[MediaWiki-commits] [Gerrit] Add librenms module and role class apply it - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106694 Change subject: Add librenms module and role class apply it .. Add librenms module and role class apply it LibreNMS is a GPL Observium fork. Sets up Apache, user accounts, cron jobs and provisions via Trebuchet from an internal git mirror. Change-Id: I61073f915b8c5a5b26b28c60b6888563a268c6b1 --- M manifests/role/deployment.pp A manifests/role/librenms.pp M manifests/site.pp A modules/librenms/files/logrotate A modules/librenms/lib/puppet/parser/functions/phpdump.rb A modules/librenms/manifests/init.pp A modules/librenms/templates/config.php.erb 7 files changed, 211 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/94/106694/1 diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp index 6d32a44..784048a 100644 --- a/manifests/role/deployment.pp +++ b/manifests/role/deployment.pp @@ -133,6 +133,10 @@ 'grain'= 'scholarships', 'upstream' = 'https://gerrit.wikimedia.org/r/wikimedia/wikimania-scholarships', }, +'librenms/librenms' = { +'grain'= 'librenms', +'upstream' = 'https://gerrit.wikimedia.org/r/operations/software/librenms', +}, } } diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp new file mode 100644 index 000..f817ee4 --- /dev/null +++ b/manifests/role/librenms.pp @@ -0,0 +1,65 @@ +class role::librenms { +system::role { 'librenms': description = 'LibreNMS server' } + +include network::constants +include passwords::mysql::librenms +include passwords::network + +$hostname = 'librenms.wikimedia.org' + +deployment::target { 'librenms': } +$install_dir = '/srv/deployment/librenms/librenms' + +$config = { +'install_dir' = $install_dir, +'html_dir' = ${install_dir}/html, +'log_file' = '/var/log/librenms.log', +'rrd_dir' = '/srv/librenms/rrd', + +'db_host' = 'db1001.eqiad.wmnet', +'db_user' = $passwords::mysql::librenms::user, +'db_pass' = $passwords::mysql::librenms::pass, +'db_name' = 'librenms', + +'snmp' = { +'community' = [ $passwords::network::snmp ], +}, + +'enable_inventory' = 1, +'enable_syslog'= 1, +'email_backend'= 'sendmail', +'alerts' = { +'port_util_alert' = true, +'port_util_perc' = 85, +'email' = { +'default' = 'n...@wikimedia.org', +'enable' = true, +}, +'port' = { +'ifdown' = false, +}, +}, + +'auth_mechanism' = 'mysql', +'nets' = $network::constants::external_networks, +} + +class { 'librenms': +install_dir = $install_dir, +config = $config, +} + +@webserver::apache::module { 'php5': } +@webserver::apache::site { 'librenms.wikimedia.org': +docroot = $install_dir, +require = [ +Webserver::Apache::Module['php5'], +Class['librenms'], +], +} + +monitor_service { 'librenms': +description = 'HTTP', +check_command = check_http_url!${hostname}!http://${hostname};, +} +} diff --git a/manifests/site.pp b/manifests/site.pp index 66b3b26..0298010 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1891,7 +1891,8 @@ webserver::apache, misc::rancid, smokeping, -smokeping::web +smokeping::web, +role::librenms } node /^nfs[12].pmtpa.wmnet/ { diff --git a/modules/librenms/files/logrotate b/modules/librenms/files/logrotate new file mode 100644 index 000..8766aa7 --- /dev/null +++ b/modules/librenms/files/logrotate @@ -0,0 +1,6 @@ +/var/log/librenms.log { +rotate 7 +daily +compress +missingok +} diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb new file mode 100644 index 000..2033613 --- /dev/null +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -0,0 +1,34 @@ +# == Function: phpdump +# +# Serialize a hash into PHP array with lexicographically sorted keys. +# + +def phpdump(o, level=1) + indent = *4 + + case o + when Hash +contents = '' +o.sort.each do |k, v| + contents += indent*level + contents += \#{k}\ = + phpdump(v, level+1) + contents += ,\n +end +array(\n + contents + indent*(level-1) + ) + when Array +array( + o.map { |x| phpdump(x, level+1) }.join(', ') + ) + when TrueClass +TRUE + when FalseClass +FALSE + else +'' + o.to_s + '' + end +end + +module Puppet::Parser::Functions + newfunction(:phpdump,
[MediaWiki-commits] [Gerrit] webserver::apache: misc SSL fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106700 Change subject: webserver::apache: misc SSL fixes .. webserver::apache: misc SSL fixes - Set ServerAdmin correct on the 443 virtualhost - Support redirected; it was previously a stub - Add SSLCACertificatePath - Remove the defaulting to wildcard certificate support Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 22 insertions(+), 10 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/106700/1 diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 392a520..426db44 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -284,10 +284,10 @@ # Parameters: # $aliases=[] - array of ServerAliases # $ssl=false - if true, sets up an ssl certificate for $title - # $certfile=undef - defaults to /etc/ssl/certs/${wildcard_domain}.pem, based on $title - # $certkey=undef- defaults to /etc/ssl/private/${wildcard_domain}.key based on $title + # $certfile=undef - defaults to /etc/ssl/certs/${title}.pem + # $certkey=undef- defaults to /etc/ssl/private/${title}.key # $docroot=undef- defaults to: $title == 'stats.wikimedia.org', then /srv/stats.wikimedia.org - # $custom=[]- custom Apachce config strings to put into virtual host site file + # $custom=[]- custom Apache config strings to put into virtual host site file # $includes=[] # $server_admin=r...@wikimedia.org, # $access_log - path to access log, default: /var/log/apache2/access.log @@ -320,13 +320,12 @@ if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } - # If no cert files are defined, assume a wildcart certificate for the domain - $wildcard_domain = regsubst($title, '^[^\.]+', *) + # If no cert files are defined, assume a named certificate for the domain if ! $certfile { - $certfile = /etc/ssl/certs/${wildcard_domain}.pem + $certfile = /etc/ssl/certs/${title}.pem } if ! $certkey { - $certkey = /etc/ssl/private/${wildcard_domain}.key + $certkey = /etc/ssl/private/${title}.key } } diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index a8ea804..86c183b 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -1,6 +1,6 @@ # This file is managed by Puppet! -% if ssl != only -% +% if [true, false].include?(ssl) -% VirtualHost *:80 ServerName %= title % % if aliases.length 0 -% @@ -34,13 +34,25 @@ /VirtualHost % end -% +% if ssl == redirected -% +VirtualHost *:80 + ServerName %= title % +% if aliases.length 0 -% + ServerAlias %= aliases.join( ) % +% end -% + ServerAdmin %= server_admin % + + Redirect permanent / https://%= title %/ +/VirtualHost +% else % + % if [true, only, redirected].include?(ssl) -% VirtualHost *:443 ServerName %= title % % if aliases.length 0 -% ServerAlias %= aliases.join( ) % % end -% - ServerAdmin r...@wikimedia.org + ServerAdmin %= server_admin % SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 @@ -48,6 +60,7 @@ SSLHonorCipherOrder on SSLCertificateFile %= certfile % SSLCertificateKeyFile %= certkey % + SSLCACertificatePath /etc/ssl/certs DocumentRoot %= docroot % Directory %= docroot % @@ -76,4 +89,4 @@ % end -% -# vim: filetype=apache \ No newline at end of file +# vim: filetype=apache -- To view, visit https://gerrit.wikimedia.org/r/106700 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: install SSL certificate enable vhost - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106701 Change subject: librenms: install SSL certificate enable vhost .. librenms: install SSL certificate enable vhost Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634 --- M manifests/role/librenms.pp 1 file changed, 5 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/01/106701/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index d096961..a0d13ef 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -49,18 +49,22 @@ config = $config, } +install_certificate { $hostname: } + @webserver::apache::module { 'php5': } @webserver::apache::site { $hostname, aliases = [ 'observium.wikimedia.org' ], docroot = $install_dir, +ssl = 'redirected', require = [ Webserver::Apache::Module['php5'], +Install_certificate[$hostname], Class['librenms'], ], } monitor_service { 'librenms': description = 'HTTP', -check_command = check_http_url!${hostname}!http://${hostname};, +check_command = check_https_url!${hostname}!http://${hostname};, } } -- To view, visit https://gerrit.wikimedia.org/r/106701 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc SSL fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver::apache: misc SSL fixes .. webserver::apache: misc SSL fixes - Set ServerAdmin correct on the 443 virtualhost - Support redirected; it was previously a stub - Add SSLCACertificatePath - Remove the defaulting to wildcard certificate support Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 22 insertions(+), 10 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 392a520..426db44 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -284,10 +284,10 @@ # Parameters: # $aliases=[] - array of ServerAliases # $ssl=false - if true, sets up an ssl certificate for $title - # $certfile=undef - defaults to /etc/ssl/certs/${wildcard_domain}.pem, based on $title - # $certkey=undef- defaults to /etc/ssl/private/${wildcard_domain}.key based on $title + # $certfile=undef - defaults to /etc/ssl/certs/${title}.pem + # $certkey=undef- defaults to /etc/ssl/private/${title}.key # $docroot=undef- defaults to: $title == 'stats.wikimedia.org', then /srv/stats.wikimedia.org - # $custom=[]- custom Apachce config strings to put into virtual host site file + # $custom=[]- custom Apache config strings to put into virtual host site file # $includes=[] # $server_admin=r...@wikimedia.org, # $access_log - path to access log, default: /var/log/apache2/access.log @@ -320,13 +320,12 @@ if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } - # If no cert files are defined, assume a wildcart certificate for the domain - $wildcard_domain = regsubst($title, '^[^\.]+', *) + # If no cert files are defined, assume a named certificate for the domain if ! $certfile { - $certfile = /etc/ssl/certs/${wildcard_domain}.pem + $certfile = /etc/ssl/certs/${title}.pem } if ! $certkey { - $certkey = /etc/ssl/private/${wildcard_domain}.key + $certkey = /etc/ssl/private/${title}.key } } diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index a8ea804..2c66ff6 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -1,6 +1,6 @@ # This file is managed by Puppet! -% if ssl != only -% +% if [true, false].include?(ssl) -% VirtualHost *:80 ServerName %= title % % if aliases.length 0 -% @@ -34,13 +34,25 @@ /VirtualHost % end -% +% if ssl == redirected -% +VirtualHost *:80 + ServerName %= title % +% if aliases.length 0 -% + ServerAlias %= aliases.join( ) % +% end -% + ServerAdmin %= server_admin % + + Redirect permanent / https://%= title %/ +/VirtualHost +% end -% + % if [true, only, redirected].include?(ssl) -% VirtualHost *:443 ServerName %= title % % if aliases.length 0 -% ServerAlias %= aliases.join( ) % % end -% - ServerAdmin r...@wikimedia.org + ServerAdmin %= server_admin % SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 @@ -48,6 +60,7 @@ SSLHonorCipherOrder on SSLCertificateFile %= certfile % SSLCertificateKeyFile %= certkey % + SSLCACertificatePath /etc/ssl/certs DocumentRoot %= docroot % Directory %= docroot % @@ -76,4 +89,4 @@ % end -% -# vim: filetype=apache \ No newline at end of file +# vim: filetype=apache -- To view, visit https://gerrit.wikimedia.org/r/106700 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0c545ad3a7dab2d569ac52b75b63740c9dcb37cd Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms module and role class apply it - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add librenms module and role class apply it .. Add librenms module and role class apply it LibreNMS is a GPL Observium fork. Sets up Apache, user accounts, cron jobs and provisions via Trebuchet from an internal git mirror. Change-Id: I61073f915b8c5a5b26b28c60b6888563a268c6b1 --- M manifests/role/deployment.pp A manifests/role/librenms.pp M manifests/site.pp A modules/librenms/files/logrotate A modules/librenms/lib/puppet/parser/functions/phpdump.rb A modules/librenms/manifests/init.pp A modules/librenms/templates/config.php.erb 7 files changed, 223 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp index 6d32a44..784048a 100644 --- a/manifests/role/deployment.pp +++ b/manifests/role/deployment.pp @@ -133,6 +133,10 @@ 'grain'= 'scholarships', 'upstream' = 'https://gerrit.wikimedia.org/r/wikimedia/wikimania-scholarships', }, +'librenms/librenms' = { +'grain'= 'librenms', +'upstream' = 'https://gerrit.wikimedia.org/r/operations/software/librenms', +}, } } diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp new file mode 100644 index 000..3c1b637 --- /dev/null +++ b/manifests/role/librenms.pp @@ -0,0 +1,70 @@ +class role::librenms { +system::role { 'librenms': description = 'LibreNMS' } + +include network::constants +include passwords::librenms +include passwords::network + +$sitename = 'librenms.wikimedia.org' + +deployment::target { 'librenms': } +$install_dir = '/srv/deployment/librenms/librenms' + +$config = { +'install_dir' = $install_dir, +'html_dir' = ${install_dir}/html, +'log_file' = '/var/log/librenms.log', +'rrd_dir' = '/var/lib/librenms/rrd', + +'db_host' = 'db1001.eqiad.wmnet', +'db_user' = $passwords::librenms::db_user, +'db_pass' = $passwords::librenms::db_pass, +'db_name' = 'librenms', + +'snmp' = { +'community' = [ $passwords::network::snmp_ro_community ], +}, + +'enable_inventory' = 1, +'enable_syslog'= 1, +'email_backend'= 'sendmail', +'alerts' = { +'port_util_alert' = true, +'port_util_perc' = 85, +'email' = { +'default' = 'n...@wikimedia.org', +'enable' = true, +}, +'port' = { +'ifdown' = false, +}, +}, + +'auth_mechanism' = 'mysql', +'nets' = $network::constants::external_networks, +} + +class { 'librenms': +install_dir = $install_dir, +config = $config, +} + +@webserver::apache::module { 'php5': } +@webserver::apache::site { $sitename: +docroot = $install_dir, +require = [ +Webserver::Apache::Module['php5'], +Class['librenms'], +], +} + +# redirect the old, pre-Jan 2014 name to librenms +@webserver::apache::site { 'observium.wikimedia.org': +custom = [ Redirect permanent / https://${sitename}/; ], +} + +monitor_service { 'librenms': +description = 'HTTP', +check_command = check_http_url!${sitename}!http://${sitename};, +} +} diff --git a/manifests/site.pp b/manifests/site.pp index 66b3b26..0298010 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1891,7 +1891,8 @@ webserver::apache, misc::rancid, smokeping, -smokeping::web +smokeping::web, +role::librenms } node /^nfs[12].pmtpa.wmnet/ { diff --git a/modules/librenms/files/logrotate b/modules/librenms/files/logrotate new file mode 100644 index 000..8766aa7 --- /dev/null +++ b/modules/librenms/files/logrotate @@ -0,0 +1,6 @@ +/var/log/librenms.log { +rotate 7 +daily +compress +missingok +} diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb new file mode 100644 index 000..2033613 --- /dev/null +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -0,0 +1,34 @@ +# == Function: phpdump +# +# Serialize a hash into PHP array with lexicographically sorted keys. +# + +def phpdump(o, level=1) + indent = *4 + + case o + when Hash +contents = '' +o.sort.each do |k, v| + contents += indent*level + contents += \#{k}\ = + phpdump(v, level+1) + contents += ,\n +end +array(\n + contents + indent*(level-1) + ) + when Array +array( + o.map { |x| phpdump(x, level+1) }.join(', ') + ) + when TrueClass +
[MediaWiki-commits] [Gerrit] librenms: fix role class include scoping - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: fix role class include scoping .. librenms: fix role class include scoping (classic pitfall) Change-Id: I90076352756ef5b308d852c14b16f636cae954b3 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 3c1b637..4594a81 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -44,7 +44,7 @@ 'nets' = $network::constants::external_networks, } -class { 'librenms': +class { '::librenms': install_dir = $install_dir, config = $config, } -- To view, visit https://gerrit.wikimedia.org/r/106715 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I90076352756ef5b308d852c14b16f636cae954b3 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix role class include scoping - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106715 Change subject: librenms: fix role class include scoping .. librenms: fix role class include scoping (classic pitfall) Change-Id: I90076352756ef5b308d852c14b16f636cae954b3 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/15/106715/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 16af56c..9c2ec70 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -44,7 +44,7 @@ 'nets' = $network::constants::external_networks, } -class { 'librenms': +class { '::librenms': install_dir = $install_dir, config = $config, } -- To view, visit https://gerrit.wikimedia.org/r/106715 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I90076352756ef5b308d852c14b16f636cae954b3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: don't use stdlib's merge on phpdump() - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106717 Change subject: librenms: don't use stdlib's merge on phpdump() .. librenms: don't use stdlib's merge on phpdump() Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/17/106717/1 diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 2033613..205f8ce 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -29,6 +29,6 @@ module Puppet::Parser::Functions newfunction(:phpdump, :type = :rvalue) do |args| fail 'phpdump() requires an argument' if args.empty? -phpdump(args.inject(:merge)) +phpdump(args) end end -- To view, visit https://gerrit.wikimedia.org/r/106717 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: don't use stdlib's merge on phpdump() - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: don't use stdlib's merge on phpdump() .. librenms: don't use stdlib's merge on phpdump() Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 2033613..205f8ce 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -29,6 +29,6 @@ module Puppet::Parser::Functions newfunction(:phpdump, :type = :rvalue) do |args| fail 'phpdump() requires an argument' if args.empty? -phpdump(args.inject(:merge)) +phpdump(args) end end -- To view, visit https://gerrit.wikimedia.org/r/106717 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I19f981e80e0c80df5f90d2b1b1b6665b93cdccc2 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: remove broken docroot logic - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106722 Change subject: webserver: remove broken docroot logic .. webserver: remove broken docroot logic The current webserver::apache::site logic is broken, as it tried to reassign to the $docroot variable and this is, unfortunately, disallowed in puppet. As it's clearly not a used functionality, and since Apache throws warnings if a directory doesn't exist, remove the whole piece of code and let vhosts that e.g. don't need a document root (because, for example, contain just a simple redirect) to work with a simpler config. Debian defaults to /var/www in this case, and policy dictates that no packages will ever write useful files there. Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812 --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 5 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/22/106722/1 diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 426db44..4361f3e 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -312,11 +312,6 @@ Class[webserver::apache::packages] - Webserver::Apache::Site[$title] - Class[webserver::apache::service] - if ! $docroot { - $subdir = inline_template(scope.lookupvar('webserver::apache::site::title').strip.split.reverse.join('/')) - $docroot = /srv/$subdir - } - if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 2c66ff6..215d31e 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -8,6 +8,7 @@ % end -% ServerAdmin %= server_admin % +% if docroot -% DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews @@ -15,6 +16,8 @@ Order allow,deny allow from all /Directory +% end -% + ErrorLog %= error_log % # Possible values include: debug, info, notice, warn, error, crit, @@ -62,6 +65,7 @@ SSLCertificateKeyFile %= certkey % SSLCACertificatePath /etc/ssl/certs +% if docroot -% DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews @@ -69,6 +73,7 @@ Order allow,deny allow from all /Directory +% end -% ErrorLog %= error_log % # Possible values include: debug, info, notice, warn, error, crit, -- To view, visit https://gerrit.wikimedia.org/r/106722 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: remove broken docroot logic - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver: remove broken docroot logic .. webserver: remove broken docroot logic The current webserver::apache::site logic is broken, as it tried to reassign to the $docroot variable and this is, unfortunately, disallowed in puppet. As it's clearly not a used functionality, and since Apache throws warnings if a directory doesn't exist, remove the whole piece of code and let vhosts that e.g. don't need a document root (because, for example, contain just a simple redirect) to work with a simpler config. Debian defaults to /var/www in this case, and policy dictates that no packages will ever write useful files there. Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812 --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 5 insertions(+), 5 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 426db44..4361f3e 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -312,11 +312,6 @@ Class[webserver::apache::packages] - Webserver::Apache::Site[$title] - Class[webserver::apache::service] - if ! $docroot { - $subdir = inline_template(scope.lookupvar('webserver::apache::site::title').strip.split.reverse.join('/')) - $docroot = /srv/$subdir - } - if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 2c66ff6..215d31e 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -8,6 +8,7 @@ % end -% ServerAdmin %= server_admin % +% if docroot -% DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews @@ -15,6 +16,8 @@ Order allow,deny allow from all /Directory +% end -% + ErrorLog %= error_log % # Possible values include: debug, info, notice, warn, error, crit, @@ -62,6 +65,7 @@ SSLCertificateKeyFile %= certkey % SSLCACertificatePath /etc/ssl/certs +% if docroot -% DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews @@ -69,6 +73,7 @@ Order allow,deny allow from all /Directory +% end -% ErrorLog %= error_log % # Possible values include: debug, info, notice, warn, error, crit, -- To view, visit https://gerrit.wikimedia.org/r/106722 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I64ee6d8939b8ca56abd21bad7c76c9684cc54812 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix another scoping/dependency cycle - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106724 Change subject: librenms: fix another scoping/dependency cycle .. librenms: fix another scoping/dependency cycle Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/24/106724/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4594a81..e596a96 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -54,7 +54,7 @@ docroot = $install_dir, require = [ Webserver::Apache::Module['php5'], -Class['librenms'], +Class['::librenms'], ], } -- To view, visit https://gerrit.wikimedia.org/r/106724 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: fix another scoping/dependency cycle - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: fix another scoping/dependency cycle .. librenms: fix another scoping/dependency cycle Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4594a81..e596a96 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -54,7 +54,7 @@ docroot = $install_dir, require = [ Webserver::Apache::Module['php5'], -Class['librenms'], +Class['::librenms'], ], } -- To view, visit https://gerrit.wikimedia.org/r/106724 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I318bca108b9b6407720ad01bd66baaf7be7aa3fe Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: more syntax fixups - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: more syntax fixups .. librenms: more syntax fixups Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp 2 files changed, 13 insertions(+), 2 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index e596a96..4eb22f5 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -7,6 +7,14 @@ $sitename = 'librenms.wikimedia.org' +# FIXME: deployment::target really needs to handle this better +file { [ '/srv/deployment', '/srv/deployment/librenms' ]: +ensure = directory, +owner = 'root', +group = 'root', +mode = '0755', +} + deployment::target { 'librenms': } $install_dir = '/srv/deployment/librenms/librenms' diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 7f106bc..a965a2b 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -44,11 +44,11 @@ require = Group['librenms'], } -file { '/var/lib/librenms/rrd': +file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]: ensure = directory, owner = 'librenms', group = 'librenms', -mode= '0555', +mode= '0755', } file { '/etc/logrotate.d/librenms': @@ -85,17 +85,20 @@ command = ${install_dir}/discovery.php -h all /dev/null 21, hour= '*/6', minute = '33', +require = User['librenms'], } cron { 'librenms-discovery-new': ensure = present, user= 'librenms', command = ${install_dir}/discovery.php -h all /dev/null 21, minute = '*/5', +require = User['librenms'], } cron { 'librenms-poller-all': ensure = present, user= 'librenms', command = ${install_dir}/poller.php -h all /dev/null 21, minute = '*/5', +require = User['librenms'], } } -- To view, visit https://gerrit.wikimedia.org/r/106730 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: more syntax fixups - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106730 Change subject: librenms: more syntax fixups .. librenms: more syntax fixups Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp 2 files changed, 13 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/30/106730/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index e596a96..4eb22f5 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -7,6 +7,14 @@ $sitename = 'librenms.wikimedia.org' +# FIXME: deployment::target really needs to handle this better +file { [ '/srv/deployment', '/srv/deployment/librenms' ]: +ensure = directory, +owner = 'root', +group = 'root', +mode = '0755', +} + deployment::target { 'librenms': } $install_dir = '/srv/deployment/librenms/librenms' diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 7f106bc..a965a2b 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -44,11 +44,11 @@ require = Group['librenms'], } -file { '/var/lib/librenms/rrd': +file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]: ensure = directory, owner = 'librenms', group = 'librenms', -mode= '0555', +mode= '0755', } file { '/etc/logrotate.d/librenms': @@ -85,17 +85,20 @@ command = ${install_dir}/discovery.php -h all /dev/null 21, hour= '*/6', minute = '33', +require = User['librenms'], } cron { 'librenms-discovery-new': ensure = present, user= 'librenms', command = ${install_dir}/discovery.php -h all /dev/null 21, minute = '*/5', +require = User['librenms'], } cron { 'librenms-poller-all': ensure = present, user= 'librenms', command = ${install_dir}/poller.php -h all /dev/null 21, minute = '*/5', +require = User['librenms'], } } -- To view, visit https://gerrit.wikimedia.org/r/106730 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib6d7f358ae0b705acd64d0a6e829ca0854151d2a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc adjustments - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106755 Change subject: webserver::apache: misc adjustments .. webserver::apache: misc adjustments - Change default log location for virtualhosts into /var/log/$name.