[MediaWiki-commits] [Gerrit] Add librenms module and role class apply it - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106694
Change subject: Add librenms module and role class apply it
..
Add librenms module and role class apply it
LibreNMS is a GPL Observium fork. Sets up Apache, user accounts, cron
jobs and provisions via Trebuchet from an internal git mirror.
Change-Id: I61073f915b8c5a5b26b28c60b6888563a268c6b1
---
M manifests/role/deployment.pp
A manifests/role/librenms.pp
M manifests/site.pp
A modules/librenms/files/logrotate
A modules/librenms/lib/puppet/parser/functions/phpdump.rb
A modules/librenms/manifests/init.pp
A modules/librenms/templates/config.php.erb
7 files changed, 211 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/94/106694/1
diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 6d32a44..784048a 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -133,6 +133,10 @@
'grain'= 'scholarships',
'upstream' =
'https://gerrit.wikimedia.org/r/wikimedia/wikimania-scholarships',
},
+'librenms/librenms' = {
+'grain'= 'librenms',
+'upstream' =
'https://gerrit.wikimedia.org/r/operations/software/librenms',
+},
}
}
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
new file mode 100644
index 000..f817ee4
--- /dev/null
+++ b/manifests/role/librenms.pp
@@ -0,0 +1,65 @@
+class role::librenms {
+system::role { 'librenms': description = 'LibreNMS server' }
+
+include network::constants
+include passwords::mysql::librenms
+include passwords::network
+
+$hostname = 'librenms.wikimedia.org'
+
+deployment::target { 'librenms': }
+$install_dir = '/srv/deployment/librenms/librenms'
+
+$config = {
+'install_dir' = $install_dir,
+'html_dir' = ${install_dir}/html,
+'log_file' = '/var/log/librenms.log',
+'rrd_dir' = '/srv/librenms/rrd',
+
+'db_host' = 'db1001.eqiad.wmnet',
+'db_user' = $passwords::mysql::librenms::user,
+'db_pass' = $passwords::mysql::librenms::pass,
+'db_name' = 'librenms',
+
+'snmp' = {
+'community' = [ $passwords::network::snmp ],
+},
+
+'enable_inventory' = 1,
+'enable_syslog'= 1,
+'email_backend'= 'sendmail',
+'alerts' = {
+'port_util_alert' = true,
+'port_util_perc' = 85,
+'email' = {
+'default' = 'n...@wikimedia.org',
+'enable' = true,
+},
+'port' = {
+'ifdown' = false,
+},
+},
+
+'auth_mechanism' = 'mysql',
+'nets' = $network::constants::external_networks,
+}
+
+class { 'librenms':
+install_dir = $install_dir,
+config = $config,
+}
+
+@webserver::apache::module { 'php5': }
+@webserver::apache::site { 'librenms.wikimedia.org':
+docroot = $install_dir,
+require = [
+Webserver::Apache::Module['php5'],
+Class['librenms'],
+],
+}
+
+monitor_service { 'librenms':
+description = 'HTTP',
+check_command = check_http_url!${hostname}!http://${hostname};,
+}
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 66b3b26..0298010 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1891,7 +1891,8 @@
webserver::apache,
misc::rancid,
smokeping,
-smokeping::web
+smokeping::web,
+role::librenms
}
node /^nfs[12].pmtpa.wmnet/ {
diff --git a/modules/librenms/files/logrotate b/modules/librenms/files/logrotate
new file mode 100644
index 000..8766aa7
--- /dev/null
+++ b/modules/librenms/files/logrotate
@@ -0,0 +1,6 @@
+/var/log/librenms.log {
+rotate 7
+daily
+compress
+missingok
+}
diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
new file mode 100644
index 000..2033613
--- /dev/null
+++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
@@ -0,0 +1,34 @@
+# == Function: phpdump
+#
+# Serialize a hash into PHP array with lexicographically sorted keys.
+#
+
+def phpdump(o, level=1)
+ indent = *4
+
+ case o
+ when Hash
+contents = ''
+o.sort.each do |k, v|
+ contents += indent*level
+ contents += \#{k}\ = + phpdump(v, level+1)
+ contents += ,\n
+end
+array(\n + contents + indent*(level-1) + )
+ when Array
+array( + o.map { |x| phpdump(x, level+1) }.join(', ') + )
+ when TrueClass
+TRUE
+ when FalseClass
+FALSE
+ else
+'' + o.to_s + ''
+ end
+end
+
+module Puppet::Parser::Functions
+ newfunction(:phpdump,
[MediaWiki-commits] [Gerrit] webserver::apache: misc SSL fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106700
Change subject: webserver::apache: misc SSL fixes
..
webserver::apache: misc SSL fixes
- Set ServerAdmin correct on the 443 virtualhost
- Support redirected; it was previously a stub
- Add SSLCACertificatePath
- Remove the defaulting to wildcard certificate support
Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 22 insertions(+), 10 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/00/106700/1
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 392a520..426db44 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -284,10 +284,10 @@
# Parameters:
# $aliases=[] - array of ServerAliases
# $ssl=false - if true, sets up an ssl certificate for
$title
- # $certfile=undef - defaults to
/etc/ssl/certs/${wildcard_domain}.pem, based on $title
- # $certkey=undef- defaults to
/etc/ssl/private/${wildcard_domain}.key based on $title
+ # $certfile=undef - defaults to /etc/ssl/certs/${title}.pem
+ # $certkey=undef- defaults to /etc/ssl/private/${title}.key
# $docroot=undef- defaults to: $title ==
'stats.wikimedia.org', then /srv/stats.wikimedia.org
- # $custom=[]- custom Apachce config strings to put into
virtual host site file
+ # $custom=[]- custom Apache config strings to put into
virtual host site file
# $includes=[]
# $server_admin=r...@wikimedia.org,
# $access_log - path to access log, default:
/var/log/apache2/access.log
@@ -320,13 +320,12 @@
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
- # If no cert files are defined, assume a wildcart
certificate for the domain
- $wildcard_domain = regsubst($title, '^[^\.]+', *)
+ # If no cert files are defined, assume a named
certificate for the domain
if ! $certfile {
- $certfile =
/etc/ssl/certs/${wildcard_domain}.pem
+ $certfile = /etc/ssl/certs/${title}.pem
}
if ! $certkey {
- $certkey =
/etc/ssl/private/${wildcard_domain}.key
+ $certkey = /etc/ssl/private/${title}.key
}
}
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index a8ea804..86c183b 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -1,6 +1,6 @@
# This file is managed by Puppet!
-% if ssl != only -%
+% if [true, false].include?(ssl) -%
VirtualHost *:80
ServerName %= title %
% if aliases.length 0 -%
@@ -34,13 +34,25 @@
/VirtualHost
% end -%
+% if ssl == redirected -%
+VirtualHost *:80
+ ServerName %= title %
+% if aliases.length 0 -%
+ ServerAlias %= aliases.join( ) %
+% end -%
+ ServerAdmin %= server_admin %
+
+ Redirect permanent / https://%= title %/
+/VirtualHost
+% else %
+
% if [true, only, redirected].include?(ssl) -%
VirtualHost *:443
ServerName %= title %
% if aliases.length 0 -%
ServerAlias %= aliases.join( ) %
% end -%
- ServerAdmin r...@wikimedia.org
+ ServerAdmin %= server_admin %
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
@@ -48,6 +60,7 @@
SSLHonorCipherOrder on
SSLCertificateFile %= certfile %
SSLCertificateKeyFile %= certkey %
+ SSLCACertificatePath /etc/ssl/certs
DocumentRoot %= docroot %
Directory %= docroot %
@@ -76,4 +89,4 @@
% end -%
-# vim: filetype=apache
\ No newline at end of file
+# vim: filetype=apache
--
To view, visit https://gerrit.wikimedia.org/r/106700
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: install SSL certificate enable vhost - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106701
Change subject: librenms: install SSL certificate enable vhost
..
librenms: install SSL certificate enable vhost
Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634
---
M manifests/role/librenms.pp
1 file changed, 5 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/01/106701/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index d096961..a0d13ef 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -49,18 +49,22 @@
config = $config,
}
+install_certificate { $hostname: }
+
@webserver::apache::module { 'php5': }
@webserver::apache::site { $hostname,
aliases = [ 'observium.wikimedia.org' ],
docroot = $install_dir,
+ssl = 'redirected',
require = [
Webserver::Apache::Module['php5'],
+Install_certificate[$hostname],
Class['librenms'],
],
}
monitor_service { 'librenms':
description = 'HTTP',
-check_command = check_http_url!${hostname}!http://${hostname};,
+check_command = check_https_url!${hostname}!http://${hostname};,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/106701
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc SSL fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: webserver::apache: misc SSL fixes
..
webserver::apache: misc SSL fixes
- Set ServerAdmin correct on the 443 virtualhost
- Support redirected; it was previously a stub
- Add SSLCACertificatePath
- Remove the defaulting to wildcard certificate support
Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 22 insertions(+), 10 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 392a520..426db44 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -284,10 +284,10 @@
# Parameters:
# $aliases=[] - array of ServerAliases
# $ssl=false - if true, sets up an ssl certificate for
$title
- # $certfile=undef - defaults to
/etc/ssl/certs/${wildcard_domain}.pem, based on $title
- # $certkey=undef- defaults to
/etc/ssl/private/${wildcard_domain}.key based on $title
+ # $certfile=undef - defaults to /etc/ssl/certs/${title}.pem
+ # $certkey=undef- defaults to /etc/ssl/private/${title}.key
# $docroot=undef- defaults to: $title ==
'stats.wikimedia.org', then /srv/stats.wikimedia.org
- # $custom=[]- custom Apachce config strings to put into
virtual host site file
+ # $custom=[]- custom Apache config strings to put into
virtual host site file
# $includes=[]
# $server_admin=r...@wikimedia.org,
# $access_log - path to access log, default:
/var/log/apache2/access.log
@@ -320,13 +320,12 @@
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
- # If no cert files are defined, assume a wildcart
certificate for the domain
- $wildcard_domain = regsubst($title, '^[^\.]+', *)
+ # If no cert files are defined, assume a named
certificate for the domain
if ! $certfile {
- $certfile =
/etc/ssl/certs/${wildcard_domain}.pem
+ $certfile = /etc/ssl/certs/${title}.pem
}
if ! $certkey {
- $certkey =
/etc/ssl/private/${wildcard_domain}.key
+ $certkey = /etc/ssl/private/${title}.key
}
}
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index a8ea804..2c66ff6 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -1,6 +1,6 @@
# This file is managed by Puppet!
-% if ssl != only -%
+% if [true, false].include?(ssl) -%
VirtualHost *:80
ServerName %= title %
% if aliases.length 0 -%
@@ -34,13 +34,25 @@
/VirtualHost
% end -%
+% if ssl == redirected -%
+VirtualHost *:80
+ ServerName %= title %
+% if aliases.length 0 -%
+ ServerAlias %= aliases.join( ) %
+% end -%
+ ServerAdmin %= server_admin %
+
+ Redirect permanent / https://%= title %/
+/VirtualHost
+% end -%
+
% if [true, only, redirected].include?(ssl) -%
VirtualHost *:443
ServerName %= title %
% if aliases.length 0 -%
ServerAlias %= aliases.join( ) %
% end -%
- ServerAdmin r...@wikimedia.org
+ ServerAdmin %= server_admin %
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
@@ -48,6 +60,7 @@
SSLHonorCipherOrder on
SSLCertificateFile %= certfile %
SSLCertificateKeyFile %= certkey %
+ SSLCACertificatePath /etc/ssl/certs
DocumentRoot %= docroot %
Directory %= docroot %
@@ -76,4 +89,4 @@
% end -%
-# vim: filetype=apache
\ No newline at end of file
+# vim: filetype=apache
--
To view, visit https://gerrit.wikimedia.org/r/106700
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms module and role class apply it - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Add librenms module and role class apply it
..
Add librenms module and role class apply it
LibreNMS is a GPL Observium fork. Sets up Apache, user accounts, cron
jobs and provisions via Trebuchet from an internal git mirror.
Change-Id: I61073f915b8c5a5b26b28c60b6888563a268c6b1
---
M manifests/role/deployment.pp
A manifests/role/librenms.pp
M manifests/site.pp
A modules/librenms/files/logrotate
A modules/librenms/lib/puppet/parser/functions/phpdump.rb
A modules/librenms/manifests/init.pp
A modules/librenms/templates/config.php.erb
7 files changed, 223 insertions(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 6d32a44..784048a 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -133,6 +133,10 @@
'grain'= 'scholarships',
'upstream' =
'https://gerrit.wikimedia.org/r/wikimedia/wikimania-scholarships',
},
+'librenms/librenms' = {
+'grain'= 'librenms',
+'upstream' =
'https://gerrit.wikimedia.org/r/operations/software/librenms',
+},
}
}
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
new file mode 100644
index 000..3c1b637
--- /dev/null
+++ b/manifests/role/librenms.pp
@@ -0,0 +1,70 @@
+class role::librenms {
+system::role { 'librenms': description = 'LibreNMS' }
+
+include network::constants
+include passwords::librenms
+include passwords::network
+
+$sitename = 'librenms.wikimedia.org'
+
+deployment::target { 'librenms': }
+$install_dir = '/srv/deployment/librenms/librenms'
+
+$config = {
+'install_dir' = $install_dir,
+'html_dir' = ${install_dir}/html,
+'log_file' = '/var/log/librenms.log',
+'rrd_dir' = '/var/lib/librenms/rrd',
+
+'db_host' = 'db1001.eqiad.wmnet',
+'db_user' = $passwords::librenms::db_user,
+'db_pass' = $passwords::librenms::db_pass,
+'db_name' = 'librenms',
+
+'snmp' = {
+'community' = [ $passwords::network::snmp_ro_community ],
+},
+
+'enable_inventory' = 1,
+'enable_syslog'= 1,
+'email_backend'= 'sendmail',
+'alerts' = {
+'port_util_alert' = true,
+'port_util_perc' = 85,
+'email' = {
+'default' = 'n...@wikimedia.org',
+'enable' = true,
+},
+'port' = {
+'ifdown' = false,
+},
+},
+
+'auth_mechanism' = 'mysql',
+'nets' = $network::constants::external_networks,
+}
+
+class { 'librenms':
+install_dir = $install_dir,
+config = $config,
+}
+
+@webserver::apache::module { 'php5': }
+@webserver::apache::site { $sitename:
+docroot = $install_dir,
+require = [
+Webserver::Apache::Module['php5'],
+Class['librenms'],
+],
+}
+
+# redirect the old, pre-Jan 2014 name to librenms
+@webserver::apache::site { 'observium.wikimedia.org':
+custom = [ Redirect permanent / https://${sitename}/; ],
+}
+
+monitor_service { 'librenms':
+description = 'HTTP',
+check_command = check_http_url!${sitename}!http://${sitename};,
+}
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 66b3b26..0298010 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1891,7 +1891,8 @@
webserver::apache,
misc::rancid,
smokeping,
-smokeping::web
+smokeping::web,
+role::librenms
}
node /^nfs[12].pmtpa.wmnet/ {
diff --git a/modules/librenms/files/logrotate b/modules/librenms/files/logrotate
new file mode 100644
index 000..8766aa7
--- /dev/null
+++ b/modules/librenms/files/logrotate
@@ -0,0 +1,6 @@
+/var/log/librenms.log {
+rotate 7
+daily
+compress
+missingok
+}
diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
new file mode 100644
index 000..2033613
--- /dev/null
+++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
@@ -0,0 +1,34 @@
+# == Function: phpdump
+#
+# Serialize a hash into PHP array with lexicographically sorted keys.
+#
+
+def phpdump(o, level=1)
+ indent = *4
+
+ case o
+ when Hash
+contents = ''
+o.sort.each do |k, v|
+ contents += indent*level
+ contents += \#{k}\ = + phpdump(v, level+1)
+ contents += ,\n
+end
+array(\n + contents + indent*(level-1) + )
+ when Array
+array( + o.map { |x| phpdump(x, level+1) }.join(', ') + )
+ when TrueClass
+
[MediaWiki-commits] [Gerrit] librenms: fix role class include scoping - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: fix role class include scoping
..
librenms: fix role class include scoping
(classic pitfall)
Change-Id: I90076352756ef5b308d852c14b16f636cae954b3
---
M manifests/role/librenms.pp
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 3c1b637..4594a81 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -44,7 +44,7 @@
'nets' = $network::constants::external_networks,
}
-class { 'librenms':
+class { '::librenms':
install_dir = $install_dir,
config = $config,
}
--
To view, visit https://gerrit.wikimedia.org/r/106715
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I90076352756ef5b308d852c14b16f636cae954b3
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix role class include scoping - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106715
Change subject: librenms: fix role class include scoping
..
librenms: fix role class include scoping
(classic pitfall)
Change-Id: I90076352756ef5b308d852c14b16f636cae954b3
---
M manifests/role/librenms.pp
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/15/106715/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 16af56c..9c2ec70 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -44,7 +44,7 @@
'nets' = $network::constants::external_networks,
}
-class { 'librenms':
+class { '::librenms':
install_dir = $install_dir,
config = $config,
}
--
To view, visit https://gerrit.wikimedia.org/r/106715
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I90076352756ef5b308d852c14b16f636cae954b3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: don't use stdlib's merge on phpdump() - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106717 Change subject: librenms: don't use stdlib's merge on phpdump() .. librenms: don't use stdlib's merge on phpdump() Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/17/106717/1 diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 2033613..205f8ce 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -29,6 +29,6 @@ module Puppet::Parser::Functions newfunction(:phpdump, :type = :rvalue) do |args| fail 'phpdump() requires an argument' if args.empty? -phpdump(args.inject(:merge)) +phpdump(args) end end -- To view, visit https://gerrit.wikimedia.org/r/106717 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: don't use stdlib's merge on phpdump() - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: don't use stdlib's merge on phpdump() .. librenms: don't use stdlib's merge on phpdump() Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 2033613..205f8ce 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -29,6 +29,6 @@ module Puppet::Parser::Functions newfunction(:phpdump, :type = :rvalue) do |args| fail 'phpdump() requires an argument' if args.empty? -phpdump(args.inject(:merge)) +phpdump(args) end end -- To view, visit https://gerrit.wikimedia.org/r/106717 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: remove broken docroot logic - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106722
Change subject: webserver: remove broken docroot logic
..
webserver: remove broken docroot logic
The current webserver::apache::site logic is broken, as it tried to
reassign to the $docroot variable and this is, unfortunately, disallowed
in puppet.
As it's clearly not a used functionality, and since Apache throws
warnings if a directory doesn't exist, remove the whole piece of code
and let vhosts that e.g. don't need a document root (because, for
example, contain just a simple redirect) to work with a simpler config.
Debian defaults to /var/www in this case, and policy dictates that no
packages will ever write useful files there.
Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 5 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/22/106722/1
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 426db44..4361f3e 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -312,11 +312,6 @@
Class[webserver::apache::packages] -
Webserver::Apache::Site[$title] - Class[webserver::apache::service]
- if ! $docroot {
- $subdir =
inline_template(scope.lookupvar('webserver::apache::site::title').strip.split.reverse.join('/'))
- $docroot = /srv/$subdir
- }
-
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index 2c66ff6..215d31e 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -8,6 +8,7 @@
% end -%
ServerAdmin %= server_admin %
+% if docroot -%
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
@@ -15,6 +16,8 @@
Order allow,deny
allow from all
/Directory
+% end -%
+
ErrorLog %= error_log %
# Possible values include: debug, info, notice, warn, error, crit,
@@ -62,6 +65,7 @@
SSLCertificateKeyFile %= certkey %
SSLCACertificatePath /etc/ssl/certs
+% if docroot -%
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
@@ -69,6 +73,7 @@
Order allow,deny
allow from all
/Directory
+% end -%
ErrorLog %= error_log %
# Possible values include: debug, info, notice, warn, error, crit,
--
To view, visit https://gerrit.wikimedia.org/r/106722
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: remove broken docroot logic - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: webserver: remove broken docroot logic
..
webserver: remove broken docroot logic
The current webserver::apache::site logic is broken, as it tried to
reassign to the $docroot variable and this is, unfortunately, disallowed
in puppet.
As it's clearly not a used functionality, and since Apache throws
warnings if a directory doesn't exist, remove the whole piece of code
and let vhosts that e.g. don't need a document root (because, for
example, contain just a simple redirect) to work with a simpler config.
Debian defaults to /var/www in this case, and policy dictates that no
packages will ever write useful files there.
Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 5 insertions(+), 5 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 426db44..4361f3e 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -312,11 +312,6 @@
Class[webserver::apache::packages] -
Webserver::Apache::Site[$title] - Class[webserver::apache::service]
- if ! $docroot {
- $subdir =
inline_template(scope.lookupvar('webserver::apache::site::title').strip.split.reverse.join('/'))
- $docroot = /srv/$subdir
- }
-
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index 2c66ff6..215d31e 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -8,6 +8,7 @@
% end -%
ServerAdmin %= server_admin %
+% if docroot -%
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
@@ -15,6 +16,8 @@
Order allow,deny
allow from all
/Directory
+% end -%
+
ErrorLog %= error_log %
# Possible values include: debug, info, notice, warn, error, crit,
@@ -62,6 +65,7 @@
SSLCertificateKeyFile %= certkey %
SSLCACertificatePath /etc/ssl/certs
+% if docroot -%
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
@@ -69,6 +73,7 @@
Order allow,deny
allow from all
/Directory
+% end -%
ErrorLog %= error_log %
# Possible values include: debug, info, notice, warn, error, crit,
--
To view, visit https://gerrit.wikimedia.org/r/106722
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix another scoping/dependency cycle - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106724 Change subject: librenms: fix another scoping/dependency cycle .. librenms: fix another scoping/dependency cycle Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/24/106724/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4594a81..e596a96 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -54,7 +54,7 @@ docroot = $install_dir, require = [ Webserver::Apache::Module['php5'], -Class['librenms'], +Class['::librenms'], ], } -- To view, visit https://gerrit.wikimedia.org/r/106724 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix another scoping/dependency cycle - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: fix another scoping/dependency cycle .. librenms: fix another scoping/dependency cycle Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4594a81..e596a96 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -54,7 +54,7 @@ docroot = $install_dir, require = [ Webserver::Apache::Module['php5'], -Class['librenms'], +Class['::librenms'], ], } -- To view, visit https://gerrit.wikimedia.org/r/106724 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: more syntax fixups - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: more syntax fixups
..
librenms: more syntax fixups
Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
2 files changed, 13 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index e596a96..4eb22f5 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -7,6 +7,14 @@
$sitename = 'librenms.wikimedia.org'
+# FIXME: deployment::target really needs to handle this better
+file { [ '/srv/deployment', '/srv/deployment/librenms' ]:
+ensure = directory,
+owner = 'root',
+group = 'root',
+mode = '0755',
+}
+
deployment::target { 'librenms': }
$install_dir = '/srv/deployment/librenms/librenms'
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 7f106bc..a965a2b 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -44,11 +44,11 @@
require = Group['librenms'],
}
-file { '/var/lib/librenms/rrd':
+file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]:
ensure = directory,
owner = 'librenms',
group = 'librenms',
-mode= '0555',
+mode= '0755',
}
file { '/etc/logrotate.d/librenms':
@@ -85,17 +85,20 @@
command = ${install_dir}/discovery.php -h all /dev/null 21,
hour= '*/6',
minute = '33',
+require = User['librenms'],
}
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
command = ${install_dir}/discovery.php -h all /dev/null 21,
minute = '*/5',
+require = User['librenms'],
}
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
command = ${install_dir}/poller.php -h all /dev/null 21,
minute = '*/5',
+require = User['librenms'],
}
}
--
To view, visit https://gerrit.wikimedia.org/r/106730
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: more syntax fixups - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106730
Change subject: librenms: more syntax fixups
..
librenms: more syntax fixups
Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
2 files changed, 13 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/30/106730/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index e596a96..4eb22f5 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -7,6 +7,14 @@
$sitename = 'librenms.wikimedia.org'
+# FIXME: deployment::target really needs to handle this better
+file { [ '/srv/deployment', '/srv/deployment/librenms' ]:
+ensure = directory,
+owner = 'root',
+group = 'root',
+mode = '0755',
+}
+
deployment::target { 'librenms': }
$install_dir = '/srv/deployment/librenms/librenms'
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 7f106bc..a965a2b 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -44,11 +44,11 @@
require = Group['librenms'],
}
-file { '/var/lib/librenms/rrd':
+file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]:
ensure = directory,
owner = 'librenms',
group = 'librenms',
-mode= '0555',
+mode= '0755',
}
file { '/etc/logrotate.d/librenms':
@@ -85,17 +85,20 @@
command = ${install_dir}/discovery.php -h all /dev/null 21,
hour= '*/6',
minute = '33',
+require = User['librenms'],
}
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
command = ${install_dir}/discovery.php -h all /dev/null 21,
minute = '*/5',
+require = User['librenms'],
}
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
command = ${install_dir}/poller.php -h all /dev/null 21,
minute = '*/5',
+require = User['librenms'],
}
}
--
To view, visit https://gerrit.wikimedia.org/r/106730
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc adjustments - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106755
Change subject: webserver::apache: misc adjustments
..
webserver::apache: misc adjustments
- Change default log location for virtualhosts into
/var/log/$name.{access,error}.log. This does the right thing on
servers with multiple sites.
