33c4435be86c16eb9e87cd595d6 17 July 2017, 16:11:53 UTC
f83cf7e elukey 17 July 2017, 14:41:15 UTC profile::piwik::database: puppetize Piwik's database config For historic reasons Piwik has been created using a standard Debian configuration, not puppetized and not following Wikimedia's standards. While this is not the best solution it allow us to keep bohrium consistent. Bug: T164073 Change-Id: I0a28aba3eda5df8e12bb5a0b006ce367519f8e29 17 July 2017, 15:22:51 UTC
78df59e Daniel Zahn 13 July 2017, 21:08:05 UTC add mapped IPv6 address for labtestervices200x When recently adding IPv6 records for labtestpuppetmaster2001 i noticed that, among others, labtestservices2001-2003 don't have AAAA records yet. They already have IPv6 IPs on the interface but not the nice "mapped" address. How would you feel about adding it? Ok for labtestservices*? Maybe different for 2001 vs 2002/2003? This would first add the mapped address on the interface, afterwards i would add the DNS records. Change-Id: Ia600c1d3c6af1803e1e23b10536759051c4c5264 17 July 2017, 14:59:04 UTC
f9896bf andrewbogott 14 July 2017, 06:48:22 UTC nodepool: move 'rate' to 6 seconds This is, in theory, the last known good state. Bug: T170492 Change-Id: I604286046ee846cd12db6421eb77ea033b366f4a 14 July 2017, 06:51:05 UTC
86ec4e5 Ottomata 10 July 2017, 14:59:24 UTC Decom RCStream Bug: T170157 Change-Id: I98e429a4c3b54bc2ebd9ef3fac9e679668d13568 17 July 2017, 14:11:58 UTC
e475d38 Faidon Liambotis 17 July 2017, 14:03:04 UTC statistics: fix indentation (and a lint failure) Change-Id: Ie84752d981ee9672fa049cfbabd5ae4e60d70d5f 17 July 2017, 14:05:46 UTC
bf6a273 Ottomata 17 July 2017, 13:55:19 UTC Install /usr/bin/time on stat boxes I guess time is no longer installed by default Bug: T170472 Change-Id: I9972462446ac7e85451107ff1818358a4c941668 17 July 2017, 13:56:25 UTC
c8b8927 elukey 17 July 2017, 13:32:45 UTC profile::piwik::backup: remove duplicate old backup clean cron The predump script already removes old data (15d old) so this cron is not needed. Bug: T164073 Change-Id: I20a8b8fc011fe88be4f505ea6155422b529a29f2 17 July 2017, 13:32:45 UTC
4c469a0 elukey 17 July 2017, 13:01:12 UTC profile::piwik::backup: use quotes for the backup's password field Bug: T164073 Change-Id: I07176fe4a421b44fcc679b6eb270239d42c1c552 17 July 2017, 13:03:06 UTC
cf81df8 Giuseppe Lavagetto 17 July 2017, 11:14:26 UTC puppet-compiler: bump to 0.2.1 This fixes a bug with diffing for the future mode Change-Id: Iea33498c19d78a2ba2e7f0846b5e404ccaab07fc 17 July 2017, 11:15:16 UTC
d659231 halfak 14 July 2017, 19:42:38 UTC Adds aspell-el to ORES base.pp Bug: T170709 Change-Id: I88e511b24b0333aa8b2084dde8a08f5cd055b8d4 17 July 2017, 09:58:38 UTC
6ddd83a andrewbogott 13 July 2017, 14:13:41 UTC Puppetmaster profile: Support switching off active records We want this for the labs puppetmaster -- no db needed. Change-Id: If08d30df67247673eee14c177b5b732387efb073 17 July 2017, 09:41:10 UTC
d6f5694 Moritz Muehlenhoff 10 July 2017, 10:26:42 UTC Restrict ores::web to domain networks Accessed via Varnish Change-Id: Ifc2c07908db640ee0797bc60247938f405d36bfa 17 July 2017, 09:19:21 UTC
943e68a Giuseppe Lavagetto 17 July 2017, 08:03:08 UTC puppet-compiler: bump to code version 0.2.0 Bug: T169546 Change-Id: Ibaa0cae3b99865fb538663fdcd5dfa68c05a735f 17 July 2017, 08:03:08 UTC
389f6a9 Daniel Zahn 15 July 2017, 04:17:54 UTC smokeping: restrict http access to prod networks smokeping is behind cache::misc so it doesn't need to talk http to everything anymore. Change-Id: Iaffef289242d93aeed3e605c990543300216a562 15 July 2017, 04:19:16 UTC