{access,error}.log. This does the right thing on servers with multiple sites. - AllowOverride All on the main docroot. Since the config for that is static, being able to use .htaccess can prove handy, and is in fact what LibreNMS does. Change-Id: I17e66c874194457675a7a5347961c953b867c4bc --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/55/106755/1 diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 4361f3e..ce2d674 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -305,8 +305,8 @@ $custom=[], $includes=[], $server_admin=r...@wikimedia.org, - $access_log=/var/log/apache2/access.log, - $error_log=/var/log/apache2/error.log, + $access_log=/var/log/apache2/${title}.access.log, + $error_log=/var/log/apache2/${title}.error.log, $ensure=present ) { diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 215d31e..27a2afb 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -12,7 +12,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106755 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I17e66c874194457675a7a5347961c953b867c4bc Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another round of misc fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106756 Change subject: librenms: another round of misc fixes .. librenms: another round of misc fixes - Add a project name, title logo - Switch RRD storage to /srv/, as there's plenty of (LVM) space there. - Enable mod_rewrite, since it's used by .htaccess - Switch docroot to /html, as originally intended. - Change Nagios check to mention LibreNMS HTTP in the description, to make clear which service is broken. - Remove now virtual php5-json; add php-net-ipv4/6 - Fix a typo in one of the crontabs - Fix config.php to not override LibreNMS' default settings Change-Id: I80170aa558ff4d132c99582f4106731d980aae29 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp M modules/librenms/templates/config.php.erb 3 files changed, 14 insertions(+), 15 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/56/106756/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4eb22f5..b2e5f06 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -19,10 +19,13 @@ $install_dir = '/srv/deployment/librenms/librenms' $config = { +'project_name' = 'Wikimedia NMS', +'project_id' = 'librenms', +'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', + 'install_dir' = $install_dir, -'html_dir' = ${install_dir}/html, +'rrd_dir' = '/srv/librenms/rrd', 'log_file' = '/var/log/librenms.log', -'rrd_dir' = '/var/lib/librenms/rrd', 'db_host' = 'db1001.eqiad.wmnet', 'db_user' = $passwords::librenms::db_user, @@ -57,9 +60,9 @@ config = $config, } -@webserver::apache::module { 'php5': } +@webserver::apache::module { [ 'php5', 'rewrite' ]: } @webserver::apache::site { $sitename: -docroot = $install_dir, +docroot = ${install_dir}/html, require = [ Webserver::Apache::Module['php5'], Class['::librenms'], @@ -72,7 +75,7 @@ } monitor_service { 'librenms': -description = 'HTTP', +description = 'LibreNMS HTTP', check_command = check_http_url!${sitename}!http://${sitename};, } } diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index a965a2b..8b0 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -44,13 +44,6 @@ require = Group['librenms'], } -file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]: -ensure = directory, -owner = 'librenms', -group = 'librenms', -mode= '0755', -} - file { '/etc/logrotate.d/librenms': ensure = present, owner = 'root', @@ -61,10 +54,11 @@ package { [ 'php5-cli', 'php5-gd', -'php5-json', 'php5-mcrypt', 'php5-mysql', 'php5-snmp', +'php-net-ipv4', +'php-net-ipv6', 'php-pear', 'fping', 'graphviz', @@ -90,7 +84,7 @@ cron { 'librenms-discovery-new': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h all /dev/null 21, +command = ${install_dir}/discovery.php -h new /dev/null 21, minute = '*/5', require = User['librenms'], } diff --git a/modules/librenms/templates/config.php.erb b/modules/librenms/templates/config.php.erb index b65bc2f..49a14a6 100644 --- a/modules/librenms/templates/config.php.erb +++ b/modules/librenms/templates/config.php.erb @@ -1,6 +1,8 @@ ?php # This file is managed by Puppet! -$config = %= scope.function_phpdump(@config) %; +$puppet_config = %= scope.function_phpdump(@config) %; + +$config = array_merge($config, $puppet_config); ? -- To view, visit https://gerrit.wikimedia.org/r/106756 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I80170aa558ff4d132c99582f4106731d980aae29 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache: misc adjustments - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver::apache: misc adjustments .. webserver::apache: misc adjustments - Change default log location for virtualhosts into /var/log/$name.{access,error}.log. This does the right thing on servers with multiple sites. - AllowOverride All on the main docroot. Since the config for that is static, being able to use .htaccess can prove handy, and is in fact what LibreNMS does. Change-Id: I17e66c874194457675a7a5347961c953b867c4bc --- M manifests/webserver.pp M templates/apache/generic_vhost.erb 2 files changed, 3 insertions(+), 3 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 4361f3e..ce2d674 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -305,8 +305,8 @@ $custom=[], $includes=[], $server_admin=r...@wikimedia.org, - $access_log=/var/log/apache2/access.log, - $error_log=/var/log/apache2/error.log, + $access_log=/var/log/apache2/${title}.access.log, + $error_log=/var/log/apache2/${title}.error.log, $ensure=present ) { diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 215d31e..27a2afb 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -12,7 +12,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106755 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I17e66c874194457675a7a5347961c953b867c4bc Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add IPv6 address to netmon1001 - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106758 Change subject: Add IPv6 address to netmon1001 .. Add IPv6 address to netmon1001 Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf --- M manifests/site.pp 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/58/106758/1 diff --git a/manifests/site.pp b/manifests/site.pp index 896ac67..5642188 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1894,6 +1894,8 @@ smokeping, smokeping::web, role::librenms + +interface::add_ip6_mapped { main: } } node /^nfs[12].pmtpa.wmnet/ { -- To view, visit https://gerrit.wikimedia.org/r/106758 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another round of misc fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: another round of misc fixes .. librenms: another round of misc fixes - Add a project name, title logo - Switch RRD storage to /srv/, as there's plenty of (LVM) space there. - Enable mod_rewrite, since it's used by .htaccess - Switch docroot to /html, as originally intended. - Change Nagios check to mention LibreNMS HTTP in the description, to make clear which service is broken. - Remove now virtual php5-json; add php-net-ipv4/6 - Fix a typo in one of the crontabs - Fix config.php to not override LibreNMS' default settings Change-Id: I80170aa558ff4d132c99582f4106731d980aae29 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp M modules/librenms/templates/config.php.erb 3 files changed, 14 insertions(+), 15 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 4eb22f5..b2e5f06 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -19,10 +19,13 @@ $install_dir = '/srv/deployment/librenms/librenms' $config = { +'project_name' = 'Wikimedia NMS', +'project_id' = 'librenms', +'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', + 'install_dir' = $install_dir, -'html_dir' = ${install_dir}/html, +'rrd_dir' = '/srv/librenms/rrd', 'log_file' = '/var/log/librenms.log', -'rrd_dir' = '/var/lib/librenms/rrd', 'db_host' = 'db1001.eqiad.wmnet', 'db_user' = $passwords::librenms::db_user, @@ -57,9 +60,9 @@ config = $config, } -@webserver::apache::module { 'php5': } +@webserver::apache::module { [ 'php5', 'rewrite' ]: } @webserver::apache::site { $sitename: -docroot = $install_dir, +docroot = ${install_dir}/html, require = [ Webserver::Apache::Module['php5'], Class['::librenms'], @@ -72,7 +75,7 @@ } monitor_service { 'librenms': -description = 'HTTP', +description = 'LibreNMS HTTP', check_command = check_http_url!${sitename}!http://${sitename};, } } diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index a965a2b..8b0 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -44,13 +44,6 @@ require = Group['librenms'], } -file { [ '/var/lib/librenms', '/var/lib/librenms/rrd' ]: -ensure = directory, -owner = 'librenms', -group = 'librenms', -mode= '0755', -} - file { '/etc/logrotate.d/librenms': ensure = present, owner = 'root', @@ -61,10 +54,11 @@ package { [ 'php5-cli', 'php5-gd', -'php5-json', 'php5-mcrypt', 'php5-mysql', 'php5-snmp', +'php-net-ipv4', +'php-net-ipv6', 'php-pear', 'fping', 'graphviz', @@ -90,7 +84,7 @@ cron { 'librenms-discovery-new': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h all /dev/null 21, +command = ${install_dir}/discovery.php -h new /dev/null 21, minute = '*/5', require = User['librenms'], } diff --git a/modules/librenms/templates/config.php.erb b/modules/librenms/templates/config.php.erb index b65bc2f..49a14a6 100644 --- a/modules/librenms/templates/config.php.erb +++ b/modules/librenms/templates/config.php.erb @@ -1,6 +1,8 @@ ?php # This file is managed by Puppet! -$config = %= scope.function_phpdump(@config) %; +$puppet_config = %= scope.function_phpdump(@config) %; + +$config = array_merge($config, $puppet_config); ? -- To view, visit https://gerrit.wikimedia.org/r/106756 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I80170aa558ff4d132c99582f4106731d980aae29 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add IPv6 address to netmon1001 - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add IPv6 address to netmon1001 .. Add IPv6 address to netmon1001 Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf --- M manifests/site.pp 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index 896ac67..5642188 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1894,6 +1894,8 @@ smokeping, smokeping::web, role::librenms + +interface::add_ip6_mapped { main: } } node /^nfs[12].pmtpa.wmnet/ { -- To view, visit https://gerrit.wikimedia.org/r/106758 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib21ba7e5a85140cbc044dd30469ce2d6842ec3cf Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms switch observium to netmon1001 - change (operations/dns)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106759 Change subject: Add librenms switch observium to netmon1001 .. Add librenms switch observium to netmon1001 librenms is the new Observium. While at it, add IPv6 to netmon1001. Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 --- M templates/wikimedia.org 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/dns refs/changes/59/106759/1 diff --git a/templates/wikimedia.org b/templates/wikimedia.org index dafc80a..5943802 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -166,6 +166,7 @@ ms1001 1H IN A208.80.154.16 neon 1H IN A208.80.154.14 netmon1001 1H IN A208.80.154.159 + 1H IN 2620:0:861:2:208:80:154:159 nickel 1H IN A208.80.154.150 nitrogen 1H IN A208.80.154.17 1H IN 2620:0:861:1:208:80:154:17 @@ -496,7 +497,8 @@ login 1H IN CNAMEwikimedia-lb ntp.pmtpa 1H IN CNAMElinne -observium 1H IN A208.80.152.137 +observium 1H IN CNAMElibrenms +librenms 1H IN CNAMEnetmon1001 ; in theory we can run with both live, but eqiad-only is preferred ;payments 5M IN A208.80.152.213 ; pmtpa -- To view, visit https://gerrit.wikimedia.org/r/106759 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add librenms switch observium to netmon1001 - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add librenms switch observium to netmon1001 .. Add librenms switch observium to netmon1001 librenms is the new Observium. While at it, add IPv6 to netmon1001. Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 --- M templates/wikimedia.org 1 file changed, 3 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wikimedia.org b/templates/wikimedia.org index dafc80a..5943802 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -166,6 +166,7 @@ ms1001 1H IN A208.80.154.16 neon 1H IN A208.80.154.14 netmon1001 1H IN A208.80.154.159 + 1H IN 2620:0:861:2:208:80:154:159 nickel 1H IN A208.80.154.150 nitrogen 1H IN A208.80.154.17 1H IN 2620:0:861:1:208:80:154:17 @@ -496,7 +497,8 @@ login 1H IN CNAMEwikimedia-lb ntp.pmtpa 1H IN CNAMElinne -observium 1H IN A208.80.152.137 +observium 1H IN CNAMElibrenms +librenms 1H IN CNAMEnetmon1001 ; in theory we can run with both live, but eqiad-only is preferred ;payments 5M IN A208.80.152.213 ; pmtpa -- To view, visit https://gerrit.wikimedia.org/r/106759 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib25c3c6cd309305175ca828e9b88f94bea46a751 Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: discovery fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106764 Change subject: librenms: discovery fixes .. librenms: discovery fixes - Add snmp-mibs-downloader to fetch proprietary MIBs. - Explicitly set the autodiscovery modules, and disable SNMP scan. - Switch from poller.php to pollerwrapper.py, per the manual. - Add html_dir config option to restore icons Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp 2 files changed, 11 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/64/106764/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index b2e5f06..225188e 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -19,11 +19,10 @@ $install_dir = '/srv/deployment/librenms/librenms' $config = { -'project_name' = 'Wikimedia NMS', -'project_id' = 'librenms', 'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', 'install_dir' = $install_dir, +'html_dir' = ${install_dir}/html, 'rrd_dir' = '/srv/librenms/rrd', 'log_file' = '/var/log/librenms.log', @@ -34,6 +33,14 @@ 'snmp' = { 'community' = [ $passwords::network::snmp_ro_community ], +}, + +'nets' = $network::constants::external_networks, +'autodiscovery'= { +'xdp' = true, +'ospf' = true, +'bgp' = false, +'snmpscan' = false, }, 'enable_inventory' = 1, @@ -52,7 +59,6 @@ }, 'auth_mechanism' = 'mysql', -'nets' = $network::constants::external_networks, } class { '::librenms': diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 8b0..07c3e11 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -68,6 +68,7 @@ 'nmap', 'python-mysqldb', 'rrdtool', +'snmp-mibs-downloader', 'whois', ]: ensure = present, @@ -91,7 +92,7 @@ cron { 'librenms-poller-all': ensure = present, user= 'librenms', -command = ${install_dir}/poller.php -h all /dev/null 21, +command = /usr/bin/python ${install_dir}/poller-wrapper.py 16 /dev/null 21, minute = '*/5', require = User['librenms'], } -- To view, visit https://gerrit.wikimedia.org/r/106764 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: discovery fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: discovery fixes .. librenms: discovery fixes - Add snmp-mibs-downloader to fetch proprietary MIBs. - Explicitly set the autodiscovery modules, and disable SNMP scan. - Switch from poller.php to pollerwrapper.py, per the manual. - Add html_dir config option to restore icons Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp 2 files changed, 11 insertions(+), 4 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index b2e5f06..225188e 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -19,11 +19,10 @@ $install_dir = '/srv/deployment/librenms/librenms' $config = { -'project_name' = 'Wikimedia NMS', -'project_id' = 'librenms', 'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', 'install_dir' = $install_dir, +'html_dir' = ${install_dir}/html, 'rrd_dir' = '/srv/librenms/rrd', 'log_file' = '/var/log/librenms.log', @@ -34,6 +33,14 @@ 'snmp' = { 'community' = [ $passwords::network::snmp_ro_community ], +}, + +'nets' = $network::constants::external_networks, +'autodiscovery'= { +'xdp' = true, +'ospf' = true, +'bgp' = false, +'snmpscan' = false, }, 'enable_inventory' = 1, @@ -52,7 +59,6 @@ }, 'auth_mechanism' = 'mysql', -'nets' = $network::constants::external_networks, } class { '::librenms': diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 8b0..07c3e11 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -68,6 +68,7 @@ 'nmap', 'python-mysqldb', 'rrdtool', +'snmp-mibs-downloader', 'whois', ]: ensure = present, @@ -91,7 +92,7 @@ cron { 'librenms-poller-all': ensure = present, user= 'librenms', -command = ${install_dir}/poller.php -h all /dev/null 21, +command = /usr/bin/python ${install_dir}/poller-wrapper.py 16 /dev/null 21, minute = '*/5', require = User['librenms'], } -- To view, visit https://gerrit.wikimedia.org/r/106764 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ibbcc781093e04b133f80f712a56a4b1b0071e002 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: install SSL certificate enable vhost - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: install SSL certificate enable vhost .. librenms: install SSL certificate enable vhost Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634 --- M manifests/role/librenms.pp 1 file changed, 6 insertions(+), 2 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 225188e..92687ae 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -66,11 +66,15 @@ config = $config, } +install_certificate { $sitename: } + @webserver::apache::module { [ 'php5', 'rewrite' ]: } @webserver::apache::site { $sitename: docroot = ${install_dir}/html, +ssl = 'redirected', require = [ Webserver::Apache::Module['php5'], +Install_certificate[$sitename], Class['::librenms'], ], } @@ -81,7 +85,7 @@ } monitor_service { 'librenms': -description = 'LibreNMS HTTP', -check_command = check_http_url!${sitename}!http://${sitename};, +description = 'LibreNMS HTTPS', +check_command = check_https_url!${sitename}!http://${sitename};, } } -- To view, visit https://gerrit.wikimedia.org/r/106701 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5767b0e20df566bf1a58549f47eed3ab77dc9634 Gerrit-PatchSet: 7 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache::site: fix syntax error - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver::apache::site: fix syntax error .. webserver::apache::site: fix syntax error Cannot reassign variable certfile Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e --- M manifests/webserver.pp 1 file changed, 2 insertions(+), 10 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/webserver.pp b/manifests/webserver.pp index ce2d674..7f49b7d 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -299,8 +299,8 @@ define site( $aliases=[], $ssl=false, - $certfile=undef, - $certkey=undef, + $certfile=/etc/ssl/certs/${title}.pem, + $certkey=/etc/ssl/private/${title}.key, $docroot=undef, $custom=[], $includes=[], @@ -314,14 +314,6 @@ if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } - - # If no cert files are defined, assume a named certificate for the domain - if ! $certfile { - $certfile = /etc/ssl/certs/${title}.pem - } - if ! $certkey { - $certkey = /etc/ssl/private/${title}.key - } } file { -- To view, visit https://gerrit.wikimedia.org/r/106767 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver::apache::site: fix syntax error - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106767 Change subject: webserver::apache::site: fix syntax error .. webserver::apache::site: fix syntax error Cannot reassign variable certfile Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e --- M manifests/webserver.pp 1 file changed, 2 insertions(+), 10 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/67/106767/1 diff --git a/manifests/webserver.pp b/manifests/webserver.pp index ce2d674..7f49b7d 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -299,8 +299,8 @@ define site( $aliases=[], $ssl=false, - $certfile=undef, - $certkey=undef, + $certfile=/etc/ssl/certs/${title}.pem, + $certkey=/etc/ssl/private/${title}.key, $docroot=undef, $custom=[], $includes=[], @@ -314,14 +314,6 @@ if $ssl in [true, only, redirected] { webserver::apache::module { ssl: } - - # If no cert files are defined, assume a named certificate for the domain - if ! $certfile { - $certfile = /etc/ssl/certs/${title}.pem - } - if ! $certkey { - $certkey = /etc/ssl/private/${title}.key - } } file { -- To view, visit https://gerrit.wikimedia.org/r/106767 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I244c9b87ac0b1b7a2e8e6d72452008477a77d21e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: add librenms::syslog class - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106780 Change subject: librenms: add librenms::syslog class .. librenms: add librenms::syslog class Add a librenms::syslog class which sets up a syslog listener that pipes to LibreNMS. This sets up a separate rsyslog instance that receives messages in syslog (UDP 514) and pipes them to syslog.php. Using a separate instance seems more complicated at first but provides certain important benefits: * The separate instance runs as the librenms user and hence is able to read the configuration file without giving access to the whole syslog group. * There's no mixing of system syslog with the remote syslog and no messy filtering to avoid logging the local system's logs to LibreNMS. * The received loglines are only stored in LibreNMS and are not forwarded to the rest of the syslog config (local log files, remote syslog servers etc.). While at it, also add some default options to ignore spammy Juniper lines from the logs. Change-Id: I7428047f04ae690af807f211218537c8e79628d0 --- M manifests/role/librenms.pp A modules/librenms/files/rsyslog-upstart.conf A modules/librenms/files/rsyslog.conf M modules/librenms/manifests/init.pp A modules/librenms/manifests/syslog.pp 5 files changed, 91 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/80/106780/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 92687ae..473d648 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -44,7 +44,6 @@ }, 'enable_inventory' = 1, -'enable_syslog'= 1, 'email_backend'= 'sendmail', 'alerts' = { 'port_util_alert' = true, @@ -58,6 +57,14 @@ }, }, +'enable_syslog'= 1, +'syslog_filter'= [ +'message repeated', +'Connection from UDP: [', +'CMD ( /usr/libexec/atrun)', +'CMD (newsyslog)', +], + 'auth_mechanism' = 'mysql', } @@ -65,6 +72,9 @@ install_dir = $install_dir, config = $config, } +class { '::librenms::syslog': +require = Class['::librenms'] +} install_certificate { $sitename: } diff --git a/modules/librenms/files/rsyslog-upstart.conf b/modules/librenms/files/rsyslog-upstart.conf new file mode 100644 index 000..500abf9 --- /dev/null +++ b/modules/librenms/files/rsyslog-upstart.conf @@ -0,0 +1,13 @@ +# This file is managed by Puppet, librenms module + +description LibreNMS syslog daemon + +start on filesystem +stop on runlevel [06] + +expect fork +respawn + +script +exec rsyslogd -c5 -f /etc/librenms-rsyslog.conf -i /var/run/librenms-rsyslogd.pid +end script diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf new file mode 100644 index 000..7db0178 --- /dev/null +++ b/modules/librenms/files/rsyslog.conf @@ -0,0 +1,17 @@ +$ModLoad imudp +$UDPServerRun 514 + +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +$PreserveFQDN on +$RepeatedMsgReduction on + +$PrivDropToUser librenms +$PrivDropToGroup librenms + +# perform rsyslog magic instead of plain programname +# Juniper emits e.g. /kernel: as the tag, which makes programname +# write our own parser instead, that doesn't consider / as a terminator +$template librenms,%fromhost%||%syslogfacility-text%||%syslogpriority-text%||%syslogseverity-text%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%syslogtag:R,ERE,1:([^:\[]+)(\[.*|:.*)?--end%\n +$ModLoad omprog +$ActionOMProgBinary /usr/local/sbin/librenms-syslog +*.* :omprog:;librenms diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 07c3e11..24c3364 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -96,4 +96,9 @@ minute = '*/5', require = User['librenms'], } + +file { '/usr/local/sbin/librenms-syslog': +ensure = link, +target = ${install_dir}/syslog.php, +} } diff --git a/modules/librenms/manifests/syslog.pp b/modules/librenms/manifests/syslog.pp new file mode 100644 index 000..197a4da --- /dev/null +++ b/modules/librenms/manifests/syslog.pp @@ -0,0 +1,45 @@ +# == Class: librenms::syslog +# +# Sets up a separate rsyslog instance that receives messages in syslog (UDP +# 514) and forwards them to librenms' syslog script. +# +# Using a separate instance seems more complicated at first but provides +# certain important benefits: +# * The separate instance runs as the librenms user and hence is able to read +# the configuration file without giving access to the whole syslog group +# * There's no mixing of system syslog with the remote syslog and no messy +# filtering to avoid logging the local system's logs to