- AllowOverride All on the main docroot. Since the config for that is
static, being able to use .htaccess can prove handy, and is in fact
what LibreNMS does.
Change-Id: I17e66c874194457675a7a5347961c953b867c4bc
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 3 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/55/106755/1
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 4361f3e..ce2d674 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -305,8 +305,8 @@
$custom=[],
$includes=[],
$server_admin=r...@wikimedia.org,
- $access_log=/var/log/apache2/access.log,
- $error_log=/var/log/apache2/error.log,
+ $access_log=/var/log/apache2/${title}.access.log,
+ $error_log=/var/log/apache2/${title}.error.log,
$ensure=present
) {
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index 215d31e..27a2afb 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -12,7 +12,7 @@
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
- AllowOverride None
+ AllowOverride All
Order allow,deny
allow from all
/Directory
--
To view, visit https://gerrit.wikimedia.org/r/106755
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I17e66c874194457675a7a5347961c953b867c4bc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another round of misc fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106756
Change subject: librenms: another round of misc fixes
..
librenms: another round of misc fixes
- Add a project name, title logo
- Switch RRD storage to /srv/, as there's plenty of (LVM) space there.
- Enable mod_rewrite, since it's used by .htaccess
- Switch docroot to /html, as originally intended.
- Change Nagios check to mention LibreNMS HTTP in the description, to
make clear which service is broken.
- Remove now virtual php5-json; add php-net-ipv4/6
- Fix a typo in one of the crontabs
- Fix config.php to not override LibreNMS' default settings
Change-Id: I80170aa558ff4d132c99582f4106731d980aae29
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
M modules/librenms/templates/config.php.erb
3 files changed, 14 insertions(+), 15 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/56/106756/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 4eb22f5..b2e5f06 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -19,10 +19,13 @@
$install_dir = '/srv/deployment/librenms/librenms'
$config = {
+'project_name' = 'Wikimedia NMS',
+'project_id' = 'librenms',
+'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
+
'install_dir' = $install_dir,
-'html_dir' = ${install_dir}/html,
+'rrd_dir' = '/srv/librenms/rrd',
'log_file' = '/var/log/librenms.log',
-'rrd_dir' = '/var/lib/librenms/rrd',
'db_host' = 'db1001.eqiad.wmnet',
'db_user' = $passwords::librenms::db_user,
@@ -57,9 +60,9 @@
config = $config,
}
-@webserver::apache::module { 'php5': }
+@webserver::apache::module { [ 'php5', 'rewrite' ]: }
@webserver::apache::site { $sitename:
-docroot = $install_dir,
+docroot = ${install_dir}/html,
require = [
Webserver::Apache::Module['php5'],
Class['::librenms'],
@@ -72,7 +75,7 @@
}
monitor_service { 'librenms':
-description = 'HTTP',
+description = 'LibreNMS HTTP',
check_command = check_http_url!${sitename}!http://${sitename};,
}
}
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index a965a2b..8b0 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -44,13 +44,6 @@
require = Group['librenms'],
}
-file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]:
-ensure = directory,
-owner = 'librenms',
-group = 'librenms',
-mode= '0755',
-}
-
file { '/etc/logrotate.d/librenms':
ensure = present,
owner = 'root',
@@ -61,10 +54,11 @@
package { [
'php5-cli',
'php5-gd',
-'php5-json',
'php5-mcrypt',
'php5-mysql',
'php5-snmp',
+'php-net-ipv4',
+'php-net-ipv6',
'php-pear',
'fping',
'graphviz',
@@ -90,7 +84,7 @@
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h all /dev/null 21,
+command = ${install_dir}/discovery.php -h new /dev/null 21,
minute = '*/5',
require = User['librenms'],
}
diff --git a/modules/librenms/templates/config.php.erb
b/modules/librenms/templates/config.php.erb
index b65bc2f..49a14a6 100644
--- a/modules/librenms/templates/config.php.erb
+++ b/modules/librenms/templates/config.php.erb
@@ -1,6 +1,8 @@
?php
# This file is managed by Puppet!
-$config = %= scope.function_phpdump(@config) %;
+$puppet_config = %= scope.function_phpdump(@config) %;
+
+$config = array_merge($config, $puppet_config);
?
--
To view, visit https://gerrit.wikimedia.org/r/106756
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I80170aa558ff4d132c99582f4106731d980aae29
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc adjustments - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: webserver::apache: misc adjustments
..
webserver::apache: misc adjustments
- Change default log location for virtualhosts into
/var/log/$name.{access,error}.log. This does the right thing on
servers with multiple sites.
- AllowOverride All on the main docroot. Since the config for that is
static, being able to use .htaccess can prove handy, and is in fact
what LibreNMS does.
Change-Id: I17e66c874194457675a7a5347961c953b867c4bc
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 3 insertions(+), 3 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 4361f3e..ce2d674 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -305,8 +305,8 @@
$custom=[],
$includes=[],
$server_admin=r...@wikimedia.org,
- $access_log=/var/log/apache2/access.log,
- $error_log=/var/log/apache2/error.log,
+ $access_log=/var/log/apache2/${title}.access.log,
+ $error_log=/var/log/apache2/${title}.error.log,
$ensure=present
) {
diff --git a/templates/apache/generic_vhost.erb
b/templates/apache/generic_vhost.erb
index 215d31e..27a2afb 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -12,7 +12,7 @@
DocumentRoot %= docroot %
Directory %= docroot %
Options Indexes FollowSymLinks MultiViews
- AllowOverride None
+ AllowOverride All
Order allow,deny
allow from all
/Directory
--
To view, visit https://gerrit.wikimedia.org/r/106755
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I17e66c874194457675a7a5347961c953b867c4bc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add IPv6 address to netmon1001 - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106758
Change subject: Add IPv6 address to netmon1001
..
Add IPv6 address to netmon1001
Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf
---
M manifests/site.pp
1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/58/106758/1
diff --git a/manifests/site.pp b/manifests/site.pp
index 896ac67..5642188 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1894,6 +1894,8 @@
smokeping,
smokeping::web,
role::librenms
+
+interface::add_ip6_mapped { main: }
}
node /^nfs[12].pmtpa.wmnet/ {
--
To view, visit https://gerrit.wikimedia.org/r/106758
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another round of misc fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: another round of misc fixes
..
librenms: another round of misc fixes
- Add a project name, title logo
- Switch RRD storage to /srv/, as there's plenty of (LVM) space there.
- Enable mod_rewrite, since it's used by .htaccess
- Switch docroot to /html, as originally intended.
- Change Nagios check to mention LibreNMS HTTP in the description, to
make clear which service is broken.
- Remove now virtual php5-json; add php-net-ipv4/6
- Fix a typo in one of the crontabs
- Fix config.php to not override LibreNMS' default settings
Change-Id: I80170aa558ff4d132c99582f4106731d980aae29
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
M modules/librenms/templates/config.php.erb
3 files changed, 14 insertions(+), 15 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 4eb22f5..b2e5f06 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -19,10 +19,13 @@
$install_dir = '/srv/deployment/librenms/librenms'
$config = {
+'project_name' = 'Wikimedia NMS',
+'project_id' = 'librenms',
+'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
+
'install_dir' = $install_dir,
-'html_dir' = ${install_dir}/html,
+'rrd_dir' = '/srv/librenms/rrd',
'log_file' = '/var/log/librenms.log',
-'rrd_dir' = '/var/lib/librenms/rrd',
'db_host' = 'db1001.eqiad.wmnet',
'db_user' = $passwords::librenms::db_user,
@@ -57,9 +60,9 @@
config = $config,
}
-@webserver::apache::module { 'php5': }
+@webserver::apache::module { [ 'php5', 'rewrite' ]: }
@webserver::apache::site { $sitename:
-docroot = $install_dir,
+docroot = ${install_dir}/html,
require = [
Webserver::Apache::Module['php5'],
Class['::librenms'],
@@ -72,7 +75,7 @@
}
monitor_service { 'librenms':
-description = 'HTTP',
+description = 'LibreNMS HTTP',
check_command = check_http_url!${sitename}!http://${sitename};,
}
}
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index a965a2b..8b0 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -44,13 +44,6 @@
require = Group['librenms'],
}
-file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]:
-ensure = directory,
-owner = 'librenms',
-group = 'librenms',
-mode= '0755',
-}
-
file { '/etc/logrotate.d/librenms':
ensure = present,
owner = 'root',
@@ -61,10 +54,11 @@
package { [
'php5-cli',
'php5-gd',
-'php5-json',
'php5-mcrypt',
'php5-mysql',
'php5-snmp',
+'php-net-ipv4',
+'php-net-ipv6',
'php-pear',
'fping',
'graphviz',
@@ -90,7 +84,7 @@
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h all /dev/null 21,
+command = ${install_dir}/discovery.php -h new /dev/null 21,
minute = '*/5',
require = User['librenms'],
}
diff --git a/modules/librenms/templates/config.php.erb
b/modules/librenms/templates/config.php.erb
index b65bc2f..49a14a6 100644
--- a/modules/librenms/templates/config.php.erb
+++ b/modules/librenms/templates/config.php.erb
@@ -1,6 +1,8 @@
?php
# This file is managed by Puppet!
-$config = %= scope.function_phpdump(@config) %;
+$puppet_config = %= scope.function_phpdump(@config) %;
+
+$config = array_merge($config, $puppet_config);
?
--
To view, visit https://gerrit.wikimedia.org/r/106756
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I80170aa558ff4d132c99582f4106731d980aae29
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add IPv6 address to netmon1001 - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Add IPv6 address to netmon1001
..
Add IPv6 address to netmon1001
Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf
---
M manifests/site.pp
1 file changed, 2 insertions(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/site.pp b/manifests/site.pp
index 896ac67..5642188 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1894,6 +1894,8 @@
smokeping,
smokeping::web,
role::librenms
+
+interface::add_ip6_mapped { main: }
}
node /^nfs[12].pmtpa.wmnet/ {
--
To view, visit https://gerrit.wikimedia.org/r/106758
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms switch observium to netmon1001 - change (operations/dns)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106759 Change subject: Add librenms switch observium to netmon1001 .. Add librenms switch observium to netmon1001 librenms is the new Observium. While at it, add IPv6 to netmon1001. Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 --- M templates/wikimedia.org 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/dns refs/changes/59/106759/1 diff --git a/templates/wikimedia.org b/templates/wikimedia.org index dafc80a..5943802 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -166,6 +166,7 @@ ms1001 1H IN A208.80.154.16 neon 1H IN A208.80.154.14 netmon1001 1H IN A208.80.154.159 + 1H IN 2620:0:861:2:208:80:154:159 nickel 1H IN A208.80.154.150 nitrogen 1H IN A208.80.154.17 1H IN 2620:0:861:1:208:80:154:17 @@ -496,7 +497,8 @@ login 1H IN CNAMEwikimedia-lb ntp.pmtpa 1H IN CNAMElinne -observium 1H IN A208.80.152.137 +observium 1H IN CNAMElibrenms +librenms 1H IN CNAMEnetmon1001 ; in theory we can run with both live, but eqiad-only is preferred ;payments 5M IN A208.80.152.213 ; pmtpa -- To view, visit https://gerrit.wikimedia.org/r/106759 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms switch observium to netmon1001 - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add librenms switch observium to netmon1001 .. Add librenms switch observium to netmon1001 librenms is the new Observium. While at it, add IPv6 to netmon1001. Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 --- M templates/wikimedia.org 1 file changed, 3 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wikimedia.org b/templates/wikimedia.org index dafc80a..5943802 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -166,6 +166,7 @@ ms1001 1H IN A208.80.154.16 neon 1H IN A208.80.154.14 netmon1001 1H IN A208.80.154.159 + 1H IN 2620:0:861:2:208:80:154:159 nickel 1H IN A208.80.154.150 nitrogen 1H IN A208.80.154.17 1H IN 2620:0:861:1:208:80:154:17 @@ -496,7 +497,8 @@ login 1H IN CNAMEwikimedia-lb ntp.pmtpa 1H IN CNAMElinne -observium 1H IN A208.80.152.137 +observium 1H IN CNAMElibrenms +librenms 1H IN CNAMEnetmon1001 ; in theory we can run with both live, but eqiad-only is preferred ;payments 5M IN A208.80.152.213 ; pmtpa -- To view, visit https://gerrit.wikimedia.org/r/106759 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: discovery fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106764
Change subject: librenms: discovery fixes
..
librenms: discovery fixes
- Add snmp-mibs-downloader to fetch proprietary MIBs.
- Explicitly set the autodiscovery modules, and disable SNMP scan.
- Switch from poller.php to pollerwrapper.py, per the manual.
- Add html_dir config option to restore icons
Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
2 files changed, 11 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/64/106764/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index b2e5f06..225188e 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -19,11 +19,10 @@
$install_dir = '/srv/deployment/librenms/librenms'
$config = {
-'project_name' = 'Wikimedia NMS',
-'project_id' = 'librenms',
'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
'install_dir' = $install_dir,
+'html_dir' = ${install_dir}/html,
'rrd_dir' = '/srv/librenms/rrd',
'log_file' = '/var/log/librenms.log',
@@ -34,6 +33,14 @@
'snmp' = {
'community' = [ $passwords::network::snmp_ro_community ],
+},
+
+'nets' = $network::constants::external_networks,
+'autodiscovery'= {
+'xdp' = true,
+'ospf' = true,
+'bgp' = false,
+'snmpscan' = false,
},
'enable_inventory' = 1,
@@ -52,7 +59,6 @@
},
'auth_mechanism' = 'mysql',
-'nets' = $network::constants::external_networks,
}
class { '::librenms':
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 8b0..07c3e11 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -68,6 +68,7 @@
'nmap',
'python-mysqldb',
'rrdtool',
+'snmp-mibs-downloader',
'whois',
]:
ensure = present,
@@ -91,7 +92,7 @@
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
-command = ${install_dir}/poller.php -h all /dev/null 21,
+command = /usr/bin/python ${install_dir}/poller-wrapper.py 16
/dev/null 21,
minute = '*/5',
require = User['librenms'],
}
--
To view, visit https://gerrit.wikimedia.org/r/106764
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: discovery fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: discovery fixes
..
librenms: discovery fixes
- Add snmp-mibs-downloader to fetch proprietary MIBs.
- Explicitly set the autodiscovery modules, and disable SNMP scan.
- Switch from poller.php to pollerwrapper.py, per the manual.
- Add html_dir config option to restore icons
Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
2 files changed, 11 insertions(+), 4 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index b2e5f06..225188e 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -19,11 +19,10 @@
$install_dir = '/srv/deployment/librenms/librenms'
$config = {
-'project_name' = 'Wikimedia NMS',
-'project_id' = 'librenms',
'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
'install_dir' = $install_dir,
+'html_dir' = ${install_dir}/html,
'rrd_dir' = '/srv/librenms/rrd',
'log_file' = '/var/log/librenms.log',
@@ -34,6 +33,14 @@
'snmp' = {
'community' = [ $passwords::network::snmp_ro_community ],
+},
+
+'nets' = $network::constants::external_networks,
+'autodiscovery'= {
+'xdp' = true,
+'ospf' = true,
+'bgp' = false,
+'snmpscan' = false,
},
'enable_inventory' = 1,
@@ -52,7 +59,6 @@
},
'auth_mechanism' = 'mysql',
-'nets' = $network::constants::external_networks,
}
class { '::librenms':
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 8b0..07c3e11 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -68,6 +68,7 @@
'nmap',
'python-mysqldb',
'rrdtool',
+'snmp-mibs-downloader',
'whois',
]:
ensure = present,
@@ -91,7 +92,7 @@
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
-command = ${install_dir}/poller.php -h all /dev/null 21,
+command = /usr/bin/python ${install_dir}/poller-wrapper.py 16
/dev/null 21,
minute = '*/5',
require = User['librenms'],
}
--
To view, visit https://gerrit.wikimedia.org/r/106764
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: install SSL certificate enable vhost - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: install SSL certificate enable vhost
..
librenms: install SSL certificate enable vhost
Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634
---
M manifests/role/librenms.pp
1 file changed, 6 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 225188e..92687ae 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -66,11 +66,15 @@
config = $config,
}
+install_certificate { $sitename: }
+
@webserver::apache::module { [ 'php5', 'rewrite' ]: }
@webserver::apache::site { $sitename:
docroot = ${install_dir}/html,
+ssl = 'redirected',
require = [
Webserver::Apache::Module['php5'],
+Install_certificate[$sitename],
Class['::librenms'],
],
}
@@ -81,7 +85,7 @@
}
monitor_service { 'librenms':
-description = 'LibreNMS HTTP',
-check_command = check_http_url!${sitename}!http://${sitename};,
+description = 'LibreNMS HTTPS',
+check_command = check_https_url!${sitename}!http://${sitename};,
}
}
--
To view, visit https://gerrit.wikimedia.org/r/106701
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache::site: fix syntax error - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: webserver::apache::site: fix syntax error
..
webserver::apache::site: fix syntax error
Cannot reassign variable certfile
Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e
---
M manifests/webserver.pp
1 file changed, 2 insertions(+), 10 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index ce2d674..7f49b7d 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -299,8 +299,8 @@
define site(
$aliases=[],
$ssl=false,
- $certfile=undef,
- $certkey=undef,
+ $certfile=/etc/ssl/certs/${title}.pem,
+ $certkey=/etc/ssl/private/${title}.key,
$docroot=undef,
$custom=[],
$includes=[],
@@ -314,14 +314,6 @@
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
-
- # If no cert files are defined, assume a named
certificate for the domain
- if ! $certfile {
- $certfile = /etc/ssl/certs/${title}.pem
- }
- if ! $certkey {
- $certkey = /etc/ssl/private/${title}.key
- }
}
file {
--
To view, visit https://gerrit.wikimedia.org/r/106767
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache::site: fix syntax error - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106767
Change subject: webserver::apache::site: fix syntax error
..
webserver::apache::site: fix syntax error
Cannot reassign variable certfile
Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e
---
M manifests/webserver.pp
1 file changed, 2 insertions(+), 10 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/67/106767/1
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index ce2d674..7f49b7d 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -299,8 +299,8 @@
define site(
$aliases=[],
$ssl=false,
- $certfile=undef,
- $certkey=undef,
+ $certfile=/etc/ssl/certs/${title}.pem,
+ $certkey=/etc/ssl/private/${title}.key,
$docroot=undef,
$custom=[],
$includes=[],
@@ -314,14 +314,6 @@
if $ssl in [true, only, redirected] {
webserver::apache::module { ssl: }
-
- # If no cert files are defined, assume a named
certificate for the domain
- if ! $certfile {
- $certfile = /etc/ssl/certs/${title}.pem
- }
- if ! $certkey {
- $certkey = /etc/ssl/private/${title}.key
- }
}
file {
--
To view, visit https://gerrit.wikimedia.org/r/106767
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: add librenms::syslog class - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106780
Change subject: librenms: add librenms::syslog class
..
librenms: add librenms::syslog class
Add a librenms::syslog class which sets up a syslog listener that
pipes to LibreNMS.
This sets up a separate rsyslog instance that receives messages in
syslog (UDP 514) and pipes them to syslog.php.
Using a separate instance seems more complicated at first but provides
certain important benefits:
* The separate instance runs as the librenms user and hence is able to read
the configuration file without giving access to the whole syslog
group.
* There's no mixing of system syslog with the remote syslog and no messy
filtering to avoid logging the local system's logs to LibreNMS.
* The received loglines are only stored in LibreNMS and are not forwarded to
the rest of the syslog config (local log files, remote syslog servers
etc.).
While at it, also add some default options to ignore spammy Juniper
lines from the logs.
Change-Id: I7428047f04ae690af807f211218537c8e79628d0
---
M manifests/role/librenms.pp
A modules/librenms/files/rsyslog-upstart.conf
A modules/librenms/files/rsyslog.conf
M modules/librenms/manifests/init.pp
A modules/librenms/manifests/syslog.pp
5 files changed, 91 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/80/106780/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 92687ae..473d648 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -44,7 +44,6 @@
},
'enable_inventory' = 1,
-'enable_syslog'= 1,
'email_backend'= 'sendmail',
'alerts' = {
'port_util_alert' = true,
@@ -58,6 +57,14 @@
},
},
+'enable_syslog'= 1,
+'syslog_filter'= [
+'message repeated',
+'Connection from UDP: [',
+'CMD ( /usr/libexec/atrun)',
+'CMD (newsyslog)',
+],
+
'auth_mechanism' = 'mysql',
}
@@ -65,6 +72,9 @@
install_dir = $install_dir,
config = $config,
}
+class { '::librenms::syslog':
+require = Class['::librenms']
+}
install_certificate { $sitename: }
diff --git a/modules/librenms/files/rsyslog-upstart.conf
b/modules/librenms/files/rsyslog-upstart.conf
new file mode 100644
index 000..500abf9
--- /dev/null
+++ b/modules/librenms/files/rsyslog-upstart.conf
@@ -0,0 +1,13 @@
+# This file is managed by Puppet, librenms module
+
+description LibreNMS syslog daemon
+
+start on filesystem
+stop on runlevel [06]
+
+expect fork
+respawn
+
+script
+exec rsyslogd -c5 -f /etc/librenms-rsyslog.conf -i
/var/run/librenms-rsyslogd.pid
+end script
diff --git a/modules/librenms/files/rsyslog.conf
b/modules/librenms/files/rsyslog.conf
new file mode 100644
index 000..7db0178
--- /dev/null
+++ b/modules/librenms/files/rsyslog.conf
@@ -0,0 +1,17 @@
+$ModLoad imudp
+$UDPServerRun 514
+
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+$PreserveFQDN on
+$RepeatedMsgReduction on
+
+$PrivDropToUser librenms
+$PrivDropToGroup librenms
+
+# perform rsyslog magic instead of plain programname
+# Juniper emits e.g. /kernel: as the tag, which makes programname
+# write our own parser instead, that doesn't consider / as a terminator
+$template
librenms,%fromhost%||%syslogfacility-text%||%syslogpriority-text%||%syslogseverity-text%||%syslogtag%||%$year%-%$month%-%$day%
%timereported:8:25%||%msg%||%syslogtag:R,ERE,1:([^:\[]+)(\[.*|:.*)?--end%\n
+$ModLoad omprog
+$ActionOMProgBinary /usr/local/sbin/librenms-syslog
+*.* :omprog:;librenms
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 07c3e11..24c3364 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -96,4 +96,9 @@
minute = '*/5',
require = User['librenms'],
}
+
+file { '/usr/local/sbin/librenms-syslog':
+ensure = link,
+target = ${install_dir}/syslog.php,
+}
}
diff --git a/modules/librenms/manifests/syslog.pp
b/modules/librenms/manifests/syslog.pp
new file mode 100644
index 000..197a4da
--- /dev/null
+++ b/modules/librenms/manifests/syslog.pp
@@ -0,0 +1,45 @@
+# == Class: librenms::syslog
+#
+# Sets up a separate rsyslog instance that receives messages in syslog (UDP
+# 514) and forwards them to librenms' syslog script.
+#
+# Using a separate instance seems more complicated at first but provides
+# certain important benefits:
+# * The separate instance runs as the librenms user and hence is able to read
+# the configuration file without giving access to the whole syslog group
+# * There's no mixing of system syslog with the remote syslog and no messy
+# filtering to avoid logging the local system's logs to
[MediaWiki-commits] [Gerrit] librenms: add librenms::syslog class - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: add librenms::syslog class
..
librenms: add librenms::syslog class
Add a librenms::syslog class which sets up a syslog listener that
pipes to LibreNMS.
This sets up a separate rsyslog instance that receives messages in
syslog (UDP 514) and pipes them to syslog.php.