124e1b5 Daniel Zahn 15 July 2017, 03:51:42 UTC servermon: restrict http access to prod networks servermon nowadays is behind cache::misc so it only needs to talk http to prod networks, not the world. netmon1003 was still created in .wikimedia.org to be equivalent to other netmon*. but we can close it this way. (this is like same change for RT Iebc3228fc69f1) Bug: T170653 Change-Id: Ia08157bc853f4d2be441d6512b29f97eac16181d 15 July 2017, 04:03:36 UTC
465241a Daniel Zahn 15 July 2017, 02:54:21 UTC servermon: remove role from netmon1001 This is now running on netmon1003, remove role from netmon1001 so that there is no additional "make updates" cron running and talking to db. One step closer to decom netmon1001. Bug: T170653 Change-Id: I4cca02ff082a913dad2de5fcf2dc91c9fe1cc3e8 15 July 2017, 02:59:04 UTC
fc260e7 Daniel Zahn 15 July 2017, 02:24:32 UTC cache::misc: switch servermon from netmon1001 to netmon1003 Bug: T170653 Change-Id: Ib8966a3d7aef2b7f5debd7e77cebcd5dfa6c5998 15 July 2017, 02:39:27 UTC
eca16e0 Daniel Zahn 15 July 2017, 02:17:35 UTC cache::misc: add director for netmon1003 This will be hosting servermon, moving over from netmon1001. Gotta add the director first. Bug: T170653 Change-Id: I66dff48666050341cf47672c6d4c385540114488 15 July 2017, 02:23:21 UTC
452bddc Keith Herron 15 July 2017, 00:17:41 UTC Lists: Change exim filter for spam observed from qq.com Update exim filter with messages attributes seen in spam sent to list -owners addresses. Set check_rfc2047_length = false to decode unusually long subject headers. Bug: T170601 Change-Id: Id5a9766f7b8a3d304d73829eb385cb132e89680a 15 July 2017, 00:26:13 UTC
2513287 Daniel Zahn 14 July 2017, 21:51:12 UTC site: add netmon1003 with servermon role Bug: T170653 Change-Id: I99b4481057a0a1238fbe9fffa7830e6748348fc2 14 July 2017, 22:06:13 UTC
7697df8 Daniel Zahn 14 July 2017, 20:49:48 UTC install_server: netmon1003 use jessie, not stretch Bug: T170655 Change-Id: I85236f65ee182b8b64c3cd4dc4653e01a62a0cb6 14 July 2017, 20:54:41 UTC
3f5278b Brandon Black 14 July 2017, 19:14:34 UTC librenms: bugfix for HTTPS redirect The HTTP->HTTPS redirect was using an empty hostname in the Location header. Turns out this is due to a type of @sitename as @site_name. Also fixed up the other obvious place the templated value could/should be used here. Change-Id: Ie76c15129aeadd618b47b17996b7a011f141e198 14 July 2017, 19:17:53 UTC
7acb959 Keith Herron 14 July 2017, 18:39:23 UTC Lists: Add exim filter for spam observed from qq.com Filter in exim messages with attributes seen in spam sent to list -owners addresses. Bug: T170601 Change-Id: I649a27fb0850f0de6755af1bd8f9497bb684d006 14 July 2017, 18:46:00 UTC
fc1f1b2 Daniel Zahn 14 July 2017, 18:20:28 UTC install_server: add netmon1003 to DHCP/partman Bug: T170655 Change-Id: I463056f3b68aa27910886c1ef0745d5120e5b631 14 July 2017, 18:25:00 UTC
2742353 RobH 14 July 2017, 17:15:55 UTC setting labnet100[34] install params set dhcpd lease, netboot partitioning, and basic site.pp inclusion for firewalling Bug:T165779 Change-Id: I62fbf742bd4e1b10d1c604aa2b4356ed33cb2cc5 14 July 2017, 17:15:55 UTC
d64be19 Keith Herron 14 July 2017, 15:21:43 UTC Change lists to reject spam score of 6 or greater via exim acl Exim on lists currently rejects mail with a spam score of 12 or greater. Lowering to 6 will more aggressively filter spam at the lists MTA. Bug: T170601 Change-Id: I34aa0952a2198f2172df76dfa979a3278375db65 14 July 2017, 16:32:12 UTC
9aa81c9 addshore 14 July 2017, 15:59:10 UTC Remove time command from statistics::wmde crons It looks like this can't be found on stat1005 for this user, so just remove it. Bug: T170282 Bug: T170472 Change-Id: Ieeb88f7f821e08173535473d55ef84b229e6677e 14 July 2017, 15:59:46 UTC