[MediaWiki-commits] [Gerrit] librenms: add librenms::syslog class - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: add librenms::syslog class .. librenms: add librenms::syslog class Add a librenms::syslog class which sets up a syslog listener that pipes to LibreNMS. This sets up a separate rsyslog instance that receives messages in syslog (UDP 514) and pipes them to syslog.php. Using a separate instance seems more complicated at first but provides certain important benefits: * The separate instance runs as the librenms user and hence is able to read the configuration file without giving access to the whole syslog group. * There's no mixing of system syslog with the remote syslog and no messy filtering to avoid logging the local system's logs to LibreNMS. * The received loglines are only stored in LibreNMS and are not forwarded to the rest of the syslog config (local log files, remote syslog servers etc.). While at it, also add some default options to ignore spammy Juniper lines from the logs. Change-Id: I7428047f04ae690af807f211218537c8e79628d0 --- M manifests/role/librenms.pp A modules/librenms/files/rsyslog-upstart.conf A modules/librenms/files/rsyslog.conf M modules/librenms/manifests/init.pp A modules/librenms/manifests/syslog.pp 5 files changed, 91 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 92687ae..473d648 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -44,7 +44,6 @@ }, 'enable_inventory' = 1, -'enable_syslog'= 1, 'email_backend'= 'sendmail', 'alerts' = { 'port_util_alert' = true, @@ -58,6 +57,14 @@ }, }, +'enable_syslog'= 1, +'syslog_filter'= [ +'message repeated', +'Connection from UDP: [', +'CMD ( /usr/libexec/atrun)', +'CMD (newsyslog)', +], + 'auth_mechanism' = 'mysql', } @@ -65,6 +72,9 @@ install_dir = $install_dir, config = $config, } +class { '::librenms::syslog': +require = Class['::librenms'] +} install_certificate { $sitename: } diff --git a/modules/librenms/files/rsyslog-upstart.conf b/modules/librenms/files/rsyslog-upstart.conf new file mode 100644 index 000..500abf9 --- /dev/null +++ b/modules/librenms/files/rsyslog-upstart.conf @@ -0,0 +1,13 @@ +# This file is managed by Puppet, librenms module + +description LibreNMS syslog daemon + +start on filesystem +stop on runlevel [06] + +expect fork +respawn + +script +exec rsyslogd -c5 -f /etc/librenms-rsyslog.conf -i /var/run/librenms-rsyslogd.pid +end script diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf new file mode 100644 index 000..7db0178 --- /dev/null +++ b/modules/librenms/files/rsyslog.conf @@ -0,0 +1,17 @@ +$ModLoad imudp +$UDPServerRun 514 + +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +$PreserveFQDN on +$RepeatedMsgReduction on + +$PrivDropToUser librenms +$PrivDropToGroup librenms + +# perform rsyslog magic instead of plain programname +# Juniper emits e.g. /kernel: as the tag, which makes programname +# write our own parser instead, that doesn't consider / as a terminator +$template librenms,%fromhost%||%syslogfacility-text%||%syslogpriority-text%||%syslogseverity-text%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg%||%syslogtag:R,ERE,1:([^:\[]+)(\[.*|:.*)?--end%\n +$ModLoad omprog +$ActionOMProgBinary /usr/local/sbin/librenms-syslog +*.* :omprog:;librenms diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 07c3e11..24c3364 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -96,4 +96,9 @@ minute = '*/5', require = User['librenms'], } + +file { '/usr/local/sbin/librenms-syslog': +ensure = link, +target = ${install_dir}/syslog.php, +} } diff --git a/modules/librenms/manifests/syslog.pp b/modules/librenms/manifests/syslog.pp new file mode 100644 index 000..197a4da --- /dev/null +++ b/modules/librenms/manifests/syslog.pp @@ -0,0 +1,45 @@ +# == Class: librenms::syslog +# +# Sets up a separate rsyslog instance that receives messages in syslog (UDP +# 514) and forwards them to librenms' syslog script. +# +# Using a separate instance seems more complicated at first but provides +# certain important benefits: +# * The separate instance runs as the librenms user and hence is able to read +# the configuration file without giving access to the whole syslog group +# * There's no mixing of system syslog with the remote syslog and no messy +# filtering to avoid logging the local system's logs to LibreNMS +# * The received loglines are only
[MediaWiki-commits] [Gerrit] webserver: fix AllowOverride for SSL too - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106781 Change subject: webserver: fix AllowOverride for SSL too .. webserver: fix AllowOverride for SSL too Commit I17e66c8 added AllowOverride All to the vhost template, but didn't do so for the 443 virtual host. One-word fix. Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 --- M templates/apache/generic_vhost.erb 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/81/106781/1 diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 27a2afb..f70cd45 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -69,7 +69,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106781 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: fix AllowOverride for SSL too - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver: fix AllowOverride for SSL too .. webserver: fix AllowOverride for SSL too Commit I17e66c8 added AllowOverride All to the vhost template, but didn't do so for the 443 virtual host. One-word fix. Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 --- M templates/apache/generic_vhost.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/templates/apache/generic_vhost.erb b/templates/apache/generic_vhost.erb index 27a2afb..f70cd45 100644 --- a/templates/apache/generic_vhost.erb +++ b/templates/apache/generic_vhost.erb @@ -69,7 +69,7 @@ DocumentRoot %= docroot % Directory %= docroot % Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny allow from all /Directory -- To view, visit https://gerrit.wikimedia.org/r/106781 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I29baab27f7b9c0f85a6d05ca8a9befe3b30be265 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librensm: adjust syslog blacklist - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106870 Change subject: librensm: adjust syslog blacklist .. librensm: adjust syslog blacklist Less spam is good! Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb --- M manifests/role/librenms.pp 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/70/106870/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 473d648..03b2f8a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -61,8 +61,9 @@ 'syslog_filter'= [ 'message repeated', 'Connection from UDP: [', -'CMD ( /usr/libexec/atrun)', +'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', +'CMD (adjkerntz -a)', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106870 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librensm: adjust syslog blacklist - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librensm: adjust syslog blacklist .. librensm: adjust syslog blacklist Less spam is good! Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb --- M manifests/role/librenms.pp 1 file changed, 2 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 473d648..03b2f8a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -61,8 +61,9 @@ 'syslog_filter'= [ 'message repeated', 'Connection from UDP: [', -'CMD ( /usr/libexec/atrun)', +'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', +'CMD (adjkerntz -a)', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106870 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idf45de71a137e53cf2a7a1c98943dab20d5a8ffb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: minor fixes to phpdump - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106876 Change subject: librenms: minor fixes to phpdump .. librenms: minor fixes to phpdump Handle integers properly, NULL strings with embedded quotes. Borrowed from Ori's equivalent code that was developed before this but was never imported into this repo. Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 4 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/76/106876/1 diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 205f8ce..0c094b5 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -11,7 +11,7 @@ contents = '' o.sort.each do |k, v| contents += indent*level - contents += \#{k}\ = + phpdump(v, level+1) + contents += k.to_pson + = + phpdump(v, level+1) contents += ,\n end array(\n + contents + indent*(level-1) + ) @@ -21,8 +21,10 @@ TRUE when FalseClass FALSE + when nil +NULL else -'' + o.to_s + '' +o.include?('.') ? Float(o).to_s : Integer(o).to_s rescue o.to_pson end end -- To view, visit https://gerrit.wikimedia.org/r/106876 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: minor fixes to phpdump - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: minor fixes to phpdump .. librenms: minor fixes to phpdump Handle integers properly, NULL strings with embedded quotes. Borrowed from Ori's equivalent code that was developed before this but was never imported into this repo. Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1 --- M modules/librenms/lib/puppet/parser/functions/phpdump.rb 1 file changed, 4 insertions(+), 2 deletions(-) Approvals: Ori.livneh: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/librenms/lib/puppet/parser/functions/phpdump.rb b/modules/librenms/lib/puppet/parser/functions/phpdump.rb index 205f8ce..0c094b5 100644 --- a/modules/librenms/lib/puppet/parser/functions/phpdump.rb +++ b/modules/librenms/lib/puppet/parser/functions/phpdump.rb @@ -11,7 +11,7 @@ contents = '' o.sort.each do |k, v| contents += indent*level - contents += \#{k}\ = + phpdump(v, level+1) + contents += k.to_pson + = + phpdump(v, level+1) contents += ,\n end array(\n + contents + indent*(level-1) + ) @@ -21,8 +21,10 @@ TRUE when FalseClass FALSE + when nil +NULL else -'' + o.to_s + '' +o.include?('.') ? Float(o).to_s : Integer(o).to_s rescue o.to_pson end end -- To view, visit https://gerrit.wikimedia.org/r/106876 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I36dfd0f082ed48f62c537283ed24017f1ac8ada1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another syslog blacklist entry - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106877 Change subject: librenms: another syslog blacklist entry .. librenms: another syslog blacklist entry Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/77/106877/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 03b2f8a..f34bb0a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -64,6 +64,7 @@ 'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', 'CMD (adjkerntz -a)', +'kernel time sync enabled', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106877 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: another syslog blacklist entry - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: another syslog blacklist entry .. librenms: another syslog blacklist entry Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 --- M manifests/role/librenms.pp 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index 03b2f8a..f34bb0a 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -64,6 +64,7 @@ 'CMD ( /usr/libexec/atrun)', 'CMD (newsyslog)', 'CMD (adjkerntz -a)', +'kernel time sync enabled', ], 'auth_mechanism' = 'mysql', -- To view, visit https://gerrit.wikimedia.org/r/106877 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If3f3d61b5279268a8aad28502dc7a3ec5036b880 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: make main class' config option simpler - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106896 Change subject: librenms: make main class' config option simpler .. librenms: make main class' config option simpler Supplying install_dir, html_dir, rrd_dir log file to the config hash is kind of wrong, as it's not KISS: the class already knows the best position for these and sets up other stuff based on these locations (e.g. logrotate). Pass them to the config.php template instead, outside of the config hash and simplify the caller. Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp M modules/librenms/templates/config.php.erb 3 files changed, 21 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/96/106896/1 diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index f34bb0a..a67ee50 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -21,11 +21,6 @@ $config = { 'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', -'install_dir' = $install_dir, -'html_dir' = ${install_dir}/html, -'rrd_dir' = '/srv/librenms/rrd', -'log_file' = '/var/log/librenms.log', - 'db_host' = 'db1001.eqiad.wmnet', 'db_user' = $passwords::librenms::db_user, 'db_pass' = $passwords::librenms::db_pass, @@ -72,6 +67,7 @@ class { '::librenms': install_dir = $install_dir, +rrd_dir = '/srv/librenms/rrd', config = $config, } class { '::librenms::syslog': diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 24c3364..0340bc8 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -8,11 +8,16 @@ # Configuration for LibreNMS, in a puppet hash format. # # [*install_dir*] -# Installation directory for LibreNMS. +# Installation directory for LibreNMS. Defaults to /srv/librenms. +# +# [*rrd_dir*] +# Location where RRD files are going to be placed. Defaults to rrd under +# *install_dir*. # class librenms( -$config, +$config={}, $install_dir='/srv/librenms', +$rrd_dir=${install_dir}/rrd, ) { group { 'librenms': ensure = present, @@ -68,6 +73,7 @@ 'nmap', 'python-mysqldb', 'rrdtool', +#'snmp', 'snmp-mibs-downloader', 'whois', ]: @@ -77,7 +83,7 @@ cron { 'librenms-discovery-all': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h all /dev/null 21, +command = ${install_dir}/discovery.php -h all /dev/null 21, hour= '*/6', minute = '33', require = User['librenms'], @@ -85,18 +91,20 @@ cron { 'librenms-discovery-new': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h new /dev/null 21, +command = ${install_dir}/discovery.php -h new /dev/null 21, minute = '*/5', require = User['librenms'], } cron { 'librenms-poller-all': ensure = present, user= 'librenms', -command = /usr/bin/python ${install_dir}/poller-wrapper.py 16 /dev/null 21, +command = python ${install_dir}/poller-wrapper.py 16 /dev/null 21, minute = '*/5', require = User['librenms'], } +# syslog script, in an install_dir-agnostic location +# used by librenms::syslog or a custom alternative placed manually. file { '/usr/local/sbin/librenms-syslog': ensure = link, target = ${install_dir}/syslog.php, diff --git a/modules/librenms/templates/config.php.erb b/modules/librenms/templates/config.php.erb index 49a14a6..ea9dbac 100644 --- a/modules/librenms/templates/config.php.erb +++ b/modules/librenms/templates/config.php.erb @@ -1,5 +1,11 @@ ?php -# This file is managed by Puppet! + +# This file is managed by Puppet, do not modify manually. + +$config['install_dir'] = %= @install_dir %; +$config['html_dir']= %= @install_dir %/html; +$config['rrd_dir'] = %= @rrd_dir %; +$config['log_file']= /var/log/librenms.log; $puppet_config = %= scope.function_phpdump(@config) %; -- To view, visit https://gerrit.wikimedia.org/r/106896 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org
[MediaWiki-commits] [Gerrit] librenms: workaround JunOS stupidness - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/106895 Change subject: librenms: workaround JunOS stupidness .. librenms: workaround JunOS stupidness Our librenms host is now dual-stacked (A ). JunOS (or at least the version that we're running) is stupid, and treats a log target of host $hostname with a dual stacked hostname as two log targets, multiplying all log lines by two. Until a better fix is in place, bind rsyslog to IPv4 only. Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 --- M modules/librenms/files/rsyslog.conf 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/95/106895/1 diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf index 7db0178..4d33590 100644 --- a/modules/librenms/files/rsyslog.conf +++ b/modules/librenms/files/rsyslog.conf @@ -1,9 +1,9 @@ $ModLoad imudp +$UDPServerAddress 0.0.0.0 $UDPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on -$RepeatedMsgReduction on $PrivDropToUser librenms $PrivDropToGroup librenms -- To view, visit https://gerrit.wikimedia.org/r/106895 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: workaround JunOS stupidness - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: workaround JunOS stupidness .. librenms: workaround JunOS stupidness Our librenms host is now dual-stacked (A ). JunOS (or at least the version that we're running) is stupid, and treats a log target of host $hostname with a dual stacked hostname as two log targets, multiplying all log lines by two. Until a better fix is in place, bind rsyslog to IPv4 only. Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 --- M modules/librenms/files/rsyslog.conf 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/librenms/files/rsyslog.conf b/modules/librenms/files/rsyslog.conf index 7db0178..4d33590 100644 --- a/modules/librenms/files/rsyslog.conf +++ b/modules/librenms/files/rsyslog.conf @@ -1,9 +1,9 @@ $ModLoad imudp +$UDPServerAddress 0.0.0.0 $UDPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on -$RepeatedMsgReduction on $PrivDropToUser librenms $PrivDropToGroup librenms -- To view, visit https://gerrit.wikimedia.org/r/106895 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4a911a3fad9c0d6c27796f7f2cd1bcba16e5eff8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] librenms: make main class' config option simpler - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: librenms: make main class' config option simpler .. librenms: make main class' config option simpler Supplying install_dir, html_dir, rrd_dir log file to the config hash is kind of wrong, as it's not KISS: the class already knows the best position for these and sets up other stuff based on these locations (e.g. logrotate). Pass them to the config.php template instead, outside of the config hash and simplify the caller. Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9 --- M manifests/role/librenms.pp M modules/librenms/manifests/init.pp M modules/librenms/templates/config.php.erb 3 files changed, 21 insertions(+), 11 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp index f34bb0a..a67ee50 100644 --- a/manifests/role/librenms.pp +++ b/manifests/role/librenms.pp @@ -21,11 +21,6 @@ $config = { 'title_image' = 'url(//upload.wikimedia.org/wikipedia/commons/thumb/c/c4/Wikimedia_Foundation_RGB_logo_with_text.svg/100px-Wikimedia_Foundation_RGB_logo_with_text.svg.png)', -'install_dir' = $install_dir, -'html_dir' = ${install_dir}/html, -'rrd_dir' = '/srv/librenms/rrd', -'log_file' = '/var/log/librenms.log', - 'db_host' = 'db1001.eqiad.wmnet', 'db_user' = $passwords::librenms::db_user, 'db_pass' = $passwords::librenms::db_pass, @@ -72,6 +67,7 @@ class { '::librenms': install_dir = $install_dir, +rrd_dir = '/srv/librenms/rrd', config = $config, } class { '::librenms::syslog': diff --git a/modules/librenms/manifests/init.pp b/modules/librenms/manifests/init.pp index 24c3364..0340bc8 100644 --- a/modules/librenms/manifests/init.pp +++ b/modules/librenms/manifests/init.pp @@ -8,11 +8,16 @@ # Configuration for LibreNMS, in a puppet hash format. # # [*install_dir*] -# Installation directory for LibreNMS. +# Installation directory for LibreNMS. Defaults to /srv/librenms. +# +# [*rrd_dir*] +# Location where RRD files are going to be placed. Defaults to rrd under +# *install_dir*. # class librenms( -$config, +$config={}, $install_dir='/srv/librenms', +$rrd_dir=${install_dir}/rrd, ) { group { 'librenms': ensure = present, @@ -68,6 +73,7 @@ 'nmap', 'python-mysqldb', 'rrdtool', +#'snmp', 'snmp-mibs-downloader', 'whois', ]: @@ -77,7 +83,7 @@ cron { 'librenms-discovery-all': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h all /dev/null 21, +command = ${install_dir}/discovery.php -h all /dev/null 21, hour= '*/6', minute = '33', require = User['librenms'], @@ -85,18 +91,20 @@ cron { 'librenms-discovery-new': ensure = present, user= 'librenms', -command = ${install_dir}/discovery.php -h new /dev/null 21, +command = ${install_dir}/discovery.php -h new /dev/null 21, minute = '*/5', require = User['librenms'], } cron { 'librenms-poller-all': ensure = present, user= 'librenms', -command = /usr/bin/python ${install_dir}/poller-wrapper.py 16 /dev/null 21, +command = python ${install_dir}/poller-wrapper.py 16 /dev/null 21, minute = '*/5', require = User['librenms'], } +# syslog script, in an install_dir-agnostic location +# used by librenms::syslog or a custom alternative placed manually. file { '/usr/local/sbin/librenms-syslog': ensure = link, target = ${install_dir}/syslog.php, diff --git a/modules/librenms/templates/config.php.erb b/modules/librenms/templates/config.php.erb index 49a14a6..ea9dbac 100644 --- a/modules/librenms/templates/config.php.erb +++ b/modules/librenms/templates/config.php.erb @@ -1,5 +1,11 @@ ?php -# This file is managed by Puppet! + +# This file is managed by Puppet, do not modify manually. + +$config['install_dir'] = %= @install_dir %; +$config['html_dir']= %= @install_dir %/html; +$config['rrd_dir'] = %= @rrd_dir %; +$config['log_file']= /var/log/librenms.log; $puppet_config = %= scope.function_phpdump(@config) %; -- To view, visit https://gerrit.wikimedia.org/r/106896 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6620ff7bb206d8fee4fb18607930195382611ec9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot
[MediaWiki-commits] [Gerrit] Fix various typos - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Fix various typos .. Fix various typos Change-Id: I2aa6e65e4eac8b920bf39fb51089cfaea9b0956f --- M files/nfs/upstart-nfs-noidmap.conf M manifests/ganglia.pp M modules/toollabs/manifests/init.pp 3 files changed, 15 insertions(+), 16 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/files/nfs/upstart-nfs-noidmap.conf b/files/nfs/upstart-nfs-noidmap.conf index 61fb5cf..91dc558 100644 --- a/files/nfs/upstart-nfs-noidmap.conf +++ b/files/nfs/upstart-nfs-noidmap.conf @@ -1,10 +1,10 @@ # nfs-noidmap - disable idmap for cross-project NFS # -# This task disables the kernel's automatic idmap for NFSv4 -# to allow conflicting group names accross projects +# This task disables the kernel's automatic idmap for NFSv4 to allow +# conflicting group names across projects. # -# Made into an upstart task because that setting is annoyingly -# not made available through sysctl. +# Made into an upstart task because that setting is annoyingly not +# made available through sysctl. description disable idmap for cross-project NFS diff --git a/manifests/ganglia.pp b/manifests/ganglia.pp index 1a08f35..fa06976 100644 --- a/manifests/ganglia.pp +++ b/manifests/ganglia.pp @@ -574,27 +574,27 @@ } -# == Define ganlia::view +# == Define ganglia::view # Defines a Ganglia view JSON file. # See http://sourceforge.net/apps/trac/ganglia/wiki/ganglia-web-2#JSONdefinitionforviews # for documentation on Ganglia view JSON format. # # == Parameters: -# $graphs - Shortcut for of describing items that represent aggregate_graphs. +# $graphs - Shortcut for describing items that represent aggregate_graphs. # $items- Should match exactly the JSON structure expected by Ganglia for views. # $view_type- If you are using aggregate_graphs, this must be set to 'standard'. # 'regex' will allow you to use non-aggregate graphs and match hostnames by regex. # Default: 'standard'. # $default_size - Default size for graphs. Default: 'large'. # $conf_dir - Path to directory where ganglia view JSON files should live. -# Defaults to the appropriate directory based on WMF $::realm. Default: to /var/lib/ganglia/conf -# $template - The ERb template to use for the JSON file. Only change this if you need to do fancier things than this define allows. +# Defaults to the appropriate directory based on WMF $::realm. Default: /var/lib/ganglia/conf. +# $template - The ERB template to use for the JSON file. Only change this if you need to do fancier things than this define allows. # # == Examples: -# # A 'regex' (non aggregate graph) view: +# # A 'regex' (non-aggregate graph) view: # # Note that no aggregate_graphs are used. # # This will add 4 graphs to the 'cpu' view. -# # (i.e. cpu_user and cpu_system for each myhost and myhost1) +# # (i.e. cpu_user and cpu_system for each myhost0 and myhost1) # $host_regex = 'myhost[01]' # ganglia::view { 'cpu': # view_type = 'regex', @@ -662,10 +662,10 @@ # $plugins - the plugin name (ex: 'diskstat'), will install the Python file # located in files/ganglia/plugins/${name}.py and expand the template from # templates/ganglia/plugins/${name}.pyconf.erb. -# Defaults to $title as a convenience +# Defaults to $title as a convenience. # -# $opts - optional hash which can be used in the template. The defaults are -# hardcoded in the templates. Default to {} +# $opts - optional hash which can be used in the template. The +# defaults are hardcoded in the templates. Defaults to {}. # # == Examples: # diff --git a/modules/toollabs/manifests/init.pp b/modules/toollabs/manifests/init.pp index a125e35..48190e5 100644 --- a/modules/toollabs/manifests/init.pp +++ b/modules/toollabs/manifests/init.pp @@ -74,7 +74,7 @@ # Tool Labs is enduser-facing, so we want to control the motd # properly (most things make no sense for community users: they # don't care that packages need updating, or that filesystems -# will be checked, for instance) +# will be checked, for instance). file { '/etc/update-motd.d': ensure = directory, @@ -86,7 +86,7 @@ purge = true, } -# We keep a project-locat apt repo where we stuff packages we build +# We keep a project-local apt repo where we stuff packages we build # that are intended to be local to the project. By keeping it on the # shared storage, we have no need to set up a server to use it. @@ -126,4 +126,3 @@ target = ${store}/mail, } } - -- To view, visit https://gerrit.wikimedia.org/r/107165 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2aa6e65e4eac8b920bf39fb51089cfaea9b0956f Gerrit-PatchSet: 2 Gerrit-Project:
[MediaWiki-commits] [Gerrit] Varnish: don't mobile redirect www.$project.org - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Varnish: don't mobile redirect www.$project.org .. Varnish: don't mobile redirect www.$project.org URLs such as www.wikivoyage.org/wiki/Article redirect to en.wikivoyage.org. The issue is not Wikivoyage-specific projects as it happens with e.g. www.wikipedia.org too. However, www.wikivoyage.org links are still in old web references search engine indexes, so it makes matters especially worse for Wikivoyage. The problem is the mobile redirector runs before these redirects take place, and redirects to www.m, which NXDOMAINs and users get error pages. Fix this by excluding www from the mobile redirect. Bug: 48318 Change-Id: Ie9147de410a51e3bd3d3597e27b00ccee4f9f236 --- M templates/varnish/text-frontend.inc.vcl.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/varnish/text-frontend.inc.vcl.erb b/templates/varnish/text-frontend.inc.vcl.erb index cde37d0..c3474da 100644 --- a/templates/varnish/text-frontend.inc.vcl.erb +++ b/templates/varnish/text-frontend.inc.vcl.erb @@ -26,7 +26,7 @@ req.http.User-Agent !~ (iPad|Android.3|(?i)tablet|PlayBook|Wii) req.http.Cookie !~ (stopMobileRedirect=true|mf_useformat=desktop) req.url ~ ^/wiki/) { - set req.http.MobileHost = regsub(req.http.Host, ^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\., \1m.\2.); + set req.http.MobileHost = regsub(req.http.Host, ^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|(?!www)\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\., \1m.\2.); if (req.http.Host != req.http.MobileHost) { if (req.http.X-Forwarded-Proto) { set req.http.Location = req.http.X-Forwarded-Proto + :// + req.http.MobileHost + req.url; -- To view, visit https://gerrit.wikimedia.org/r/89879 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie9147de410a51e3bd3d3597e27b00ccee4f9f236 Gerrit-PatchSet: 7 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: JanZerebecki jan.wikime...@zerebecki.de Gerrit-Reviewer: BBlack bbl...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: MaxSem maxsem.w...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] varnish: simplify the mobile redirect regexp - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: varnish: simplify the mobile redirect regexp .. varnish: simplify the mobile redirect regexp Now that we don't have to maintain squid redirector compatibility, rewrite the huge, almost unreadable, mobile redirect regexp in three distinct, easier to maintain redirects. This was done with efficiency in mind and avoids checking for the same match twice. The three redirects are likely to be slower than one, but this is hopefully offset by not checking for e.g. wikimedia three times. Plus, the regsubs are within the multiple-clause UA/cookie/url guard, so it only does matter for a small minority of hits. Change-Id: Iebfbc46d1a6a878d5c074ac44b8f2a8cda82 --- M templates/varnish/text-frontend.inc.vcl.erb 1 file changed, 8 insertions(+), 1 deletion(-) Approvals: JanZerebecki: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/varnish/text-frontend.inc.vcl.erb b/templates/varnish/text-frontend.inc.vcl.erb index c3474da..f857ac3 100644 --- a/templates/varnish/text-frontend.inc.vcl.erb +++ b/templates/varnish/text-frontend.inc.vcl.erb @@ -26,7 +26,14 @@ req.http.User-Agent !~ (iPad|Android.3|(?i)tablet|PlayBook|Wii) req.http.Cookie !~ (stopMobileRedirect=true|mf_useformat=desktop) req.url ~ ^/wiki/) { - set req.http.MobileHost = regsub(req.http.Host, ^(?:www\.(?=mediawiki))?((?:commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(?=wikimedia)|(?!www)\w+\.(?!wikimedia|mediawiki)|(?=mediawiki|wikimediafoundation))(wikimedia|wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage|mediawiki|wikimediafoundation)\., \1m.\2.); + + # Separate regexps for clarity, but multiple regsubs instead of + # if host ~/regsub matches for efficiency. Be careful to not + # write overlapping/chaining regexps. + set req.http.MobileHost = regsub(req.http.Host, ^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.); + set req.http.MobileHost = regsub(req.http.Host, ^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\., \1.m.\2.); + set req.http.MobileHost = regsub(req.http.Host, ^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\., \1.m.\2.); + if (req.http.Host != req.http.MobileHost) { if (req.http.X-Forwarded-Proto) { set req.http.Location = req.http.X-Forwarded-Proto + :// + req.http.MobileHost + req.url; -- To view, visit https://gerrit.wikimedia.org/r/106669 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iebfbc46d1a6a878d5c074ac44b8f2a8cda82 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: JanZerebecki jan.wikime...@zerebecki.de Gerrit-Reviewer: MaxSem maxsem.w...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fix mobile redirect breakage - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107349 Change subject: Fix mobile redirect breakage .. Fix mobile redirect breakage Commit Iebfbc46 broke the mobile redirect for mediawiki.org, wikimediafoundation.org and wikimedia.org subdomains. Fortunately it was caught very shortly after its deployment and affects a very minor amount of traffic. Fix this by fixing the regsubs(). Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8 --- M templates/varnish/text-frontend.inc.vcl.erb 1 file changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/49/107349/1 diff --git a/templates/varnish/text-frontend.inc.vcl.erb b/templates/varnish/text-frontend.inc.vcl.erb index f857ac3..602e53f 100644 --- a/templates/varnish/text-frontend.inc.vcl.erb +++ b/templates/varnish/text-frontend.inc.vcl.erb @@ -30,9 +30,10 @@ # Separate regexps for clarity, but multiple regsubs instead of # if host ~/regsub matches for efficiency. Be careful to not # write overlapping/chaining regexps. - set req.http.MobileHost = regsub(req.http.Host, ^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.); - set req.http.MobileHost = regsub(req.http.Host, ^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\., \1.m.\2.); - set req.http.MobileHost = regsub(req.http.Host, ^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\., \1.m.\2.); + set req.http.MobileHost = req.http.Host; + set req.http.MobileHost = regsub(req.http.MobileHost, ^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.); + set req.http.MobileHost = regsub(req.http.MobileHost, ^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\., \1.m.\2.); + set req.http.MobileHost = regsub(req.http.MobileHost, ^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\., \1.m.\2.); if (req.http.Host != req.http.MobileHost) { if (req.http.X-Forwarded-Proto) { -- To view, visit https://gerrit.wikimedia.org/r/107349 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fix mobile redirect breakage - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Fix mobile redirect breakage .. Fix mobile redirect breakage Commit Iebfbc46 broke the mobile redirect for mediawiki.org, wikimediafoundation.org and wikimedia.org subdomains. Fortunately it was caught very shortly after its deployment and affects a very minor amount of traffic. Fix this by fixing the regsubs(). Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8 --- M templates/varnish/text-frontend.inc.vcl.erb 1 file changed, 4 insertions(+), 3 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/templates/varnish/text-frontend.inc.vcl.erb b/templates/varnish/text-frontend.inc.vcl.erb index f857ac3..602e53f 100644 --- a/templates/varnish/text-frontend.inc.vcl.erb +++ b/templates/varnish/text-frontend.inc.vcl.erb @@ -30,9 +30,10 @@ # Separate regexps for clarity, but multiple regsubs instead of # if host ~/regsub matches for efficiency. Be careful to not # write overlapping/chaining regexps. - set req.http.MobileHost = regsub(req.http.Host, ^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.); - set req.http.MobileHost = regsub(req.http.Host, ^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\., \1.m.\2.); - set req.http.MobileHost = regsub(req.http.Host, ^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\., \1.m.\2.); + set req.http.MobileHost = req.http.Host; + set req.http.MobileHost = regsub(req.http.MobileHost, ^(www\.)?(mediawiki|wikimediafoundation)\., m.\2.); + set req.http.MobileHost = regsub(req.http.MobileHost, ^(commons|species|meta|incubator|outreach|strategy|wikimania201[234])\.(wikimedia)\., \1.m.\2.); + set req.http.MobileHost = regsub(req.http.MobileHost, ^((?!www)\w+)\.(wikipedia|wiktionary|wikinews|wikisource|wikiquote|wikibooks|wikiversity|wikivoyage)\., \1.m.\2.); if (req.http.Host != req.http.MobileHost) { if (req.http.X-Forwarded-Proto) { -- To view, visit https://gerrit.wikimedia.org/r/107349 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I977c3bd04a0b5573efb88774fa6090e5e6f106f8 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: don't inadvertently convert 500s to 503s - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107364 Change subject: Varnish: don't inadvertently convert 500s to 503s .. Varnish: don't inadvertently convert 500s to 503s Currently, when retry5xx is set in the puppet config, we return(restart) from vcl_fetch() on 500s, to have Varnish retry the request on a different backend. However, we have no protection against doing this indefinitely by checking req.restart, so we end up doing so, and hitting Varnish's max_restarts loop detection parameter and have the frontend throw its own cryptic 503 instead of e.g. a backend (either Varnish or MediaWiki) display its own 500 or 503. Fix this by guarding the return(restart) with req.restarts, and hardcoding 4 in the process. We might want to lower this more in the future (4 retires sounds like a lot) but for now this should do it. Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 10 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/64/107364/1 diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 25621e1..1da3391 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -305,7 +305,16 @@ } % if vcl_config.fetch(retry5xx, 0) == 1 -% if (beresp.status = 500 beresp.status 505) { - return(restart); + # Retry the backend request 3 times, then give up and display + # the backend's error page, instead of our own. + # + # Note that max_restarts is 4 by default, so Varnish would + # otherwise detect this as a loop and present its own 503. + if (req.restarts 4) { + return(restart); + } else { + return(pass); + } } % end -% set beresp.grace = 60m; -- To view, visit https://gerrit.wikimedia.org/r/107364 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: don't inadvertently convert 500s to 503s - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Varnish: don't inadvertently convert 500s to 503s .. Varnish: don't inadvertently convert 500s to 503s Currently, when retry5xx is set in the puppet config, we return(restart) from vcl_fetch() on 500s, to have Varnish retry the request on a different backend. However, we have no protection against doing this indefinitely by checking req.restart, so we end up doing so, and hitting Varnish's max_restarts loop detection parameter and have the frontend throw its own cryptic 503 instead of e.g. a backend (either Varnish or MediaWiki) display its own 500 or 503. Fix this by guarding the return(restart) with req.restarts, and hardcoding 4 in the process. We might want to lower this more in the future (4 retires sounds like a lot) but for now this should do it. Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 10 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 25621e1..1da3391 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -305,7 +305,16 @@ } % if vcl_config.fetch(retry5xx, 0) == 1 -% if (beresp.status = 500 beresp.status 505) { - return(restart); + # Retry the backend request 3 times, then give up and display + # the backend's error page, instead of our own. + # + # Note that max_restarts is 4 by default, so Varnish would + # otherwise detect this as a loop and present its own 503. + if (req.restarts 4) { + return(restart); + } else { + return(pass); + } } % end -% set beresp.grace = 60m; -- To view, visit https://gerrit.wikimedia.org/r/107364 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ibf358a2b3df2e984947347138856c5c7e1b91a5e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: brown paper bag fix for return(restart) - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107365 Change subject: Varnish: brown paper bag fix for return(restart) .. Varnish: brown paper bag fix for return(restart) Apparently the author forgot his understanding of Varnish flow control structures and basic arithmetics. Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64 --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/65/107365/1 diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 1da3391..c509f2a 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -310,10 +310,10 @@ # # Note that max_restarts is 4 by default, so Varnish would # otherwise detect this as a loop and present its own 503. - if (req.restarts 4) { + if (req.restarts 3) { return(restart); } else { - return(pass); + return(deliver); } } % end -% -- To view, visit https://gerrit.wikimedia.org/r/107365 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: brown paper bag fix for return(restart) - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Varnish: brown paper bag fix for return(restart) .. Varnish: brown paper bag fix for return(restart) Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64 --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 1da3391..c509f2a 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -310,10 +310,10 @@ # # Note that max_restarts is 4 by default, so Varnish would # otherwise detect this as a loop and present its own 503. - if (req.restarts 4) { + if (req.restarts 3) { return(restart); } else { - return(pass); + return(deliver); } } % end -% -- To view, visit https://gerrit.wikimedia.org/r/107365 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iae0f99193f3857a1acdc9733a2124d50f7354c64 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] gdash: remove logbase from reqstats.5xx - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: gdash: remove logbase from reqstats.5xx .. gdash: remove logbase from reqstats.5xx As surprising as that sounds, reqstats.5xx can be 0 sometimes, in which case Graphite returns a 500 with a backtrace that ends with: GraphError: Logarithmic scale specified with a dataset with a minimum value less than or equal to zero. Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f --- M files/gdash/dashboards/reqerror/1.5xx.graph M files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph M files/gdash/dashboards/reqerror/5.5xx-1wk.graph M files/gdash/dashboards/reqerror/7.5xx-2m.graph M files/gdash/dashboards/reqerror/9.5xx-1y.graph 5 files changed, 0 insertions(+), 5 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/files/gdash/dashboards/reqerror/1.5xx.graph b/files/gdash/dashboards/reqerror/1.5xx.graph index 264b006..014d94d 100644 --- a/files/gdash/dashboards/reqerror/1.5xx.graph +++ b/files/gdash/dashboards/reqerror/1.5xx.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -8hours linewidth 2 -logbase 2 linemode connected hide_legend false from -8hours diff --git a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph index 8a505b4..18a185e 100644 --- a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph +++ b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -1day linewidth 2 -logbase 2 linemode staircase hide_legend false from -1 day diff --git a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph index 5813884..4105a8c 100644 --- a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph +++ b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1week linewidth 2 -logbase 2 linemode connected hide_legend false from -1 week diff --git a/files/gdash/dashboards/reqerror/7.5xx-2m.graph b/files/gdash/dashboards/reqerror/7.5xx-2m.graph index 90af6ad..000126b 100644 --- a/files/gdash/dashboards/reqerror/7.5xx-2m.graph +++ b/files/gdash/dashboards/reqerror/7.5xx-2m.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -2month linewidth 2 -logbase 10 linemode connected hide_legend false from -2month diff --git a/files/gdash/dashboards/reqerror/9.5xx-1y.graph b/files/gdash/dashboards/reqerror/9.5xx-1y.graph index d1c6a5d..7db424b 100644 --- a/files/gdash/dashboards/reqerror/9.5xx-1y.graph +++ b/files/gdash/dashboards/reqerror/9.5xx-1y.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1year linewidth 2 -logbase 10 linemode connected hide_legend false from -1year -- To view, visit https://gerrit.wikimedia.org/r/107367 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] gdash: remove logbase from reqstats.5xx - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107367 Change subject: gdash: remove logbase from reqstats.5xx .. gdash: remove logbase from reqstats.5xx As surprising as that sounds, reqstats.5xx can be 0 sometimes, in which case Graphite returns a 500 with a backtrace that ends with: GraphError: Logarithmic scale specified with a dataset with a minimum value less than or equal to zero. Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f --- M files/gdash/dashboards/reqerror/1.5xx.graph M files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph M files/gdash/dashboards/reqerror/5.5xx-1wk.graph M files/gdash/dashboards/reqerror/7.5xx-2m.graph M files/gdash/dashboards/reqerror/9.5xx-1y.graph 5 files changed, 0 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/67/107367/1 diff --git a/files/gdash/dashboards/reqerror/1.5xx.graph b/files/gdash/dashboards/reqerror/1.5xx.graph index 264b006..014d94d 100644 --- a/files/gdash/dashboards/reqerror/1.5xx.graph +++ b/files/gdash/dashboards/reqerror/1.5xx.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -8hours linewidth 2 -logbase 2 linemode connected hide_legend false from -8hours diff --git a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph index 8a505b4..18a185e 100644 --- a/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph +++ b/files/gdash/dashboards/reqerror/3.5xx-sum-1day.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses -1day linewidth 2 -logbase 2 linemode staircase hide_legend false from -1 day diff --git a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph index 5813884..4105a8c 100644 --- a/files/gdash/dashboards/reqerror/5.5xx-1wk.graph +++ b/files/gdash/dashboards/reqerror/5.5xx-1wk.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1week linewidth 2 -logbase 2 linemode connected hide_legend false from -1 week diff --git a/files/gdash/dashboards/reqerror/7.5xx-2m.graph b/files/gdash/dashboards/reqerror/7.5xx-2m.graph index 90af6ad..000126b 100644 --- a/files/gdash/dashboards/reqerror/7.5xx-2m.graph +++ b/files/gdash/dashboards/reqerror/7.5xx-2m.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -2month linewidth 2 -logbase 10 linemode connected hide_legend false from -2month diff --git a/files/gdash/dashboards/reqerror/9.5xx-1y.graph b/files/gdash/dashboards/reqerror/9.5xx-1y.graph index d1c6a5d..7db424b 100644 --- a/files/gdash/dashboards/reqerror/9.5xx-1y.graph +++ b/files/gdash/dashboards/reqerror/9.5xx-1y.graph @@ -1,6 +1,5 @@ title HTTP 5xx Responses/hour -1year linewidth 2 -logbase 10 linemode connected hide_legend false from -1year -- To view, visit https://gerrit.wikimedia.org/r/107367 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I55360737d29f7e01f53b23e35c1f89922b9db70f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give iodine a predictable IPv6 address - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Give iodine a predictable IPv6 address .. Give iodine a predictable IPv6 address Then we can have rdns for outbound OTRS mail. Maybe doesn't make a big difference because it goes through another MTA on the way out, but will at least make manual review of headers a bit easier. RT: 3645 Change-Id: I0f536e046bd5dfb9e920fba70a4b642aa344037c --- M manifests/site.pp 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index a360181..f6fcfac 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -2662,6 +2662,8 @@ node iodine.wikimedia.org { include role::otrs + +interface::add_ip6_mapped { main: interface = eth0 } } node /^wtp10(0[1-9]|1[0-9]|2[0-4])\.eqiad\.wmnet$/ { -- To view, visit https://gerrit.wikimedia.org/r/94111 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0f536e046bd5dfb9e920fba70a4b642aa344037c Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Jeremyb jer...@tuxmachine.com Gerrit-Reviewer: Dzahn dz...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Jeremyb jer...@tuxmachine.com Gerrit-Reviewer: Jgreen jgr...