Using a separate instance seems more complicated at first but provides
certain important benefits:
* The separate instance runs as the librenms user and hence is able to read
the configuration file without giving access to the whole syslog
group.
* There's no mixing of system syslog with the remote syslog and no messy
filtering to avoid logging the local system's logs to LibreNMS.
* The received loglines are only stored in LibreNMS and are not forwarded to
the rest of the syslog config (local log files, remote syslog servers
etc.).
While at it, also add some default options to ignore spammy Juniper
lines from the logs.
Change-Id: I7428047f04ae690af807f211218537c8e79628d0
---
M manifests/role/librenms.pp
A modules/librenms/files/rsyslog-upstart.conf
A modules/librenms/files/rsyslog.conf
M modules/librenms/manifests/init.pp
A modules/librenms/manifests/syslog.pp
5 files changed, 91 insertions(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 92687ae..473d648 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -44,7 +44,6 @@
},
'enable_inventory' = 1,
-'enable_syslog'= 1,
'email_backend'= 'sendmail',
'alerts' = {
'port_util_alert' = true,
@@ -58,6 +57,14 @@
},
},
+'enable_syslog'= 1,
+'syslog_filter'= [
+'message repeated',
+'Connection from UDP: [',
+'CMD ( /usr/libexec/atrun)',
+'CMD (newsyslog)',
+],
+
'auth_mechanism' = 'mysql',
}
@@ -65,6 +72,9 @@
install_dir = $install_dir,
config = $config,
}
+class { '::librenms::syslog':
+require = Class['::librenms']
+}
install_certificate { $sitename: }
diff --git a/modules/librenms/files/rsyslog-upstart.conf
b/modules/librenms/files/rsyslog-upstart.conf
new file mode 100644
index 000..500abf9
--- /dev/null
+++ b/modules/librenms/files/rsyslog-upstart.conf
@@ -0,0 +1,13 @@
+# This file is managed by Puppet, librenms module
+
+description LibreNMS syslog daemon
+
+start on filesystem
+stop on runlevel [06]
+
+expect fork
+respawn
+
+script
+exec rsyslogd -c5 -f /etc/librenms-rsyslog.conf -i
/var/run/librenms-rsyslogd.pid
+end script
diff --git a/modules/librenms/files/rsyslog.conf
b/modules/librenms/files/rsyslog.conf
new file mode 100644
index 000..7db0178
--- /dev/null
+++ b/modules/librenms/files/rsyslog.conf
@@ -0,0 +1,17 @@
+$ModLoad imudp
+$UDPServerRun 514
+
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+$PreserveFQDN on
+$RepeatedMsgReduction on
+
+$PrivDropToUser librenms
+$PrivDropToGroup librenms
+
+# perform rsyslog magic instead of plain programname
+# Juniper emits e.g. /kernel: as the tag, which makes programname
+# write our own parser instead, that doesn't consider / as a terminator
+$template
librenms,%fromhost%||%syslogfacility-text%||%syslogpriority-text%||%syslogseverity-text%||%syslogtag%||%$year%-%$month%-%$day%
%timereported:8:25%||%msg%||%syslogtag:R,ERE,1:([^:\[]+)(\[.*|:.*)?--end%\n
+$ModLoad omprog
+$ActionOMProgBinary /usr/local/sbin/librenms-syslog
+*.* :omprog:;librenms
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 07c3e11..24c3364 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -96,4 +96,9 @@
minute = '*/5',
require = User['librenms'],
}
+
+file { '/usr/local/sbin/librenms-syslog':
+ensure = link,
+target = ${install_dir}/syslog.php,
+}
}
diff --git a/modules/librenms/manifests/syslog.pp
b/modules/librenms/manifests/syslog.pp
new file mode 100644
index 000..197a4da
--- /dev/null
+++ b/modules/librenms/manifests/syslog.pp
@@ -0,0 +1,45 @@
+# == Class: librenms::syslog
+#
+# Sets up a separate rsyslog instance that receives messages in syslog (UDP
+# 514) and forwards them to librenms' syslog script.
+#
+# Using a separate instance seems more complicated at first but provides
+# certain important benefits:
+# * The separate instance runs as the librenms user and hence is able to read
+# the configuration file without giving access to the whole syslog group
+# * There's no mixing of system syslog with the remote syslog and no messy
+# filtering to avoid logging the local system's logs to LibreNMS
+# * The received loglines are only
[MediaWiki-commits] [Gerrit] webserver: fix AllowOverride for SSL too - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106781 Change subject: webserver: fix AllowOverride for SSL too .. webserver: fix AllowOverride for SSL too Commit I17e66c8 added AllowOverride All to the vhost template, but didn't do so for the 443 virtual host. One-word fix. Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 --- M templates/apache/generic_vhost.erb 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/81/106781/1 diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 27a2afb..f70cd45 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -69,7 +69,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106781 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: fix AllowOverride for SSL too - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver: fix AllowOverride for SSL too .. webserver: fix AllowOverride for SSL too Commit I17e66c8 added AllowOverride All to the vhost template, but didn't do so for the 443 virtual host. One-word fix. Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 --- M templates/apache/generic_vhost.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 27a2afb..f70cd45 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -69,7 +69,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106781 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librensm: adjust syslog blacklist - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106870 Change subject: librensm: adjust syslog blacklist .. librensm: adjust syslog blacklist Less spam is good! Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb --- M manifests/role/librenms.pp 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/70/106870/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 473d648..03b2f8a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -61,8 +61,9 @@ 'syslog_filter'= [ 'message repeated', 'Connection from UDP: [', -'CMD ( /usr/libexec/atrun)', +'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', +'CMD (adjkerntz -a)', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106870 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librensm: adjust syslog blacklist - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librensm: adjust syslog blacklist .. librensm: adjust syslog blacklist Less spam is good! Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb --- M manifests/role/librenms.pp 1 file changed, 2 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 473d648..03b2f8a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -61,8 +61,9 @@ 'syslog_filter'= [ 'message repeated', 'Connection from UDP: [', -'CMD ( /usr/libexec/atrun)', +'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', +'CMD (adjkerntz -a)', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106870 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: minor fixes to phpdump - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106876
Change subject: librenms: minor fixes to phpdump
..
librenms: minor fixes to phpdump
Handle integers properly, NULL strings with embedded quotes. Borrowed
from Ori's equivalent code that was developed before this but was never
imported into this repo.
Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1
---
M modules/librenms/lib/puppet/parser/functions/phpdump.rb
1 file changed, 4 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/76/106876/1
diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
index 205f8ce..0c094b5 100644
--- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
+++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
@@ -11,7 +11,7 @@
contents = ''
o.sort.each do |k, v|
contents += indent*level
- contents += \#{k}\ = + phpdump(v, level+1)
+ contents += k.to_pson + = + phpdump(v, level+1)
contents += ,\n
end
array(\n + contents + indent*(level-1) + )
@@ -21,8 +21,10 @@
TRUE
when FalseClass
FALSE
+ when nil
+NULL
else
-'' + o.to_s + ''
+o.include?('.') ? Float(o).to_s : Integer(o).to_s rescue o.to_pson
end
end
--
To view, visit https://gerrit.wikimedia.org/r/106876
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: minor fixes to phpdump - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: minor fixes to phpdump
..
librenms: minor fixes to phpdump
Handle integers properly, NULL strings with embedded quotes. Borrowed
from Ori's equivalent code that was developed before this but was never
imported into this repo.
Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1
---
M modules/librenms/lib/puppet/parser/functions/phpdump.rb
1 file changed, 4 insertions(+), 2 deletions(-)
Approvals:
Ori.livneh: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
index 205f8ce..0c094b5 100644
--- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb
+++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb
@@ -11,7 +11,7 @@
contents = ''
o.sort.each do |k, v|
contents += indent*level
- contents += \#{k}\ = + phpdump(v, level+1)
+ contents += k.to_pson + = + phpdump(v, level+1)
contents += ,\n
end
array(\n + contents + indent*(level-1) + )
@@ -21,8 +21,10 @@
TRUE
when FalseClass
FALSE
+ when nil
+NULL
else
-'' + o.to_s + ''
+o.include?('.') ? Float(o).to_s : Integer(o).to_s rescue o.to_pson
end
end
--
To view, visit https://gerrit.wikimedia.org/r/106876
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another syslog blacklist entry - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106877 Change subject: librenms: another syslog blacklist entry .. librenms: another syslog blacklist entry Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/77/106877/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 03b2f8a..f34bb0a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -64,6 +64,7 @@ 'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', 'CMD (adjkerntz -a)', +'kernel time sync enabled', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106877 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another syslog blacklist entry - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: another syslog blacklist entry .. librenms: another syslog blacklist entry Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 03b2f8a..f34bb0a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -64,6 +64,7 @@ 'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', 'CMD (adjkerntz -a)', +'kernel time sync enabled', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106877 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: make main class' config option simpler - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/106896
Change subject: librenms: make main class' config option simpler
..
librenms: make main class' config option simpler
Supplying install_dir, html_dir, rrd_dir log file to the config hash
is kind of wrong, as it's not KISS: the class already knows the best
position for these and sets up other stuff based on these locations
(e.g. logrotate). Pass them to the config.php template instead, outside
of the config hash and simplify the caller.
Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
M modules/librenms/templates/config.php.erb
3 files changed, 21 insertions(+), 11 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/96/106896/1
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index f34bb0a..a67ee50 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -21,11 +21,6 @@
$config = {
'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
-'install_dir' = $install_dir,
-'html_dir' = ${install_dir}/html,
-'rrd_dir' = '/srv/librenms/rrd',
-'log_file' = '/var/log/librenms.log',
-
'db_host' = 'db1001.eqiad.wmnet',
'db_user' = $passwords::librenms::db_user,
'db_pass' = $passwords::librenms::db_pass,
@@ -72,6 +67,7 @@
class { '::librenms':
install_dir = $install_dir,
+rrd_dir = '/srv/librenms/rrd',
config = $config,
}
class { '::librenms::syslog':
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 24c3364..0340bc8 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -8,11 +8,16 @@
# Configuration for LibreNMS, in a puppet hash format.
#
# [*install_dir*]
-# Installation directory for LibreNMS.
+# Installation directory for LibreNMS. Defaults to /srv/librenms.
+#
+# [*rrd_dir*]
+# Location where RRD files are going to be placed. Defaults to rrd under
+# *install_dir*.
#
class librenms(
-$config,
+$config={},
$install_dir='/srv/librenms',
+$rrd_dir=${install_dir}/rrd,
) {
group { 'librenms':
ensure = present,
@@ -68,6 +73,7 @@
'nmap',
'python-mysqldb',
'rrdtool',
+#'snmp',
'snmp-mibs-downloader',
'whois',
]:
@@ -77,7 +83,7 @@
cron { 'librenms-discovery-all':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h all /dev/null 21,
+command = ${install_dir}/discovery.php -h all /dev/null 21,
hour= '*/6',
minute = '33',
require = User['librenms'],
@@ -85,18 +91,20 @@
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h new /dev/null 21,
+command = ${install_dir}/discovery.php -h new /dev/null 21,
minute = '*/5',
require = User['librenms'],
}
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
-command = /usr/bin/python ${install_dir}/poller-wrapper.py 16
/dev/null 21,
+command = python ${install_dir}/poller-wrapper.py 16 /dev/null
21,
minute = '*/5',
require = User['librenms'],
}
+# syslog script, in an install_dir-agnostic location
+# used by librenms::syslog or a custom alternative placed manually.
file { '/usr/local/sbin/librenms-syslog':
ensure = link,
target = ${install_dir}/syslog.php,
diff --git a/modules/librenms/templates/config.php.erb
b/modules/librenms/templates/config.php.erb
index 49a14a6..ea9dbac 100644
--- a/modules/librenms/templates/config.php.erb
+++ b/modules/librenms/templates/config.php.erb
@@ -1,5 +1,11 @@
?php
-# This file is managed by Puppet!
+
+# This file is managed by Puppet, do not modify manually.
+
+$config['install_dir'] = %= @install_dir %;
+$config['html_dir']= %= @install_dir %/html;
+$config['rrd_dir'] = %= @rrd_dir %;
+$config['log_file']= /var/log/librenms.log;
$puppet_config = %= scope.function_phpdump(@config) %;
--
To view, visit https://gerrit.wikimedia.org/r/106896
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
[MediaWiki-commits] [Gerrit] librenms: workaround JunOS stupidness - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106895 Change subject: librenms: workaround JunOS stupidness .. librenms: workaround JunOS stupidness Our librenms host is now dual-stacked (A ). JunOS (or at least the version that we're running) is stupid, and treats a log target of host $hostname with a dual stacked hostname as two log targets, multiplying all log lines by two. Until a better fix is in place, bind rsyslog to IPv4 only. Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 --- M modules/librenms/files/rsyslog.conf 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/95/106895/1 diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf index 7db0178..4d33590 100644 --- a/modules/librenms/files/rsyslog.conf +++ b/modules/librenms/files/rsyslog.conf @@ -1,9 +1,9 @@ $ModLoad imudp +$UDPServerAddress 0.0.0.0 $UDPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on -$RepeatedMsgReduction on $PrivDropToUser librenms $PrivDropToGroup librenms -- To view, visit https://gerrit.wikimedia.org/r/106895 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: workaround JunOS stupidness - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: workaround JunOS stupidness .. librenms: workaround JunOS stupidness Our librenms host is now dual-stacked (A ). JunOS (or at least the version that we're running) is stupid, and treats a log target of host $hostname with a dual stacked hostname as two log targets, multiplying all log lines by two. Until a better fix is in place, bind rsyslog to IPv4 only. Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 --- M modules/librenms/files/rsyslog.conf 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf index 7db0178..4d33590 100644 --- a/modules/librenms/files/rsyslog.conf +++ b/modules/librenms/files/rsyslog.conf @@ -1,9 +1,9 @@ $ModLoad imudp +$UDPServerAddress 0.0.0.0 $UDPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on -$RepeatedMsgReduction on $PrivDropToUser librenms $PrivDropToGroup librenms -- To view, visit https://gerrit.wikimedia.org/r/106895 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: make main class' config option simpler - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: librenms: make main class' config option simpler
..
librenms: make main class' config option simpler
Supplying install_dir, html_dir, rrd_dir log file to the config hash
is kind of wrong, as it's not KISS: the class already knows the best
position for these and sets up other stuff based on these locations
(e.g. logrotate). Pass them to the config.php template instead, outside
of the config hash and simplify the caller.
Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9
---
M manifests/role/librenms.pp
M modules/librenms/manifests/init.pp
M modules/librenms/templates/config.php.erb
3 files changed, 21 insertions(+), 11 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index f34bb0a..a67ee50 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -21,11 +21,6 @@
$config = {
'title_image' =
'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)',
-'install_dir' = $install_dir,
-'html_dir' = ${install_dir}/html,
-'rrd_dir' = '/srv/librenms/rrd',
-'log_file' = '/var/log/librenms.log',
-
'db_host' = 'db1001.eqiad.wmnet',
'db_user' = $passwords::librenms::db_user,
'db_pass' = $passwords::librenms::db_pass,
@@ -72,6 +67,7 @@
class { '::librenms':
install_dir = $install_dir,
+rrd_dir = '/srv/librenms/rrd',
config = $config,
}
class { '::librenms::syslog':
diff --git a/modules/librenms/manifests/init.pp
b/modules/librenms/manifests/init.pp
index 24c3364..0340bc8 100644
--- a/modules/librenms/manifests/init.pp
+++ b/modules/librenms/manifests/init.pp
@@ -8,11 +8,16 @@
# Configuration for LibreNMS, in a puppet hash format.
#
# [*install_dir*]
-# Installation directory for LibreNMS.
+# Installation directory for LibreNMS. Defaults to /srv/librenms.
+#
+# [*rrd_dir*]
+# Location where RRD files are going to be placed. Defaults to rrd under
+# *install_dir*.
#
class librenms(
-$config,
+$config={},
$install_dir='/srv/librenms',
+$rrd_dir=${install_dir}/rrd,
) {
group { 'librenms':
ensure = present,
@@ -68,6 +73,7 @@
'nmap',
'python-mysqldb',
'rrdtool',
+#'snmp',
'snmp-mibs-downloader',
'whois',
]:
@@ -77,7 +83,7 @@
cron { 'librenms-discovery-all':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h all /dev/null 21,
+command = ${install_dir}/discovery.php -h all /dev/null 21,
hour= '*/6',
minute = '33',
require = User['librenms'],
@@ -85,18 +91,20 @@
cron { 'librenms-discovery-new':
ensure = present,
user= 'librenms',
-command = ${install_dir}/discovery.php -h new /dev/null 21,
+command = ${install_dir}/discovery.php -h new /dev/null 21,
minute = '*/5',
require = User['librenms'],
}
cron { 'librenms-poller-all':
ensure = present,
user= 'librenms',
-command = /usr/bin/python ${install_dir}/poller-wrapper.py 16
/dev/null 21,
+command = python ${install_dir}/poller-wrapper.py 16 /dev/null
21,
minute = '*/5',
require = User['librenms'],
}
+# syslog script, in an install_dir-agnostic location
+# used by librenms::syslog or a custom alternative placed manually.
file { '/usr/local/sbin/librenms-syslog':
ensure = link,
target = ${install_dir}/syslog.php,
diff --git a/modules/librenms/templates/config.php.erb
b/modules/librenms/templates/config.php.erb
index 49a14a6..ea9dbac 100644
--- a/modules/librenms/templates/config.php.erb
+++ b/modules/librenms/templates/config.php.erb
@@ -1,5 +1,11 @@
?php
-# This file is managed by Puppet!
+
+# This file is managed by Puppet, do not modify manually.
+
+$config['install_dir'] = %= @install_dir %;
+$config['html_dir']= %= @install_dir %/html;
+$config['rrd_dir'] = %= @rrd_dir %;
+$config['log_file']= /var/log/librenms.log;
$puppet_config = %= scope.function_phpdump(@config) %;
--
To view, visit https://gerrit.wikimedia.org/r/106896
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
[MediaWiki-commits] [Gerrit] Fix various typos - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Fix various typos
..
Fix various typos
Change-Id: I2aa6e65e4eac8b920bf39fb51089cfaea9b0956f
---
M files/nfs/upstart-nfs-noidmap.conf
M manifests/ganglia.pp
M modules/toollabs/manifests/init.pp
3 files changed, 15 insertions(+), 16 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/files/nfs/upstart-nfs-noidmap.conf
b/files/nfs/upstart-nfs-noidmap.conf
index 61fb5cf..91dc558 100644
--- a/files/nfs/upstart-nfs-noidmap.conf
+++ b/files/nfs/upstart-nfs-noidmap.conf
@@ -1,10 +1,10 @@
# nfs-noidmap - disable idmap for cross-project NFS
#
-# This task disables the kernel's automatic idmap for NFSv4
-# to allow conflicting group names accross projects
+# This task disables the kernel's automatic idmap for NFSv4 to allow
+# conflicting group names across projects.
#
-# Made into an upstart task because that setting is annoyingly
-# not made available through sysctl.
+# Made into an upstart task because that setting is annoyingly not
+# made available through sysctl.
description disable idmap for cross-project NFS
diff --git a/manifests/ganglia.pp b/manifests/ganglia.pp
index 1a08f35..fa06976 100644
--- a/manifests/ganglia.pp
+++ b/manifests/ganglia.pp
@@ -574,27 +574,27 @@
}
-# == Define ganlia::view
+# == Define ganglia::view
# Defines a Ganglia view JSON file.
# See
http://sourceforge.net/apps/trac/ganglia/wiki/ganglia-web-2#JSONdefinitionforviews
# for documentation on Ganglia view JSON format.
#
# == Parameters:
-# $graphs - Shortcut for of describing items that represent
aggregate_graphs.
+# $graphs - Shortcut for describing items that represent
aggregate_graphs.
# $items- Should match exactly the JSON structure expected by Ganglia
for views.
# $view_type- If you are using aggregate_graphs, this must be set to
'standard'.
# 'regex' will allow you to use non-aggregate graphs and match
hostnames by regex.
# Default: 'standard'.
# $default_size - Default size for graphs. Default: 'large'.
# $conf_dir - Path to directory where ganglia view JSON files should live.
-# Defaults to the appropriate directory based on WMF $::realm.
Default: to /var/lib/ganglia/conf
-# $template - The ERb template to use for the JSON file. Only change this
if you need to do fancier things than this define allows.
+# Defaults to the appropriate directory based on WMF $::realm.
Default: /var/lib/ganglia/conf.
+# $template - The ERB template to use for the JSON file. Only change this
if you need to do fancier things than this define allows.
#
# == Examples:
-# # A 'regex' (non aggregate graph) view:
+# # A 'regex' (non-aggregate graph) view:
# # Note that no aggregate_graphs are used.
# # This will add 4 graphs to the 'cpu' view.
-# # (i.e. cpu_user and cpu_system for each myhost and myhost1)
+# # (i.e. cpu_user and cpu_system for each myhost0 and myhost1)
# $host_regex = 'myhost[01]'
# ganglia::view { 'cpu':
# view_type = 'regex',
@@ -662,10 +662,10 @@
# $plugins - the plugin name (ex: 'diskstat'), will install the Python file
# located in files/ganglia/plugins/${name}.py and expand the template from
# templates/ganglia/plugins/${name}.pyconf.erb.
-# Defaults to $title as a convenience
+# Defaults to $title as a convenience.
#
-# $opts - optional hash which can be used in the template. The defaults are
-# hardcoded in the templates. Default to {}
+# $opts - optional hash which can be used in the template. The
+# defaults are hardcoded in the templates. Defaults to {}.
#
# == Examples:
#
diff --git a/modules/toollabs/manifests/init.pp
b/modules/toollabs/manifests/init.pp
index a125e35..48190e5 100644
--- a/modules/toollabs/manifests/init.pp
+++ b/modules/toollabs/manifests/init.pp
@@ -74,7 +74,7 @@
# Tool Labs is enduser-facing, so we want to control the motd
# properly (most things make no sense for community users: they
# don't care that packages need updating, or that filesystems
-# will be checked, for instance)
+# will be checked, for instance).
file { '/etc/update-motd.d':
ensure = directory,
@@ -86,7 +86,7 @@
purge = true,
}
-# We keep a project-locat apt repo where we stuff packages we build
+# We keep a project-local apt repo where we stuff packages we build
# that are intended to be local to the project. By keeping it on the
# shared storage, we have no need to set up a server to use it.
@@ -126,4 +126,3 @@
target = ${store}/mail,
}
}
-
--
To view, visit https://gerrit.wikimedia.org/r/107165
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2aa6e65e4eac8b920bf39fb51089cfaea9b0956f
Gerrit-PatchSet: 2
Gerrit-Project:
[MediaWiki-commits] [Gerrit] Varnish: don't mobile redirect www.$project.org - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Varnish: don't mobile redirect www.$project.org
..
Varnish: don't mobile redirect www.$project.org
URLs such as www.wikivoyage.org/wiki/Article redirect to
en.wikivoyage.org. The issue is not Wikivoyage-specific projects as it
happens with e.g. www.wikipedia.org too. However, www.wikivoyage.org
links are still in old web references search engine indexes, so it
makes matters especially worse for Wikivoyage.
The problem is the mobile redirector runs before these redirects take
place, and redirects to www.m, which NXDOMAINs and users get error
pages.
Fix this by excluding www from the mobile redirect.
Bug: 48318
Change-Id: Ie9147de410a51e3bd3d3597e27b00ccee4f9f236
---
M templates/varnish/text-frontend.inc.vcl.erb
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/varnish/text-frontend.inc.vcl.erb
b/templates/varnish/text-frontend.inc.vcl.erb
index cde37d0..c3474da 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -26,7 +26,7 @@
req.http.User-Agent !~
(iPad|Android.3|(?i)tablet|PlayBook|Wii)
req.http.Cookie !~
(stopMobileRedirect=true|mf_useformat=desktop)
req.url ~ ^/wiki/) {
- set req.http.MobileHost = regsub(req.http.Host,
^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\.,
\1m.\2.);
+ set req.http.MobileHost = regsub(req.http.Host,
^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|(?!www)\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\.,
\1m.\2.);
if (req.http.Host != req.http.MobileHost) {
if (req.http.X-Forwarded-Proto) {
set req.http.Location =
req.http.X-Forwarded-Proto + :// + req.http.MobileHost + req.url;
--
To view, visit https://gerrit.wikimedia.org/r/89879
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie9147de410a51e3bd3d3597e27b00ccee4f9f236
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: JanZerebecki jan.wikime...@zerebecki.de
Gerrit-Reviewer: BBlack bbl...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org
Gerrit-Reviewer: MaxSem maxsem.w...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] varnish: simplify the mobile redirect regexp - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: varnish: simplify the mobile redirect regexp
..
varnish: simplify the mobile redirect regexp
Now that we don't have to maintain squid redirector compatibility,
rewrite the huge, almost unreadable, mobile redirect regexp in three
distinct, easier to maintain redirects.