d737c17 andrewbogott 13 July 2017, 14:21:24 UTC Include labsrootpass on labs puppetmasters Change-Id: I7359611818e9591c027fcc19a1b2be15ebd7353b 13 July 2017, 14:21:39 UTC
bf15f71 Moritz Muehlenhoff 14 July 2017, 09:25:42 UTC Add labpuppetmaster* to site.pp to enable base::firewall Installed with a public IP, add it to site.pp to apply base::firewall. Bug: T167905 Change-Id: Ibcb54500e4bb691465068804085453f189894c50 14 July 2017, 13:47:49 UTC
262cc3a Moritz Muehlenhoff 14 July 2017, 09:16:48 UTC Add labweb* to site.pp to enable base::firewall Installed with a public IP, add it to site.pp to apply base::firewall. Bug: T167820 Change-Id: I878348c20bcaec94e1f54f63258761ef0963eadc 14 July 2017, 13:45:43 UTC
35280a0 andrewbogott 13 July 2017, 08:20:28 UTC labspuppetbackend: Include some more python dependencies for jessie. Change-Id: I5eb4ffdf36ff95e0be30f86ca93c705a2fa7c3d4 13 July 2017, 22:22:50 UTC
2270a54 RobH 13 July 2017, 21:15:07 UTC labweb100[12] install params update to dhcp lease file as well as netboot.cfg Bug:T167820 Change-Id: Id4de307ffea0720d4b63af8b09fd48d1b549a0ed 13 July 2017, 21:15:07 UTC
ecc0ac8 Sébastien Santoro 11 July 2017, 16:28:39 UTC admin: Remove deployers from restricted group The `restricted` group offers an access to the production servers, allowing for example to run maintenance scripts. These permissions are already included in the `deployment` group. Removes the following users: hoo khorn ssastry nuria legoktm addshore They are all already in deployment group. Bug: T104671 Change-Id: I34d245e7758fce56c217de35eee342e15a702e19 13 July 2017, 20:41:24 UTC
4d14aef Ottomata 13 July 2017, 20:06:26 UTC ensure => absent for base::firewall in statistics::private profile Instead of just removing the class include. Bug: T170496 Change-Id: I92c9b8db1435eccf774ee441a627548971266370 13 July 2017, 20:06:26 UTC
d3deaf9 Ottomata 13 July 2017, 20:02:00 UTC Remove base::firewall from stat private boxes This was never applied before, and breaks the use of spark, since spark listens on ephemeral ports for each new session. Bug: T170496 Change-Id: I9b0b380000fb5b3be0f4ee6909370da5954dc6de 13 July 2017, 20:02:00 UTC
0def04a andrewbogott 13 July 2017, 06:23:14 UTC Set labs_puppet_master for labtestpuppetmaster2001 Otherwise it tries to talk to the encapi on labtestcontrol. Change-Id: Idf7a338d0fe87f1cb84b9fee4791aa49c271881a 13 July 2017, 06:23:14 UTC
423c9e1 andrewbogott 13 July 2017, 03:28:51 UTC Labtest: Allow the new labtestpuppetmaster to reach mysql on labtestcontrol This is a hack based on the fact that labtest's databases are on labtestcontrol. Change-Id: Ibfe8e264de72ae6c6061b2de16e7d11f3d44a20a 13 July 2017, 17:14:06 UTC
82a6f88 BBlack 13 July 2017, 17:07:56 UTC Revert "ssl_ciphersuite: limit ECDH curves where possible" This reverts commit 1811def526025a67bd6baa8fe509a71a5b147f52. Change-Id: I92d3fbb76f02a3fcd136871062f4617f584ccb76 13 July 2017, 17:07:56 UTC
1811def Brandon Black 28 June 2017, 14:47:02 UTC ssl_ciphersuite: limit ECDH curves where possible This removes support for secp384r1 and secp521r1 in the common case (jessie+nginx), possibly other lesser-known curves on trusty+nginx? Apache doesn't have an easy way to configure this at all. The two curves mentioned above are expensive relative to the default secp256r1, which is sufficient for today's pragmatic security margins. They're also virtually never used (except occasional artificial probing) in our stats. At best, they're a vector for trying to consume CPU on our terminators, and at worst they're vectors for unknown weaknesses, being so little used and therefore studied in the TLS context. X25519 is of course our first preference on installs which have a new-enough libssl. If the world moves towards larger ECDH curves in the future, it will likely be in the direction of X448 instead of the legacy ones anyways, assuming newer PQ-Crypto algs don't overtake the scene before that's necessary. Change-Id: I4b5f4261f3538bee3bd4b413d34aef7925e1b3ae 13 July 2017, 16:42:10 UTC
