On 1 April 2016 at 14:10, Sam Ruby <ru...@intertwingly.net> wrote: > On Fri, Apr 1, 2016 at 9:02 AM, sebb <seb...@gmail.com> wrote: >> On 1 April 2016 at 13:48, Sam Ruby <ru...@intertwingly.net> wrote: >>> On Fri, Apr 1, 2016 at 8:43 AM, sebb <seb...@gmail.com> wrote: >>>> How often does the Whimsy code get updated from git? >>> >>> Every time puppet runs, i.e. every 30 minutes. >> >> I see. >> >> That's not as frequently as I had hoped. > > Note that the puppet manifest doesn't simply put the code there and > hope that it is picked up. Whenver the code is updated, a rake task > is run that may install new gems or restart passenger applications. > >> And it will be affected by any problems that cause puppet to fail. > > Independent of anything else, we should probably start monitoring for > puppet status and generating an alert when it is down. Here's how to > do that: > > $ service puppet status > * agent is running > > Infra also has their own checks, but for some reason those also failed. > >> I think we need to ask Infra if the code can be updated more like svnpubsub. >> Or alternatively I suppose we could add a function to update the code >> on demand (with suitable auth). > > I would like to go very slowly with that due to security concerns. If > a web process could be fooled into updating the code, that could be > very bad.
Why would it be bad? I meant that the function would do a git pull or whatever it is that the scheduled service does anyway. I did not mean that the function would be able to add arbitrary code. The code would still have to be committed to the git repo first. The auth would only be needed to prevent it being done unnecessarily. >>>> And where is the cronjob defined? >>> >>> I don't know how puppet works, but here is relevant portion of the >>> puppet manifest: >>> >>> https://github.com/apache/infrastructure-puppet/blob/deployment/modules/whimsy_server/manifests/init.pp#L58 >> >> Thanks. >> >>>> Or does it use a constantly running daemon, in which case how to check >>>> if it is running? >>> >>> I don't know how to check if puppet is running. >> >> On projects.a.o it writes to the system log. >> >> $ grep puppet /var/log/syslog >> >> will likely show the most recent puppet-agent activity. >> >>>> I have committed a couple of changes recently. >>>> The last one was over two hours ago now (Fri Apr 1 10:37:44 2016 >>>> +0100) but it still has not been applied as far as I can tell. >>>> >>>> The git code info says: >>>> >>>> Git code info: 40e810b 2016-04-01 01:01:16 +0100 >>>> >>>> I don't have experience with gitpubsub, but projects.a.o and >>>> reporter.a.o SVN code updates are almost instantaneous. >>>> >>>> It's a bit of a problem if code updates take a long time, especially >>>> if a mistake needs to be corrected, tho' that's not the case here. >>> >>> - Sam Ruby > > - Sam Ruby