This was done with efficiency in mind and avoids checking for the same
match twice. The three redirects are likely to be slower than one, but
this is hopefully offset by not checking for e.g. wikimedia three
times. Plus, the regsubs are within the multiple-clause UA/cookie/url
guard, so it only does matter for a small minority of hits.
Change-Id: Iebfbc46d1a6a878d5c074ac44b8f2a8cda82
---
M templates/varnish/text-frontend.inc.vcl.erb
1 file changed, 8 insertions(+), 1 deletion(-)
Approvals:
JanZerebecki: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/varnish/text-frontend.inc.vcl.erb
b/templates/varnish/text-frontend.inc.vcl.erb
index c3474da..f857ac3 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -26,7 +26,14 @@
req.http.User-Agent !~
(iPad|Android.3|(?i)tablet|PlayBook|Wii)
req.http.Cookie !~
(stopMobileRedirect=true|mf_useformat=desktop)
req.url ~ ^/wiki/) {
- set req.http.MobileHost = regsub(req.http.Host,
^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|(?!www)\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\.,
\1m.\2.);
+
+ # Separate regexps for clarity, but multiple regsubs instead of
+ # if host ~/regsub matches for efficiency. Be careful to not
+ # write overlapping/chaining regexps.
+ set req.http.MobileHost = regsub(req.http.Host,
^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.);
+ set req.http.MobileHost = regsub(req.http.Host,
^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\.,
\1.m.\2.);
+ set req.http.MobileHost = regsub(req.http.Host,
^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\.,
\1.m.\2.);
+
if (req.http.Host != req.http.MobileHost) {
if (req.http.X-Forwarded-Proto) {
set req.http.Location =
req.http.X-Forwarded-Proto + :// + req.http.MobileHost + req.url;
--
To view, visit https://gerrit.wikimedia.org/r/106669
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iebfbc46d1a6a878d5c074ac44b8f2a8cda82
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: JanZerebecki jan.wikime...@zerebecki.de
Gerrit-Reviewer: MaxSem maxsem.w...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fix mobile redirect breakage - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107349
Change subject: Fix mobile redirect breakage
..
Fix mobile redirect breakage
Commit Iebfbc46 broke the mobile redirect for mediawiki.org,
wikimediafoundation.org and wikimedia.org subdomains. Fortunately it was
caught very shortly after its deployment and affects a very minor amount
of traffic. Fix this by fixing the regsubs().
Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8
---
M templates/varnish/text-frontend.inc.vcl.erb
1 file changed, 4 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/49/107349/1
diff --git a/templates/varnish/text-frontend.inc.vcl.erb
b/templates/varnish/text-frontend.inc.vcl.erb
index f857ac3..602e53f 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -30,9 +30,10 @@
# Separate regexps for clarity, but multiple regsubs instead of
# if host ~/regsub matches for efficiency. Be careful to not
# write overlapping/chaining regexps.
- set req.http.MobileHost = regsub(req.http.Host,
^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.);
- set req.http.MobileHost = regsub(req.http.Host,
^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\.,
\1.m.\2.);
- set req.http.MobileHost = regsub(req.http.Host,
^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\.,
\1.m.\2.);
+ set req.http.MobileHost = req.http.Host;
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.);
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\.,
\1.m.\2.);
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\.,
\1.m.\2.);
if (req.http.Host != req.http.MobileHost) {
if (req.http.X-Forwarded-Proto) {
--
To view, visit https://gerrit.wikimedia.org/r/107349
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fix mobile redirect breakage - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Fix mobile redirect breakage
..
Fix mobile redirect breakage
Commit Iebfbc46 broke the mobile redirect for mediawiki.org,
wikimediafoundation.org and wikimedia.org subdomains. Fortunately it was
caught very shortly after its deployment and affects a very minor amount
of traffic. Fix this by fixing the regsubs().
Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8
---
M templates/varnish/text-frontend.inc.vcl.erb
1 file changed, 4 insertions(+), 3 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/templates/varnish/text-frontend.inc.vcl.erb
b/templates/varnish/text-frontend.inc.vcl.erb
index f857ac3..602e53f 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -30,9 +30,10 @@
# Separate regexps for clarity, but multiple regsubs instead of
# if host ~/regsub matches for efficiency. Be careful to not
# write overlapping/chaining regexps.
- set req.http.MobileHost = regsub(req.http.Host,
^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.);
- set req.http.MobileHost = regsub(req.http.Host,
^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\.,
\1.m.\2.);
- set req.http.MobileHost = regsub(req.http.Host,
^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\.,
\1.m.\2.);
+ set req.http.MobileHost = req.http.Host;
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.);
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\.,
\1.m.\2.);
+ set req.http.MobileHost = regsub(req.http.MobileHost,
^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\.,
\1.m.\2.);
if (req.http.Host != req.http.MobileHost) {
if (req.http.X-Forwarded-Proto) {
--
To view, visit https://gerrit.wikimedia.org/r/107349
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: don't inadvertently convert 500s to 503s - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107364
Change subject: Varnish: don't inadvertently convert 500s to 503s
..
Varnish: don't inadvertently convert 500s to 503s
Currently, when retry5xx is set in the puppet config, we return(restart)
from vcl_fetch() on 500s, to have Varnish retry the request on a
different backend.
However, we have no protection against doing this indefinitely by
checking req.restart, so we end up doing so, and hitting Varnish's
max_restarts loop detection parameter and have the frontend throw its
own cryptic 503 instead of e.g. a backend (either Varnish or MediaWiki)
display its own 500 or 503.
Fix this by guarding the return(restart) with req.restarts, and
hardcoding 4 in the process. We might want to lower this more in the
future (4 retires sounds like a lot) but for now this should do it.
Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 10 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/64/107364/1
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 25621e1..1da3391 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -305,7 +305,16 @@
}
% if vcl_config.fetch(retry5xx, 0) == 1 -%
if (beresp.status = 500 beresp.status 505) {
- return(restart);
+ # Retry the backend request 3 times, then give up and display
+ # the backend's error page, instead of our own.
+ #
+ # Note that max_restarts is 4 by default, so Varnish would
+ # otherwise detect this as a loop and present its own 503.
+ if (req.restarts 4) {
+ return(restart);
+ } else {
+ return(pass);
+ }
}
% end -%
set beresp.grace = 60m;
--
To view, visit https://gerrit.wikimedia.org/r/107364
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: don't inadvertently convert 500s to 503s - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Varnish: don't inadvertently convert 500s to 503s
..
Varnish: don't inadvertently convert 500s to 503s
Currently, when retry5xx is set in the puppet config, we return(restart)
from vcl_fetch() on 500s, to have Varnish retry the request on a
different backend.
However, we have no protection against doing this indefinitely by
checking req.restart, so we end up doing so, and hitting Varnish's
max_restarts loop detection parameter and have the frontend throw its
own cryptic 503 instead of e.g. a backend (either Varnish or MediaWiki)
display its own 500 or 503.
Fix this by guarding the return(restart) with req.restarts, and
hardcoding 4 in the process. We might want to lower this more in the
future (4 retires sounds like a lot) but for now this should do it.
Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 10 insertions(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 25621e1..1da3391 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -305,7 +305,16 @@
}
% if vcl_config.fetch(retry5xx, 0) == 1 -%
if (beresp.status = 500 beresp.status 505) {
- return(restart);
+ # Retry the backend request 3 times, then give up and display
+ # the backend's error page, instead of our own.
+ #
+ # Note that max_restarts is 4 by default, so Varnish would
+ # otherwise detect this as a loop and present its own 503.
+ if (req.restarts 4) {
+ return(restart);
+ } else {
+ return(pass);
+ }
}
% end -%
set beresp.grace = 60m;
--
To view, visit https://gerrit.wikimedia.org/r/107364
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: brown paper bag fix for return(restart) - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107365
Change subject: Varnish: brown paper bag fix for return(restart)
..
Varnish: brown paper bag fix for return(restart)
Apparently the author forgot his understanding of Varnish flow control
structures and basic arithmetics.
Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/65/107365/1
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 1da3391..c509f2a 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -310,10 +310,10 @@
#
# Note that max_restarts is 4 by default, so Varnish would
# otherwise detect this as a loop and present its own 503.
- if (req.restarts 4) {
+ if (req.restarts 3) {
return(restart);
} else {
- return(pass);
+ return(deliver);
}
}
% end -%
--
To view, visit https://gerrit.wikimedia.org/r/107365
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: brown paper bag fix for return(restart) - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Varnish: brown paper bag fix for return(restart)
..
Varnish: brown paper bag fix for return(restart)
Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 1da3391..c509f2a 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -310,10 +310,10 @@
#
# Note that max_restarts is 4 by default, so Varnish would
# otherwise detect this as a loop and present its own 503.
- if (req.restarts 4) {
+ if (req.restarts 3) {
return(restart);
} else {
- return(pass);
+ return(deliver);
}
}
% end -%
--
To view, visit https://gerrit.wikimedia.org/r/107365
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] gdash: remove logbase from reqstats.5xx - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: gdash: remove logbase from reqstats.5xx .. gdash: remove logbase from reqstats.5xx As surprising as that sounds, reqstats.5xx can be 0 sometimes, in which case Graphite returns a 500 with a backtrace that ends with: GraphError: Logarithmic scale specified with a dataset with a minimum value less than or equal to zero. Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f --- M files/gdash/dashboards/reqerror/1.5xx.graph M files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph M files/gdash/dashboards/reqerror/5.5xx-1wk.graph M files/gdash/dashboards/reqerror/7.5xx-2m.graph M files/gdash/dashboards/reqerror/9.5xx-1y.graph 5 files changed, 0 insertions(+), 5 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/files/gdash/dashboards/reqerror/1.5xx.graph b/files/gdash/dashboards/reqerror/1.5xx.graph index 264b006..014d94d 100644 --- a/files/gdash/dashboards/reqerror/1.5xx.graph +++ b/files/gdash/dashboards/reqerror/1.5xx.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -8hours linewidth 2 -logbase 2 linemode connected hide_legend false from -8hours diff --git a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph index 8a505b4..18a185e 100644 --- a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph +++ b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -1day linewidth 2 -logbase 2 linemode staircase hide_legend false from -1 day diff --git a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph index 5813884..4105a8c 100644 --- a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph +++ b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1week linewidth 2 -logbase 2 linemode connected hide_legend false from -1 week diff --git a/files/gdash/dashboards/reqerror/7.5xx-2m.graph b/files/gdash/dashboards/reqerror/7.5xx-2m.graph index 90af6ad..000126b 100644 --- a/files/gdash/dashboards/reqerror/7.5xx-2m.graph +++ b/files/gdash/dashboards/reqerror/7.5xx-2m.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -2month linewidth 2 -logbase 10 linemode connected hide_legend false from -2month diff --git a/files/gdash/dashboards/reqerror/9.5xx-1y.graph b/files/gdash/dashboards/reqerror/9.5xx-1y.graph index d1c6a5d..7db424b 100644 --- a/files/gdash/dashboards/reqerror/9.5xx-1y.graph +++ b/files/gdash/dashboards/reqerror/9.5xx-1y.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1year linewidth 2 -logbase 10 linemode connected hide_legend false from -1year -- To view, visit https://gerrit.wikimedia.org/r/107367 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] gdash: remove logbase from reqstats.5xx - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107367 Change subject: gdash: remove logbase from reqstats.5xx .. gdash: remove logbase from reqstats.5xx As surprising as that sounds, reqstats.5xx can be 0 sometimes, in which case Graphite returns a 500 with a backtrace that ends with: GraphError: Logarithmic scale specified with a dataset with a minimum value less than or equal to zero. Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f --- M files/gdash/dashboards/reqerror/1.5xx.graph M files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph M files/gdash/dashboards/reqerror/5.5xx-1wk.graph M files/gdash/dashboards/reqerror/7.5xx-2m.graph M files/gdash/dashboards/reqerror/9.5xx-1y.graph 5 files changed, 0 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/67/107367/1 diff --git a/files/gdash/dashboards/reqerror/1.5xx.graph b/files/gdash/dashboards/reqerror/1.5xx.graph index 264b006..014d94d 100644 --- a/files/gdash/dashboards/reqerror/1.5xx.graph +++ b/files/gdash/dashboards/reqerror/1.5xx.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -8hours linewidth 2 -logbase 2 linemode connected hide_legend false from -8hours diff --git a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph index 8a505b4..18a185e 100644 --- a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph +++ b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -1day linewidth 2 -logbase 2 linemode staircase hide_legend false from -1 day diff --git a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph index 5813884..4105a8c 100644 --- a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph +++ b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1week linewidth 2 -logbase 2 linemode connected hide_legend false from -1 week diff --git a/files/gdash/dashboards/reqerror/7.5xx-2m.graph b/files/gdash/dashboards/reqerror/7.5xx-2m.graph index 90af6ad..000126b 100644 --- a/files/gdash/dashboards/reqerror/7.5xx-2m.graph +++ b/files/gdash/dashboards/reqerror/7.5xx-2m.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -2month linewidth 2 -logbase 10 linemode connected hide_legend false from -2month diff --git a/files/gdash/dashboards/reqerror/9.5xx-1y.graph b/files/gdash/dashboards/reqerror/9.5xx-1y.graph index d1c6a5d..7db424b 100644 --- a/files/gdash/dashboards/reqerror/9.5xx-1y.graph +++ b/files/gdash/dashboards/reqerror/9.5xx-1y.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1year linewidth 2 -logbase 10 linemode connected hide_legend false from -1year -- To view, visit https://gerrit.wikimedia.org/r/107367 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give iodine a predictable IPv6 address - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Give iodine a predictable IPv6 address
..
Give iodine a predictable IPv6 address
Then we can have rdns for outbound OTRS mail.
Maybe doesn't make a big difference because it goes through another MTA
on the way out, but will at least make manual review of headers a bit
easier.
RT: 3645
Change-Id: I0f536e046bd5dfb9e920fba70a4b642aa344037c
---
M manifests/site.pp
1 file changed, 2 insertions(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/site.pp b/manifests/site.pp
index a360181..f6fcfac 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2662,6 +2662,8 @@
node iodine.wikimedia.org {
include role::otrs
+
+interface::add_ip6_mapped { main: interface = eth0 }
}
node /^wtp10(0[1-9]|1[0-9]|2[0-4])\.eqiad\.wmnet$/ {
--
To view, visit https://gerrit.wikimedia.org/r/94111
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0f536e046bd5dfb9e920fba70a4b642aa344037c
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jeremyb jer...@tuxmachine.com
Gerrit-Reviewer: Dzahn dz...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Jeremyb jer...@tuxmachine.com
Gerrit-Reviewer: Jgreen jgr...@wikimedia.org
Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add logstash.wikimedia.org - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add logstash.wikimedia.org .. Add logstash.wikimedia.org Logstash.wikimedia.org will host a frontend for searching log data stored in an Elasticsearch cluster. The misc varnish cluster will provide SSL termination and failover support. Depends on If10eb3a Change-Id: I1e2127d0e2a51285b2f62074ab16635b05983e2b --- M templates/wikimedia.org 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wikimedia.org b/templates/wikimedia.org index 5943802..c6c0ce7 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -645,6 +645,7 @@ labs-ns0 1H IN A208.80.152.33 labs-ns1 1H IN A208.80.154.19 labsconsole1H IN CNAMEwikitech +logstash 1H IN CNAMEmisc-web-lb.eqiad metrics-api1H IN CNAMEstat1001 metrics1H IN CNAMEstat1001 noc1H IN CNAMEfenari -- To view, visit https://gerrit.wikimedia.org/r/105105 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1e2127d0e2a51285b2f62074ab16635b05983e2b Gerrit-PatchSet: 4 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Proxy logstash.wikimedia.org via misc varnish cluster - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Proxy logstash.wikimedia.org via misc varnish cluster
..
Proxy logstash.wikimedia.org via misc varnish cluster
Use the misc Varnish cluster to provide SSL termination and load
balancing for logstash.wikimedia.org.
Depends on: I504c4c1
Change-Id: If10eb3a99916df7172c869efd248f45f6d081b7f
---
M manifests/role/cache.pp
M modules/varnish/templates/vcl/wikimedia.vcl.erb
M templates/varnish/misc.inc.vcl.erb
3 files changed, 25 insertions(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 0657734..1f6a204 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -1183,6 +1183,9 @@
'ytterbium.wikimedia.org',
'tungsten.eqiad.wmnet',
'zirconium.wikimedia.org',
+'logstash1001.eqiad.wmnet',
+'logstash1002.eqiad.wmnet',
+'logstash1003.eqiad.wmnet',
],
backend_options = [
{
@@ -1190,12 +1193,23 @@
'port' = 8080,
},
{
+'backend_match' = '^logstash',
+'probe' = 'logstash',
+},
+{
'port' = 80,
'connect_timeout' = '5s',
'first_byte_timeout' = '35s',
'between_bytes_timeout' = '4s',
'max_connections' = 100,
-}]
+}],
+directors = {
+'logstash' = [
+'logstash1001.eqiad.wmnet',
+'logstash1002.eqiad.wmnet',
+'logstash1003.eqiad.wmnet',
+]
+},
}
}
}
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index c509f2a..7787f1a 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -103,6 +103,14 @@
.timeout = 2s;
}
+probe logstash {
+ .url = /status;
+ .interval = 5s;
+ .timeout = 1s;
+ .window = 5;
+ .threshold = 3;
+}
+
# Backends
# List of Puppet generated backends
diff --git a/templates/varnish/misc.inc.vcl.erb
b/templates/varnish/misc.inc.vcl.erb
index d650371..0974402 100644
--- a/templates/varnish/misc.inc.vcl.erb
+++ b/templates/varnish/misc.inc.vcl.erb
@@ -12,6 +12,8 @@
set req.backend = ytterbium;
} elsif (req.http.Host == gdash.wikimedia.org || req.http.Host ==
graphite.wikimedia.org) {
set req.backend = tungsten;
+ } elsif (req.http.Host == logstash.wikimedia.org){
+ set req.backend = logstash;
} elsif (req.http.Host == scholarships.wikimedia.org) {
set req.backend = zirconium;
} else {
--
To view, visit https://gerrit.wikimedia.org/r/106170
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If10eb3a99916df7172c869efd248f45f6d081b7f
Gerrit-PatchSet: 8
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis bda...@wikimedia.org
Gerrit-Reviewer: Aaron Schulz asch...@wikimedia.org
Gerrit-Reviewer: BryanDavis bda...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert Initial commit of pmacct module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107550
Change subject: Revert Initial commit of pmacct module
..
Revert Initial commit of pmacct module
This reverts commit 2e7954be2d24fe2ed6d246ce0b30f8b24750a8fa. This
violates a bunch of our conventions and really needs to go via a proper
code review process.
Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1
---
D modules/pmacct/manifests/devices.pp
D modules/pmacct/manifests/init.pp
D modules/pmacct/manifests/makeconfig.pp
D modules/pmacct/templates/config.erb
4 files changed, 0 insertions(+), 218 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/50/107550/1
diff --git a/modules/pmacct/manifests/devices.pp
b/modules/pmacct/manifests/devices.pp
deleted file mode 100644
index a9f4339..000
--- a/modules/pmacct/manifests/devices.pp
+++ /dev/null
@@ -1,61 +0,0 @@
-# Class: pmacct
-#
-# List of devices speaking netflow/ipfix
-#
-# IP is needed for iptables rules changes
-# port is needed for flow and bpg config
-# samplerate is to adjust for sampling
-
-class pmacct::devices {
-# Device Listing
-$list = {
-# tpa - as65001
-cr1-sdtpa = {
-port = '6511',
-ip = '208.80.152.196',
-samplerate = '200',
-},
-# Currently running old JunOS and will not sample correctly
-#cr2-pmtpa = {
-#port = '6512',
-#ip = '208.80.152.197',
-#samplerate = '1000',
-#},
-
-# eqiad - as65002
-cr1-eqiad = {
-port = '6521',
-ip = '208.80.154.196',
-samplerate = '1000',
-},
-cr2-eqiad = {
-port = '6522',
-ip = '208.80.154.197',
-samplerate = '1000',
-},
-
-# ulsfo - as65003
-cr1-ulsfo = {
-port = '6531',
-ip = '198.35.26.192',
-samplerate = '1000',
-},
-cr2-ulsfo = {
-port = '6532',
-ip = '198.35.26.193',
-samplerate = '1000',
-},
-
-# ams - as43821
-cr1-esams = {
-port = '4381',
-ip = '91.198.174.245',
-samplerate = '1000',
-},
-cr2-knams = {
-port = '4382',
-ip = '91.198.174.246',
-samplerate = '1000',
-},
-}
-}
diff --git a/modules/pmacct/manifests/init.pp b/modules/pmacct/manifests/init.pp
deleted file mode 100644
index 3d1d098..000
--- a/modules/pmacct/manifests/init.pp
+++ /dev/null
@@ -1,73 +0,0 @@
-# Class: pmacct
-#
-# This installs and mangages pmacct configuraiton
-# http://www.pmacct.net/
-#
-# Will initially be added to node 'netmon1001'
-
-class pmacct {
-
-# Note: $pmacct::home does not work here... ?
-$home = '/srv/pmacct'
-
-# mysql
-$mysqlhost = '127.0.0.1'
-$mysqluser = 'pmacct'
-$mysqlpass = $passwords::pmacct::mysqlpass
-
-# Package (have a fresh one built by Faidon)
-# --enable-mysql --enable-64bit --enable-threads --enable-geoip
-# and added to our repo?
-package { 'pmacct':
-ensure = installed,
-}
-
-# User creation (not done by package)
-generic::systemuser { 'pmacct':
-name = 'pmacct',
-home = $pmacct::home,
-shell = '/bin/sh',
-}
-
-# Home directory
-file { $pmacct::home:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode = '0750',
-}
-
-# Log directory
-file { ${pmacct::home}/logs:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode= '0750',
-require = File[ $pmacct::home ],
-}
-
-# Config directory
-file { ${pmacct::home}/configs:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode= '0750',
-require = File[ $pmacct::home ],
-}
-
-# Device list (nice to keep it in it's own world)
-require 'pmacct::devices'
-
-# Iterate over the device list to create new configs
-# FIXME: Review daniel's different method for iterating over a hash..
-create_resources('pmacct::makeconfig', $pmacct::devices::list)
-
-# Iterate over the device list to verify/check iptables redirects
-# FIXME: ferm (should probably happen in one iterate...
-
-
-# FIXME: make sure services are running (not start/stop scripts)
-# ...
-}
-
-
diff --git a/modules/pmacct/manifests/makeconfig.pp
b/modules/pmacct/manifests/makeconfig.pp
deleted file mode 100644
index 65a207e..000
--- a/modules/pmacct/manifests/makeconfig.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-# pmacct::makeconfig
-# Generates a unique config file per device
-
-define
[MediaWiki-commits] [Gerrit] Revert Initial commit of pmacct module - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Revert Initial commit of pmacct module
..
Revert Initial commit of pmacct module
This reverts commit 2e7954be2d24fe2ed6d246ce0b30f8b24750a8fa. This
violates a bunch of our conventions and really needs to go via a proper
code review process. It's also a broken pmacct configuration (no
/opt/maxmind, among others).
More importantly, it's also a doubly broken ferm configuration that
would break all other netmon1001 services if it was otherwise
non-broken.
Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1
---
M manifests/site.pp
D modules/pmacct/manifests/devices.pp
D modules/pmacct/manifests/init.pp
D modules/pmacct/manifests/makeconfig.pp
D modules/pmacct/templates/config.erb
5 files changed, 1 insertion(+), 222 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/site.pp b/manifests/site.pp
index f6fcfac..6ec6549 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1886,10 +1886,7 @@
misc::rancid,
smokeping,
smokeping::web,
-role::librenms,
- geoip,
- pmacct,
- ferm
+role::librenms
interface::add_ip6_mapped { main: }
}
diff --git a/modules/pmacct/manifests/devices.pp
b/modules/pmacct/manifests/devices.pp
deleted file mode 100644
index a9f4339..000
--- a/modules/pmacct/manifests/devices.pp
+++ /dev/null
@@ -1,61 +0,0 @@
-# Class: pmacct
-#
-# List of devices speaking netflow/ipfix
-#
-# IP is needed for iptables rules changes
-# port is needed for flow and bpg config
-# samplerate is to adjust for sampling
-
-class pmacct::devices {
-# Device Listing
-$list = {
-# tpa - as65001
-cr1-sdtpa = {
-port = '6511',
-ip = '208.80.152.196',
-samplerate = '200',
-},
-# Currently running old JunOS and will not sample correctly
-#cr2-pmtpa = {
-#port = '6512',
-#ip = '208.80.152.197',
-#samplerate = '1000',
-#},
-
-# eqiad - as65002
-cr1-eqiad = {
-port = '6521',
-ip = '208.80.154.196',
-samplerate = '1000',
-},
-cr2-eqiad = {
-port = '6522',
-ip = '208.80.154.197',
-samplerate = '1000',
-},
-
-# ulsfo - as65003
-cr1-ulsfo = {
-port = '6531',
-ip = '198.35.26.192',
-samplerate = '1000',
-},
-cr2-ulsfo = {
-port = '6532',
-ip = '198.35.26.193',
-samplerate = '1000',
-},
-
-# ams - as43821
-cr1-esams = {
-port = '4381',
-ip = '91.198.174.245',
-samplerate = '1000',
-},
-cr2-knams = {
-port = '4382',
-ip = '91.198.174.246',
-samplerate = '1000',
-},
-}
-}
diff --git a/modules/pmacct/manifests/init.pp b/modules/pmacct/manifests/init.pp
deleted file mode 100644
index 3d1d098..000
--- a/modules/pmacct/manifests/init.pp
+++ /dev/null
@@ -1,73 +0,0 @@
-# Class: pmacct
-#
-# This installs and mangages pmacct configuraiton
-# http://www.pmacct.net/
-#
-# Will initially be added to node 'netmon1001'
-
-class pmacct {
-
-# Note: $pmacct::home does not work here... ?
-$home = '/srv/pmacct'
-
-# mysql
-$mysqlhost = '127.0.0.1'
-$mysqluser = 'pmacct'
-$mysqlpass = $passwords::pmacct::mysqlpass
-
-# Package (have a fresh one built by Faidon)
-# --enable-mysql --enable-64bit --enable-threads --enable-geoip
-# and added to our repo?
-package { 'pmacct':
-ensure = installed,
-}
-
-# User creation (not done by package)
-generic::systemuser { 'pmacct':
-name = 'pmacct',
-home = $pmacct::home,
-shell = '/bin/sh',
-}
-
-# Home directory
-file { $pmacct::home:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode = '0750',
-}
-
-# Log directory
-file { ${pmacct::home}/logs:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode= '0750',
-require = File[ $pmacct::home ],
-}
-
-# Config directory
-file { ${pmacct::home}/configs:
-ensure = 'directory',
-owner = 'pmacct',
-group = 'pmacct',
-mode= '0750',
-require = File[ $pmacct::home ],
-}
-
-# Device list (nice to keep it in it's own world)
-require 'pmacct::devices'
-
-# Iterate over the device list to create new configs
-# FIXME: Review daniel's different method for iterating over a hash..
-
[MediaWiki-commits] [Gerrit] Give Nik Chad root access to lucene search boxes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107551
Change subject: Give Nik Chad root access to lucene search boxes
..
Give Nik Chad root access to lucene search boxes
They're both doing search have access to the new search
infrastructure, it's silly for them to not have access on the old one.
RT: 6628
Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1
---
M manifests/role/lucene.pp
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/51/107551/1
diff --git a/manifests/role/lucene.pp b/manifests/role/lucene.pp
index 10304fb..007456c 100644
--- a/manifests/role/lucene.pp
+++ b/manifests/role/lucene.pp
@@ -143,6 +143,9 @@
include admins::roots,
admins::mortals,
admins::restricted
+
+ sudo_user { [ manybubbles ]: privileges = ['ALL =
NOPASSWD: ALL'] }
+ sudo_user { [ demon ]: privileges = ['ALL =
NOPASSWD: ALL'] }
}
}
--
To view, visit https://gerrit.wikimedia.org/r/107551
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give Nik Chad root access to lucene search boxes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Give Nik Chad root access to lucene search boxes
..
Give Nik Chad root access to lucene search boxes
They're both doing search have access to the new search
infrastructure, it's silly for them to not have access on the old one.
RT: 6628
Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1
---
M manifests/role/lucene.pp
1 file changed, 3 insertions(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/lucene.pp b/manifests/role/lucene.pp
index 10304fb..007456c 100644
--- a/manifests/role/lucene.pp
+++ b/manifests/role/lucene.pp
@@ -143,6 +143,9 @@
include admins::roots,
admins::mortals,
admins::restricted
+
+ sudo_user { [ manybubbles ]: privileges = ['ALL =
NOPASSWD: ALL'] }
+ sudo_user { [ demon ]: privileges = ['ALL =
NOPASSWD: ALL'] }
}
}
--
To view, visit https://gerrit.wikimedia.org/r/107551
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: redirect to HTTPS - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107557
Change subject: kibana: redirect to HTTPS
..
kibana: redirect to HTTPS
We shouldn't pass credentials nor potentially sensitive loglines clear
over clear text. Since we're behind misc-web-lb, do the redirect based
on the X-Forwarded-Proto HTTP header.
Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
---
M templates/kibana/apache.conf.erb
1 file changed, 6 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/107557/1
diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb
index 96a434d..42f4c6e 100644
--- a/templates/kibana/apache.conf.erb
+++ b/templates/kibana/apache.conf.erb
@@ -10,6 +10,11 @@
DocumentRoot %= @deploy_dir %/src
+ RewriteEngine on
+ RewriteCond %{HTTP:X-Forwarded-Proto} !https
+ RewriteCond %{REQUEST_URI} !^/status$
+ RewriteRule ^/(.*)$ https://%= @hostname %%{REQUEST_URI} [R=301,L]
+
Directory /
Options FollowSymLinks
AllowOverride None
@@ -68,7 +73,7 @@
Header set Cache-Control public, must-revalidate, max-age=900
/LocationMatch
- # Storage/retrival of saved dashboards via elasticsearch
+ # Storage/retrieval of saved dashboards via elasticsearch
LocationMatch ^/(kibana-int/dashboard/|kibana-int/temp)(.*)$
ProxyPassMatch http://%= @es_host %:%= @es_port %/$1$2
ProxyPassReverse http://%= @es_host %:%= @es_port %/$1$2
--
To view, visit https://gerrit.wikimedia.org/r/107557
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: redirect to HTTPS - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: kibana: redirect to HTTPS
..
kibana: redirect to HTTPS
We shouldn't pass credentials nor potentially sensitive loglines clear
over clear text. Since we're behind misc-web-lb, do the redirect based
on the X-Forwarded-Proto HTTP header.
Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
---
M templates/kibana/apache.conf.erb
1 file changed, 6 insertions(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb
index 96a434d..42f4c6e 100644
--- a/templates/kibana/apache.conf.erb
+++ b/templates/kibana/apache.conf.erb
@@ -10,6 +10,11 @@
DocumentRoot %= @deploy_dir %/src
+ RewriteEngine on
+ RewriteCond %{HTTP:X-Forwarded-Proto} !https
+ RewriteCond %{REQUEST_URI} !^/status$
+ RewriteRule ^/(.*)$ https://%= @hostname %%{REQUEST_URI} [R=301,L]
+
Directory /
Options FollowSymLinks
AllowOverride None
@@ -68,7 +73,7 @@
Header set Cache-Control public, must-revalidate, max-age=900
/LocationMatch
- # Storage/retrival of saved dashboards via elasticsearch
+ # Storage/retrieval of saved dashboards via elasticsearch
LocationMatch ^/(kibana-int/dashboard/|kibana-int/temp)(.*)$
ProxyPassMatch http://%= @es_host %:%= @es_port %/$1$2
ProxyPassReverse http://%= @es_host %:%= @es_port %/$1$2
--
To view, visit https://gerrit.wikimedia.org/r/107557
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: enable Apache2 rewrite module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107558
Change subject: kibana: enable Apache2 rewrite module
..
kibana: enable Apache2 rewrite module
This is for Iea6bd55. mod_rewrite was was manually provisioned on
logstash1001 and hence missed in the original commit.
Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0
---
M manifests/role/kibana.pp
1 file changed, 1 insertion(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/58/107558/1
diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp
index d3c459a..c5d7e2d 100644
--- a/manifests/role/kibana.pp
+++ b/manifests/role/kibana.pp
@@ -27,6 +27,7 @@
'headers',
'proxy',
'proxy_http',
+'rewrite',
]: }
file { /etc/apache2/sites-available/${hostname}:
--
To view, visit https://gerrit.wikimedia.org/r/107558
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: enable Apache2 rewrite module - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: kibana: enable Apache2 rewrite module
..
kibana: enable Apache2 rewrite module
This is for Iea6bd55. mod_rewrite was was manually provisioned on
logstash1001 and hence missed in the original commit.
Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0
---
M manifests/role/kibana.pp
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Verified; Looks good to me, approved
diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp
index d3c459a..c5d7e2d 100644
--- a/manifests/role/kibana.pp
+++ b/manifests/role/kibana.pp
@@ -27,6 +27,7 @@
'headers',
'proxy',
'proxy_http',
+'rewrite',
]: }
file { /etc/apache2/sites-available/${hostname}:
--
To view, visit https://gerrit.wikimedia.org/r/107558
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add 'graphite-index' script and cron job - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Add 'graphite-index' script and cron job
..
Add 'graphite-index' script and cron job
The graphite-web package ships with a shell script,
'graphite-build-search-index',
which rebuilds the index of Whisper files used by graphite-web. The Debian
script presumes that graphite-web and carbon are both running with uid / gid
'_graphite', but we prefer to keep them distinct, because graphite-web should
not be modifying Whisper files. So ship an alternative script that better
matches our setup.
Change-Id: I83a2c6dbecba7545bb6e849f4e0089d69f202f44
---
A modules/graphite/files/graphite-index
M modules/graphite/manifests/web.pp
2 files changed, 54 insertions(+), 6 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/graphite/files/graphite-index
b/modules/graphite/files/graphite-index
new file mode 100755
index 000..f9932c8
--- /dev/null
+++ b/modules/graphite/files/graphite-index
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+ Generate index file for graphite-web
+
+ This file supercedes the script 'graphite-build-search-index' which ships
+ with the graphite-web package in Debian. The Debian script presumes that
+ graphite-web and carbon are both running with uid / gid '_graphite', but we
+ prefer to keep them distinct, because graphite-web should not be modifying
+ Whisper files.
+
+
+import os
+import fnmatch
+import tempfile
+
+from graphite import settings
+
+
+def iter_glob(dir, glob_pattern):
+Recurse through `dir`, yielding files that match `glob_pattern`
+return (os.path.join(root, f) for root, _, fs in os.walk(dir)
+for f in fs if fnmatch.fnmatch(f, glob_pattern))
+
+
+def format_entry(wsp_path):
+Format a .wsp file path for inclusion in Graphite's index
+return wsp_path[len(settings.WHISPER_DIR):-4].replace('/', '.')
+
+
+with tempfile.NamedTemporaryFile('wt', delete=False) as tmp:
+for whisper in iter_glob(settings.WHISPER_DIR, '*.wsp'):
+tmp.write(format_entry(whisper) + '\n')
+os.chmod(tmp.name, 0644)
+os.rename(tmp.name, settings.INDEX_FILE)
diff --git a/modules/graphite/manifests/web.pp
b/modules/graphite/manifests/web.pp
index f0ebfcf..b579b8b 100644
--- a/modules/graphite/manifests/web.pp
+++ b/modules/graphite/manifests/web.pp
@@ -96,15 +96,28 @@
require = File['/var/run/graphite-web', '/var/log/graphite-web'],
}
-file { '/sbin/graphite-auth':
-source = 'puppet:///modules/graphite/graphite-auth',
-mode= '0755',
+file { '/usr/local/sbin/graphite-index':
+source = 'puppet:///modules/graphite/graphite-index',
+mode= '0555',
require = Uwsgi::App['graphite-web'],
}
+file { '/usr/local/sbin/graphite-auth':
+source = 'puppet:///modules/graphite/graphite-auth',
+mode= '0555',
+require = Uwsgi::App['graphite-web'],
+}
+
+cron { 'update_graphite_index':
+command = '/usr/local/sbin/graphite-index',
+user= 'www-data',
+hour= '*/1',
+require = File['/usr/local/sbin/graphite-index'],
+}
+
exec { 'create_graphite_admin':
-command = /sbin/graphite-auth set ${admin_user} ${admin_pass},
-unless = /sbin/graphite-auth check ${admin_user} ${admin_pass},
-require = File['/sbin/graphite-auth'],
+command = /usr/local/sbin/graphite-auth set ${admin_user}
${admin_pass},
+unless = /usr/local/sbin/graphite-auth check ${admin_user}
${admin_pass},
+require = File['/usr/local/sbin/graphite-auth'],
}
}
--
To view, visit https://gerrit.wikimedia.org/r/107616
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I83a2c6dbecba7545bb6e849f4e0089d69f202f44
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] tcpircbot: fix multiple unreferenced var errors - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107807
Change subject: tcpircbot: fix multiple unreferenced var errors
..
tcpircbot: fix multiple unreferenced var errors
The few unrelated touch-ups of commit I0e0209e were broken in multiple
ways, throwing errors because of missing dependencies.
Attempt to fix those while keeping the original commit's rationale of
removing useless parameters that noone would ever customize.
Change-Id: If6379f5c2fedd54460494b98392e4f6d96d8ef8b
---
M modules/tcpircbot/manifests/init.pp
M modules/tcpircbot/manifests/instance.pp
2 files changed, 8 insertions(+), 11 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/07/107807/1
diff --git a/modules/tcpircbot/manifests/init.pp
b/modules/tcpircbot/manifests/init.pp
index a39b762..de87c67 100644
--- a/modules/tcpircbot/manifests/init.pp
+++ b/modules/tcpircbot/manifests/init.pp
@@ -8,12 +8,6 @@
#
# === Parameters
#
-# [*user*]
-# Run tcpircbot instances as this system user (default: 'tcpircbot').
-#
-# [*group*]
-# Run tcpircbot under this gid (default: 'tcpircbot').
-#
# [*dir*]
# Directory for tcpircbot script and configuration files and home directory
# for user.
@@ -31,7 +25,10 @@
# password = $passwords::irc::announcebot,
# }
#
-class tcpircbot {
+class tcpircbot(
+$dir = '/srv/tcpircbot',
+) {
+
package { [ 'python-irclib', 'python-netaddr' ]:
ensure = present,
}
@@ -42,7 +39,7 @@
ensure = present,
gid= 'tcpircbot',
shell = '/bin/false',
-home = '/srv/tcpircbot',
+home = $dir,
managehome = true,
system = true,
}
@@ -50,8 +47,8 @@
file { ${dir}/tcpircbot.py:
ensure = present,
source = 'puppet:///modules/tcpircbot/tcpircbot.py',
-owner = $user,
-group = $group,
+owner = 'tcpircbot',
+group = 'tcpircbot',
mode = '0555',
}
}
diff --git a/modules/tcpircbot/manifests/instance.pp
b/modules/tcpircbot/manifests/instance.pp
index d321b97..9fad01b 100644
--- a/modules/tcpircbot/manifests/instance.pp
+++ b/modules/tcpircbot/manifests/instance.pp
@@ -68,7 +68,7 @@
file { ${tcpircbot::dir}/${title}.json:
ensure = present,
content = template('tcpircbot/tcpircbot.json.erb'),
-require = User[$tcpircbot::user],
+require = User['tcpircbot'],
}
file { /etc/init/tcpircbot-${title}.conf:
--
To view, visit https://gerrit.wikimedia.org/r/107807
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If6379f5c2fedd54460494b98392e4f6d96d8ef8b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] OCG: update trebuchet config and remove Node - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: OCG: update trebuchet config and remove Node
..
OCG: update trebuchet config and remove Node
Trebuchet
* It didn't make sense to have a completely separate git repo
just for deployments. I'm going to use a deploy branch and
see how that works out.
* According to the documentation, declare the service name
in a different way so that `restart-service` works.
apt
* OCG requires Node 0.10; but WMF has 0.8 in it's repo right now.
The installation requirement is causing some havok if I try to
use a different version of node.
Change-Id: I0a4457f450724e7fbf5c864a3a2e05aed57a231c
---
M manifests/role/deployment.pp
M modules/ocg/manifests/init.pp
2 files changed, 8 insertions(+), 8 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index 3479447..30e0967 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -97,10 +97,9 @@
},
'ocg/ocg' = {
'grain' = 'ocg',
-'upstream' =
'https://gerrit.wikimedia.org/r/mediawiki/services/ocg-collection/deploy',
-'checkout_module_calls' = {
-'service.restart' = ['ocg'],
-},
+'upstream' =
'https://gerrit.wikimedia.org/r/mediawiki/services/ocg-collection',
+'service_name' = 'ocg',
+'checkout_submodules' = true,
},
'fluoride/fluoride' = {
'grain'= 'fluoride',
diff --git a/modules/ocg/manifests/init.pp b/modules/ocg/manifests/init.pp
index fb411b6..ebb8591 100644
--- a/modules/ocg/manifests/init.pp
+++ b/modules/ocg/manifests/init.pp
@@ -33,10 +33,11 @@
system = true,
}
-package { 'nodejs':
-ensure = present,
-notify = Service['ocg'],
-}
+# Can't use Node installed from Apt until we have 0.10 in the repo
+#package { 'nodejs':
+#ensure = present,
+#notify = Service['ocg'],
+#}
package {
[
--
To view, visit https://gerrit.wikimedia.org/r/107810
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0a4457f450724e7fbf5c864a3a2e05aed57a231c
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mwalker mwal...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Jgreen jgr...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: puppet 3 compatibility fix - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: webserver: puppet 3 compatibility fix
..
webserver: puppet 3 compatibility fix
Change-Id: Ic2745dddb7ac4728e904ac63b7e60c1b926bcf15
---
M manifests/webserver.pp
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 7f49b7d..a5e859c 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -155,7 +155,7 @@
define module {
Class[webserver::apache::packages] -
Webserver::Apache::Module[$title] - Class[webserver::apache::config]
- $packagename = $operatingsystem ? {
+ $packagename = $::operatingsystem ? {
Ubuntu = $title ? {
perl = libapache2-mod-perl2,
--
To view, visit https://gerrit.wikimedia.org/r/107814
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic2745dddb7ac4728e904ac63b7e60c1b926bcf15
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya mata...@foss.co.il
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Would help if the OCG config was in the right spot - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Would help if the OCG config was in the right spot .. Would help if the OCG config was in the right spot Change-Id: I1c3928b5b41d6d7a0618ce76b6d361c8b6e79419 --- M modules/ocg/templates/mw-ocg-service.js.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/ocg/templates/mw-ocg-service.js.erb b/modules/ocg/templates/mw-ocg-service.js.erb index ec34e83..067c6f5 100644 --- a/modules/ocg/templates/mw-ocg-service.js.erb +++ b/modules/ocg/templates/mw-ocg-service.js.erb @@ -18,5 +18,5 @@ config.backend.temp_dir = %= @temp_dir %; // Import the public local settings - return require(/srv/deployment/ocg/LocalSettings.js)(config) + return require(/srv/deployment/ocg/ocg/LocalSettings.js)(config) } -- To view, visit https://gerrit.wikimedia.org/r/107820 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1c3928b5b41d6d7a0618ce76b6d361c8b6e79419 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mwalker mwal...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] More OCG path fun - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: More OCG path fun .. More OCG path fun Change-Id: I5df98d7167755d79673c11ee94c4036717c78905 --- M modules/ocg/files/ocg.upstart.conf 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/ocg/files/ocg.upstart.conf b/modules/ocg/files/ocg.upstart.conf index e41a19a..953d964 100644 --- a/modules/ocg/files/ocg.upstart.conf +++ b/modules/ocg/files/ocg.upstart.conf @@ -15,6 +15,6 @@ setuid ocg setgid ocg -exec /srv/deployment/ocg/mw-ocg-service -c /etc/ocg/mw-ocg-service.js +exec /srv/deployment/ocg/ocg/mw-ocg-service.js -c /etc/ocg/mw-ocg-service.js respawn -- To view, visit https://gerrit.wikimedia.org/r/107830 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5df98d7167755d79673c11ee94c4036717c78905 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mwalker mwal...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Jgreen jgr...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] (WIP) Refactor admins.pp into an admin module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/107848
Change subject: (WIP) Refactor admins.pp into an admin module
..
(WIP) Refactor admins.pp into an admin module
(this is WORK IN PROGRESS and UNTESTED)
Refactor the huge often unmanageable admins.pp into a new admins
module. Several enhancements have been introduced:
- Split of code, logic data, with generic abstractions and
code-agnostic data structures (hashes) for users, group memberships,
ssh keys sudo policies. This can in the future be combined with
Hiera, LDAP or stdlib's json import to completely isolate the data
import functionality.
- Tie Unix groups with our arbitrary class groupings; grouping users
together in a class now means grouping them in a Unix group too.
- Introduce a revoked group; users included in this group are revoked
of access, with this group being applied on all hosts, rather than
just hosts that may had access before.
- Completely manage SSH keys and groups memberships; users cannot add
unpuppetized keys to their user accounts anymore.
- A new, generic, account definition to handle all things related to
an account (user, group, home directory, SSH key)
- Integration with sudo policies, effectively replacing sudo.pp
Change-Id: I6e5e2d636f0f8d47a134feca0c0386881476366b
---
A modules/admins/manifests/account.pp
A modules/admins/manifests/data.pp
A modules/admins/manifests/group.pp
A modules/admins/manifests/init.pp
A modules/admins/manifests/sudo.pp
A modules/admins/manifests/user.pp
A modules/admins/templates/sudo/sudoers.erb
7 files changed, 433 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/48/107848/1
diff --git a/modules/admins/manifests/account.pp
b/modules/admins/manifests/account.pp
new file mode 100644
index 000..27b1cf9
--- /dev/null
+++ b/modules/admins/manifests/account.pp
@@ -0,0 +1,127 @@
+# == Define: admins::account
+#
+# A defined type for user account management. It creates (or deletes) at least
+# a User resource, plus virtual resources for the group, home directory and SSH
+# authorized key of the user.
+#
+# WARNING: this is designed to NOT play well with local modifications. It will
+# overwrite at least group membership SSH keys. It's also intentionally #
+# simple, not supporting configurations that are of no use for the setup it was
+# created (passwords, system users etc.)
+#
+# === Parameters
+#
+# [*ensure*]
+# Add or remove the user account, with present or absent respectively.
+# Defaults to present.
+#
+# [*username*]
+# The username of the user to be created.
+# Defaults to the title of the account resource.
+#
+# [*realname*]
+# The gecos realname for the user.
+#
+# [*uid*]
+# The UID to set for the new account.
+#
+# [*gid*]
+# Sets the primary group of this user.
+#
+# [*groups*]
+# An array of additional groups to add the user to.
+# Defaults to an empty array.
+#
+# [*ssh_keys*]
+# An array of strings containing the SSH public keys.
+# Defaults to an empty array.
+#
+# [*shell*]
+# The login shell.
+# The default is '/bin/bash'
+#
+
+define admins::account(
+ $ensure,
+ $realname,
+ $uid,
+ $gid,
+ $groups=[],
+ $ssh_keys=[],
+ $shell='/bin/bash'
+ $username=$title,
+) {
+validate_re($ensure, '^(present|absent)$')
+
+$ensure_dir = $ensure ? {
+'absent' = 'absent',
+'present' = 'directory',
+}
+
+user { $username:
+ensure = $ensure,
+name = $username,
+uid= $uid,
+comment= $realname,
+gid= $gid,
+groups = $groups,
+membership = 'inclusive',
+shell = $shell,
+managehome = false, # we do it manually below
+allowdupe = false,
+}
+
+case $ensure {
+'present': {
+Group[$gid] - User[$username]
+}
+'absent': {
+User[$username] - Group[$gid]
+}
+default: {}
+}
+
+@group { $gid:
+ensure= $ensure,
+name = $gid,
+allowdupe = false,
+}
+
+@file { /home/${username}:
+ensure = $ensure_dir,
+source = [
+puppet:///modules/account/home/${username}/,
+'puppet:///modules/account/home/skel/',
+],
+sourceselect = 'first',
+recurse = 'remote',
+mode = '0644',
+owner= $username,
+group= $gid,
+require = [ User[$username], Group[$gid] ],
+tag = 'account/home'
+}
+
+# use regular file resources instead of the special ssh_authorized_keys
+# resources since we *exclusively* manage ssh keys and do not coexist
+# with local ones
+
+$ssh_authorized_keys = join($ssh_keys, \n)
+
+# XXX: move under /etc/ssh/userkeys
+@file {
[MediaWiki-commits] [Gerrit] add rdns for iodine - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged.