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add logstash.wikimedia.org - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add logstash.wikimedia.org .. Add logstash.wikimedia.org Logstash.wikimedia.org will host a frontend for searching log data stored in an Elasticsearch cluster. The misc varnish cluster will provide SSL termination and failover support. Depends on If10eb3a Change-Id: I1e2127d0e2a51285b2f62074ab16635b05983e2b --- M templates/wikimedia.org 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wikimedia.org b/templates/wikimedia.org index 5943802..c6c0ce7 100644 --- a/templates/wikimedia.org +++ b/templates/wikimedia.org @@ -645,6 +645,7 @@ labs-ns0 1H IN A208.80.152.33 labs-ns1 1H IN A208.80.154.19 labsconsole1H IN CNAMEwikitech +logstash 1H IN CNAMEmisc-web-lb.eqiad metrics-api1H IN CNAMEstat1001 metrics1H IN CNAMEstat1001 noc1H IN CNAMEfenari -- To view, visit https://gerrit.wikimedia.org/r/105105 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1e2127d0e2a51285b2f62074ab16635b05983e2b Gerrit-PatchSet: 4 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Proxy logstash.wikimedia.org via misc varnish cluster - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Proxy logstash.wikimedia.org via misc varnish cluster .. Proxy logstash.wikimedia.org via misc varnish cluster Use the misc Varnish cluster to provide SSL termination and load balancing for logstash.wikimedia.org. Depends on: I504c4c1 Change-Id: If10eb3a99916df7172c869efd248f45f6d081b7f --- M manifests/role/cache.pp M modules/varnish/templates/vcl/wikimedia.vcl.erb M templates/varnish/misc.inc.vcl.erb 3 files changed, 25 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 0657734..1f6a204 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -1183,6 +1183,9 @@ 'ytterbium.wikimedia.org', 'tungsten.eqiad.wmnet', 'zirconium.wikimedia.org', +'logstash1001.eqiad.wmnet', +'logstash1002.eqiad.wmnet', +'logstash1003.eqiad.wmnet', ], backend_options = [ { @@ -1190,12 +1193,23 @@ 'port' = 8080, }, { +'backend_match' = '^logstash', +'probe' = 'logstash', +}, +{ 'port' = 80, 'connect_timeout' = '5s', 'first_byte_timeout' = '35s', 'between_bytes_timeout' = '4s', 'max_connections' = 100, -}] +}], +directors = { +'logstash' = [ +'logstash1001.eqiad.wmnet', +'logstash1002.eqiad.wmnet', +'logstash1003.eqiad.wmnet', +] +}, } } } diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index c509f2a..7787f1a 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -103,6 +103,14 @@ .timeout = 2s; } +probe logstash { + .url = /status; + .interval = 5s; + .timeout = 1s; + .window = 5; + .threshold = 3; +} + # Backends # List of Puppet generated backends diff --git a/templates/varnish/misc.inc.vcl.erb b/templates/varnish/misc.inc.vcl.erb index d650371..0974402 100644 --- a/templates/varnish/misc.inc.vcl.erb +++ b/templates/varnish/misc.inc.vcl.erb @@ -12,6 +12,8 @@ set req.backend = ytterbium; } elsif (req.http.Host == gdash.wikimedia.org || req.http.Host == graphite.wikimedia.org) { set req.backend = tungsten; + } elsif (req.http.Host == logstash.wikimedia.org){ + set req.backend = logstash; } elsif (req.http.Host == scholarships.wikimedia.org) { set req.backend = zirconium; } else { -- To view, visit https://gerrit.wikimedia.org/r/106170 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If10eb3a99916df7172c869efd248f45f6d081b7f Gerrit-PatchSet: 8 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: Aaron Schulz asch...@wikimedia.org Gerrit-Reviewer: BryanDavis bda...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert Initial commit of pmacct module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107550 Change subject: Revert Initial commit of pmacct module .. Revert Initial commit of pmacct module This reverts commit 2e7954be2d24fe2ed6d246ce0b30f8b24750a8fa. This violates a bunch of our conventions and really needs to go via a proper code review process. Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1 --- D modules/pmacct/manifests/devices.pp D modules/pmacct/manifests/init.pp D modules/pmacct/manifests/makeconfig.pp D modules/pmacct/templates/config.erb 4 files changed, 0 insertions(+), 218 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/50/107550/1 diff --git a/modules/pmacct/manifests/devices.pp b/modules/pmacct/manifests/devices.pp deleted file mode 100644 index a9f4339..000 --- a/modules/pmacct/manifests/devices.pp +++ /dev/null @@ -1,61 +0,0 @@ -# Class: pmacct -# -# List of devices speaking netflow/ipfix -# -# IP is needed for iptables rules changes -# port is needed for flow and bpg config -# samplerate is to adjust for sampling - -class pmacct::devices { -# Device Listing -$list = { -# tpa - as65001 -cr1-sdtpa = { -port = '6511', -ip = '208.80.152.196', -samplerate = '200', -}, -# Currently running old JunOS and will not sample correctly -#cr2-pmtpa = { -#port = '6512', -#ip = '208.80.152.197', -#samplerate = '1000', -#}, - -# eqiad - as65002 -cr1-eqiad = { -port = '6521', -ip = '208.80.154.196', -samplerate = '1000', -}, -cr2-eqiad = { -port = '6522', -ip = '208.80.154.197', -samplerate = '1000', -}, - -# ulsfo - as65003 -cr1-ulsfo = { -port = '6531', -ip = '198.35.26.192', -samplerate = '1000', -}, -cr2-ulsfo = { -port = '6532', -ip = '198.35.26.193', -samplerate = '1000', -}, - -# ams - as43821 -cr1-esams = { -port = '4381', -ip = '91.198.174.245', -samplerate = '1000', -}, -cr2-knams = { -port = '4382', -ip = '91.198.174.246', -samplerate = '1000', -}, -} -} diff --git a/modules/pmacct/manifests/init.pp b/modules/pmacct/manifests/init.pp deleted file mode 100644 index 3d1d098..000 --- a/modules/pmacct/manifests/init.pp +++ /dev/null @@ -1,73 +0,0 @@ -# Class: pmacct -# -# This installs and mangages pmacct configuraiton -# http://www.pmacct.net/ -# -# Will initially be added to node 'netmon1001' - -class pmacct { - -# Note: $pmacct::home does not work here... ? -$home = '/srv/pmacct' - -# mysql -$mysqlhost = '127.0.0.1' -$mysqluser = 'pmacct' -$mysqlpass = $passwords::pmacct::mysqlpass - -# Package (have a fresh one built by Faidon) -# --enable-mysql --enable-64bit --enable-threads --enable-geoip -# and added to our repo? -package { 'pmacct': -ensure = installed, -} - -# User creation (not done by package) -generic::systemuser { 'pmacct': -name = 'pmacct', -home = $pmacct::home, -shell = '/bin/sh', -} - -# Home directory -file { $pmacct::home: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode = '0750', -} - -# Log directory -file { ${pmacct::home}/logs: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode= '0750', -require = File[ $pmacct::home ], -} - -# Config directory -file { ${pmacct::home}/configs: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode= '0750', -require = File[ $pmacct::home ], -} - -# Device list (nice to keep it in it's own world) -require 'pmacct::devices' - -# Iterate over the device list to create new configs -# FIXME: Review daniel's different method for iterating over a hash.. -create_resources('pmacct::makeconfig', $pmacct::devices::list) - -# Iterate over the device list to verify/check iptables redirects -# FIXME: ferm (should probably happen in one iterate... - - -# FIXME: make sure services are running (not start/stop scripts) -# ... -} - - diff --git a/modules/pmacct/manifests/makeconfig.pp b/modules/pmacct/manifests/makeconfig.pp deleted file mode 100644 index 65a207e..000 --- a/modules/pmacct/manifests/makeconfig.pp +++ /dev/null @@ -1,21 +0,0 @@ -# pmacct::makeconfig -# Generates a unique config file per device - -define
[MediaWiki-commits] [Gerrit] Revert Initial commit of pmacct module - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Revert Initial commit of pmacct module .. Revert Initial commit of pmacct module This reverts commit 2e7954be2d24fe2ed6d246ce0b30f8b24750a8fa. This violates a bunch of our conventions and really needs to go via a proper code review process. It's also a broken pmacct configuration (no /opt/maxmind, among others). More importantly, it's also a doubly broken ferm configuration that would break all other netmon1001 services if it was otherwise non-broken. Change-Id: I1865d1f2c69302eca83e29eb09a17105d21590e1 --- M manifests/site.pp D modules/pmacct/manifests/devices.pp D modules/pmacct/manifests/init.pp D modules/pmacct/manifests/makeconfig.pp D modules/pmacct/templates/config.erb 5 files changed, 1 insertion(+), 222 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index f6fcfac..6ec6549 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1886,10 +1886,7 @@ misc::rancid, smokeping, smokeping::web, -role::librenms, - geoip, - pmacct, - ferm +role::librenms interface::add_ip6_mapped { main: } } diff --git a/modules/pmacct/manifests/devices.pp b/modules/pmacct/manifests/devices.pp deleted file mode 100644 index a9f4339..000 --- a/modules/pmacct/manifests/devices.pp +++ /dev/null @@ -1,61 +0,0 @@ -# Class: pmacct -# -# List of devices speaking netflow/ipfix -# -# IP is needed for iptables rules changes -# port is needed for flow and bpg config -# samplerate is to adjust for sampling - -class pmacct::devices { -# Device Listing -$list = { -# tpa - as65001 -cr1-sdtpa = { -port = '6511', -ip = '208.80.152.196', -samplerate = '200', -}, -# Currently running old JunOS and will not sample correctly -#cr2-pmtpa = { -#port = '6512', -#ip = '208.80.152.197', -#samplerate = '1000', -#}, - -# eqiad - as65002 -cr1-eqiad = { -port = '6521', -ip = '208.80.154.196', -samplerate = '1000', -}, -cr2-eqiad = { -port = '6522', -ip = '208.80.154.197', -samplerate = '1000', -}, - -# ulsfo - as65003 -cr1-ulsfo = { -port = '6531', -ip = '198.35.26.192', -samplerate = '1000', -}, -cr2-ulsfo = { -port = '6532', -ip = '198.35.26.193', -samplerate = '1000', -}, - -# ams - as43821 -cr1-esams = { -port = '4381', -ip = '91.198.174.245', -samplerate = '1000', -}, -cr2-knams = { -port = '4382', -ip = '91.198.174.246', -samplerate = '1000', -}, -} -} diff --git a/modules/pmacct/manifests/init.pp b/modules/pmacct/manifests/init.pp deleted file mode 100644 index 3d1d098..000 --- a/modules/pmacct/manifests/init.pp +++ /dev/null @@ -1,73 +0,0 @@ -# Class: pmacct -# -# This installs and mangages pmacct configuraiton -# http://www.pmacct.net/ -# -# Will initially be added to node 'netmon1001' - -class pmacct { - -# Note: $pmacct::home does not work here... ? -$home = '/srv/pmacct' - -# mysql -$mysqlhost = '127.0.0.1' -$mysqluser = 'pmacct' -$mysqlpass = $passwords::pmacct::mysqlpass - -# Package (have a fresh one built by Faidon) -# --enable-mysql --enable-64bit --enable-threads --enable-geoip -# and added to our repo? -package { 'pmacct': -ensure = installed, -} - -# User creation (not done by package) -generic::systemuser { 'pmacct': -name = 'pmacct', -home = $pmacct::home, -shell = '/bin/sh', -} - -# Home directory -file { $pmacct::home: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode = '0750', -} - -# Log directory -file { ${pmacct::home}/logs: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode= '0750', -require = File[ $pmacct::home ], -} - -# Config directory -file { ${pmacct::home}/configs: -ensure = 'directory', -owner = 'pmacct', -group = 'pmacct', -mode= '0750', -require = File[ $pmacct::home ], -} - -# Device list (nice to keep it in it's own world) -require 'pmacct::devices' - -# Iterate over the device list to create new configs -# FIXME: Review daniel's different method for iterating over a hash.. -
[MediaWiki-commits] [Gerrit] Give Nik Chad root access to lucene search boxes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107551 Change subject: Give Nik Chad root access to lucene search boxes .. Give Nik Chad root access to lucene search boxes They're both doing search have access to the new search infrastructure, it's silly for them to not have access on the old one. RT: 6628 Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1 --- M manifests/role/lucene.pp 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/51/107551/1 diff --git a/manifests/role/lucene.pp b/manifests/role/lucene.pp index 10304fb..007456c 100644 --- a/manifests/role/lucene.pp +++ b/manifests/role/lucene.pp @@ -143,6 +143,9 @@ include admins::roots, admins::mortals, admins::restricted + + sudo_user { [ manybubbles ]: privileges = ['ALL = NOPASSWD: ALL'] } + sudo_user { [ demon ]: privileges = ['ALL = NOPASSWD: ALL'] } } } -- To view, visit https://gerrit.wikimedia.org/r/107551 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give Nik Chad root access to lucene search boxes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Give Nik Chad root access to lucene search boxes .. Give Nik Chad root access to lucene search boxes They're both doing search have access to the new search infrastructure, it's silly for them to not have access on the old one. RT: 6628 Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1 --- M manifests/role/lucene.pp 1 file changed, 3 insertions(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/lucene.pp b/manifests/role/lucene.pp index 10304fb..007456c 100644 --- a/manifests/role/lucene.pp +++ b/manifests/role/lucene.pp @@ -143,6 +143,9 @@ include admins::roots, admins::mortals, admins::restricted + + sudo_user { [ manybubbles ]: privileges = ['ALL = NOPASSWD: ALL'] } + sudo_user { [ demon ]: privileges = ['ALL = NOPASSWD: ALL'] } } } -- To view, visit https://gerrit.wikimedia.org/r/107551 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6c1abf8230d6e6e8a8cbe23b2d33f23b20843ae1 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: redirect to HTTPS - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107557 Change subject: kibana: redirect to HTTPS .. kibana: redirect to HTTPS We shouldn't pass credentials nor potentially sensitive loglines clear over clear text. Since we're behind misc-web-lb, do the redirect based on the X-Forwarded-Proto HTTP header. Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e --- M templates/kibana/apache.conf.erb 1 file changed, 6 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/57/107557/1 diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb index 96a434d..42f4c6e 100644 --- a/templates/kibana/apache.conf.erb +++ b/templates/kibana/apache.conf.erb @@ -10,6 +10,11 @@ DocumentRoot %= @deploy_dir %/src + RewriteEngine on + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteCond %{REQUEST_URI} !^/status$ + RewriteRule ^/(.*)$ https://%= @hostname %%{REQUEST_URI} [R=301,L] + Directory / Options FollowSymLinks AllowOverride None @@ -68,7 +73,7 @@ Header set Cache-Control public, must-revalidate, max-age=900 /LocationMatch - # Storage/retrival of saved dashboards via elasticsearch + # Storage/retrieval of saved dashboards via elasticsearch LocationMatch ^/(kibana-int/dashboard/|kibana-int/temp)(.*)$ ProxyPassMatch http://%= @es_host %:%= @es_port %/$1$2 ProxyPassReverse http://%= @es_host %:%= @es_port %/$1$2 -- To view, visit https://gerrit.wikimedia.org/r/107557 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: redirect to HTTPS - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: kibana: redirect to HTTPS .. kibana: redirect to HTTPS We shouldn't pass credentials nor potentially sensitive loglines clear over clear text. Since we're behind misc-web-lb, do the redirect based on the X-Forwarded-Proto HTTP header. Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e --- M templates/kibana/apache.conf.erb 1 file changed, 6 insertions(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/kibana/apache.conf.erb b/templates/kibana/apache.conf.erb index 96a434d..42f4c6e 100644 --- a/templates/kibana/apache.conf.erb +++ b/templates/kibana/apache.conf.erb @@ -10,6 +10,11 @@ DocumentRoot %= @deploy_dir %/src + RewriteEngine on + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteCond %{REQUEST_URI} !^/status$ + RewriteRule ^/(.*)$ https://%= @hostname %%{REQUEST_URI} [R=301,L] + Directory / Options FollowSymLinks AllowOverride None @@ -68,7 +73,7 @@ Header set Cache-Control public, must-revalidate, max-age=900 /LocationMatch - # Storage/retrival of saved dashboards via elasticsearch + # Storage/retrieval of saved dashboards via elasticsearch LocationMatch ^/(kibana-int/dashboard/|kibana-int/temp)(.*)$ ProxyPassMatch http://%= @es_host %:%= @es_port %/$1$2 ProxyPassReverse http://%= @es_host %:%= @es_port %/$1$2 -- To view, visit https://gerrit.wikimedia.org/r/107557 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie061e00bd067e08fc45729595f893c0411adb67e Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: enable Apache2 rewrite module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107558 Change subject: kibana: enable Apache2 rewrite module .. kibana: enable Apache2 rewrite module This is for Iea6bd55. mod_rewrite was was manually provisioned on logstash1001 and hence missed in the original commit. Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0 --- M manifests/role/kibana.pp 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/58/107558/1 diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp index d3c459a..c5d7e2d 100644 --- a/manifests/role/kibana.pp +++ b/manifests/role/kibana.pp @@ -27,6 +27,7 @@ 'headers', 'proxy', 'proxy_http', +'rewrite', ]: } file { /etc/apache2/sites-available/${hostname}: -- To view, visit https://gerrit.wikimedia.org/r/107558 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] kibana: enable Apache2 rewrite module - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: kibana: enable Apache2 rewrite module .. kibana: enable Apache2 rewrite module This is for Iea6bd55. mod_rewrite was was manually provisioned on logstash1001 and hence missed in the original commit. Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0 --- M manifests/role/kibana.pp 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Verified; Looks good to me, approved diff --git a/manifests/role/kibana.pp b/manifests/role/kibana.pp index d3c459a..c5d7e2d 100644 --- a/manifests/role/kibana.pp +++ b/manifests/role/kibana.pp @@ -27,6 +27,7 @@ 'headers', 'proxy', 'proxy_http', +'rewrite', ]: } file { /etc/apache2/sites-available/${hostname}: -- To view, visit https://gerrit.wikimedia.org/r/107558 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iea6bd558bd894095b7628f71a8bc49d2b65032f0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add 'graphite-index' script and cron job - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Add 'graphite-index' script and cron job .. Add 'graphite-index' script and cron job The graphite-web package ships with a shell script, 'graphite-build-search-index', which rebuilds the index of Whisper files used by graphite-web. The Debian script presumes that graphite-web and carbon are both running with uid / gid '_graphite', but we prefer to keep them distinct, because graphite-web should not be modifying Whisper files. So ship an alternative script that better matches our setup. Change-Id: I83a2c6dbecba7545bb6e849f4e0089d69f202f44 --- A modules/graphite/files/graphite-index M modules/graphite/manifests/web.pp 2 files changed, 54 insertions(+), 6 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/graphite/files/graphite-index b/modules/graphite/files/graphite-index new file mode 100755 index 000..f9932c8 --- /dev/null +++ b/modules/graphite/files/graphite-index @@ -0,0 +1,35 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + + Generate index file for graphite-web + + This file supercedes the script 'graphite-build-search-index' which ships + with the graphite-web package in Debian. The Debian script presumes that + graphite-web and carbon are both running with uid / gid '_graphite', but we + prefer to keep them distinct, because graphite-web should not be modifying + Whisper files. + + +import os +import fnmatch +import tempfile + +from graphite import settings + + +def iter_glob(dir, glob_pattern): +Recurse through `dir`, yielding files that match `glob_pattern` +return (os.path.join(root, f) for root, _, fs in os.walk(dir) +for f in fs if fnmatch.fnmatch(f, glob_pattern)) + + +def format_entry(wsp_path): +Format a .wsp file path for inclusion in Graphite's index +return wsp_path[len(settings.WHISPER_DIR):-4].replace('/', '.') + + +with tempfile.NamedTemporaryFile('wt', delete=False) as tmp: +for whisper in iter_glob(settings.WHISPER_DIR, '*.wsp'): +tmp.write(format_entry(whisper) + '\n') +os.chmod(tmp.name, 0644) +os.rename(tmp.name, settings.INDEX_FILE) diff --git a/modules/graphite/manifests/web.pp b/modules/graphite/manifests/web.pp index f0ebfcf..b579b8b 100644 --- a/modules/graphite/manifests/web.pp +++ b/modules/graphite/manifests/web.pp @@ -96,15 +96,28 @@ require = File['/var/run/graphite-web', '/var/log/graphite-web'], } -file { '/sbin/graphite-auth': -source = 'puppet:///modules/graphite/graphite-auth', -mode= '0755', +file { '/usr/local/sbin/graphite-index': +source = 'puppet:///modules/graphite/graphite-index', +mode= '0555', require = Uwsgi::App['graphite-web'], } +file { '/usr/local/sbin/graphite-auth': +source = 'puppet:///modules/graphite/graphite-auth', +mode= '0555', +require = Uwsgi::App['graphite-web'], +} + +cron { 'update_graphite_index': +command = '/usr/local/sbin/graphite-index', +user= 'www-data', +hour= '*/1', +require = File['/usr/local/sbin/graphite-index'], +} + exec { 'create_graphite_admin': -command = /sbin/graphite-auth set ${admin_user} ${admin_pass}, -unless = /sbin/graphite-auth check ${admin_user} ${admin_pass}, -require = File['/sbin/graphite-auth'], +command = /usr/local/sbin/graphite-auth set ${admin_user} ${admin_pass}, +unless = /usr/local/sbin/graphite-auth check ${admin_user} ${admin_pass}, +require = File['/usr/local/sbin/graphite-auth'], } } -- To view, visit https://gerrit.wikimedia.org/r/107616 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I83a2c6dbecba7545bb6e849f4e0089d69f202f44 Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] tcpircbot: fix multiple unreferenced var errors - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107807 Change subject: tcpircbot: fix multiple unreferenced var errors .. tcpircbot: fix multiple unreferenced var errors The few unrelated touch-ups of commit I0e0209e were broken in multiple ways, throwing errors because of missing dependencies. Attempt to fix those while keeping the original commit's rationale of removing useless parameters that noone would ever customize. Change-Id: If6379f5c2fedd54460494b98392e4f6d96d8ef8b --- M modules/tcpircbot/manifests/init.pp M modules/tcpircbot/manifests/instance.pp 2 files changed, 8 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/07/107807/1 diff --git a/modules/tcpircbot/manifests/init.pp b/modules/tcpircbot/manifests/init.pp index a39b762..de87c67 100644 --- a/modules/tcpircbot/manifests/init.pp +++ b/modules/tcpircbot/manifests/init.pp @@ -8,12 +8,6 @@ # # === Parameters # -# [*user*] -# Run tcpircbot instances as this system user (default: 'tcpircbot'). -# -# [*group*] -# Run tcpircbot under this gid (default: 'tcpircbot'). -# # [*dir*] # Directory for tcpircbot script and configuration files and home directory # for user. @@ -31,7 +25,10 @@ # password = $passwords::irc::announcebot, # } # -class tcpircbot { +class tcpircbot( +$dir = '/srv/tcpircbot', +) { + package { [ 'python-irclib', 'python-netaddr' ]: ensure = present, } @@ -42,7 +39,7 @@ ensure = present, gid= 'tcpircbot', shell = '/bin/false', -home = '/srv/tcpircbot', +home = $dir, managehome = true, system = true, } @@ -50,8 +47,8 @@ file { ${dir}/tcpircbot.py: ensure = present, source = 'puppet:///modules/tcpircbot/tcpircbot.py', -owner = $user, -group = $group, +owner = 'tcpircbot', +group = 'tcpircbot', mode = '0555', } } diff --git a/modules/tcpircbot/manifests/instance.pp b/modules/tcpircbot/manifests/instance.pp index d321b97..9fad01b 100644 --- a/modules/tcpircbot/manifests/instance.pp +++ b/modules/tcpircbot/manifests/instance.pp @@ -68,7 +68,7 @@ file { ${tcpircbot::dir}/${title}.json: ensure = present, content = template('tcpircbot/tcpircbot.json.erb'), -require = User[$tcpircbot::user], +require = User['tcpircbot'], } file { /etc/init/tcpircbot-${title}.conf: -- To view, visit https://gerrit.wikimedia.org/r/107807 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If6379f5c2fedd54460494b98392e4f6d96d8ef8b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] OCG: update trebuchet config and remove Node - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: OCG: update trebuchet config and remove Node .. OCG: update trebuchet config and remove Node Trebuchet * It didn't make sense to have a completely separate git repo just for deployments. I'm going to use a deploy branch and see how that works out. * According to the documentation, declare the service name in a different way so that `restart-service` works. apt * OCG requires Node 0.10; but WMF has 0.8 in it's repo right now. The installation requirement is causing some havok if I try to use a different version of node. Change-Id: I0a4457f450724e7fbf5c864a3a2e05aed57a231c --- M manifests/role/deployment.pp M modules/ocg/manifests/init.pp 2 files changed, 8 insertions(+), 8 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp index 3479447..30e0967 100644 --- a/manifests/role/deployment.pp +++ b/manifests/role/deployment.pp @@ -97,10 +97,9 @@ }, 'ocg/ocg' = { 'grain' = 'ocg', -'upstream' = 'https://gerrit.wikimedia.org/r/mediawiki/services/ocg-collection/deploy', -'checkout_module_calls' = { -'service.restart' = ['ocg'], -}, +'upstream' = 'https://gerrit.wikimedia.org/r/mediawiki/services/ocg-collection', +'service_name' = 'ocg', +'checkout_submodules' = true, }, 'fluoride/fluoride' = { 'grain'= 'fluoride', diff --git a/modules/ocg/manifests/init.pp b/modules/ocg/manifests/init.pp index fb411b6..ebb8591 100644 --- a/modules/ocg/manifests/init.pp +++ b/modules/ocg/manifests/init.pp @@ -33,10 +33,11 @@ system = true, } -package { 'nodejs': -ensure = present, -notify = Service['ocg'], -} +# Can't use Node installed from Apt until we have 0.10 in the repo +#package { 'nodejs': +#ensure = present, +#notify = Service['ocg'], +#} package { [ -- To view, visit https://gerrit.wikimedia.org/r/107810 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0a4457f450724e7fbf5c864a3a2e05aed57a231c Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mwalker mwal...