f6ee5e1 andrewbogott 13 July 2017, 03:13:35 UTC Don't use puppetdb on labtestpuppetmaster2001. Change-Id: I247974a8a308f2f2cfc12e972479c678d1d6cb1d 13 July 2017, 03:14:48 UTC
d57ea83 Alexandros Kosiaris 13 July 2017, 15:19:57 UTC puppetmaster: profilize puppetdb hiera lookups We move the use_puppetdb and puppetdb_host hiera lookups into the profile namespace to be consistent with the standard we have. Also we move the keys into the role per our standards as well Change-Id: I1ce52dc3ed26558013eb5727aac358faf7b87177 13 July 2017, 15:19:57 UTC
f88b80b addshore 13 July 2017, 13:08:45 UTC Fix api_log_dir for statistics wmde It looks like this directory changed as a result of the move from stat1002 to stat1005. The patch which changes the path can be seen at: I87e593eea12af0073625bd423c957a8792311dee Bug: T170472 Bug: T170282 Change-Id: Ic21aec3a51df16d590dbaeb0c0687a0f5bf0eff2 13 July 2017, 14:04:24 UTC
e569f01 elukey 13 July 2017, 13:51:28 UTC statistics::sites::stat: fix the symlink for v2 The current httpd document root is /srv/stats.w.o/htdocs, so better to stick with it for the time being. A refactor of the httpd vhost config will surely happen when the new stats.w.o will be launched. Bug: T167684 Change-Id: I5a96c34874a0f3233f9a1eb7e41321c96d6adb8f 13 July 2017, 13:51:28 UTC
fec9074 elukey 13 July 2017, 13:17:36 UTC role::mariadb::misc::eventlogging: remove the readonly constraint for slaves Bug: T156933 Change-Id: I09841c14103e3ed09b68de2e9158b7f5e9a14d17 13 July 2017, 13:31:05 UTC
fbeab38 Emanuele Rocca 13 July 2017, 13:20:30 UTC cache::misc: enable nginx lua support Lua support is required by nginx-lua-prometheus, added to cache::misc in cdd12bcd53ff311abb6e5efd10bed0122907135a. Change-Id: If4a761d3a0ae55024092b64388006b772fcf6d17 13 July 2017, 13:28:51 UTC
b904cfe milimetric 29 June 2017, 01:49:26 UTC Clone wikistats v2 repository and link it to v2 This sets up wikistats v2 to serve at stats.wikimedia.org/v2 Bug: T167684 Change-Id: I6cff8fcf70a91a922f9c37ba3b5f48dee2bd7835 13 July 2017, 13:22:30 UTC
cdd12bc Emanuele Rocca 13 July 2017, 08:25:09 UTC cache::misc: enable nginx-lua-prometheus Expose nginx metrics for prometheus. Change-Id: Idd3fe014201ba80130dfac40db19c2cb9b0bbf60 13 July 2017, 13:15:57 UTC
30cb20f Emanuele Rocca 05 July 2017, 10:52:30 UTC VCL: zero cleanups Add a new VCL subroutine, tag_carrier_cleanup, to unset headers potentially set by tag_carrier. There is no need to unset X-Forwarded-By2 as the header has been dropped in 1d86ca2. Also, zero.inc.vcl does not use the header vmod. Remove related comment. Change-Id: I5d15ca18a3329eb45ca102d26895396d33cd7487 13 July 2017, 13:12:38 UTC
7b4e980 Giuseppe Lavagetto 13 July 2017, 12:56:45 UTC puppet-compiler: fix nginx virtualhost * Add "^~" as a matcher for the /$hostname prefix, to stop processing * Also add a "resolver" directive where we need to do proxy-passing. Change-Id: Ieebc24cdd4ce610c38a81b524a108c927f79fee4 13 July 2017, 12:58:00 UTC
77abced Alexandros Kosiaris 13 July 2017, 11:57:26 UTC icinga: Bump icinga-tmpfs size to 1024m We had this way too low, meaning depending on circumstances it could cause truncation of some files like status.dat. While the disk usage in this filesystems varies greatly, it's possible it gets full from time to time Bug: T164206 Change-Id: Ib9a1f17ca25d24f2ebfe8892e814bda0da85095e 13 July 2017, 12:00:53 UTC