Change subject: add rdns for iodine
..
add rdns for iodine
needs I0f536e046bd5dfb9e920fba70a4b642aa344037c first (now done)
RT: 3645
Change-Id: I7de50c0fcdbc095315b7d0f37d89c877041ff231
---
M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
1 file changed, 1 insertion(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
index e296af3..95506f3 100644
--- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
+++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
@@ -54,6 +54,7 @@
1.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f 1H IN PTR
ae2-1002.cr1-eqiad.wikimedia.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f 1H IN PTR
ae2-1002.cr2-eqiad.wikimedia.org.
+6.4.1.0.4.5.1.0.0.8.0.0.8.0.2.0 1H IN PTR iodine.wikimedia.org.
; public1-c-eqiad (2620:0:861:3::/64)
$ORIGIN 3.0.0.0.{{ zonename }}.
--
To view, visit https://gerrit.wikimedia.org/r/107854
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7de50c0fcdbc095315b7d0f37d89c877041ff231
Gerrit-PatchSet: 3
Gerrit-Project: operations/dns
Gerrit-Branch: master
Gerrit-Owner: Jeremyb jer...@tuxmachine.com
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Jeremyb jer...@tuxmachine.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] hive: puppet 3 compatibility fix: fully qualify variables - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: hive: puppet 3 compatibility fix: fully qualify variables
..
hive: puppet 3 compatibility fix: fully qualify variables
Change-Id: I5a46975e35c3d551ecec1a0ba8206a6df377e889
---
M manifests/role/analytics/hive.pp
1 file changed, 3 insertions(+), 3 deletions(-)
Approvals:
Ottomata: Looks good to me, approved
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/analytics/hive.pp b/manifests/role/analytics/hive.pp
index 13eb6c5..f5cf338 100644
--- a/manifests/role/analytics/hive.pp
+++ b/manifests/role/analytics/hive.pp
@@ -71,7 +71,7 @@
class { '::cdh4::hive':
metastore_host = 'analytics1027.eqiad.wmnet',
jdbc_password = $passwords::analytics::hive_jdbc_password,
-zookeeper_hosts = $role::analytics::zookeeper::hosts_array,
+zookeeper_hosts = $role::analytics::zookeeper::config::hosts_array,
}
}
@@ -81,6 +81,6 @@
class role::analytics::hive::labs {
class { '::cdh4::hive':
metastore_host = $role::analytics::hadoop::labs::namenode_hosts[0],
-zookeeper_hosts = $role::analytics::zookeeper::hosts_array,
+zookeeper_hosts = $role::analytics::zookeeper::config::hosts_array,
}
-}
\ No newline at end of file
+}
--
To view, visit https://gerrit.wikimedia.org/r/107821
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5a46975e35c3d551ecec1a0ba8206a6df377e889
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya mata...@foss.co.il
Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Ottomata o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: puppet 3 compatibility fix: module path - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: geoip: puppet 3 compatibility fix: module path
..
geoip: puppet 3 compatibility fix: module path
Change-Id: Ib617ac623dfdaed52f74661cc084b89f57e09e0a
---
M modules/geoip/manifests/data/lite.pp
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/geoip/manifests/data/lite.pp
b/modules/geoip/manifests/data/lite.pp
index 30f2562..e78ad21 100644
--- a/modules/geoip/manifests/data/lite.pp
+++ b/modules/geoip/manifests/data/lite.pp
@@ -22,7 +22,7 @@
mode = '0555',
owner = 'root',
group = 'root',
-source = puppet:///${module_name}/geoliteupdate,
+source = 'puppet:///modules/geoip/geoliteupdate',
}
$geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory}
@@ -39,7 +39,7 @@
cron { 'geoliteupdate':
ensure = present,
command = ${geoliteupdate_command} /dev/null,
-user= root,
+user= 'root',
weekday = 0,
hour= 3,
minute = 30,
--
To view, visit https://gerrit.wikimedia.org/r/107826
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib617ac623dfdaed52f74661cc084b89f57e09e0a
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya mata...@foss.co.il
Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] smokeping: puppet 3 compatibility fix: module path - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: smokeping: puppet 3 compatibility fix: module path
..
smokeping: puppet 3 compatibility fix: module path
Change-Id: Ibc3b6e44f85c89c4e097100d28764424474ddf4b
---
M modules/smokeping/manifests/config.pp
1 file changed, 5 insertions(+), 5 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/smokeping/manifests/config.pp
b/modules/smokeping/manifests/config.pp
index 7808c7e..2d6a1d1 100644
--- a/modules/smokeping/manifests/config.pp
+++ b/modules/smokeping/manifests/config.pp
@@ -3,11 +3,11 @@
file { '/etc/smokeping/config.d':
require = Package['smokeping'],
-ensure = directory,
+ensure = directory,
recurse = true,
-owner = 'root',
-group = 'root',
-mode = 0444,
-source = puppet:///${module_name}/config.d;
+owner = 'root',
+group = 'root',
+mode= 0444,
+source = 'puppet:///modules/smokeping/config.d',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/107825
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibc3b6e44f85c89c4e097100d28764424474ddf4b
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya mata...@foss.co.il
Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Matanya mata...@foss.co.il
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert wmgRC2UDPAddress to ekrem - change (operations/mediawiki-config)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/108339 Change subject: Revert wmgRC2UDPAddress to ekrem .. Revert wmgRC2UDPAddress to ekrem Tampa is now fully back up. Revert the IRC feed to its canonical address, rather than the very temporary socat relays that went via Amsterdam. This reverts commit I4342b062bc1db0d851e5a007f28034be140c6e0a. Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/39/108339/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index d1c9a61..8ca1c6a 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -6236,7 +6236,7 @@ ), 'wmgRC2UDPAddress' = array( - 'default' = '208.80.154.157', // chromium, temporary relay + 'default' = '208.80.152.178', // pmtpa: ekrem ), 'wmgRC2UDPPort' = array( -- To view, visit https://gerrit.wikimedia.org/r/108339 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert wmgRC2UDPAddress to ekrem - change (operations/mediawiki-config)
Faidon Liambotis has submitted this change and it was merged. Change subject: Revert wmgRC2UDPAddress to ekrem .. Revert wmgRC2UDPAddress to ekrem Tampa is now fully back up. Revert the IRC feed to its canonical address, rather than the very temporary socat relays that went via Amsterdam. This reverts commit I4342b062bc1db0d851e5a007f28034be140c6e0a. Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index d1c9a61..8ca1c6a 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -6236,7 +6236,7 @@ ), 'wmgRC2UDPAddress' = array( - 'default' = '208.80.154.157', // chromium, temporary relay + 'default' = '208.80.152.178', // pmtpa: ekrem ), 'wmgRC2UDPPort' = array( -- To view, visit https://gerrit.wikimedia.org/r/108339 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: disable WAP on mobile frontends - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/108738
Change subject: Varnish: disable WAP on mobile frontends
..
Varnish: disable WAP on mobile frontends
Unconditionally set X-WAP to no on the mobile frontends, essentially
lying to MediaWiki about whether this requests comes from a WAP client.
This entirely disables kills WAP, per mobile's request. The method of
Keeping X-WAP around gives us the advantage that we can do so without
any MediaWiki changes for now and hence we can quickly rollback the
change, if needed, without even ever poisoning our caches.
After this has been deployed for a while and we're comfortable with it,
we can fix MobileFrontend's mobile detection (using e.g. X-Subdomain or
a separate header) and then kill X-WAP entirely from our VCL.
Change-Id: Ida2afe8b72697d5ba519ac121a2c8ef7ee80aab0
---
D templates/varnish/device-detection.inc.vcl.erb
M templates/varnish/mobile-frontend.inc.vcl.erb
2 files changed, 2 insertions(+), 11 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/38/108738/1
diff --git a/templates/varnish/device-detection.inc.vcl.erb
b/templates/varnish/device-detection.inc.vcl.erb
deleted file mode 100644
index 1bcc88c..000
--- a/templates/varnish/device-detection.inc.vcl.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-# Varnish VCL include file for mobile device detection
-# Shared between mobile caches and bits
-
-sub device_detection {
- if ( req.http.Accept ~ text/vnd.wap.wml req.http.Accept !~
text/html ) {
- set req.http.X-WAP = yes;
- } else {
- set req.http.X-WAP = no;
- }
-}
\ No newline at end of file
diff --git a/templates/varnish/mobile-frontend.inc.vcl.erb
b/templates/varnish/mobile-frontend.inc.vcl.erb
index f8111bd..e3f25d1 100644
--- a/templates/varnish/mobile-frontend.inc.vcl.erb
+++ b/templates/varnish/mobile-frontend.inc.vcl.erb
@@ -72,7 +72,8 @@
unset req.http.Cookie;
}
- call device_detection;
+ /* FIXME: temporary for the migration of disabling WAP */
+ set req.http.X-WAP = no;
if ( req.http.host ~ ^test\. ) {
return (pass);
--
To view, visit https://gerrit.wikimedia.org/r/108738
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ida2afe8b72697d5ba519ac121a2c8ef7ee80aab0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] apache: bump MaxClients from 40 to 100 for bits - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/108929
Change subject: apache: bump MaxClients from 40 to 100 for bits
..
apache: bump MaxClients from 40 to 100 for bits
40 is regularly being exhausted during bits deploys. It's also
unreasonably low, as a) the bits requests are cheap, b) the machines
themselves are fairly idle, b) there are just a few of bits apaches, so
even the aggregate effect won't cascade to other subsystems.
Increase this to 100, which is more of a guess than a
proven-in-benchmarks number, but which should fix outages.
Change-Id: I9e311c98fc00a4c197e62e9083398dbac66cdd85
---
M manifests/role/applicationserver.pp
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/29/108929/1
diff --git a/manifests/role/applicationserver.pp
b/manifests/role/applicationserver.pp
index ee153e1..f0e370d 100644
--- a/manifests/role/applicationserver.pp
+++ b/manifests/role/applicationserver.pp
@@ -190,7 +190,7 @@
class { role::applicationserver::common: group =
bits_appserver, lvs_pool = apaches }
- include role::applicationserver::webserver
+ class { role::applicationserver::webserver: maxclients =
100 }
}
class imagescaler{
system::role { role::applicationserver::imagescaler:
description = Imagescaler Application server }
--
To view, visit https://gerrit.wikimedia.org/r/108929
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9e311c98fc00a4c197e62e9083398dbac66cdd85
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] reprepro: add update source cassandra to trusty - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/175423 Change subject: reprepro: add update source cassandra to trusty .. reprepro: add update source cassandra to trusty RT: 8530 Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 --- M modules/install-server/files/reprepro/distributions 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/23/175423/1 diff --git a/modules/install-server/files/reprepro/distributions b/modules/install-server/files/reprepro/distributions index b413a92..be38854 100644 --- a/modules/install-server/files/reprepro/distributions +++ b/modules/install-server/files/reprepro/distributions @@ -65,7 +65,7 @@ Architectures: source amd64 i386 Components: main universe non-free UDebComponents: main -Update: hwraid elasticsearch +Update: hwraid cassandra elasticsearch Description: Wikimedia specific packages for Ubuntu Trusty Tahr SignWith: default DebOverride: deb-override -- To view, visit https://gerrit.wikimedia.org/r/175423 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] reprepro: add update source cassandra to trusty - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: reprepro: add update source cassandra to trusty .. reprepro: add update source cassandra to trusty RT: 8530 Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 --- M modules/install-server/files/reprepro/distributions 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/install-server/files/reprepro/distributions b/modules/install-server/files/reprepro/distributions index b413a92..be38854 100644 --- a/modules/install-server/files/reprepro/distributions +++ b/modules/install-server/files/reprepro/distributions @@ -65,7 +65,7 @@ Architectures: source amd64 i386 Components: main universe non-free UDebComponents: main -Update: hwraid elasticsearch +Update: hwraid cassandra elasticsearch Description: Wikimedia specific packages for Ubuntu Trusty Tahr SignWith: default DebOverride: deb-override -- To view, visit https://gerrit.wikimedia.org/r/175423 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: kill geoliteupdate in favor of geoipupdate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175571
Change subject: geoip: kill geoliteupdate in favor of geoipupdate
..
geoip: kill geoliteupdate in favor of geoipupdate
MaxMind's geoipupdate mechanism has a hidden feature that MaxMind
themselves pointed me to: GeoLite databases have their own
updates.maxmind.com product codes and there is a special UserID of
99 with a LicenseKey of that has privileges to download
them.
Kill geoliteupdate in favor of using geoipupdate across the board. This
brings us a similar update mechanism for production Labs, plus a
better program to fetch updates, as this one also does MD5 checks etc.
Change-Id: I34fb5b2d5253a9161d3c86c2e92375049c241775
---
D modules/geoip/files/geoliteupdate
D modules/geoip/manifests/data/lite.pp
M modules/geoip/manifests/data/maxmind.pp
M modules/puppet/manifests/self/geoip.pp
M modules/puppetmaster/manifests/geoip.pp
5 files changed, 42 insertions(+), 144 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/71/175571/1
diff --git a/modules/geoip/files/geoliteupdate
b/modules/geoip/files/geoliteupdate
deleted file mode 100644
index a5e1792..000
--- a/modules/geoip/files/geoliteupdate
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/sh
-
-# This is based on geoip-database-contrib_update from Debian's
-# geoip-database-contrib package. The original source can be found at
-# http://git.debian.org/?p=collab-maint/geoip-database-contrib.git
-# and is
-# Copyright: 2010/2013, Ludovico Cavedon cave...@debian.org
-# Patrick Matthäi pmatth...@debian.org
-# License: GPL-2+
-#
-# It was modified by Faidon Liambotis for use by the Wikimedia Foundation
-
-DESTDIR=$1
-if [ ! -d $DESTDIR ]; then
- echo Usage: $0 destdir
- exit 1
-fi
-
-GEOIP_URL=http://geolite.maxmind.com/download/geoip/database;
-
-FAILED=0
-
-for url in \
-$GEOIP_URL/GeoLiteCountry/GeoIP.dat.gz \
-$GEOIP_URL/GeoIPv6.dat.gz \
-$GEOIP_URL/GeoLiteCity.dat.gz \
-$GEOIP_URL/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz \
-$GEOIP_URL/asnum/GeoIPASNum.dat.gz \
-$GEOIP_URL/asnum/GeoIPASNumv6.dat.gz \
-$GEOIP_URL/GeoLite2-Country \
-$GEOIP_URL/GeoLite2-City.mmdb.gz
-do
-echo Downloading: $url
-
-# Download file in the same directory as the final one so that the mv
-# below can be atomic.
-TEMPGZ=$(mktemp --tmpdir=$DESTDIR/ --suffix=.gz)
-TEMP=${TEMPGZ%.gz}
-FILEGZ=$(basename $url)
-FILE=${FILEGZ%.gz}
-
-# MaxMind is being totally inconsistent and names both GeoIP Country and
-# GeoLite Country with the same file. Explicitly rename this to
-# GeoLite.dat, so that we can happily coexist with geoipupdate.
-case $FILE in
-GeoIP.dat)
-FILE=GeoLite.dat
-;;
-esac
-
-/usr/bin/wget -q -t3 -T15 $url -O $TEMPGZ
-
-if [ $? != 0 ]
-then
-echo Failed to download $url
-else
-/bin/gunzip -f $TEMPGZ
-
-if [ $? != 0 ]
-then
-echo Failed to decompress $FILEGZ
-else
-rm -f $DESTDIR/$FILE
-mv $TEMP $DESTDIR/$FILE
-chmod 644 $DESTDIR/$FILE
-fi
-fi
-
-rm -f $TEMP $TEMPGZ
-done
-
-exit 0
diff --git a/modules/geoip/manifests/data/lite.pp
b/modules/geoip/manifests/data/lite.pp
deleted file mode 100644
index e78ad21..000
--- a/modules/geoip/manifests/data/lite.pp
+++ /dev/null
@@ -1,55 +0,0 @@
-# == Class geoip::data::lite
-# Installs Maxmind GeoLite database files by downloading them from Maxmind with
-# a wget wrapper script. This also installs a cron job to do this weekly.
-#
-# == Parameters
-# $data_directory - Where the data files should live.
-# $environment- The environment parameter to pass to exec and cron for the
-# geoliteupdate download command. default: undef
-
-class geoip::data::lite(
- $data_directory = '/usr/share/GeoIP',
- $environment= undef)
-{
- if ! defined(File[$data_directory]) {
-file { $data_directory:
- ensure = directory,
-}
- }
-
- file { '/usr/local/bin/geoliteupdate':
-ensure = present,
-mode = '0555',
-owner = 'root',
-group = 'root',
-source = 'puppet:///modules/geoip/geoliteupdate',
- }
-
- $geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory}
-
- # run once on the first instantiation of this class
- exec { 'geoliteupdate':
-command = $geoliteupdate_command,
-refreshonly = true,
-subscribe = File['/usr/local/bin/geoliteupdate'],
-require = File[$data_directory],
- }
-
- # Set up a cron to run geoliteupdate weekly.
- cron { 'geoliteupdate':
-ensure = present,
-command = ${geoliteupdate_command} /dev/null,
-user= 'root',
-weekday = 0,
-hour= 3,
-minute = 30,
-require =
[MediaWiki-commits] [Gerrit] bits varnish: serve 204s for /statsv - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: bits varnish: serve 204s for /statsv
..
bits varnish: serve 204s for /statsv
statsv is a logging beacon endpoint for processing client-side statsd-like
performance metrics, generated by MediaWiki's JavaScript code.
* Make //bits.wikimedia.org/statsv/* reqs HTTP 204s, like EventLogging's
/event.gif endpoint.
* Fix the RxURL arg for the Varnishkafka instance to not require an additional
slash.
* Add a comment explaining both endpoints.
Change-Id: I6774c0b6508879226dfb41fb123c9ac4dfe132d3
---
M manifests/role/cache.pp
M templates/varnish/bits.inc.vcl.erb
2 files changed, 10 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index 734b101..30d0a85 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -500,7 +500,7 @@
format_type = 'json',
topic = 'statsv',
varnish_name = $varnish_name,
-varnish_opts = { 'm' = 'RxURL:^/statsv\//', },
+varnish_opts = { 'm' = 'RxURL:^/statsv/', },
# By requiring 2 ACKs per message batch, we survive a
# single broker dropping out of its leader role,
# without seeing lost messages.
diff --git a/templates/varnish/bits.inc.vcl.erb
b/templates/varnish/bits.inc.vcl.erb
index 403733b..86ebb26 100644
--- a/templates/varnish/bits.inc.vcl.erb
+++ b/templates/varnish/bits.inc.vcl.erb
@@ -23,7 +23,15 @@
% end -%
sub vcl_recv {
- if (req.url ~ ^/event\.gif) {
+ if (req.url ~ ^/(event\.gif|statsv/)) {
+ // URLs that start with 'event.gif' or 'statsv' are logging
beacon endpoints.
+ // They are handled by log tailers (varnishkafka and
varnishncsa) that filter
+ // the Varnish shm log for reqs to these endpoints and forward
them to log
+ // processors for storage and analysis.
+ //
+ // /event.gif is used by EventLogging
https://wikitech.wikimedia.org/wiki/EventLogging
+ // statsv is used by MediaWiki for statsd-like performance
metrics.
+ // Ori is the contact person for both.
error 204;
}
--
To view, visit https://gerrit.wikimedia.org/r/175575
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6774c0b6508879226dfb41fb123c9ac4dfe132d3
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Switch Cassandra test hosts to the new role class - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175629
Change subject: Switch Cassandra test hosts to the new role class
..
Switch Cassandra test hosts to the new role class
- Move system::role under the role class.
- Get rid of the vm.max_map_count sysctl, included in Cassandra's Debian
package now.
- Split ruthenium off the host list, to be repurposed.
Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9
---
M manifests/role/cassandra.pp
M manifests/site.pp
2 files changed, 11 insertions(+), 15 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/29/175629/1
diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp
index de89d12..a3806ed 100644
--- a/manifests/role/cassandra.pp
+++ b/manifests/role/cassandra.pp
@@ -3,4 +3,8 @@
class role::cassandra {
# Parameters to be set by Hiera
class { '::cassandra': }
+
+system::role { 'role::cassandra':
+description = 'Cassandra server',
+}
}
diff --git a/manifests/site.pp b/manifests/site.pp
index cf0f987..e8682a2 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -439,23 +439,11 @@
include role::releases
}
-# cerium,praseodymium, ruthenium and xenon are cassandra test host
-node /^(cerium|praseodymium|ruthenium|xenon)\.eqiad\.wmnet$/ {
-
+# cerium,praseodymium, ruthenium and xenon are cassandra test hosts
+node /^(cerium|praseodymium|xenon)\.eqiad\.wmnet$/ {
class { 'admin': groups = ['cassandra-roots'] }
-
-system::role { 'role::cassandra-test':
-description = 'Cassandra test server',
-}
-
include standard
-
-# XXX: to be moved into the puppet class
-sysctl::parameters { 'cassandra':
-values = {
-'vm.max_map_count' = 1048575,
-},
-}
+include role::cassandra
}
node /^(chromium|hydrogen)\.wikimedia\.org$/ {
@@ -2279,6 +2267,10 @@
class { 'admin': groups = ['pmacct-roots'] }
}
+node 'ruthenium.eqiad.wmnet' {
+include standard
+}
+
node 'sanger.wikimedia.org' {
include base
include ganglia
--
To view, visit https://gerrit.wikimedia.org/r/175629
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Switch Cassandra test hosts to the new role class - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Switch Cassandra test hosts to the new role class
..
Switch Cassandra test hosts to the new role class
- Move system::role under the role class.
- Get rid of the vm.max_map_count sysctl, included in Cassandra's Debian
package now.
- Split ruthenium off the host list, to be repurposed.
Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9
---
M manifests/role/cassandra.pp
M manifests/site.pp
2 files changed, 11 insertions(+), 15 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp
index de89d12..a3806ed 100644
--- a/manifests/role/cassandra.pp
+++ b/manifests/role/cassandra.pp
@@ -3,4 +3,8 @@
class role::cassandra {
# Parameters to be set by Hiera
class { '::cassandra': }
+
+system::role { 'role::cassandra':
+description = 'Cassandra server',
+}
}
diff --git a/manifests/site.pp b/manifests/site.pp
index cf0f987..69e99b1 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -439,23 +439,11 @@
include role::releases
}
-# cerium,praseodymium, ruthenium and xenon are cassandra test host
-node /^(cerium|praseodymium|ruthenium|xenon)\.eqiad\.wmnet$/ {
-
+# cerium, praseodymium and xenon are Cassandra test hosts
+node /^(cerium|praseodymium|xenon)\.eqiad\.wmnet$/ {
class { 'admin': groups = ['cassandra-roots'] }
-
-system::role { 'role::cassandra-test':
-description = 'Cassandra test server',
-}
-
include standard
-
-# XXX: to be moved into the puppet class
-sysctl::parameters { 'cassandra':
-values = {
-'vm.max_map_count' = 1048575,
-},
-}
+include role::cassandra
}
node /^(chromium|hydrogen)\.wikimedia\.org$/ {
@@ -2279,6 +2267,10 @@
class { 'admin': groups = ['pmacct-roots'] }
}
+node 'ruthenium.eqiad.wmnet' {
+include standard
+}
+
node 'sanger.wikimedia.org' {
include base
include ganglia
--
To view, visit https://gerrit.wikimedia.org/r/175629
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give parsoid-admins access to ruthenium - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Give parsoid-admins access to ruthenium
..
Give parsoid-admins access to ruthenium
ruthenium is now used for parsoid round-trip testing, so grant access to
parsoid-roots admins.