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Jgreen jgr...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] webserver: puppet 3 compatibility fix - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: webserver: puppet 3 compatibility fix .. webserver: puppet 3 compatibility fix Change-Id: Ic2745dddb7ac4728e904ac63b7e60c1b926bcf15 --- M manifests/webserver.pp 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/webserver.pp b/manifests/webserver.pp index 7f49b7d..a5e859c 100644 --- a/manifests/webserver.pp +++ b/manifests/webserver.pp @@ -155,7 +155,7 @@ define module { Class[webserver::apache::packages] - Webserver::Apache::Module[$title] - Class[webserver::apache::config] - $packagename = $operatingsystem ? { + $packagename = $::operatingsystem ? { Ubuntu = $title ? { perl = libapache2-mod-perl2, -- To view, visit https://gerrit.wikimedia.org/r/107814 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic2745dddb7ac4728e904ac63b7e60c1b926bcf15 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Matanya mata...@foss.co.il Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Would help if the OCG config was in the right spot - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Would help if the OCG config was in the right spot .. Would help if the OCG config was in the right spot Change-Id: I1c3928b5b41d6d7a0618ce76b6d361c8b6e79419 --- M modules/ocg/templates/mw-ocg-service.js.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/ocg/templates/mw-ocg-service.js.erb b/modules/ocg/templates/mw-ocg-service.js.erb index ec34e83..067c6f5 100644 --- a/modules/ocg/templates/mw-ocg-service.js.erb +++ b/modules/ocg/templates/mw-ocg-service.js.erb @@ -18,5 +18,5 @@ config.backend.temp_dir = %= @temp_dir %; // Import the public local settings - return require(/srv/deployment/ocg/LocalSettings.js)(config) + return require(/srv/deployment/ocg/ocg/LocalSettings.js)(config) } -- To view, visit https://gerrit.wikimedia.org/r/107820 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I1c3928b5b41d6d7a0618ce76b6d361c8b6e79419 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mwalker mwal...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] More OCG path fun - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: More OCG path fun .. More OCG path fun Change-Id: I5df98d7167755d79673c11ee94c4036717c78905 --- M modules/ocg/files/ocg.upstart.conf 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/ocg/files/ocg.upstart.conf b/modules/ocg/files/ocg.upstart.conf index e41a19a..953d964 100644 --- a/modules/ocg/files/ocg.upstart.conf +++ b/modules/ocg/files/ocg.upstart.conf @@ -15,6 +15,6 @@ setuid ocg setgid ocg -exec /srv/deployment/ocg/mw-ocg-service -c /etc/ocg/mw-ocg-service.js +exec /srv/deployment/ocg/ocg/mw-ocg-service.js -c /etc/ocg/mw-ocg-service.js respawn -- To view, visit https://gerrit.wikimedia.org/r/107830 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5df98d7167755d79673c11ee94c4036717c78905 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Mwalker mwal...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Jgreen jgr...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] (WIP) Refactor admins.pp into an admin module - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/107848 Change subject: (WIP) Refactor admins.pp into an admin module .. (WIP) Refactor admins.pp into an admin module (this is WORK IN PROGRESS and UNTESTED) Refactor the huge often unmanageable admins.pp into a new admins module. Several enhancements have been introduced: - Split of code, logic data, with generic abstractions and code-agnostic data structures (hashes) for users, group memberships, ssh keys sudo policies. This can in the future be combined with Hiera, LDAP or stdlib's json import to completely isolate the data import functionality. - Tie Unix groups with our arbitrary class groupings; grouping users together in a class now means grouping them in a Unix group too. - Introduce a revoked group; users included in this group are revoked of access, with this group being applied on all hosts, rather than just hosts that may had access before. - Completely manage SSH keys and groups memberships; users cannot add unpuppetized keys to their user accounts anymore. - A new, generic, account definition to handle all things related to an account (user, group, home directory, SSH key) - Integration with sudo policies, effectively replacing sudo.pp Change-Id: I6e5e2d636f0f8d47a134feca0c0386881476366b --- A modules/admins/manifests/account.pp A modules/admins/manifests/data.pp A modules/admins/manifests/group.pp A modules/admins/manifests/init.pp A modules/admins/manifests/sudo.pp A modules/admins/manifests/user.pp A modules/admins/templates/sudo/sudoers.erb 7 files changed, 433 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/48/107848/1 diff --git a/modules/admins/manifests/account.pp b/modules/admins/manifests/account.pp new file mode 100644 index 000..27b1cf9 --- /dev/null +++ b/modules/admins/manifests/account.pp @@ -0,0 +1,127 @@ +# == Define: admins::account +# +# A defined type for user account management. It creates (or deletes) at least +# a User resource, plus virtual resources for the group, home directory and SSH +# authorized key of the user. +# +# WARNING: this is designed to NOT play well with local modifications. It will +# overwrite at least group membership SSH keys. It's also intentionally # +# simple, not supporting configurations that are of no use for the setup it was +# created (passwords, system users etc.) +# +# === Parameters +# +# [*ensure*] +# Add or remove the user account, with present or absent respectively. +# Defaults to present. +# +# [*username*] +# The username of the user to be created. +# Defaults to the title of the account resource. +# +# [*realname*] +# The gecos realname for the user. +# +# [*uid*] +# The UID to set for the new account. +# +# [*gid*] +# Sets the primary group of this user. +# +# [*groups*] +# An array of additional groups to add the user to. +# Defaults to an empty array. +# +# [*ssh_keys*] +# An array of strings containing the SSH public keys. +# Defaults to an empty array. +# +# [*shell*] +# The login shell. +# The default is '/bin/bash' +# + +define admins::account( + $ensure, + $realname, + $uid, + $gid, + $groups=[], + $ssh_keys=[], + $shell='/bin/bash' + $username=$title, +) { +validate_re($ensure, '^(present|absent)$') + +$ensure_dir = $ensure ? { +'absent' = 'absent', +'present' = 'directory', +} + +user { $username: +ensure = $ensure, +name = $username, +uid= $uid, +comment= $realname, +gid= $gid, +groups = $groups, +membership = 'inclusive', +shell = $shell, +managehome = false, # we do it manually below +allowdupe = false, +} + +case $ensure { +'present': { +Group[$gid] - User[$username] +} +'absent': { +User[$username] - Group[$gid] +} +default: {} +} + +@group { $gid: +ensure= $ensure, +name = $gid, +allowdupe = false, +} + +@file { /home/${username}: +ensure = $ensure_dir, +source = [ +puppet:///modules/account/home/${username}/, +'puppet:///modules/account/home/skel/', +], +sourceselect = 'first', +recurse = 'remote', +mode = '0644', +owner= $username, +group= $gid, +require = [ User[$username], Group[$gid] ], +tag = 'account/home' +} + +# use regular file resources instead of the special ssh_authorized_keys +# resources since we *exclusively* manage ssh keys and do not coexist +# with local ones + +$ssh_authorized_keys = join($ssh_keys, \n) + +# XXX: move under /etc/ssh/userkeys +@file {
[MediaWiki-commits] [Gerrit] add rdns for iodine - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: add rdns for iodine .. add rdns for iodine needs I0f536e046bd5dfb9e920fba70a4b642aa344037c first (now done) RT: 3645 Change-Id: I7de50c0fcdbc095315b7d0f37d89c877041ff231 --- M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa 1 file changed, 1 insertion(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa index e296af3..95506f3 100644 --- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa +++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa @@ -54,6 +54,7 @@ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f 1H IN PTR ae2-1002.cr1-eqiad.wikimedia.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f 1H IN PTR ae2-1002.cr2-eqiad.wikimedia.org. +6.4.1.0.4.5.1.0.0.8.0.0.8.0.2.0 1H IN PTR iodine.wikimedia.org. ; public1-c-eqiad (2620:0:861:3::/64) $ORIGIN 3.0.0.0.{{ zonename }}. -- To view, visit https://gerrit.wikimedia.org/r/107854 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7de50c0fcdbc095315b7d0f37d89c877041ff231 Gerrit-PatchSet: 3 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Jeremyb jer...@tuxmachine.com Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Jeremyb jer...@tuxmachine.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] hive: puppet 3 compatibility fix: fully qualify variables - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: hive: puppet 3 compatibility fix: fully qualify variables .. hive: puppet 3 compatibility fix: fully qualify variables Change-Id: I5a46975e35c3d551ecec1a0ba8206a6df377e889 --- M manifests/role/analytics/hive.pp 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Ottomata: Looks good to me, approved Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/analytics/hive.pp b/manifests/role/analytics/hive.pp index 13eb6c5..f5cf338 100644 --- a/manifests/role/analytics/hive.pp +++ b/manifests/role/analytics/hive.pp @@ -71,7 +71,7 @@ class { '::cdh4::hive': metastore_host = 'analytics1027.eqiad.wmnet', jdbc_password = $passwords::analytics::hive_jdbc_password, -zookeeper_hosts = $role::analytics::zookeeper::hosts_array, +zookeeper_hosts = $role::analytics::zookeeper::config::hosts_array, } } @@ -81,6 +81,6 @@ class role::analytics::hive::labs { class { '::cdh4::hive': metastore_host = $role::analytics::hadoop::labs::namenode_hosts[0], -zookeeper_hosts = $role::analytics::zookeeper::hosts_array, +zookeeper_hosts = $role::analytics::zookeeper::config::hosts_array, } -} \ No newline at end of file +} -- To view, visit https://gerrit.wikimedia.org/r/107821 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I5a46975e35c3d551ecec1a0ba8206a6df377e889 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Matanya mata...@foss.co.il Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Ottomata o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: puppet 3 compatibility fix: module path - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: geoip: puppet 3 compatibility fix: module path .. geoip: puppet 3 compatibility fix: module path Change-Id: Ib617ac623dfdaed52f74661cc084b89f57e09e0a --- M modules/geoip/manifests/data/lite.pp 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/geoip/manifests/data/lite.pp b/modules/geoip/manifests/data/lite.pp index 30f2562..e78ad21 100644 --- a/modules/geoip/manifests/data/lite.pp +++ b/modules/geoip/manifests/data/lite.pp @@ -22,7 +22,7 @@ mode = '0555', owner = 'root', group = 'root', -source = puppet:///${module_name}/geoliteupdate, +source = 'puppet:///modules/geoip/geoliteupdate', } $geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory} @@ -39,7 +39,7 @@ cron { 'geoliteupdate': ensure = present, command = ${geoliteupdate_command} /dev/null, -user= root, +user= 'root', weekday = 0, hour= 3, minute = 30, -- To view, visit https://gerrit.wikimedia.org/r/107826 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib617ac623dfdaed52f74661cc084b89f57e09e0a Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Matanya mata...@foss.co.il Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] smokeping: puppet 3 compatibility fix: module path - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: smokeping: puppet 3 compatibility fix: module path .. smokeping: puppet 3 compatibility fix: module path Change-Id: Ibc3b6e44f85c89c4e097100d28764424474ddf4b --- M modules/smokeping/manifests/config.pp 1 file changed, 5 insertions(+), 5 deletions(-) Approvals: Alexandros Kosiaris: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/smokeping/manifests/config.pp b/modules/smokeping/manifests/config.pp index 7808c7e..2d6a1d1 100644 --- a/modules/smokeping/manifests/config.pp +++ b/modules/smokeping/manifests/config.pp @@ -3,11 +3,11 @@ file { '/etc/smokeping/config.d': require = Package['smokeping'], -ensure = directory, +ensure = directory, recurse = true, -owner = 'root', -group = 'root', -mode = 0444, -source = puppet:///${module_name}/config.d; +owner = 'root', +group = 'root', +mode= 0444, +source = 'puppet:///modules/smokeping/config.d', } } -- To view, visit https://gerrit.wikimedia.org/r/107825 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ibc3b6e44f85c89c4e097100d28764424474ddf4b Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Matanya mata...@foss.co.il Gerrit-Reviewer: Alexandros Kosiaris akosia...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Matanya mata...@foss.co.il Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert wmgRC2UDPAddress to ekrem - change (operations/mediawiki-config)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/108339 Change subject: Revert wmgRC2UDPAddress to ekrem .. Revert wmgRC2UDPAddress to ekrem Tampa is now fully back up. Revert the IRC feed to its canonical address, rather than the very temporary socat relays that went via Amsterdam. This reverts commit I4342b062bc1db0d851e5a007f28034be140c6e0a. Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/39/108339/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index d1c9a61..8ca1c6a 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -6236,7 +6236,7 @@ ), 'wmgRC2UDPAddress' = array( - 'default' = '208.80.154.157', // chromium, temporary relay + 'default' = '208.80.152.178', // pmtpa: ekrem ), 'wmgRC2UDPPort' = array( -- To view, visit https://gerrit.wikimedia.org/r/108339 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert wmgRC2UDPAddress to ekrem - change (operations/mediawiki-config)
Faidon Liambotis has submitted this change and it was merged. Change subject: Revert wmgRC2UDPAddress to ekrem .. Revert wmgRC2UDPAddress to ekrem Tampa is now fully back up. Revert the IRC feed to its canonical address, rather than the very temporary socat relays that went via Amsterdam. This reverts commit I4342b062bc1db0d851e5a007f28034be140c6e0a. Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index d1c9a61..8ca1c6a 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -6236,7 +6236,7 @@ ), 'wmgRC2UDPAddress' = array( - 'default' = '208.80.154.157', // chromium, temporary relay + 'default' = '208.80.152.178', // pmtpa: ekrem ), 'wmgRC2UDPPort' = array( -- To view, visit https://gerrit.wikimedia.org/r/108339 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I48a026eb8c96f71f7299c8f7be3ec63cccfc4797 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Varnish: disable WAP on mobile frontends - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/108738 Change subject: Varnish: disable WAP on mobile frontends .. Varnish: disable WAP on mobile frontends Unconditionally set X-WAP to no on the mobile frontends, essentially lying to MediaWiki about whether this requests comes from a WAP client. This entirely disables kills WAP, per mobile's request. The method of Keeping X-WAP around gives us the advantage that we can do so without any MediaWiki changes for now and hence we can quickly rollback the change, if needed, without even ever poisoning our caches. After this has been deployed for a while and we're comfortable with it, we can fix MobileFrontend's mobile detection (using e.g. X-Subdomain or a separate header) and then kill X-WAP entirely from our VCL. Change-Id: Ida2afe8b72697d5ba519ac121a2c8ef7ee80aab0 --- D templates/varnish/device-detection.inc.vcl.erb M templates/varnish/mobile-frontend.inc.vcl.erb 2 files changed, 2 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/38/108738/1 diff --git a/templates/varnish/device-detection.inc.vcl.erb b/templates/varnish/device-detection.inc.vcl.erb deleted file mode 100644 index 1bcc88c..000 --- a/templates/varnish/device-detection.inc.vcl.erb +++ /dev/null @@ -1,10 +0,0 @@ -# Varnish VCL include file for mobile device detection -# Shared between mobile caches and bits - -sub device_detection { - if ( req.http.Accept ~ text/vnd.wap.wml req.http.Accept !~ text/html ) { - set req.http.X-WAP = yes; - } else { - set req.http.X-WAP = no; - } -} \ No newline at end of file diff --git a/templates/varnish/mobile-frontend.inc.vcl.erb b/templates/varnish/mobile-frontend.inc.vcl.erb index f8111bd..e3f25d1 100644 --- a/templates/varnish/mobile-frontend.inc.vcl.erb +++ b/templates/varnish/mobile-frontend.inc.vcl.erb @@ -72,7 +72,8 @@ unset req.http.Cookie; } - call device_detection; + /* FIXME: temporary for the migration of disabling WAP */ + set req.http.X-WAP = no; if ( req.http.host ~ ^test\. ) { return (pass); -- To view, visit https://gerrit.wikimedia.org/r/108738 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ida2afe8b72697d5ba519ac121a2c8ef7ee80aab0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] apache: bump MaxClients from 40 to 100 for bits - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/108929 Change subject: apache: bump MaxClients from 40 to 100 for bits .. apache: bump MaxClients from 40 to 100 for bits 40 is regularly being exhausted during bits deploys. It's also unreasonably low, as a) the bits requests are cheap, b) the machines themselves are fairly idle, b) there are just a few of bits apaches, so even the aggregate effect won't cascade to other subsystems. Increase this to 100, which is more of a guess than a proven-in-benchmarks number, but which should fix outages. Change-Id: I9e311c98fc00a4c197e62e9083398dbac66cdd85 --- M manifests/role/applicationserver.pp 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/29/108929/1 diff --git a/manifests/role/applicationserver.pp b/manifests/role/applicationserver.pp index ee153e1..f0e370d 100644 --- a/manifests/role/applicationserver.pp +++ b/manifests/role/applicationserver.pp @@ -190,7 +190,7 @@ class { role::applicationserver::common: group = bits_appserver, lvs_pool = apaches } - include role::applicationserver::webserver + class { role::applicationserver::webserver: maxclients = 100 } } class imagescaler{ system::role { role::applicationserver::imagescaler: description = Imagescaler Application server } -- To view, visit https://gerrit.wikimedia.org/r/108929 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9e311c98fc00a4c197e62e9083398dbac66cdd85 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] reprepro: add update source cassandra to trusty - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/175423 Change subject: reprepro: add update source cassandra to trusty .. reprepro: add update source cassandra to trusty RT: 8530 Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 --- M modules/install-server/files/reprepro/distributions 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/23/175423/1 diff --git a/modules/install-server/files/reprepro/distributions b/modules/install-server/files/reprepro/distributions index b413a92..be38854 100644 --- a/modules/install-server/files/reprepro/distributions +++ b/modules/install-server/files/reprepro/distributions @@ -65,7 +65,7 @@ Architectures: source amd64 i386 Components: main universe non-free UDebComponents: main -Update: hwraid elasticsearch +Update: hwraid cassandra elasticsearch Description: Wikimedia specific packages for Ubuntu Trusty Tahr SignWith: default DebOverride: deb-override -- To view, visit https://gerrit.wikimedia.org/r/175423 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] reprepro: add update source cassandra to trusty - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: reprepro: add update source cassandra to trusty .. reprepro: add update source cassandra to trusty RT: 8530 Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 --- M modules/install-server/files/reprepro/distributions 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/install-server/files/reprepro/distributions b/modules/install-server/files/reprepro/distributions index b413a92..be38854 100644 --- a/modules/install-server/files/reprepro/distributions +++ b/modules/install-server/files/reprepro/distributions @@ -65,7 +65,7 @@ Architectures: source amd64 i386 Components: main universe non-free UDebComponents: main -Update: hwraid elasticsearch +Update: hwraid cassandra elasticsearch Description: Wikimedia specific packages for Ubuntu Trusty Tahr SignWith: default DebOverride: deb-override -- To view, visit https://gerrit.wikimedia.org/r/175423 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8e17c087c833088866875d1c2766404b04012ac3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: kill geoliteupdate in favor of geoipupdate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/175571 Change subject: geoip: kill geoliteupdate in favor of geoipupdate .. geoip: kill geoliteupdate in favor of geoipupdate MaxMind's geoipupdate mechanism has a hidden feature that MaxMind themselves pointed me to: GeoLite databases have their own updates.maxmind.com product codes and there is a special UserID of 99 with a LicenseKey of that has privileges to download them. Kill geoliteupdate in favor of using geoipupdate across the board. This brings us a similar update mechanism for production Labs, plus a better program to fetch updates, as this one also does MD5 checks etc. Change-Id: I34fb5b2d5253a9161d3c86c2e92375049c241775 --- D modules/geoip/files/geoliteupdate D modules/geoip/manifests/data/lite.pp M modules/geoip/manifests/data/maxmind.pp M modules/puppet/manifests/self/geoip.pp M modules/puppetmaster/manifests/geoip.pp 5 files changed, 42 insertions(+), 144 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/71/175571/1 diff --git a/modules/geoip/files/geoliteupdate b/modules/geoip/files/geoliteupdate deleted file mode 100644 index a5e1792..000 --- a/modules/geoip/files/geoliteupdate +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh - -# This is based on geoip-database-contrib_update from Debian's -# geoip-database-contrib package. The original source can be found at -# http://git.debian.org/?p=collab-maint/geoip-database-contrib.git -# and is -# Copyright: 2010/2013, Ludovico Cavedon cave...@debian.org -# Patrick Matthäi pmatth...@debian.org -# License: GPL-2+ -# -# It was modified by Faidon Liambotis for use by the Wikimedia Foundation - -DESTDIR=$1 -if [ ! -d $DESTDIR ]; then - echo Usage: $0 destdir - exit 1 -fi - -GEOIP_URL=http://geolite.maxmind.com/download/geoip/database; - -FAILED=0 - -for url in \ -$GEOIP_URL/GeoLiteCountry/GeoIP.dat.gz \ -$GEOIP_URL/GeoIPv6.dat.gz \ -$GEOIP_URL/GeoLiteCity.dat.gz \ -$GEOIP_URL/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz \ -$GEOIP_URL/asnum/GeoIPASNum.dat.gz \ -$GEOIP_URL/asnum/GeoIPASNumv6.dat.gz \ -$GEOIP_URL/GeoLite2-Country \ -$GEOIP_URL/GeoLite2-City.mmdb.gz -do -echo Downloading: $url - -# Download file in the same directory as the final one so that the mv -# below can be atomic. -TEMPGZ=$(mktemp --tmpdir=$DESTDIR/ --suffix=.gz) -TEMP=${TEMPGZ%.gz} -FILEGZ=$(basename $url) -FILE=${FILEGZ%.gz} - -# MaxMind is being totally inconsistent and names both GeoIP Country and -# GeoLite Country with the same file. Explicitly rename this to -# GeoLite.dat, so that we can happily coexist with geoipupdate. -case $FILE in -GeoIP.dat) -FILE=GeoLite.dat -;; -esac - -/usr/bin/wget -q -t3 -T15 $url -O $TEMPGZ - -if [ $? != 0 ] -then -echo Failed to download $url -else -/bin/gunzip -f $TEMPGZ - -if [ $? != 0 ] -then -echo Failed to decompress $FILEGZ -else -rm -f $DESTDIR/$FILE -mv $TEMP $DESTDIR/$FILE -chmod 644 $DESTDIR/$FILE -fi -fi - -rm -f $TEMP $TEMPGZ -done - -exit 0 diff --git a/modules/geoip/manifests/data/lite.pp b/modules/geoip/manifests/data/lite.pp deleted file mode 100644 index e78ad21..000 --- a/modules/geoip/manifests/data/lite.pp +++ /dev/null @@ -1,55 +0,0 @@ -# == Class geoip::data::lite -# Installs Maxmind GeoLite database files by downloading them from Maxmind with -# a wget wrapper script. This also installs a cron job to do this weekly. -# -# == Parameters -# $data_directory - Where the data files should live. -# $environment- The environment parameter to pass to exec and cron for the -# geoliteupdate download command. default: undef - -class geoip::data::lite( - $data_directory = '/usr/share/GeoIP', - $environment= undef) -{ - if ! defined(File[$data_directory]) { -file { $data_directory: - ensure = directory, -} - } - - file { '/usr/local/bin/geoliteupdate': -ensure = present, -mode = '0555', -owner = 'root', -group = 'root', -source = 'puppet:///modules/geoip/geoliteupdate', - } - - $geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory} - - # run once on the first instantiation of this class - exec { 'geoliteupdate': -command = $geoliteupdate_command, -refreshonly = true, -subscribe = File['/usr/local/bin/geoliteupdate'], -require = File[$data_directory], - } - - # Set up a cron to run geoliteupdate weekly. - cron { 'geoliteupdate': -ensure = present, -command = ${geoliteupdate_command} /dev/null, -user= 'root', -weekday = 0, -hour= 3, -minute = 30, -require =