d058240 Alexandros Kosiaris 13 July 2017, 08:57:25 UTC icinga: Bump max_concurrent_checks by 20% We are starting to see Max concurrent service checks (5000) has been reached again, let's bump the number by some 20% to 6000. The hardware seems to be able to withstand it with ease Change-Id: Ie08a1e4891bdafce451c128b8ccf77a3d8ae0290 13 July 2017, 12:00:53 UTC
1d796c6 Giuseppe Lavagetto 13 July 2017, 09:53:46 UTC puppet-compiler: allow more than one runner Since we point our external proxy directly to the puppet compiler machines, we proxy requests to other backends based on the url. This will allow to any backend to serve the changes, independently of where they were created. Reflect this in the compiler config, so that the compiler will be able to give the correct url to the user. Also, fix hieradata for etcd Change-Id: I8a71fc47189d8cb8cb9c5d7a1a766eb800a3234a 13 July 2017, 10:32:17 UTC
1d33d1b elukey 13 July 2017, 08:52:33 UTC eventlogging_cleaner.py: set default loglevel for the main logger This change is related to https://gerrit.wikimedia.org/r/#/c/364956. Not setting the default logger loglevel stops any stdout output. Bug: T156933 Change-Id: Id36303a3ae7789962004ded357da339e470490c7 13 July 2017, 08:52:33 UTC
f36933e elukey 13 July 2017, 08:34:07 UTC eventlogging_cleaner.py: split logs between stdout/stderr$ Separate the logging levels to redirect ERRORs only to stderr.$ The script will probably run as cron and it will be easier$ with the new configuration to get email notifications.$ Bug: T156933$ Change-Id: Ib78c09992181b6d95a0c90c7168b50fb7edb8215 13 July 2017, 08:35:25 UTC
ea30571 elukey 13 July 2017, 07:28:15 UTC eventlogging_purging_whitelist.tsv: remove unnecessary schemas The eventlogging_cleaner.py script fails to execute on db1047 due to these tables being present in the whitelist but not in the log database. This error condition should alert analytics about typos while redacting the whitelist, but in this case it means something different: one table is an old one that has already been dropped, meanwhile the other one is too new and it has received no events yet (that means no table created in the db yet too). Bug: T156933 Change-Id: I3cf3570ef0a9f8f1e95b7dbc657236aa0a139e90 13 July 2017, 07:32:27 UTC
d4c6d9c Giuseppe Lavagetto 13 July 2017, 06:26:35 UTC recommendation-api: check robots.txt The root url on this service returns 404, so let's use one which is not likely to go away soon. Bug: T165760 Change-Id: I12e39b817cd060bd17e118591b6c3f2287976fef 13 July 2017, 06:26:35 UTC
868ba55 Moritz Muehlenhoff 12 July 2017, 09:13:00 UTC Remove sshd options specific to SSH protocol 1 These options are currently not used anyway (we only use SSH protocol 2), but they've been removed in the openssh release present in stretch, so they're logging errors there: Quoting from the sshd_config manpage: RhostsRSAAuthentication Specifies whether rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is allowed. The default is “no”. This option applies to protocol version 1 only. RSAAuthentication Specifies whether pure RSA authentication is allowed. The default is “yes”. This option applies to protocol version 1 only. ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024. KeyRegenerationInterval In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). The purpose of regeneration is to prevent decrypting captured sessions by later breaking into the machine and stealing the keys. The key is never stored anywhere. If the value is 0, the key is never regenerated. The default is 3600 (seconds). Bug: T170298 Change-Id: I8ec75aa59dc1395f5cf4436f7c8d597ed6172409 13 July 2017, 05:52:55 UTC
a50166a Martin Urbanec 25 June 2017, 11:20:29 UTC Add maiwikimedia to Apache conf Bug: T168782 Change-Id: Icbc4024e60385ff73f2894bdd815c3fcb1165373 12 July 2017, 23:18:05 UTC