RT: 6980
Change-Id: I974e3a80155caa27f34ef1c5d711a3817367e7c1
---
M manifests/site.pp
1 file changed, 8 insertions(+), 0 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/site.pp b/manifests/site.pp
index 69e99b1..547cc79 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2267,7 +2267,15 @@
class { 'admin': groups = ['pmacct-roots'] }
}
+# ruthenium is a parsoid regression test server
+# https://www.mediawiki.org/wiki/Parsoid/Round-trip_testing
node 'ruthenium.eqiad.wmnet' {
+class { 'admin':
+groups = [
+'parsoid-roots',
+'parsoid-admin',
+]
+}
include standard
}
--
To view, visit https://gerrit.wikimedia.org/r/172780
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I974e3a80155caa27f34ef1c5d711a3817367e7c1
Gerrit-PatchSet: 9
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Cscott canan...@wikimedia.org
Gerrit-Reviewer: BBlack bbl...@wikimedia.org
Gerrit-Reviewer: Cscott canan...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: GWicke gwi...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: Ottomata o...@wikimedia.org
Gerrit-Reviewer: Subramanya Sastry ssas...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] ocg: simplify module hierarchy - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175681
Change subject: ocg: simplify module hierarchy
..
ocg: simplify module hierarchy
There is no reason for ocg::ganglia::module, ocg::ganglia should be
enough. Similarly for Nagios, with the extra catch that there is no need
for two separate classes, one of which is only used by the other and
only contains a single resource.
Change-Id: Ia5c16bfc20d7e9e10cd6860a29a06a65506335b2
---
M hieradata/eqiad.yaml
M manifests/role/ocg.pp
R modules/ocg/manifests/ganglia.pp
A modules/ocg/manifests/nagios.pp
D modules/ocg/manifests/nagios/check.pp
D modules/ocg/manifests/nagios/plugin.pp
6 files changed, 38 insertions(+), 44 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/81/175681/1
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index 4983d9b..e6ef38d 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -25,11 +25,11 @@
ocg::graylog_host: logstash1002.eqiad.wmnet
ocg::statsd_is_txstatsd: 1
# see modules/ocg/files/nagios/check_ocg_health for descriptions
-ocg::nagios::check::wjs: 40
-ocg::nagios::check::cjs: 80
-ocg::nagios::check::wrj: 500
-ocg::nagios::check::crj: 3000
-ocg::ganglia::module::data_filesystem: /srv
+ocg::nagios::wjs: 40
+ocg::nagios::cjs: 80
+ocg::nagios::wrj: 500
+ocg::nagios::crj: 3000
+ocg::ganglia::data_filesystem: /srv
#
# Labs
diff --git a/manifests/role/ocg.pp b/manifests/role/ocg.pp
index f287822..b130560 100644
--- a/manifests/role/ocg.pp
+++ b/manifests/role/ocg.pp
@@ -15,8 +15,8 @@
include passwords::redis
include ::ocg
-include ::ocg::nagios::check
-include ocg::ganglia::module
+include ::ocg::nagios
+include ::ocg::ganglia
file { $::ocg::temp_dir:
ensure = directory,
diff --git a/modules/ocg/manifests/ganglia/module.pp
b/modules/ocg/manifests/ganglia.pp
similarity index 75%
rename from modules/ocg/manifests/ganglia/module.pp
rename to modules/ocg/manifests/ganglia.pp
index 0c16275..e4525b5 100644
--- a/modules/ocg/manifests/ganglia/module.pp
+++ b/modules/ocg/manifests/ganglia.pp
@@ -1,11 +1,11 @@
-# == Class ocg::ganglia::module
+# == Class ocg::ganglia
# Includes the ocg.py ganglia module
# include this class on your OCG node.
#
-class ocg::ganglia::module (
-$tmp_filesystem = $::ocg::temp_dir,
-$data_filesystem = '/srv',
-) {
+class ocg::ganglia (
+$tmp_filesystem = $::ocg::temp_dir,
+$data_filesystem = '/srv',
+) {
file { '/usr/lib/ganglia/python_modules/ocg.py':
source = 'puppet:///modules/ocg/ganglia/ocg.py',
owner = 'root',
diff --git a/modules/ocg/manifests/nagios.pp b/modules/ocg/manifests/nagios.pp
new file mode 100644
index 000..c5e6e46
--- /dev/null
+++ b/modules/ocg/manifests/nagios.pp
@@ -0,0 +1,26 @@
+# == Class ocg::nagios
+# Sets up icinga alerts for an Offline Content Generator instance.
+#
+class ocg::nagios (
+$wjs, # warning job status queue messages i.e. 2
+$cjs, # critical job status queue messages i.e. 3
+$wrj, # warning render jobs queue messages i.e. 100
+$crj, # critical render jobs queue messages i.e. 500
+$url = 'http://localhost:8000/?command=health', # OCG health check URL
+) {
+
+include nrpe
+
+file { '/usr/lib/nagios/plugins/check_ocg_health':
+source = 'puppet:///modules/ocg/nagios/check_ocg_health',
+owner = 'root',
+group = 'root',
+mode= '0755',
+require = Package['nagios-plugins'],
+}
+
+nrpe::monitor_service { 'ocg_health':
+description = 'OCG health',
+nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs}
--cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}',
+}
+}
diff --git a/modules/ocg/manifests/nagios/check.pp
b/modules/ocg/manifests/nagios/check.pp
deleted file mode 100644
index bd071d7..000
--- a/modules/ocg/manifests/nagios/check.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-# == Class ocg::nagios::check
-# Sets up icinga alerts for an Offline Content Generator instance.
-#
-class ocg::nagios::check (
-$wjs, # warning job status queue messages i.e. 2
-$cjs, # critical job status queue messages i.e. 3
-$wrj, # warning render jobs queue messages i.e. 100
-$crj, # critical render jobs queue messages i.e. 500
-$url = 'http://localhost:8000/?command=health', # OCG health check URL
-) {
-include nrpe,
-ocg::nagios::plugin
-
-nrpe::monitor_service { 'ocg_health':
-description = 'OCG health',
-nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs}
--cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}',
-}
-
-}
diff --git a/modules/ocg/manifests/nagios/plugin.pp
b/modules/ocg/manifests/nagios/plugin.pp
deleted file mode 100644
index 986b897..000
---
[MediaWiki-commits] [Gerrit] ocg: simplify module hierarchy - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: ocg: simplify module hierarchy
..
ocg: simplify module hierarchy
There is no reason for ocg::ganglia::module, ocg::ganglia should be
enough. Similarly for Nagios, with the extra catch that there is no need
for two separate classes, one of which is only used by the other and
only contains a single resource.
Change-Id: Ia5c16bfc20d7e9e10cd6860a29a06a65506335b2
---
M hieradata/eqiad.yaml
M manifests/role/ocg.pp
R modules/ocg/manifests/ganglia.pp
A modules/ocg/manifests/nagios.pp
D modules/ocg/manifests/nagios/check.pp
D modules/ocg/manifests/nagios/plugin.pp
6 files changed, 38 insertions(+), 44 deletions(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml
index 4983d9b..e6ef38d 100644
--- a/hieradata/eqiad.yaml
+++ b/hieradata/eqiad.yaml
@@ -25,11 +25,11 @@
ocg::graylog_host: logstash1002.eqiad.wmnet
ocg::statsd_is_txstatsd: 1
# see modules/ocg/files/nagios/check_ocg_health for descriptions
-ocg::nagios::check::wjs: 40
-ocg::nagios::check::cjs: 80
-ocg::nagios::check::wrj: 500
-ocg::nagios::check::crj: 3000
-ocg::ganglia::module::data_filesystem: /srv
+ocg::nagios::wjs: 40
+ocg::nagios::cjs: 80
+ocg::nagios::wrj: 500
+ocg::nagios::crj: 3000
+ocg::ganglia::data_filesystem: /srv
#
# Labs
diff --git a/manifests/role/ocg.pp b/manifests/role/ocg.pp
index f287822..b130560 100644
--- a/manifests/role/ocg.pp
+++ b/manifests/role/ocg.pp
@@ -15,8 +15,8 @@
include passwords::redis
include ::ocg
-include ::ocg::nagios::check
-include ocg::ganglia::module
+include ::ocg::nagios
+include ::ocg::ganglia
file { $::ocg::temp_dir:
ensure = directory,
diff --git a/modules/ocg/manifests/ganglia/module.pp
b/modules/ocg/manifests/ganglia.pp
similarity index 75%
rename from modules/ocg/manifests/ganglia/module.pp
rename to modules/ocg/manifests/ganglia.pp
index 0c16275..e4525b5 100644
--- a/modules/ocg/manifests/ganglia/module.pp
+++ b/modules/ocg/manifests/ganglia.pp
@@ -1,11 +1,11 @@
-# == Class ocg::ganglia::module
+# == Class ocg::ganglia
# Includes the ocg.py ganglia module
# include this class on your OCG node.
#
-class ocg::ganglia::module (
-$tmp_filesystem = $::ocg::temp_dir,
-$data_filesystem = '/srv',
-) {
+class ocg::ganglia (
+$tmp_filesystem = $::ocg::temp_dir,
+$data_filesystem = '/srv',
+) {
file { '/usr/lib/ganglia/python_modules/ocg.py':
source = 'puppet:///modules/ocg/ganglia/ocg.py',
owner = 'root',
diff --git a/modules/ocg/manifests/nagios.pp b/modules/ocg/manifests/nagios.pp
new file mode 100644
index 000..c5e6e46
--- /dev/null
+++ b/modules/ocg/manifests/nagios.pp
@@ -0,0 +1,26 @@
+# == Class ocg::nagios
+# Sets up icinga alerts for an Offline Content Generator instance.
+#
+class ocg::nagios (
+$wjs, # warning job status queue messages i.e. 2
+$cjs, # critical job status queue messages i.e. 3
+$wrj, # warning render jobs queue messages i.e. 100
+$crj, # critical render jobs queue messages i.e. 500
+$url = 'http://localhost:8000/?command=health', # OCG health check URL
+) {
+
+include nrpe
+
+file { '/usr/lib/nagios/plugins/check_ocg_health':
+source = 'puppet:///modules/ocg/nagios/check_ocg_health',
+owner = 'root',
+group = 'root',
+mode= '0755',
+require = Package['nagios-plugins'],
+}
+
+nrpe::monitor_service { 'ocg_health':
+description = 'OCG health',
+nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs}
--cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}',
+}
+}
diff --git a/modules/ocg/manifests/nagios/check.pp
b/modules/ocg/manifests/nagios/check.pp
deleted file mode 100644
index bd071d7..000
--- a/modules/ocg/manifests/nagios/check.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-# == Class ocg::nagios::check
-# Sets up icinga alerts for an Offline Content Generator instance.
-#
-class ocg::nagios::check (
-$wjs, # warning job status queue messages i.e. 2
-$cjs, # critical job status queue messages i.e. 3
-$wrj, # warning render jobs queue messages i.e. 100
-$crj, # critical render jobs queue messages i.e. 500
-$url = 'http://localhost:8000/?command=health', # OCG health check URL
-) {
-include nrpe,
-ocg::nagios::plugin
-
-nrpe::monitor_service { 'ocg_health':
-description = 'OCG health',
-nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs}
--cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}',
-}
-
-}
diff --git a/modules/ocg/manifests/nagios/plugin.pp
b/modules/ocg/manifests/nagios/plugin.pp
deleted file mode 100644
index
[MediaWiki-commits] [Gerrit] setting scs-c8-codfw - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: setting scs-c8-codfw .. setting scs-c8-codfw karma sucks, lack of detail due to speed also resulted in a typo go me. Change-Id: If94fad3eae2824478f5f79306b6cc524c7adfbbb --- M templates/wmnet 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wmnet b/templates/wmnet index 3902dca..64474b2 100644 --- a/templates/wmnet +++ b/templates/wmnet @@ -2088,7 +2088,7 @@ re1.cr2-codfw 1H IN A10.193.0.13 scs-a1-codfw1H IN A10.193.0.14 scs-c1-codfw1H IN A10.193.0.15 -scs-c1-codfw1H IN A10.193.0.20 +scs-c8-codfw1H IN A10.193.0.20 ps1-a1-codfw1H IN A10.193.0.25 ps1-a2-codfw1H IN A10.193.0.26 -- To view, visit https://gerrit.wikimedia.org/r/175549 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If94fad3eae2824478f5f79306b6cc524c7adfbbb Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: RobH r...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] realm: remove pmtpa, add codfw - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: realm: remove pmtpa, add codfw
..
realm: remove pmtpa, add codfw
208.80.152.0/24 is codfw now and pmtpa's private address space is gone.
Change-Id: If6c4dbb88704cd4aa336027bf2fee0daf4b55e3e
---
M manifests/realm.pp
1 file changed, 2 insertions(+), 3 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/realm.pp b/manifests/realm.pp
index 01bbc47..add52af 100644
--- a/manifests/realm.pp
+++ b/manifests/realm.pp
@@ -24,10 +24,9 @@
}
$site = $main_ipaddress ? {
-/^208\.80\.152\./ = 'pmtpa',
+/^208\.80\.152\./ = 'codfw',
/^208\.80\.153\./ = 'codfw',
/^208\.80\.15[45]\./ = 'eqiad',
-/^10\.[0-4]\./= 'pmtpa',
/^10\.6[48]\./= 'eqiad',
/^10\.192\./ = 'codfw',
/^91\.198\.174\./ = 'esams',
@@ -55,7 +54,7 @@
'codfw' = [ '208.80.153.254', '208.80.154.239' ], # codfw - codfw, eqiad
'ulsfo' = [ '208.80.154.239', '208.80.153.254' ], # ulsfo - eqiad, codfw
'esams' = [ '91.198.174.6', '208.80.154.239' ], # esams - esams
(nescio, not LVS), eqiad
-default = [ '208.80.154.239', '208.80.153.254' ], # pmtpa? - eqiad, codfw
+default = [ '208.80.154.239', '208.80.153.254' ], # - eqiad, codfw
}
$domain_search = $domain
--
To view, visit https://gerrit.wikimedia.org/r/173476
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If6c4dbb88704cd4aa336027bf2fee0daf4b55e3e
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn dz...@wikimedia.org
Gerrit-Reviewer: BBlack bbl...@wikimedia.org
Gerrit-Reviewer: Dzahn dz...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: John F. Lewis johnflewi...@gmail.com
Gerrit-Reviewer: Matanya mata...@foss.co.il
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: kill geoliteupdate in favor of geoipupdate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: geoip: kill geoliteupdate in favor of geoipupdate
..
geoip: kill geoliteupdate in favor of geoipupdate
MaxMind's geoipupdate mechanism has a hidden feature that MaxMind
themselves pointed me to: GeoLite databases have their own
updates.maxmind.com product codes and there is a special UserID of
99 with a LicenseKey of that has privileges to download
them.
Kill geoliteupdate in favor of using geoipupdate across the board. This
brings us a similar update mechanism for production Labs, plus a
better program to fetch updates, as this one also does MD5 checks etc.
Change-Id: I34fb5b2d5253a9161d3c86c2e92375049c241775
---
D modules/geoip/files/geoliteupdate
D modules/geoip/manifests/data/lite.pp
M modules/geoip/manifests/data/maxmind.pp
M modules/puppet/manifests/self/geoip.pp
M modules/puppetmaster/manifests/geoip.pp
5 files changed, 47 insertions(+), 149 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/geoip/files/geoliteupdate
b/modules/geoip/files/geoliteupdate
deleted file mode 100644
index a5e1792..000
--- a/modules/geoip/files/geoliteupdate
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/sh
-
-# This is based on geoip-database-contrib_update from Debian's
-# geoip-database-contrib package. The original source can be found at
-# http://git.debian.org/?p=collab-maint/geoip-database-contrib.git
-# and is
-# Copyright: 2010/2013, Ludovico Cavedon cave...@debian.org
-# Patrick Matthäi pmatth...@debian.org
-# License: GPL-2+
-#
-# It was modified by Faidon Liambotis for use by the Wikimedia Foundation
-
-DESTDIR=$1
-if [ ! -d $DESTDIR ]; then
- echo Usage: $0 destdir
- exit 1
-fi
-
-GEOIP_URL=http://geolite.maxmind.com/download/geoip/database;
-
-FAILED=0
-
-for url in \
-$GEOIP_URL/GeoLiteCountry/GeoIP.dat.gz \
-$GEOIP_URL/GeoIPv6.dat.gz \
-$GEOIP_URL/GeoLiteCity.dat.gz \
-$GEOIP_URL/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz \
-$GEOIP_URL/asnum/GeoIPASNum.dat.gz \
-$GEOIP_URL/asnum/GeoIPASNumv6.dat.gz \
-$GEOIP_URL/GeoLite2-Country \
-$GEOIP_URL/GeoLite2-City.mmdb.gz
-do
-echo Downloading: $url
-
-# Download file in the same directory as the final one so that the mv
-# below can be atomic.
-TEMPGZ=$(mktemp --tmpdir=$DESTDIR/ --suffix=.gz)
-TEMP=${TEMPGZ%.gz}
-FILEGZ=$(basename $url)
-FILE=${FILEGZ%.gz}
-
-# MaxMind is being totally inconsistent and names both GeoIP Country and
-# GeoLite Country with the same file. Explicitly rename this to
-# GeoLite.dat, so that we can happily coexist with geoipupdate.
-case $FILE in
-GeoIP.dat)
-FILE=GeoLite.dat
-;;
-esac
-
-/usr/bin/wget -q -t3 -T15 $url -O $TEMPGZ
-
-if [ $? != 0 ]
-then
-echo Failed to download $url
-else
-/bin/gunzip -f $TEMPGZ
-
-if [ $? != 0 ]
-then
-echo Failed to decompress $FILEGZ
-else
-rm -f $DESTDIR/$FILE
-mv $TEMP $DESTDIR/$FILE
-chmod 644 $DESTDIR/$FILE
-fi
-fi
-
-rm -f $TEMP $TEMPGZ
-done
-
-exit 0
diff --git a/modules/geoip/manifests/data/lite.pp
b/modules/geoip/manifests/data/lite.pp
deleted file mode 100644
index e78ad21..000
--- a/modules/geoip/manifests/data/lite.pp
+++ /dev/null
@@ -1,55 +0,0 @@
-# == Class geoip::data::lite
-# Installs Maxmind GeoLite database files by downloading them from Maxmind with
-# a wget wrapper script. This also installs a cron job to do this weekly.
-#
-# == Parameters
-# $data_directory - Where the data files should live.
-# $environment- The environment parameter to pass to exec and cron for the
-# geoliteupdate download command. default: undef
-
-class geoip::data::lite(
- $data_directory = '/usr/share/GeoIP',
- $environment= undef)
-{
- if ! defined(File[$data_directory]) {
-file { $data_directory:
- ensure = directory,
-}
- }
-
- file { '/usr/local/bin/geoliteupdate':
-ensure = present,
-mode = '0555',
-owner = 'root',
-group = 'root',
-source = 'puppet:///modules/geoip/geoliteupdate',
- }
-
- $geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory}
-
- # run once on the first instantiation of this class
- exec { 'geoliteupdate':
-command = $geoliteupdate_command,
-refreshonly = true,
-subscribe = File['/usr/local/bin/geoliteupdate'],
-require = File[$data_directory],
- }
-
- # Set up a cron to run geoliteupdate weekly.
- cron { 'geoliteupdate':
-ensure = present,
-command = ${geoliteupdate_command} /dev/null,
-user= 'root',
-weekday = 0,
-hour= 3,
-minute = 30,
-require = File[$data_directory],
- }
-
- # if $environment was
[MediaWiki-commits] [Gerrit] Kill all (outdated) references to pmtpa - change (operations/dns)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/171265
Change subject: Kill all (outdated) references to pmtpa
..
Kill all (outdated) references to pmtpa
Change-Id: I1ca1a156396ab6c244c5bf86e1488a15a38b9309
---
M templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
M templates/10.in-addr.arpa
M templates/152.80.208.in-addr.arpa
M templates/154.80.208.in-addr.arpa
M templates/wikimedia.org
M templates/wmnet
7 files changed, 2 insertions(+), 225 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/dns
refs/changes/65/171265/1
diff --git a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
index 6ec1775..4610062 100644
--- a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
+++ b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
@@ -160,6 +160,3 @@
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr1-codfw.wikimedia.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-codfw.wikimedia.org.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR pim-rp.wikimedia.org.
-
-5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-pmtpa.wikimedia.org.
-
diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
index f5668ae..9a440e6 100644
--- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
+++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
@@ -257,17 +257,9 @@
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr1-eqiad.wikimedia.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr2-eqiad.wikimedia.org.
-; cr1-eqiad -- cr2-pmtpa (2620:0:861:fe01::/64)
+; unassigned (2620:0:861:fe01::/64)
-$ORIGIN 1.0.e.f.{{ zonename }}.
-1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr1-eqiad.wikimedia.org.
-2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-0-0-0.cr2-pmtpa.wikimedia.org.
-
-; cr2-eqiad -- cr2-pmtpa (2620:0:861:fe02::/64)
-
-$ORIGIN 2.0.e.f.{{ zonename }}.
-1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr2-eqiad.wikimedia.org.
-2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-1-1-0.cr2-pmtpa.wikimedia.org.
+; unassigned (2620:0:861:fe02::/64)
; cr2-eqiad -- cr2-knams GRE (2620:0:861:fe03::/64)
diff --git a/templates/10.in-addr.arpa b/templates/10.in-addr.arpa
index 3834f0c..65222ee 100644
--- a/templates/10.in-addr.arpa
+++ b/templates/10.in-addr.arpa
@@ -14,90 +14,6 @@
1D IN NS ns1.wikimedia.org.
1D IN NS ns2.wikimedia.org.
-; 10.0.0.0/12 - pmtpa
-
-; 10.0.0.0/16 - pmtpa private vlan
-
-; Servers
-
-$ORIGIN 0.0.{{ zonename }}.
-
-200 1H IN PTR vrrp-gw-2.pmtpa.wmnet.
-202 1H IN PTR ae0-2.cr2-pmtpa.wikimedia.org.
-
-; asw* DEPRECATED, put in management network
-$ORIGIN 1.0.{{ zonename }}.
-
-{% for i in range(1, 10) %}
-{{ i }} 1H IN PTR asw{{ i }}-pmtpa.pmtpa.wmnet.
-{%- endfor %}
-
-; srv*
-
-$ORIGIN 2.0.{{ zonename }}.
-
-$ORIGIN 3.0.{{ zonename }}.
-
-; Service IPs
-
-$ORIGIN 5.0.{{ zonename }}.
-
-6 1H IN PTR dns-r0.pmtpa.wmnet.
-7 1H IN PTR dns-r1.pmtpa.wmnet.
-8 1H IN PTR nfs-home.pmtpa.wmnet.
-
-; Databases
-
-$ORIGIN 6.0.{{ zonename }}.
-
-; Management (pmtpa)
-
-$ORIGIN 1.{{ zonename }}.
-
-; Network equipment
-
-$ORIGIN 1.1.{{ zonename }}.
-
-3 1H IN PTR asw-c3-pmtpa.mgmt.pmtpa.wmnet.
-4 1H IN PTR asw-c4-pmtpa.mgmt.pmtpa.wmnet.
-7 1H IN PTR asw-a2-pmtpa.mgmt.pmtpa.wmnet.
-15 1H IN PTR msw1-pmtpa.mgmt.pmtpa.wmnet.
-18 1H IN PTR cr2-pmtpa.mgmt.pmtpa.wmnet.
-
-21 1H IN PTR asw-d-pmtpa.mgmt.pmtpa.wmnet.
-22 1H IN PTR asw-d1-pmtpa.mgmt.pmtpa.wmnet.
-23 1H IN PTR asw-d2-pmtpa.mgmt.pmtpa.wmnet.
-24 1H IN PTR asw-d3-pmtpa.mgmt.pmtpa.wmnet.
-25 1H IN PTR msw2-pmtpa.mgmt.pmtpa.wmnet.
-
-; Supportive management infrastructure
-
-$ORIGIN 2.1.{{ zonename }}.
-
-2 1H IN PTR scs-d1-pmtpa.mgmt.pmtpa.wmnet.
-3 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet.
-
-$ORIGIN 3.1.{{ zonename }}.
-
-; Search Servers
-$ORIGIN 4.1.{{ zonename }}.
-
-; Power Distribution Units
-
-$ORIGIN 5.1.{{ zonename }}.
-
-; Database Servers
-$ORIGIN 6.1.{{ zonename }}.
-
-; Media Servers SSL Servers ES Servers Memcached Servers
-$ORIGIN 7.1.{{ zonename }}.
-
-; Misc. Services Server Project
-$ORIGIN 8.1.{{ zonename }}.
-
-; Apaches pool (srv251+)
-$ORIGIN 9.1.{{ zonename }}.
-
; codfw svc ips
$ORIGIN 1.2.{{ zonename }}.
@@ -149,39 +65,6 @@
24 1H IN PTR upload.svc.ulsfo.wmnet.