[MediaWiki-commits] [Gerrit] bits varnish: serve 204s for /statsv - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: bits varnish: serve 204s for /statsv .. bits varnish: serve 204s for /statsv statsv is a logging beacon endpoint for processing client-side statsd-like performance metrics, generated by MediaWiki's JavaScript code. * Make //bits.wikimedia.org/statsv/* reqs HTTP 204s, like EventLogging's /event.gif endpoint. * Fix the RxURL arg for the Varnishkafka instance to not require an additional slash. * Add a comment explaining both endpoints. Change-Id: I6774c0b6508879226dfb41fb123c9ac4dfe132d3 --- M manifests/role/cache.pp M templates/varnish/bits.inc.vcl.erb 2 files changed, 10 insertions(+), 2 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp index 734b101..30d0a85 100644 --- a/manifests/role/cache.pp +++ b/manifests/role/cache.pp @@ -500,7 +500,7 @@ format_type = 'json', topic = 'statsv', varnish_name = $varnish_name, -varnish_opts = { 'm' = 'RxURL:^/statsv\//', }, +varnish_opts = { 'm' = 'RxURL:^/statsv/', }, # By requiring 2 ACKs per message batch, we survive a # single broker dropping out of its leader role, # without seeing lost messages. diff --git a/templates/varnish/bits.inc.vcl.erb b/templates/varnish/bits.inc.vcl.erb index 403733b..86ebb26 100644 --- a/templates/varnish/bits.inc.vcl.erb +++ b/templates/varnish/bits.inc.vcl.erb @@ -23,7 +23,15 @@ % end -% sub vcl_recv { - if (req.url ~ ^/event\.gif) { + if (req.url ~ ^/(event\.gif|statsv/)) { + // URLs that start with 'event.gif' or 'statsv' are logging beacon endpoints. + // They are handled by log tailers (varnishkafka and varnishncsa) that filter + // the Varnish shm log for reqs to these endpoints and forward them to log + // processors for storage and analysis. + // + // /event.gif is used by EventLogging https://wikitech.wikimedia.org/wiki/EventLogging + // statsv is used by MediaWiki for statsd-like performance metrics. + // Ori is the contact person for both. error 204; } -- To view, visit https://gerrit.wikimedia.org/r/175575 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6774c0b6508879226dfb41fb123c9ac4dfe132d3 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Switch Cassandra test hosts to the new role class - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/175629 Change subject: Switch Cassandra test hosts to the new role class .. Switch Cassandra test hosts to the new role class - Move system::role under the role class. - Get rid of the vm.max_map_count sysctl, included in Cassandra's Debian package now. - Split ruthenium off the host list, to be repurposed. Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9 --- M manifests/role/cassandra.pp M manifests/site.pp 2 files changed, 11 insertions(+), 15 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/29/175629/1 diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp index de89d12..a3806ed 100644 --- a/manifests/role/cassandra.pp +++ b/manifests/role/cassandra.pp @@ -3,4 +3,8 @@ class role::cassandra { # Parameters to be set by Hiera class { '::cassandra': } + +system::role { 'role::cassandra': +description = 'Cassandra server', +} } diff --git a/manifests/site.pp b/manifests/site.pp index cf0f987..e8682a2 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -439,23 +439,11 @@ include role::releases } -# cerium,praseodymium, ruthenium and xenon are cassandra test host -node /^(cerium|praseodymium|ruthenium|xenon)\.eqiad\.wmnet$/ { - +# cerium,praseodymium, ruthenium and xenon are cassandra test hosts +node /^(cerium|praseodymium|xenon)\.eqiad\.wmnet$/ { class { 'admin': groups = ['cassandra-roots'] } - -system::role { 'role::cassandra-test': -description = 'Cassandra test server', -} - include standard - -# XXX: to be moved into the puppet class -sysctl::parameters { 'cassandra': -values = { -'vm.max_map_count' = 1048575, -}, -} +include role::cassandra } node /^(chromium|hydrogen)\.wikimedia\.org$/ { @@ -2279,6 +2267,10 @@ class { 'admin': groups = ['pmacct-roots'] } } +node 'ruthenium.eqiad.wmnet' { +include standard +} + node 'sanger.wikimedia.org' { include base include ganglia -- To view, visit https://gerrit.wikimedia.org/r/175629 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Switch Cassandra test hosts to the new role class - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Switch Cassandra test hosts to the new role class .. Switch Cassandra test hosts to the new role class - Move system::role under the role class. - Get rid of the vm.max_map_count sysctl, included in Cassandra's Debian package now. - Split ruthenium off the host list, to be repurposed. Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9 --- M manifests/role/cassandra.pp M manifests/site.pp 2 files changed, 11 insertions(+), 15 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/cassandra.pp b/manifests/role/cassandra.pp index de89d12..a3806ed 100644 --- a/manifests/role/cassandra.pp +++ b/manifests/role/cassandra.pp @@ -3,4 +3,8 @@ class role::cassandra { # Parameters to be set by Hiera class { '::cassandra': } + +system::role { 'role::cassandra': +description = 'Cassandra server', +} } diff --git a/manifests/site.pp b/manifests/site.pp index cf0f987..69e99b1 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -439,23 +439,11 @@ include role::releases } -# cerium,praseodymium, ruthenium and xenon are cassandra test host -node /^(cerium|praseodymium|ruthenium|xenon)\.eqiad\.wmnet$/ { - +# cerium, praseodymium and xenon are Cassandra test hosts +node /^(cerium|praseodymium|xenon)\.eqiad\.wmnet$/ { class { 'admin': groups = ['cassandra-roots'] } - -system::role { 'role::cassandra-test': -description = 'Cassandra test server', -} - include standard - -# XXX: to be moved into the puppet class -sysctl::parameters { 'cassandra': -values = { -'vm.max_map_count' = 1048575, -}, -} +include role::cassandra } node /^(chromium|hydrogen)\.wikimedia\.org$/ { @@ -2279,6 +2267,10 @@ class { 'admin': groups = ['pmacct-roots'] } } +node 'ruthenium.eqiad.wmnet' { +include standard +} + node 'sanger.wikimedia.org' { include base include ganglia -- To view, visit https://gerrit.wikimedia.org/r/175629 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3e5a4b95a906fd9797a731cafc80d8d94ca45db9 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Give parsoid-admins access to ruthenium - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Give parsoid-admins access to ruthenium .. Give parsoid-admins access to ruthenium ruthenium is now used for parsoid round-trip testing, so grant access to parsoid-roots admins. RT: 6980 Change-Id: I974e3a80155caa27f34ef1c5d711a3817367e7c1 --- M manifests/site.pp 1 file changed, 8 insertions(+), 0 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/site.pp b/manifests/site.pp index 69e99b1..547cc79 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -2267,7 +2267,15 @@ class { 'admin': groups = ['pmacct-roots'] } } +# ruthenium is a parsoid regression test server +# https://www.mediawiki.org/wiki/Parsoid/Round-trip_testing node 'ruthenium.eqiad.wmnet' { +class { 'admin': +groups = [ +'parsoid-roots', +'parsoid-admin', +] +} include standard } -- To view, visit https://gerrit.wikimedia.org/r/172780 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I974e3a80155caa27f34ef1c5d711a3817367e7c1 Gerrit-PatchSet: 9 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Cscott canan...@wikimedia.org Gerrit-Reviewer: BBlack bbl...@wikimedia.org Gerrit-Reviewer: Cscott canan...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: GWicke gwi...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: Ottomata o...@wikimedia.org Gerrit-Reviewer: Subramanya Sastry ssas...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] ocg: simplify module hierarchy - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/175681 Change subject: ocg: simplify module hierarchy .. ocg: simplify module hierarchy There is no reason for ocg::ganglia::module, ocg::ganglia should be enough. Similarly for Nagios, with the extra catch that there is no need for two separate classes, one of which is only used by the other and only contains a single resource. Change-Id: Ia5c16bfc20d7e9e10cd6860a29a06a65506335b2 --- M hieradata/eqiad.yaml M manifests/role/ocg.pp R modules/ocg/manifests/ganglia.pp A modules/ocg/manifests/nagios.pp D modules/ocg/manifests/nagios/check.pp D modules/ocg/manifests/nagios/plugin.pp 6 files changed, 38 insertions(+), 44 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/81/175681/1 diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4983d9b..e6ef38d 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -25,11 +25,11 @@ ocg::graylog_host: logstash1002.eqiad.wmnet ocg::statsd_is_txstatsd: 1 # see modules/ocg/files/nagios/check_ocg_health for descriptions -ocg::nagios::check::wjs: 40 -ocg::nagios::check::cjs: 80 -ocg::nagios::check::wrj: 500 -ocg::nagios::check::crj: 3000 -ocg::ganglia::module::data_filesystem: /srv +ocg::nagios::wjs: 40 +ocg::nagios::cjs: 80 +ocg::nagios::wrj: 500 +ocg::nagios::crj: 3000 +ocg::ganglia::data_filesystem: /srv # # Labs diff --git a/manifests/role/ocg.pp b/manifests/role/ocg.pp index f287822..b130560 100644 --- a/manifests/role/ocg.pp +++ b/manifests/role/ocg.pp @@ -15,8 +15,8 @@ include passwords::redis include ::ocg -include ::ocg::nagios::check -include ocg::ganglia::module +include ::ocg::nagios +include ::ocg::ganglia file { $::ocg::temp_dir: ensure = directory, diff --git a/modules/ocg/manifests/ganglia/module.pp b/modules/ocg/manifests/ganglia.pp similarity index 75% rename from modules/ocg/manifests/ganglia/module.pp rename to modules/ocg/manifests/ganglia.pp index 0c16275..e4525b5 100644 --- a/modules/ocg/manifests/ganglia/module.pp +++ b/modules/ocg/manifests/ganglia.pp @@ -1,11 +1,11 @@ -# == Class ocg::ganglia::module +# == Class ocg::ganglia # Includes the ocg.py ganglia module # include this class on your OCG node. # -class ocg::ganglia::module ( -$tmp_filesystem = $::ocg::temp_dir, -$data_filesystem = '/srv', -) { +class ocg::ganglia ( +$tmp_filesystem = $::ocg::temp_dir, +$data_filesystem = '/srv', +) { file { '/usr/lib/ganglia/python_modules/ocg.py': source = 'puppet:///modules/ocg/ganglia/ocg.py', owner = 'root', diff --git a/modules/ocg/manifests/nagios.pp b/modules/ocg/manifests/nagios.pp new file mode 100644 index 000..c5e6e46 --- /dev/null +++ b/modules/ocg/manifests/nagios.pp @@ -0,0 +1,26 @@ +# == Class ocg::nagios +# Sets up icinga alerts for an Offline Content Generator instance. +# +class ocg::nagios ( +$wjs, # warning job status queue messages i.e. 2 +$cjs, # critical job status queue messages i.e. 3 +$wrj, # warning render jobs queue messages i.e. 100 +$crj, # critical render jobs queue messages i.e. 500 +$url = 'http://localhost:8000/?command=health', # OCG health check URL +) { + +include nrpe + +file { '/usr/lib/nagios/plugins/check_ocg_health': +source = 'puppet:///modules/ocg/nagios/check_ocg_health', +owner = 'root', +group = 'root', +mode= '0755', +require = Package['nagios-plugins'], +} + +nrpe::monitor_service { 'ocg_health': +description = 'OCG health', +nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs} --cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}', +} +} diff --git a/modules/ocg/manifests/nagios/check.pp b/modules/ocg/manifests/nagios/check.pp deleted file mode 100644 index bd071d7..000 --- a/modules/ocg/manifests/nagios/check.pp +++ /dev/null @@ -1,19 +0,0 @@ -# == Class ocg::nagios::check -# Sets up icinga alerts for an Offline Content Generator instance. -# -class ocg::nagios::check ( -$wjs, # warning job status queue messages i.e. 2 -$cjs, # critical job status queue messages i.e. 3 -$wrj, # warning render jobs queue messages i.e. 100 -$crj, # critical render jobs queue messages i.e. 500 -$url = 'http://localhost:8000/?command=health', # OCG health check URL -) { -include nrpe, -ocg::nagios::plugin - -nrpe::monitor_service { 'ocg_health': -description = 'OCG health', -nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs} --cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}', -} - -} diff --git a/modules/ocg/manifests/nagios/plugin.pp b/modules/ocg/manifests/nagios/plugin.pp deleted file mode 100644 index 986b897..000 ---
[MediaWiki-commits] [Gerrit] ocg: simplify module hierarchy - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: ocg: simplify module hierarchy .. ocg: simplify module hierarchy There is no reason for ocg::ganglia::module, ocg::ganglia should be enough. Similarly for Nagios, with the extra catch that there is no need for two separate classes, one of which is only used by the other and only contains a single resource. Change-Id: Ia5c16bfc20d7e9e10cd6860a29a06a65506335b2 --- M hieradata/eqiad.yaml M manifests/role/ocg.pp R modules/ocg/manifests/ganglia.pp A modules/ocg/manifests/nagios.pp D modules/ocg/manifests/nagios/check.pp D modules/ocg/manifests/nagios/plugin.pp 6 files changed, 38 insertions(+), 44 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/eqiad.yaml b/hieradata/eqiad.yaml index 4983d9b..e6ef38d 100644 --- a/hieradata/eqiad.yaml +++ b/hieradata/eqiad.yaml @@ -25,11 +25,11 @@ ocg::graylog_host: logstash1002.eqiad.wmnet ocg::statsd_is_txstatsd: 1 # see modules/ocg/files/nagios/check_ocg_health for descriptions -ocg::nagios::check::wjs: 40 -ocg::nagios::check::cjs: 80 -ocg::nagios::check::wrj: 500 -ocg::nagios::check::crj: 3000 -ocg::ganglia::module::data_filesystem: /srv +ocg::nagios::wjs: 40 +ocg::nagios::cjs: 80 +ocg::nagios::wrj: 500 +ocg::nagios::crj: 3000 +ocg::ganglia::data_filesystem: /srv # # Labs diff --git a/manifests/role/ocg.pp b/manifests/role/ocg.pp index f287822..b130560 100644 --- a/manifests/role/ocg.pp +++ b/manifests/role/ocg.pp @@ -15,8 +15,8 @@ include passwords::redis include ::ocg -include ::ocg::nagios::check -include ocg::ganglia::module +include ::ocg::nagios +include ::ocg::ganglia file { $::ocg::temp_dir: ensure = directory, diff --git a/modules/ocg/manifests/ganglia/module.pp b/modules/ocg/manifests/ganglia.pp similarity index 75% rename from modules/ocg/manifests/ganglia/module.pp rename to modules/ocg/manifests/ganglia.pp index 0c16275..e4525b5 100644 --- a/modules/ocg/manifests/ganglia/module.pp +++ b/modules/ocg/manifests/ganglia.pp @@ -1,11 +1,11 @@ -# == Class ocg::ganglia::module +# == Class ocg::ganglia # Includes the ocg.py ganglia module # include this class on your OCG node. # -class ocg::ganglia::module ( -$tmp_filesystem = $::ocg::temp_dir, -$data_filesystem = '/srv', -) { +class ocg::ganglia ( +$tmp_filesystem = $::ocg::temp_dir, +$data_filesystem = '/srv', +) { file { '/usr/lib/ganglia/python_modules/ocg.py': source = 'puppet:///modules/ocg/ganglia/ocg.py', owner = 'root', diff --git a/modules/ocg/manifests/nagios.pp b/modules/ocg/manifests/nagios.pp new file mode 100644 index 000..c5e6e46 --- /dev/null +++ b/modules/ocg/manifests/nagios.pp @@ -0,0 +1,26 @@ +# == Class ocg::nagios +# Sets up icinga alerts for an Offline Content Generator instance. +# +class ocg::nagios ( +$wjs, # warning job status queue messages i.e. 2 +$cjs, # critical job status queue messages i.e. 3 +$wrj, # warning render jobs queue messages i.e. 100 +$crj, # critical render jobs queue messages i.e. 500 +$url = 'http://localhost:8000/?command=health', # OCG health check URL +) { + +include nrpe + +file { '/usr/lib/nagios/plugins/check_ocg_health': +source = 'puppet:///modules/ocg/nagios/check_ocg_health', +owner = 'root', +group = 'root', +mode= '0755', +require = Package['nagios-plugins'], +} + +nrpe::monitor_service { 'ocg_health': +description = 'OCG health', +nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs} --cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}', +} +} diff --git a/modules/ocg/manifests/nagios/check.pp b/modules/ocg/manifests/nagios/check.pp deleted file mode 100644 index bd071d7..000 --- a/modules/ocg/manifests/nagios/check.pp +++ /dev/null @@ -1,19 +0,0 @@ -# == Class ocg::nagios::check -# Sets up icinga alerts for an Offline Content Generator instance. -# -class ocg::nagios::check ( -$wjs, # warning job status queue messages i.e. 2 -$cjs, # critical job status queue messages i.e. 3 -$wrj, # warning render jobs queue messages i.e. 100 -$crj, # critical render jobs queue messages i.e. 500 -$url = 'http://localhost:8000/?command=health', # OCG health check URL -) { -include nrpe, -ocg::nagios::plugin - -nrpe::monitor_service { 'ocg_health': -description = 'OCG health', -nrpe_command = /usr/lib/nagios/plugins/check_ocg_health --wjs ${wjs} --cjs ${cjs} --wrj ${wrj} --crj ${crj} --url '${url}', -} - -} diff --git a/modules/ocg/manifests/nagios/plugin.pp b/modules/ocg/manifests/nagios/plugin.pp deleted file mode 100644 index
[MediaWiki-commits] [Gerrit] setting scs-c8-codfw - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: setting scs-c8-codfw .. setting scs-c8-codfw karma sucks, lack of detail due to speed also resulted in a typo go me. Change-Id: If94fad3eae2824478f5f79306b6cc524c7adfbbb --- M templates/wmnet 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/wmnet b/templates/wmnet index 3902dca..64474b2 100644 --- a/templates/wmnet +++ b/templates/wmnet @@ -2088,7 +2088,7 @@ re1.cr2-codfw 1H IN A10.193.0.13 scs-a1-codfw1H IN A10.193.0.14 scs-c1-codfw1H IN A10.193.0.15 -scs-c1-codfw1H IN A10.193.0.20 +scs-c8-codfw1H IN A10.193.0.20 ps1-a1-codfw1H IN A10.193.0.25 ps1-a2-codfw1H IN A10.193.0.26 -- To view, visit https://gerrit.wikimedia.org/r/175549 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If94fad3eae2824478f5f79306b6cc524c7adfbbb Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: RobH r...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] realm: remove pmtpa, add codfw - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: realm: remove pmtpa, add codfw .. realm: remove pmtpa, add codfw 208.80.152.0/24 is codfw now and pmtpa's private address space is gone. Change-Id: If6c4dbb88704cd4aa336027bf2fee0daf4b55e3e --- M manifests/realm.pp 1 file changed, 2 insertions(+), 3 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/realm.pp b/manifests/realm.pp index 01bbc47..add52af 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -24,10 +24,9 @@ } $site = $main_ipaddress ? { -/^208\.80\.152\./ = 'pmtpa', +/^208\.80\.152\./ = 'codfw', /^208\.80\.153\./ = 'codfw', /^208\.80\.15[45]\./ = 'eqiad', -/^10\.[0-4]\./= 'pmtpa', /^10\.6[48]\./= 'eqiad', /^10\.192\./ = 'codfw', /^91\.198\.174\./ = 'esams', @@ -55,7 +54,7 @@ 'codfw' = [ '208.80.153.254', '208.80.154.239' ], # codfw - codfw, eqiad 'ulsfo' = [ '208.80.154.239', '208.80.153.254' ], # ulsfo - eqiad, codfw 'esams' = [ '91.198.174.6', '208.80.154.239' ], # esams - esams (nescio, not LVS), eqiad -default = [ '208.80.154.239', '208.80.153.254' ], # pmtpa? - eqiad, codfw +default = [ '208.80.154.239', '208.80.153.254' ], # - eqiad, codfw } $domain_search = $domain -- To view, visit https://gerrit.wikimedia.org/r/173476 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If6c4dbb88704cd4aa336027bf2fee0daf4b55e3e Gerrit-PatchSet: 5 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn dz...@wikimedia.org Gerrit-Reviewer: BBlack bbl...@wikimedia.org Gerrit-Reviewer: Dzahn dz...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: John F. Lewis johnflewi...@gmail.com Gerrit-Reviewer: Matanya mata...@foss.co.il Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: kill geoliteupdate in favor of geoipupdate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: geoip: kill geoliteupdate in favor of geoipupdate .. geoip: kill geoliteupdate in favor of geoipupdate MaxMind's geoipupdate mechanism has a hidden feature that MaxMind themselves pointed me to: GeoLite databases have their own updates.maxmind.com product codes and there is a special UserID of 99 with a LicenseKey of that has privileges to download them. Kill geoliteupdate in favor of using geoipupdate across the board. This brings us a similar update mechanism for production Labs, plus a better program to fetch updates, as this one also does MD5 checks etc. Change-Id: I34fb5b2d5253a9161d3c86c2e92375049c241775 --- D modules/geoip/files/geoliteupdate D modules/geoip/manifests/data/lite.pp M modules/geoip/manifests/data/maxmind.pp M modules/puppet/manifests/self/geoip.pp M modules/puppetmaster/manifests/geoip.pp 5 files changed, 47 insertions(+), 149 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/geoip/files/geoliteupdate b/modules/geoip/files/geoliteupdate deleted file mode 100644 index a5e1792..000 --- a/modules/geoip/files/geoliteupdate +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh - -# This is based on geoip-database-contrib_update from Debian's -# geoip-database-contrib package. The original source can be found at -# http://git.debian.org/?p=collab-maint/geoip-database-contrib.git -# and is -# Copyright: 2010/2013, Ludovico Cavedon cave...@debian.org -# Patrick Matthäi pmatth...@debian.org -# License: GPL-2+ -# -# It was modified by Faidon Liambotis for use by the Wikimedia Foundation - -DESTDIR=$1 -if [ ! -d $DESTDIR ]; then - echo Usage: $0 destdir - exit 1 -fi - -GEOIP_URL=http://geolite.maxmind.com/download/geoip/database; - -FAILED=0 - -for url in \ -$GEOIP_URL/GeoLiteCountry/GeoIP.dat.gz \ -$GEOIP_URL/GeoIPv6.dat.gz \ -$GEOIP_URL/GeoLiteCity.dat.gz \ -$GEOIP_URL/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz \ -$GEOIP_URL/asnum/GeoIPASNum.dat.gz \ -$GEOIP_URL/asnum/GeoIPASNumv6.dat.gz \ -$GEOIP_URL/GeoLite2-Country \ -$GEOIP_URL/GeoLite2-City.mmdb.gz -do -echo Downloading: $url - -# Download file in the same directory as the final one so that the mv -# below can be atomic. -TEMPGZ=$(mktemp --tmpdir=$DESTDIR/ --suffix=.gz) -TEMP=${TEMPGZ%.gz} -FILEGZ=$(basename $url) -FILE=${FILEGZ%.gz} - -# MaxMind is being totally inconsistent and names both GeoIP Country and -# GeoLite Country with the same file. Explicitly rename this to -# GeoLite.dat, so that we can happily coexist with geoipupdate. -case $FILE in -GeoIP.dat) -FILE=GeoLite.dat -;; -esac - -/usr/bin/wget -q -t3 -T15 $url -O $TEMPGZ - -if [ $? != 0 ] -then -echo Failed to download $url -else -/bin/gunzip -f $TEMPGZ - -if [ $? != 0 ] -then -echo Failed to decompress $FILEGZ -else -rm -f $DESTDIR/$FILE -mv $TEMP $DESTDIR/$FILE -chmod 644 $DESTDIR/$FILE -fi -fi - -rm -f $TEMP $TEMPGZ -done - -exit 0 diff --git a/modules/geoip/manifests/data/lite.pp b/modules/geoip/manifests/data/lite.pp deleted file mode 100644 index e78ad21..000 --- a/modules/geoip/manifests/data/lite.pp +++ /dev/null @@ -1,55 +0,0 @@ -# == Class geoip::data::lite -# Installs Maxmind GeoLite database files by downloading them from Maxmind with -# a wget wrapper script. This also installs a cron job to do this weekly. -# -# == Parameters -# $data_directory - Where the data files should live. -# $environment- The environment parameter to pass to exec and cron for the -# geoliteupdate download command. default: undef - -class geoip::data::lite( - $data_directory = '/usr/share/GeoIP', - $environment= undef) -{ - if ! defined(File[$data_directory]) { -file { $data_directory: - ensure = directory, -} - } - - file { '/usr/local/bin/geoliteupdate': -ensure = present, -mode = '0555', -owner = 'root', -group = 'root', -source = 'puppet:///modules/geoip/geoliteupdate', - } - - $geoliteupdate_command = /usr/local/bin/geoliteupdate ${data_directory} - - # run once on the first instantiation of this class - exec { 'geoliteupdate': -command = $geoliteupdate_command, -refreshonly = true, -subscribe = File['/usr/local/bin/geoliteupdate'], -require = File[$data_directory], - } - - # Set up a cron to run geoliteupdate weekly. - cron { 'geoliteupdate': -ensure = present, -command = ${geoliteupdate_command} /dev/null, -user= 'root', -weekday = 0, -hour= 3, -minute = 30, -require = File[$data_directory], - } - - # if $environment was