9c84705 RobH 12 July 2017, 21:56:44 UTC labnodepool1002 install_server updates update to dhcpd lease file and partitioning for netboot.cfg Bug:T168407 Change-Id: Ifbcc33b6a90c0c26a925630291315a4a2177346e 12 July 2017, 21:59:22 UTC
3375258 andrewbogott 12 July 2017, 19:36:32 UTC Nodepool: Slow down VM spawns by a lot. I don't necessarily want to leave this at 10 seconds for good, but right now I'm seeing a lot of rabbit timeouts and want to see if reducing traffic eases the problem. (If it does, then the next step is probably to tune up rabbit before turning nodepool back up.) Bug: T170492 Change-Id: I11516ff1f9335e87df55d3296ac0cf0e4380fbef 12 July 2017, 21:44:15 UTC
6b58ae3 Ottomata 12 July 2017, 21:18:24 UTC Use proper topics variable for new eventlogging mysql eventbus consumer Change-Id: I856ff8098fb8ccb3e970fc12d1f944abafd448a6 12 July 2017, 21:18:24 UTC
72d458c Ottomata 12 July 2017, 21:03:48 UTC Set up separate EventLogging Analytics MySQL Consumer process for eventbus events This caused a bug with the main eventlogging mysql consumer. It was flapping every 5 minutes and dying, because inserts into the mediawiki_page_create_1 table were failing, because https://gerrit.wikimedia.org/r/#/c/362321/ added a field to the schema of the same version. We need to start properly versioning eventbus schemas. Change-Id: I2df1d8eae141e7b51e6903aa906e613817fc0659 12 July 2017, 21:07:13 UTC
32adfb7 RobH 12 July 2017, 20:30:34 UTC setting labpuppetmaster100[12] install params setting dhcp lease and partition info Bug:T167905 Change-Id: Id79f60458b9fd3309dc9cb1183cc5d0d9f2a72b0 12 July 2017, 20:30:34 UTC
f7e7eab Ottomata 12 July 2017, 20:13:35 UTC Move statistics::wmde jobs to stat1005 from stat1002 Bug: T170471 Change-Id: Id313940d0b747a161e1415b6d9c7991af6db0783 12 July 2017, 20:13:35 UTC
3c1c510 Ottomata 12 July 2017, 19:38:40 UTC Rsync MW API logs to stat1005 Bug: T152712 Change-Id: I87e593eea12af0073625bd423c957a8792311dee 12 July 2017, 19:38:40 UTC
918aa1e Ottomata 12 July 2017, 19:14:06 UTC Move refinery::job::data_check to stat1005 from stat1002 Bug: T152712 Change-Id: I95aa75ecfacffdcb9e10fbf0bd3b9543e2da7124 12 July 2017, 19:14:06 UTC
49985bb Ottomata 12 July 2017, 19:06:53 UTC Run reportupdater::jobs::hadoop from stat1005 instead of stat1002 Bug: T152712 Change-Id: If59e868ea02a24b503c1448eb7cd41da04e8681a 12 July 2017, 19:06:53 UTC
6f0f969 Ottomata 12 July 2017, 18:58:51 UTC Use conditionals instead of new role files to deal with stat box migration Bug: T152712 Change-Id: I71693b4a868f149aa3969837052cd8b8645c3ebc 12 July 2017, 18:59:18 UTC
03f08e8 Ottomata 12 July 2017, 18:55:20 UTC AH, yes, statistics-privatedata-users should be on cruncher, it is a superset of perms Bug: T152712 Change-Id: I000dfdb773cc301c2108852cd13d609c2e2ac04d 12 July 2017, 18:55:20 UTC
0f65e54 Ottomata 12 July 2017, 18:53:01 UTC Remove statistics-privatedata-users from stat1006.yaml (cruncher) This should not be in cruncher.yaml, but it is. Hm. Bug: T152712 Change-Id: Iecfab33a06651d7629fb700f44b672dda5673b8b 12 July 2017, 18:53:01 UTC
19c8500 Ottomata 12 July 2017, 18:51:05 UTC Add groups to stat1005 Bug: T152712 Change-Id: Ib142f8fbbf607558d93f1b5e95289c43fab458e2 12 July 2017, 18:51:05 UTC
44215eb Ottomata 12 July 2017, 18:37:44 UTC Apply role statistics::private_new to stat1005 Bug: T152712 Change-Id: I4e4a84f23457e0ecdba484b47acdca489dfbcda9 12 July 2017, 18:42:23 UTC
d82de31 Ottomata 12 July 2017, 18:22:51 UTC Move more stuff into profile::statistics::private Bug: T152712 Change-Id: I1fb259a1a5ab1618349944b68186c8965396cf10 12 July 2017, 18:28:24 UTC
back to top