25 1H IN PTR text.svc.ulsfo.wmnet.
26 1H IN PTR mobile.svc.ulsfo.wmnet.
-
-; labs svc ips
-
-$ORIGIN 128.2.{{ zonename }}.
-
-; Various small assignments
-
-$ORIGIN 0.3.{{ zonename }}.
-
-; Cross link between cr2-pmtpa and mr1-pmtpa: 10.3.0.8/30
-
-9 1H IN PTR ae0-402.cr2-pmtpa.wikimedia.org.
-10 1H IN PTR fe-0-0-2-402.mr1-pmtpa.wikimedia.org.
-
-; Loopbacks 10.3.0.12/30
-
-12 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet.
-
-; pmtpa wireless access network 10.3.1.0/24
-1 1H IN PTR fe-0-0-3.mr1-pmtpa.wikimedia.org.
-2 1H IN PTR
[MediaWiki-commits] [Gerrit] Allocate frack-codfw - change (operations/dns)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/171266 Change subject: Allocate frack-codfw .. Allocate frack-codfw Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe --- M templates/152.80.208.in-addr.arpa 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/dns refs/changes/66/171266/1 diff --git a/templates/152.80.208.in-addr.arpa b/templates/152.80.208.in-addr.arpa index 0186726..0b1474e 100644 --- a/templates/152.80.208.in-addr.arpa +++ b/templates/152.80.208.in-addr.arpa @@ -14,6 +14,8 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. +; 208.80.152.224/28 frack-codfw (208.80.152.224 - 208.80.152.239) + ; 208.80.152.240/28 sandbox1-a-codfw (208.80.152.240 - 208.80.152.255) 241 1H IN PTR vrrp-gw-2201.wikimedia.org. 242 1H IN PTR ae1-2201.cr1-codfw.wikimedia.org. -- To view, visit https://gerrit.wikimedia.org/r/171266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Kill all (outdated) references to pmtpa - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged.
Change subject: Kill all (outdated) references to pmtpa
..
Kill all (outdated) references to pmtpa
Change-Id: I1ca1a156396ab6c244c5bf86e1488a15a38b9309
---
M templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
M templates/10.in-addr.arpa
M templates/152.80.208.in-addr.arpa
M templates/154.80.208.in-addr.arpa
M templates/wikimedia.org
M templates/wmnet
7 files changed, 2 insertions(+), 225 deletions(-)
Approvals:
Mark Bergsma: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
index 6ec1775..4610062 100644
--- a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
+++ b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
@@ -160,6 +160,3 @@
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr1-codfw.wikimedia.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-codfw.wikimedia.org.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR pim-rp.wikimedia.org.
-
-5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-pmtpa.wikimedia.org.
-
diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
index f5668ae..9a440e6 100644
--- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
+++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa
@@ -257,17 +257,9 @@
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr1-eqiad.wikimedia.org.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr2-eqiad.wikimedia.org.
-; cr1-eqiad -- cr2-pmtpa (2620:0:861:fe01::/64)
+; unassigned (2620:0:861:fe01::/64)
-$ORIGIN 1.0.e.f.{{ zonename }}.
-1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr1-eqiad.wikimedia.org.
-2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-0-0-0.cr2-pmtpa.wikimedia.org.
-
-; cr2-eqiad -- cr2-pmtpa (2620:0:861:fe02::/64)
-
-$ORIGIN 2.0.e.f.{{ zonename }}.
-1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr2-eqiad.wikimedia.org.
-2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-1-1-0.cr2-pmtpa.wikimedia.org.
+; unassigned (2620:0:861:fe02::/64)
; cr2-eqiad -- cr2-knams GRE (2620:0:861:fe03::/64)
diff --git a/templates/10.in-addr.arpa b/templates/10.in-addr.arpa
index 3834f0c..65222ee 100644
--- a/templates/10.in-addr.arpa
+++ b/templates/10.in-addr.arpa
@@ -14,90 +14,6 @@
1D IN NS ns1.wikimedia.org.
1D IN NS ns2.wikimedia.org.
-; 10.0.0.0/12 - pmtpa
-
-; 10.0.0.0/16 - pmtpa private vlan
-
-; Servers
-
-$ORIGIN 0.0.{{ zonename }}.
-
-200 1H IN PTR vrrp-gw-2.pmtpa.wmnet.
-202 1H IN PTR ae0-2.cr2-pmtpa.wikimedia.org.
-
-; asw* DEPRECATED, put in management network
-$ORIGIN 1.0.{{ zonename }}.
-
-{% for i in range(1, 10) %}
-{{ i }} 1H IN PTR asw{{ i }}-pmtpa.pmtpa.wmnet.
-{%- endfor %}
-
-; srv*
-
-$ORIGIN 2.0.{{ zonename }}.
-
-$ORIGIN 3.0.{{ zonename }}.
-
-; Service IPs
-
-$ORIGIN 5.0.{{ zonename }}.
-
-6 1H IN PTR dns-r0.pmtpa.wmnet.
-7 1H IN PTR dns-r1.pmtpa.wmnet.
-8 1H IN PTR nfs-home.pmtpa.wmnet.
-
-; Databases
-
-$ORIGIN 6.0.{{ zonename }}.
-
-; Management (pmtpa)
-
-$ORIGIN 1.{{ zonename }}.
-
-; Network equipment
-
-$ORIGIN 1.1.{{ zonename }}.
-
-3 1H IN PTR asw-c3-pmtpa.mgmt.pmtpa.wmnet.
-4 1H IN PTR asw-c4-pmtpa.mgmt.pmtpa.wmnet.
-7 1H IN PTR asw-a2-pmtpa.mgmt.pmtpa.wmnet.
-15 1H IN PTR msw1-pmtpa.mgmt.pmtpa.wmnet.
-18 1H IN PTR cr2-pmtpa.mgmt.pmtpa.wmnet.
-
-21 1H IN PTR asw-d-pmtpa.mgmt.pmtpa.wmnet.
-22 1H IN PTR asw-d1-pmtpa.mgmt.pmtpa.wmnet.
-23 1H IN PTR asw-d2-pmtpa.mgmt.pmtpa.wmnet.
-24 1H IN PTR asw-d3-pmtpa.mgmt.pmtpa.wmnet.
-25 1H IN PTR msw2-pmtpa.mgmt.pmtpa.wmnet.
-
-; Supportive management infrastructure
-
-$ORIGIN 2.1.{{ zonename }}.
-
-2 1H IN PTR scs-d1-pmtpa.mgmt.pmtpa.wmnet.
-3 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet.
-
-$ORIGIN 3.1.{{ zonename }}.
-
-; Search Servers
-$ORIGIN 4.1.{{ zonename }}.
-
-; Power Distribution Units
-
-$ORIGIN 5.1.{{ zonename }}.
-
-; Database Servers
-$ORIGIN 6.1.{{ zonename }}.
-
-; Media Servers SSL Servers ES Servers Memcached Servers
-$ORIGIN 7.1.{{ zonename }}.
-
-; Misc. Services Server Project
-$ORIGIN 8.1.{{ zonename }}.
-
-; Apaches pool (srv251+)
-$ORIGIN 9.1.{{ zonename }}.
-
; codfw svc ips
$ORIGIN 1.2.{{ zonename }}.
@@ -149,39 +65,6 @@
24 1H IN PTR upload.svc.ulsfo.wmnet.
25 1H IN PTR text.svc.ulsfo.wmnet.
26 1H IN PTR mobile.svc.ulsfo.wmnet.
-
-; labs svc ips
-
-$ORIGIN 128.2.{{ zonename }}.
-
-; Various small assignments
-
-$ORIGIN 0.3.{{ zonename }}.
-
-; Cross link between cr2-pmtpa and mr1-pmtpa: 10.3.0.8/30
-
-9 1H IN PTR ae0-402.cr2-pmtpa.wikimedia.org.
-10 1H IN PTR fe-0-0-2-402.mr1-pmtpa.wikimedia.org.
-
-; Loopbacks 10.3.0.12/30
-
-12 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet.
-
-; pmtpa wireless access network 10.3.1.0/24
-1 1H IN PTR
[MediaWiki-commits] [Gerrit] Allocate frack-codfw - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Allocate frack-codfw .. Allocate frack-codfw Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe --- M templates/152.80.208.in-addr.arpa 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Mark Bergsma: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/152.80.208.in-addr.arpa b/templates/152.80.208.in-addr.arpa index 0186726..0b1474e 100644 --- a/templates/152.80.208.in-addr.arpa +++ b/templates/152.80.208.in-addr.arpa @@ -14,6 +14,8 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. +; 208.80.152.224/28 frack-codfw (208.80.152.224 - 208.80.152.239) + ; 208.80.152.240/28 sandbox1-a-codfw (208.80.152.240 - 208.80.152.255) 241 1H IN PTR vrrp-gw-2201.wikimedia.org. 242 1H IN PTR ae1-2201.cr1-codfw.wikimedia.org. -- To view, visit https://gerrit.wikimedia.org/r/171266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] varnish: allow POST for EventLogging on bits - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: varnish: allow POST for EventLogging on bits
..
varnish: allow POST for EventLogging on bits
The sendBeacon W3C API works by issuing POSTs to EventLogging URLs.
Currently, we issue a method not allowed on POSTs; while that would
still work with EventLogging (as neither the browser nor EL would care
about the status code), this would elevate our error statistics. Handle
this case by moving the conditional block and thus allowing POSTs
specifically for event.gif.
RT: 8612
Change-Id: I7d752d1fe84620ed64101d6bece7631057a8a3e6
---
M templates/varnish/bits.inc.vcl.erb
1 file changed, 5 insertions(+), 4 deletions(-)
Approvals:
Ori.livneh: Looks good to me, but someone else must approve
Nuria: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/varnish/bits.inc.vcl.erb
b/templates/varnish/bits.inc.vcl.erb
index 769f5e4..3d962cf 100644
--- a/templates/varnish/bits.inc.vcl.erb
+++ b/templates/varnish/bits.inc.vcl.erb
@@ -23,7 +23,10 @@
% end -%
sub vcl_recv {
- /* Since we are allowing POST at wikimedia3.vcl.erb, disallow here */
+ if (req.url ~ ^/event\.gif) {
+ error 204;
+ }
+
if (req.request == POST) {
error 403 HTTP method not allowed.;
}
@@ -41,15 +44,13 @@
}
if (req.http.host == %= cluster_options.fetch( bits_domain,
bits.wikimedia.org )%) {
- if (req.url ~ ^/event\.gif) {
- error 204;
- }
/* For https-only wikis, the redirect from http to https for bits
assets should occur
in varnish instead of apache, since the apache redirect and
mediawiki doesn't
vary by protocol. This can result in a redirect loop and assets
not loading. */
if ( req.url ~
^/(auditcom|boardgovcom|board|chair|chapcom|checkuser|collab|donate|exec|fdc|grants|internal|movementroles|nomcom|office|otrs-wiki|searchcom|spcom|steward|wikimaniateam)\.wikimedia\.org/
req.http.X-Forwarded-Proto != https ) {
error 301 https://%= cluster_options.fetch(
bits_domain, bits.wikimedia.org )% + req.url;
}
+
% if cluster_options.fetch( enable_geoiplookup, false ) -%
if (req.url == /geoiplookup) {
error 666 geoiplookup;
--
To view, visit https://gerrit.wikimedia.org/r/170883
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I7d752d1fe84620ed64101d6bece7631057a8a3e6
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: BBlack bbl...@wikimedia.org
Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org
Gerrit-Reviewer: Nuria nu...@wikimedia.org
Gerrit-Reviewer: Ori.livneh o...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Expose Content-Range response header for CORS requests on up... - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Expose Content-Range response header for CORS requests on upload .. Expose Content-Range response header for CORS requests on upload When a client submits an HTTP request with 'Range' header, the actual range returned, including the total file size, comes back in the 'Content-Range' response header. Naturally, this doesn't get automatically exposed in cross-origin requests and must be explicitly listed in the OPTIONS response. Yay CORS! Exposing this will let ogv.js eliminate an extra HEAD request to get the total file size, and allows validation of the ranges to check for a Safari caching bug https://bugs.webkit.org/show_bug.cgi?id=82672 without adding a cachebuster query string on every request. Change-Id: I35d51c66814fd23972c8044208b1545b8e20f464 --- M templates/varnish/upload-frontend.inc.vcl.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/varnish/upload-frontend.inc.vcl.erb b/templates/varnish/upload-frontend.inc.vcl.erb index 62257d9..bbcf905 100644 --- a/templates/varnish/upload-frontend.inc.vcl.erb +++ b/templates/varnish/upload-frontend.inc.vcl.erb @@ -117,5 +117,5 @@ } set resp.http.Access-Control-Allow-Origin = *; - set resp.http.Access-Control-Expose-Headers = Age, Date, Content-Length, X-Content-Duration, X-Cache, X-Varnish; + set resp.http.Access-Control-Expose-Headers = Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish; } -- To view, visit https://gerrit.wikimedia.org/r/171502 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I35d51c66814fd23972c8044208b1545b8e20f464 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Brion VIBBER br...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Increase max file size of url downloader proxy to 1010mb - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Increase max file size of url downloader proxy to 1010mb .. Increase max file size of url downloader proxy to 1010mb If you look at git show b06baad758aca^:modules/url-downloader/files/copy-by-url-proxy.conf you will notice a code comment saying make it slightly larger than the max upload size. Since that time the max upload size has increased to 1000mb, so increase this limit in turn. Of course people trying to upload 1 gb big files may still run into various timeouts. Bug: 73200 Change-Id: Ib83d9dbfe87ea4e3d673b712aa3d8d3727c9ce36 --- M modules/url_downloader/templates/squid.conf.erb 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/url_downloader/templates/squid.conf.erb b/modules/url_downloader/templates/squid.conf.erb index ed3c304..aabc11e 100644 --- a/modules/url_downloader/templates/squid.conf.erb +++ b/modules/url_downloader/templates/squid.conf.erb @@ -16,7 +16,7 @@ acl everything src all cache deny everything acl apache rep_header Server ^Apache -maximum_object_size 510 MB +maximum_object_size 1010 MB cache_replacement_policy heap LFUDA access_log /var/log/%= @package_name %/access.log squid log_mime_hdrs on @@ -78,11 +78,11 @@ tcp_outgoing_address %= @service_ip % %- if @package_name == 'squid' -% -reply_body_max_size 534773760 allow all +reply_body_max_size 1059061760 allow all cache_dir null /tmp broken_vary_encoding allow apache %- else -% -reply_body_max_size 510 MB all +reply_body_max_size 1010 MB all %- end -% cache_mgr r...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/172120 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib83d9dbfe87ea4e3d673b712aa3d8d3727c9ce36 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Brian Wolff bawolff...@gmail.com Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Giuseppe Lavagetto glavage...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: switch data::maxmind to geoiupdate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/172444
Change subject: geoip: switch data::maxmind to geoiupdate
..
geoip: switch data::maxmind to geoiupdate
geoipupdate was forked off the GeoIP distribution and is maintained
separately. The newer version supports GeoIP2 databases, HTTPS, as well
as setting a proxy from the configuration file.
geoipupdate packages have been backported and are already in apt for
both precise and trusty.
Change-Id: I926b488c320035f591518d817ef6234c61889dbb
---
M modules/geoip/manifests/data/maxmind.pp
M modules/geoip/templates/GeoIP.conf.erb
M modules/puppetmaster/manifests/geoip.pp
3 files changed, 29 insertions(+), 27 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/44/172444/1
diff --git a/modules/geoip/manifests/data/maxmind.pp
b/modules/geoip/manifests/data/maxmind.pp
index 62ae383..70f0055 100644
--- a/modules/geoip/manifests/data/maxmind.pp
+++ b/modules/geoip/manifests/data/maxmind.pp
@@ -5,12 +5,11 @@
#
# == Parameters
# $data_directory - Where the data files should live.
-# $environment- The environment parameter to pass to exec and cron for the
-# geoipupdate download command. default: undef
# $license_key- MaxMind license key. Required.
# $user_id- MaxMind user id. Required.
# $product_ids- Array of MaxMind product ids to specify which data files
# to download. default: [106] (Country)
+# $proxy - Proxy server to use to fetch files. Optional.
# == Example
# You can use this class on your puppetmaster to stick the GeoIP .dat files
# into a fileserver module. Once the files are there, you can use the
@@ -29,13 +28,14 @@
#
class geoip::data::maxmind(
$data_directory = '/usr/share/GeoIP',
- $environment= undef,
$license_key= false,
$user_id= false,
- $product_ids= [106])
-{
- # we need the geoipupdate binary from geoip-bin
- require geoip::bin
+ $product_ids= [106],
+ $proxy = undef
+) {
+ package { 'geoipupdate':
+ensure = present,
+ }
if ! defined(File[$data_directory]) {
file { $data_directory:
@@ -57,22 +57,23 @@
# command to run to update the GeoIP database files
$geoipupdate_command = /usr/bin/geoipupdate -f ${config_file} -d
${data_directory}
- # Go ahead and exec geoipupdate now, so that
- # we can be sure we have these files if
- # this is the first time puppetmaster is
- # running this class.
+ # Go ahead and exec geoipupdate now, so that we can be sure we have these
+ # files if this is the first time puppetmaster is running this class.
exec { 'geoipupdate':
command = $geoipupdate_command,
refreshonly = true,
subscribe = File[$config_file],
-# geoipupdate comes from package geoip-bin
-require = [Package['geoip-bin'], File[$config_file],
File[$data_directory]],
+require = [
+Package['geoipupdate'],
+File[$config_file],
+File[$data_directory]
+],
}
$geoipupdate_log = '/var/log/geoipupdate.log'
- # Set up a cron to run geoipupdate weekly.
- # This will download .dat files for the specified
- # Maxmind Product IDs.
+
+ # Set up a cron to run geoipupdate weekly. This will download .dat files for
+ # the specified MaxMind Product IDs.
cron { 'geoipupdate':
ensure = present,
command = /bin/echo -e \\$(/bin/date): geoipupdate downloading
MaxMind .dat files into ${data_directory}\ ${geoipupdate_log}
${geoipupdate_command} /var/log/geoipupdate.log,
@@ -80,19 +81,16 @@
weekday = 0,
hour= 3,
minute = 30,
-require = [Package['geoip-bin'], File[$config_file],
File[$data_directory]],
+require = [
+Package['geoipupdate'],
+File[$config_file],
+File[$data_directory]
+],
}
# logrotate for geoipupdate.log
file { '/etc/logrotate.d/geoipupdate':
content = template('geoip/geoipupdate.logrotate.erb'),
require = Cron['geoipupdate'],
- }
-
- # if $environment was passed in,
- # set it on the geoipupdate commands
- if ($environment != undef) {
-Exec['geoipupdate'] { environment = $environment }
-Cron['geoipupdate'] { environment = $environment }
}
}
diff --git a/modules/geoip/templates/GeoIP.conf.erb
b/modules/geoip/templates/GeoIP.conf.erb
index 9bc3b458..c527e46 100644
--- a/modules/geoip/templates/GeoIP.conf.erb
+++ b/modules/geoip/templates/GeoIP.conf.erb
@@ -19,3 +19,7 @@
# 133 - GeoIPCity.datCity database
# 115 - GeoIPRegion.dat Region database
ProductIds %= @product_ids.join(' ') %
+
+% if @proxy then -%
+Proxy %= @proxy %
+% end -%
diff --git a/modules/puppetmaster/manifests/geoip.pp
b/modules/puppetmaster/manifests/geoip.pp
index 292e9e3..8539ab1 100644
--- a/modules/puppetmaster/manifests/geoip.pp
+++
[MediaWiki-commits] [Gerrit] geoip: switch data::maxmind to geoipupdate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged.
Change subject: geoip: switch data::maxmind to geoipupdate
..
geoip: switch data::maxmind to geoipupdate
geoipupdate was forked off the GeoIP distribution and is maintained
separately. The newer version supports GeoIP2 databases, HTTPS, as well
as setting a proxy from the configuration file.
geoipupdate packages have been backported and are already in apt for
both precise and trusty.
Change-Id: I926b488c320035f591518d817ef6234c61889dbb
---
M modules/geoip/manifests/data/maxmind.pp
M modules/geoip/templates/GeoIP.conf.erb
M modules/puppetmaster/manifests/geoip.pp
3 files changed, 29 insertions(+), 27 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/geoip/manifests/data/maxmind.pp
b/modules/geoip/manifests/data/maxmind.pp
index 62ae383..70f0055 100644
--- a/modules/geoip/manifests/data/maxmind.pp
+++ b/modules/geoip/manifests/data/maxmind.pp
@@ -5,12 +5,11 @@
#
# == Parameters
# $data_directory - Where the data files should live.
-# $environment- The environment parameter to pass to exec and cron for the
-# geoipupdate download command. default: undef
# $license_key- MaxMind license key. Required.
# $user_id- MaxMind user id. Required.
# $product_ids- Array of MaxMind product ids to specify which data files
# to download. default: [106] (Country)
+# $proxy - Proxy server to use to fetch files. Optional.
# == Example
# You can use this class on your puppetmaster to stick the GeoIP .dat files
# into a fileserver module. Once the files are there, you can use the
@@ -29,13 +28,14 @@
#
class geoip::data::maxmind(
$data_directory = '/usr/share/GeoIP',
- $environment= undef,
$license_key= false,
$user_id= false,
- $product_ids= [106])
-{
- # we need the geoipupdate binary from geoip-bin
- require geoip::bin
+ $product_ids= [106],
+ $proxy = undef
+) {
+ package { 'geoipupdate':
+ensure = present,
+ }
if ! defined(File[$data_directory]) {
file { $data_directory:
@@ -57,22 +57,23 @@
# command to run to update the GeoIP database files
$geoipupdate_command = /usr/bin/geoipupdate -f ${config_file} -d
${data_directory}
- # Go ahead and exec geoipupdate now, so that
- # we can be sure we have these files if
- # this is the first time puppetmaster is
- # running this class.
+ # Go ahead and exec geoipupdate now, so that we can be sure we have these
+ # files if this is the first time puppetmaster is running this class.
exec { 'geoipupdate':
command = $geoipupdate_command,
refreshonly = true,
subscribe = File[$config_file],
-# geoipupdate comes from package geoip-bin
-require = [Package['geoip-bin'], File[$config_file],
File[$data_directory]],
+require = [
+Package['geoipupdate'],
+File[$config_file],
+File[$data_directory]
+],
}
$geoipupdate_log = '/var/log/geoipupdate.log'
- # Set up a cron to run geoipupdate weekly.
- # This will download .dat files for the specified
- # Maxmind Product IDs.
+
+ # Set up a cron to run geoipupdate weekly. This will download .dat files for
+ # the specified MaxMind Product IDs.
cron { 'geoipupdate':
ensure = present,
command = /bin/echo -e \\$(/bin/date): geoipupdate downloading
MaxMind .dat files into ${data_directory}\ ${geoipupdate_log}
${geoipupdate_command} /var/log/geoipupdate.log,
@@ -80,19 +81,16 @@
weekday = 0,
hour= 3,
minute = 30,
-require = [Package['geoip-bin'], File[$config_file],
File[$data_directory]],
+require = [
+Package['geoipupdate'],
+File[$config_file],
+File[$data_directory]
+],
}
# logrotate for geoipupdate.log
file { '/etc/logrotate.d/geoipupdate':
content = template('geoip/geoipupdate.logrotate.erb'),
require = Cron['geoipupdate'],
- }
-
- # if $environment was passed in,
- # set it on the geoipupdate commands
- if ($environment != undef) {
-Exec['geoipupdate'] { environment = $environment }
-Cron['geoipupdate'] { environment = $environment }
}
}
diff --git a/modules/geoip/templates/GeoIP.conf.erb
b/modules/geoip/templates/GeoIP.conf.erb
index 9bc3b458..475b877 100644
--- a/modules/geoip/templates/GeoIP.conf.erb
+++ b/modules/geoip/templates/GeoIP.conf.erb
@@ -19,3 +19,7 @@
# 133 - GeoIPCity.datCity database
# 115 - GeoIPRegion.dat Region database
ProductIds %= @product_ids.join(' ') %
+
+% if @proxy -%
+Proxy %= @proxy %
+% end -%
diff --git a/modules/puppetmaster/manifests/geoip.pp
b/modules/puppetmaster/manifests/geoip.pp
index 292e9e3..8539ab1 100644
--- a/modules/puppetmaster/manifests/geoip.pp
+++ b/modules/puppetmaster/manifests/geoip.pp
@@ -4,7 +4,7 @@