[MediaWiki-commits] [Gerrit] Kill all (outdated) references to pmtpa - change (operations/dns)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/171265 Change subject: Kill all (outdated) references to pmtpa .. Kill all (outdated) references to pmtpa Change-Id: I1ca1a156396ab6c244c5bf86e1488a15a38b9309 --- M templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa M templates/10.in-addr.arpa M templates/152.80.208.in-addr.arpa M templates/154.80.208.in-addr.arpa M templates/wikimedia.org M templates/wmnet 7 files changed, 2 insertions(+), 225 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/dns refs/changes/65/171265/1 diff --git a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa index 6ec1775..4610062 100644 --- a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa +++ b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa @@ -160,6 +160,3 @@ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr1-codfw.wikimedia.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-codfw.wikimedia.org. 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR pim-rp.wikimedia.org. - -5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-pmtpa.wikimedia.org. - diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa index f5668ae..9a440e6 100644 --- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa +++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa @@ -257,17 +257,9 @@ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr1-eqiad.wikimedia.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr2-eqiad.wikimedia.org. -; cr1-eqiad -- cr2-pmtpa (2620:0:861:fe01::/64) +; unassigned (2620:0:861:fe01::/64) -$ORIGIN 1.0.e.f.{{ zonename }}. -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr1-eqiad.wikimedia.org. -2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-0-0-0.cr2-pmtpa.wikimedia.org. - -; cr2-eqiad -- cr2-pmtpa (2620:0:861:fe02::/64) - -$ORIGIN 2.0.e.f.{{ zonename }}. -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr2-eqiad.wikimedia.org. -2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-1-1-0.cr2-pmtpa.wikimedia.org. +; unassigned (2620:0:861:fe02::/64) ; cr2-eqiad -- cr2-knams GRE (2620:0:861:fe03::/64) diff --git a/templates/10.in-addr.arpa b/templates/10.in-addr.arpa index 3834f0c..65222ee 100644 --- a/templates/10.in-addr.arpa +++ b/templates/10.in-addr.arpa @@ -14,90 +14,6 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. -; 10.0.0.0/12 - pmtpa - -; 10.0.0.0/16 - pmtpa private vlan - -; Servers - -$ORIGIN 0.0.{{ zonename }}. - -200 1H IN PTR vrrp-gw-2.pmtpa.wmnet. -202 1H IN PTR ae0-2.cr2-pmtpa.wikimedia.org. - -; asw* DEPRECATED, put in management network -$ORIGIN 1.0.{{ zonename }}. - -{% for i in range(1, 10) %} -{{ i }} 1H IN PTR asw{{ i }}-pmtpa.pmtpa.wmnet. -{%- endfor %} - -; srv* - -$ORIGIN 2.0.{{ zonename }}. - -$ORIGIN 3.0.{{ zonename }}. - -; Service IPs - -$ORIGIN 5.0.{{ zonename }}. - -6 1H IN PTR dns-r0.pmtpa.wmnet. -7 1H IN PTR dns-r1.pmtpa.wmnet. -8 1H IN PTR nfs-home.pmtpa.wmnet. - -; Databases - -$ORIGIN 6.0.{{ zonename }}. - -; Management (pmtpa) - -$ORIGIN 1.{{ zonename }}. - -; Network equipment - -$ORIGIN 1.1.{{ zonename }}. - -3 1H IN PTR asw-c3-pmtpa.mgmt.pmtpa.wmnet. -4 1H IN PTR asw-c4-pmtpa.mgmt.pmtpa.wmnet. -7 1H IN PTR asw-a2-pmtpa.mgmt.pmtpa.wmnet. -15 1H IN PTR msw1-pmtpa.mgmt.pmtpa.wmnet. -18 1H IN PTR cr2-pmtpa.mgmt.pmtpa.wmnet. - -21 1H IN PTR asw-d-pmtpa.mgmt.pmtpa.wmnet. -22 1H IN PTR asw-d1-pmtpa.mgmt.pmtpa.wmnet. -23 1H IN PTR asw-d2-pmtpa.mgmt.pmtpa.wmnet. -24 1H IN PTR asw-d3-pmtpa.mgmt.pmtpa.wmnet. -25 1H IN PTR msw2-pmtpa.mgmt.pmtpa.wmnet. - -; Supportive management infrastructure - -$ORIGIN 2.1.{{ zonename }}. - -2 1H IN PTR scs-d1-pmtpa.mgmt.pmtpa.wmnet. -3 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet. - -$ORIGIN 3.1.{{ zonename }}. - -; Search Servers -$ORIGIN 4.1.{{ zonename }}. - -; Power Distribution Units - -$ORIGIN 5.1.{{ zonename }}. - -; Database Servers -$ORIGIN 6.1.{{ zonename }}. - -; Media Servers SSL Servers ES Servers Memcached Servers -$ORIGIN 7.1.{{ zonename }}. - -; Misc. Services Server Project -$ORIGIN 8.1.{{ zonename }}. - -; Apaches pool (srv251+) -$ORIGIN 9.1.{{ zonename }}. - ; codfw svc ips $ORIGIN 1.2.{{ zonename }}. @@ -149,39 +65,6 @@ 24 1H IN PTR upload.svc.ulsfo.wmnet. 25 1H IN PTR text.svc.ulsfo.wmnet. 26 1H IN PTR mobile.svc.ulsfo.wmnet. - -; labs svc ips - -$ORIGIN 128.2.{{ zonename }}. - -; Various small assignments - -$ORIGIN 0.3.{{ zonename }}. - -; Cross link between cr2-pmtpa and mr1-pmtpa: 10.3.0.8/30 - -9 1H IN PTR ae0-402.cr2-pmtpa.wikimedia.org. -10 1H IN PTR fe-0-0-2-402.mr1-pmtpa.wikimedia.org. - -; Loopbacks 10.3.0.12/30 - -12 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet. - -; pmtpa wireless access network 10.3.1.0/24 -1 1H IN PTR fe-0-0-3.mr1-pmtpa.wikimedia.org. -2 1H IN PTR
[MediaWiki-commits] [Gerrit] Allocate frack-codfw - change (operations/dns)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/171266 Change subject: Allocate frack-codfw .. Allocate frack-codfw Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe --- M templates/152.80.208.in-addr.arpa 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/dns refs/changes/66/171266/1 diff --git a/templates/152.80.208.in-addr.arpa b/templates/152.80.208.in-addr.arpa index 0186726..0b1474e 100644 --- a/templates/152.80.208.in-addr.arpa +++ b/templates/152.80.208.in-addr.arpa @@ -14,6 +14,8 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. +; 208.80.152.224/28 frack-codfw (208.80.152.224 - 208.80.152.239) + ; 208.80.152.240/28 sandbox1-a-codfw (208.80.152.240 - 208.80.152.255) 241 1H IN PTR vrrp-gw-2201.wikimedia.org. 242 1H IN PTR ae1-2201.cr1-codfw.wikimedia.org. -- To view, visit https://gerrit.wikimedia.org/r/171266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Kill all (outdated) references to pmtpa - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Kill all (outdated) references to pmtpa .. Kill all (outdated) references to pmtpa Change-Id: I1ca1a156396ab6c244c5bf86e1488a15a38b9309 --- M templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa M templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa M templates/10.in-addr.arpa M templates/152.80.208.in-addr.arpa M templates/154.80.208.in-addr.arpa M templates/wikimedia.org M templates/wmnet 7 files changed, 2 insertions(+), 225 deletions(-) Approvals: Mark Bergsma: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa index 6ec1775..4610062 100644 --- a/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa +++ b/templates/0.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa @@ -160,6 +160,3 @@ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr1-codfw.wikimedia.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-codfw.wikimedia.org. 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR pim-rp.wikimedia.org. - -5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR cr2-pmtpa.wikimedia.org. - diff --git a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa index f5668ae..9a440e6 100644 --- a/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa +++ b/templates/1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa @@ -257,17 +257,9 @@ 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr1-eqiad.wikimedia.org. 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR ae0.cr2-eqiad.wikimedia.org. -; cr1-eqiad -- cr2-pmtpa (2620:0:861:fe01::/64) +; unassigned (2620:0:861:fe01::/64) -$ORIGIN 1.0.e.f.{{ zonename }}. -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr1-eqiad.wikimedia.org. -2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-0-0-0.cr2-pmtpa.wikimedia.org. - -; cr2-eqiad -- cr2-pmtpa (2620:0:861:fe02::/64) - -$ORIGIN 2.0.e.f.{{ zonename }}. -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-5-2-1.cr2-eqiad.wikimedia.org. -2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 1H IN PTR xe-1-1-0.cr2-pmtpa.wikimedia.org. +; unassigned (2620:0:861:fe02::/64) ; cr2-eqiad -- cr2-knams GRE (2620:0:861:fe03::/64) diff --git a/templates/10.in-addr.arpa b/templates/10.in-addr.arpa index 3834f0c..65222ee 100644 --- a/templates/10.in-addr.arpa +++ b/templates/10.in-addr.arpa @@ -14,90 +14,6 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. -; 10.0.0.0/12 - pmtpa - -; 10.0.0.0/16 - pmtpa private vlan - -; Servers - -$ORIGIN 0.0.{{ zonename }}. - -200 1H IN PTR vrrp-gw-2.pmtpa.wmnet. -202 1H IN PTR ae0-2.cr2-pmtpa.wikimedia.org. - -; asw* DEPRECATED, put in management network -$ORIGIN 1.0.{{ zonename }}. - -{% for i in range(1, 10) %} -{{ i }} 1H IN PTR asw{{ i }}-pmtpa.pmtpa.wmnet. -{%- endfor %} - -; srv* - -$ORIGIN 2.0.{{ zonename }}. - -$ORIGIN 3.0.{{ zonename }}. - -; Service IPs - -$ORIGIN 5.0.{{ zonename }}. - -6 1H IN PTR dns-r0.pmtpa.wmnet. -7 1H IN PTR dns-r1.pmtpa.wmnet. -8 1H IN PTR nfs-home.pmtpa.wmnet. - -; Databases - -$ORIGIN 6.0.{{ zonename }}. - -; Management (pmtpa) - -$ORIGIN 1.{{ zonename }}. - -; Network equipment - -$ORIGIN 1.1.{{ zonename }}. - -3 1H IN PTR asw-c3-pmtpa.mgmt.pmtpa.wmnet. -4 1H IN PTR asw-c4-pmtpa.mgmt.pmtpa.wmnet. -7 1H IN PTR asw-a2-pmtpa.mgmt.pmtpa.wmnet. -15 1H IN PTR msw1-pmtpa.mgmt.pmtpa.wmnet. -18 1H IN PTR cr2-pmtpa.mgmt.pmtpa.wmnet. - -21 1H IN PTR asw-d-pmtpa.mgmt.pmtpa.wmnet. -22 1H IN PTR asw-d1-pmtpa.mgmt.pmtpa.wmnet. -23 1H IN PTR asw-d2-pmtpa.mgmt.pmtpa.wmnet. -24 1H IN PTR asw-d3-pmtpa.mgmt.pmtpa.wmnet. -25 1H IN PTR msw2-pmtpa.mgmt.pmtpa.wmnet. - -; Supportive management infrastructure - -$ORIGIN 2.1.{{ zonename }}. - -2 1H IN PTR scs-d1-pmtpa.mgmt.pmtpa.wmnet. -3 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet. - -$ORIGIN 3.1.{{ zonename }}. - -; Search Servers -$ORIGIN 4.1.{{ zonename }}. - -; Power Distribution Units - -$ORIGIN 5.1.{{ zonename }}. - -; Database Servers -$ORIGIN 6.1.{{ zonename }}. - -; Media Servers SSL Servers ES Servers Memcached Servers -$ORIGIN 7.1.{{ zonename }}. - -; Misc. Services Server Project -$ORIGIN 8.1.{{ zonename }}. - -; Apaches pool (srv251+) -$ORIGIN 9.1.{{ zonename }}. - ; codfw svc ips $ORIGIN 1.2.{{ zonename }}. @@ -149,39 +65,6 @@ 24 1H IN PTR upload.svc.ulsfo.wmnet. 25 1H IN PTR text.svc.ulsfo.wmnet. 26 1H IN PTR mobile.svc.ulsfo.wmnet. - -; labs svc ips - -$ORIGIN 128.2.{{ zonename }}. - -; Various small assignments - -$ORIGIN 0.3.{{ zonename }}. - -; Cross link between cr2-pmtpa and mr1-pmtpa: 10.3.0.8/30 - -9 1H IN PTR ae0-402.cr2-pmtpa.wikimedia.org. -10 1H IN PTR fe-0-0-2-402.mr1-pmtpa.wikimedia.org. - -; Loopbacks 10.3.0.12/30 - -12 1H IN PTR mr1-pmtpa.mgmt.pmtpa.wmnet. - -; pmtpa wireless access network 10.3.1.0/24 -1 1H IN PTR
[MediaWiki-commits] [Gerrit] Allocate frack-codfw - change (operations/dns)
Faidon Liambotis has submitted this change and it was merged. Change subject: Allocate frack-codfw .. Allocate frack-codfw Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe --- M templates/152.80.208.in-addr.arpa 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Mark Bergsma: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/152.80.208.in-addr.arpa b/templates/152.80.208.in-addr.arpa index 0186726..0b1474e 100644 --- a/templates/152.80.208.in-addr.arpa +++ b/templates/152.80.208.in-addr.arpa @@ -14,6 +14,8 @@ 1D IN NS ns1.wikimedia.org. 1D IN NS ns2.wikimedia.org. +; 208.80.152.224/28 frack-codfw (208.80.152.224 - 208.80.152.239) + ; 208.80.152.240/28 sandbox1-a-codfw (208.80.152.240 - 208.80.152.255) 241 1H IN PTR vrrp-gw-2201.wikimedia.org. 242 1H IN PTR ae1-2201.cr1-codfw.wikimedia.org. -- To view, visit https://gerrit.wikimedia.org/r/171266 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie1e8a33538293c49e2541769f32940391d755dfe Gerrit-PatchSet: 1 Gerrit-Project: operations/dns Gerrit-Branch: master Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Mark Bergsma m...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] varnish: allow POST for EventLogging on bits - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: varnish: allow POST for EventLogging on bits .. varnish: allow POST for EventLogging on bits The sendBeacon W3C API works by issuing POSTs to EventLogging URLs. Currently, we issue a method not allowed on POSTs; while that would still work with EventLogging (as neither the browser nor EL would care about the status code), this would elevate our error statistics. Handle this case by moving the conditional block and thus allowing POSTs specifically for event.gif. RT: 8612 Change-Id: I7d752d1fe84620ed64101d6bece7631057a8a3e6 --- M templates/varnish/bits.inc.vcl.erb 1 file changed, 5 insertions(+), 4 deletions(-) Approvals: Ori.livneh: Looks good to me, but someone else must approve Nuria: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/varnish/bits.inc.vcl.erb b/templates/varnish/bits.inc.vcl.erb index 769f5e4..3d962cf 100644 --- a/templates/varnish/bits.inc.vcl.erb +++ b/templates/varnish/bits.inc.vcl.erb @@ -23,7 +23,10 @@ % end -% sub vcl_recv { - /* Since we are allowing POST at wikimedia3.vcl.erb, disallow here */ + if (req.url ~ ^/event\.gif) { + error 204; + } + if (req.request == POST) { error 403 HTTP method not allowed.; } @@ -41,15 +44,13 @@ } if (req.http.host == %= cluster_options.fetch( bits_domain, bits.wikimedia.org )%) { - if (req.url ~ ^/event\.gif) { - error 204; - } /* For https-only wikis, the redirect from http to https for bits assets should occur in varnish instead of apache, since the apache redirect and mediawiki doesn't vary by protocol. This can result in a redirect loop and assets not loading. */ if ( req.url ~ ^/(auditcom|boardgovcom|board|chair|chapcom|checkuser|collab|donate|exec|fdc|grants|internal|movementroles|nomcom|office|otrs-wiki|searchcom|spcom|steward|wikimaniateam)\.wikimedia\.org/ req.http.X-Forwarded-Proto != https ) { error 301 https://%= cluster_options.fetch( bits_domain, bits.wikimedia.org )% + req.url; } + % if cluster_options.fetch( enable_geoiplookup, false ) -% if (req.url == /geoiplookup) { error 666 geoiplookup; -- To view, visit https://gerrit.wikimedia.org/r/170883 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7d752d1fe84620ed64101d6bece7631057a8a3e6 Gerrit-PatchSet: 5 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: BBlack bbl...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Nuria nu...@wikimedia.org Gerrit-Reviewer: Ori.livneh o...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Expose Content-Range response header for CORS requests on up... - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Expose Content-Range response header for CORS requests on upload .. Expose Content-Range response header for CORS requests on upload When a client submits an HTTP request with 'Range' header, the actual range returned, including the total file size, comes back in the 'Content-Range' response header. Naturally, this doesn't get automatically exposed in cross-origin requests and must be explicitly listed in the OPTIONS response. Yay CORS! Exposing this will let ogv.js eliminate an extra HEAD request to get the total file size, and allows validation of the ranges to check for a Safari caching bug https://bugs.webkit.org/show_bug.cgi?id=82672 without adding a cachebuster query string on every request. Change-Id: I35d51c66814fd23972c8044208b1545b8e20f464 --- M templates/varnish/upload-frontend.inc.vcl.erb 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/templates/varnish/upload-frontend.inc.vcl.erb b/templates/varnish/upload-frontend.inc.vcl.erb index 62257d9..bbcf905 100644 --- a/templates/varnish/upload-frontend.inc.vcl.erb +++ b/templates/varnish/upload-frontend.inc.vcl.erb @@ -117,5 +117,5 @@ } set resp.http.Access-Control-Allow-Origin = *; - set resp.http.Access-Control-Expose-Headers = Age, Date, Content-Length, X-Content-Duration, X-Cache, X-Varnish; + set resp.http.Access-Control-Expose-Headers = Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache, X-Varnish; } -- To view, visit https://gerrit.wikimedia.org/r/171502 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I35d51c66814fd23972c8044208b1545b8e20f464 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Brion VIBBER br...@wikimedia.org Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Increase max file size of url downloader proxy to 1010mb - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: Increase max file size of url downloader proxy to 1010mb .. Increase max file size of url downloader proxy to 1010mb If you look at git show b06baad758aca^:modules/url-downloader/files/copy-by-url-proxy.conf you will notice a code comment saying make it slightly larger than the max upload size. Since that time the max upload size has increased to 1000mb, so increase this limit in turn. Of course people trying to upload 1 gb big files may still run into various timeouts. Bug: 73200 Change-Id: Ib83d9dbfe87ea4e3d673b712aa3d8d3727c9ce36 --- M modules/url_downloader/templates/squid.conf.erb 1 file changed, 3 insertions(+), 3 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/url_downloader/templates/squid.conf.erb b/modules/url_downloader/templates/squid.conf.erb index ed3c304..aabc11e 100644 --- a/modules/url_downloader/templates/squid.conf.erb +++ b/modules/url_downloader/templates/squid.conf.erb @@ -16,7 +16,7 @@ acl everything src all cache deny everything acl apache rep_header Server ^Apache -maximum_object_size 510 MB +maximum_object_size 1010 MB cache_replacement_policy heap LFUDA access_log /var/log/%= @package_name %/access.log squid log_mime_hdrs on @@ -78,11 +78,11 @@ tcp_outgoing_address %= @service_ip % %- if @package_name == 'squid' -% -reply_body_max_size 534773760 allow all +reply_body_max_size 1059061760 allow all cache_dir null /tmp broken_vary_encoding allow apache %- else -% -reply_body_max_size 510 MB all +reply_body_max_size 1010 MB all %- end -% cache_mgr r...@wikimedia.org -- To view, visit https://gerrit.wikimedia.org/r/172120 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib83d9dbfe87ea4e3d673b712aa3d8d3727c9ce36 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Brian Wolff bawolff...@gmail.com Gerrit-Reviewer: Faidon Liambotis fai...@wikimedia.org Gerrit-Reviewer: Giuseppe Lavagetto glavage...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] geoip: switch data::maxmind to geoiupdate - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/172444 Change subject: geoip: switch data::maxmind to geoiupdate .. geoip: switch data::maxmind to geoiupdate geoipupdate was forked off the GeoIP distribution and is maintained separately. The newer version supports GeoIP2 databases, HTTPS, as well as setting a proxy from the configuration file. geoipupdate packages have been backported and are already in apt for both precise and trusty. Change-Id: I926b488c320035f591518d817ef6234c61889dbb --- M modules/geoip/manifests/data/maxmind.pp M modules/geoip/templates/GeoIP.conf.erb M modules/puppetmaster/manifests/geoip.pp 3 files changed, 29 insertions(+), 27 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/44/172444/1 diff --git a/modules/geoip/manifests/data/maxmind.pp b/modules/geoip/manifests/data/maxmind.pp index 62ae383..70f0055 100644 --- a/modules/geoip/manifests/data/maxmind.pp +++ b/modules/geoip/manifests/data/maxmind.pp @@ -5,12 +5,11 @@ # # == Parameters # $data_directory - Where the data files should live. -# $environment- The environment parameter to pass to exec and cron for the -# geoipupdate download command. default: undef # $license_key- MaxMind license key. Required. # $user_id- MaxMind user id. Required. # $product_ids- Array of MaxMind product ids to specify which data files # to download. default: [106] (Country) +# $proxy - Proxy server to use to fetch files. Optional. # == Example # You can use this class on your puppetmaster to stick the GeoIP .dat files # into a fileserver module. Once the files are there, you can use the @@ -29,13 +28,14 @@ # class geoip::data::maxmind( $data_directory = '/usr/share/GeoIP', - $environment= undef, $license_key= false, $user_id= false, - $product_ids= [106]) -{ - # we need the geoipupdate binary from geoip-bin - require geoip::bin + $product_ids= [106], + $proxy = undef +) { + package { 'geoipupdate': +ensure = present, + } if ! defined(File[$data_directory]) { file { $data_directory: @@ -57,22 +57,23 @@ # command to run to update the GeoIP database files $geoipupdate_command = /usr/bin/geoipupdate -f ${config_file} -d ${data_directory} - # Go ahead and exec geoipupdate now, so that - # we can be sure we have these files if - # this is the first time puppetmaster is - # running this class. + # Go ahead and exec geoipupdate now, so that we can be sure we have these + # files if this is the first time puppetmaster is running this class. exec { 'geoipupdate': command = $geoipupdate_command, refreshonly = true, subscribe = File[$config_file], -# geoipupdate comes from package geoip-bin -require = [Package['geoip-bin'], File[$config_file], File[$data_directory]], +require = [ +Package['geoipupdate'], +File[$config_file], +File[$data_directory] +], } $geoipupdate_log = '/var/log/geoipupdate.log' - # Set up a cron to run geoipupdate weekly. - # This will download .dat files for the specified - # Maxmind Product IDs. + + # Set up a cron to run geoipupdate weekly. This will download .dat files for + # the specified MaxMind Product IDs. cron { 'geoipupdate': ensure = present, command = /bin/echo -e \\$(/bin/date): geoipupdate downloading MaxMind .dat files into ${data_directory}\ ${geoipupdate_log} ${geoipupdate_command} /var/log/geoipupdate.log, @@ -80,19 +81,16 @@ weekday = 0, hour= 3, minute = 30, -require = [Package['geoip-bin'], File[$config_file], File[$data_directory]], +require = [ +Package['geoipupdate'], +File[$config_file], +File[$data_directory] +], } # logrotate for geoipupdate.log file { '/etc/logrotate.d/geoipupdate': content = template('geoip/geoipupdate.logrotate.erb'), require = Cron['geoipupdate'], - } - - # if $environment was passed in, - # set it on the geoipupdate commands - if ($environment != undef) { -Exec['geoipupdate'] { environment = $environment } -Cron['geoipupdate'] { environment = $environment } } } diff --git a/modules/geoip/templates/GeoIP.conf.erb b/modules/geoip/templates/GeoIP.conf.erb index 9bc3b458..c527e46 100644 --- a/modules/geoip/templates/GeoIP.conf.erb +++ b/modules/geoip/templates/GeoIP.conf.erb @@ -19,3 +19,7 @@ # 133 - GeoIPCity.datCity database # 115 - GeoIPRegion.dat Region database ProductIds %= @product_ids.join(' ') % + +% if @proxy then -% +Proxy %= @proxy % +% end -% diff --git a/modules/puppetmaster/manifests/geoip.pp b/modules/puppetmaster/manifests/geoip.pp index 292e9e3..8539ab1 100644 --- a/modules/puppetmaster/manifests/geoip.pp +++
[MediaWiki-commits] [Gerrit] geoip: switch data::maxmind to geoipupdate - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: geoip: switch data::maxmind to geoipupdate .. geoip: switch data::maxmind to geoipupdate geoipupdate was forked off the GeoIP distribution and is maintained separately. The newer version supports GeoIP2 databases, HTTPS, as well as setting a proxy from the configuration file. geoipupdate packages have been backported and are already in apt for both precise and trusty. Change-Id: I926b488c320035f591518d817ef6234c61889dbb --- M modules/geoip/manifests/data/maxmind.pp M modules/geoip/templates/GeoIP.conf.erb M modules/puppetmaster/manifests/geoip.pp 3 files changed, 29 insertions(+), 27 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/geoip/manifests/data/maxmind.pp b/modules/geoip/manifests/data/maxmind.pp index 62ae383..70f0055 100644 --- a/modules/geoip/manifests/data/maxmind.pp +++ b/modules/geoip/manifests/data/maxmind.pp @@ -5,12 +5,11 @@ # # == Parameters # $data_directory - Where the data files should live. -# $environment- The environment parameter to pass to exec and cron for the -# geoipupdate download command. default: undef # $license_key- MaxMind license key. Required. # $user_id- MaxMind user id. Required. # $product_ids- Array of MaxMind product ids to specify which data files # to download. default: [106] (Country) +# $proxy - Proxy server to use to fetch files. Optional. # == Example # You can use this class on your puppetmaster to stick the GeoIP .dat files # into a fileserver module. Once the files are there, you can use the @@ -29,13 +28,14 @@ # class geoip::data::maxmind( $data_directory = '/usr/share/GeoIP', - $environment= undef, $license_key= false, $user_id= false, - $product_ids= [106]) -{ - # we need the geoipupdate binary from geoip-bin - require geoip::bin + $product_ids= [106], + $proxy = undef +) { + package { 'geoipupdate': +ensure = present, + } if ! defined(File[$data_directory]) { file { $data_directory: @@ -57,22 +57,23 @@ # command to run to update the GeoIP database files $geoipupdate_command = /usr/bin/geoipupdate -f ${config_file} -d ${data_directory} - # Go ahead and exec geoipupdate now, so that - # we can be sure we have these files if - # this is the first time puppetmaster is - # running this class. + # Go ahead and exec geoipupdate now, so that we can be sure we have these + # files if this is the first time puppetmaster is running this class. exec { 'geoipupdate': command = $geoipupdate_command, refreshonly = true, subscribe = File[$config_file], -# geoipupdate comes from package geoip-bin -require = [Package['geoip-bin'], File[$config_file], File[$data_directory]], +require = [ +Package['geoipupdate'], +File[$config_file], +File[$data_directory] +], } $geoipupdate_log = '/var/log/geoipupdate.log' - # Set up a cron to run geoipupdate weekly. - # This will download .dat files for the specified - # Maxmind Product IDs. + + # Set up a cron to run geoipupdate weekly. This will download .dat files for + # the specified MaxMind Product IDs. cron { 'geoipupdate': ensure = present, command = /bin/echo -e \\$(/bin/date): geoipupdate downloading MaxMind .dat files into ${data_directory}\ ${geoipupdate_log} ${geoipupdate_command} /var/log/geoipupdate.log, @@ -80,19 +81,16 @@ weekday = 0, hour= 3, minute = 30, -require = [Package['geoip-bin'], File[$config_file], File[$data_directory]], +require = [ +Package['geoipupdate'], +File[$config_file], +File[$data_directory] +], } # logrotate for geoipupdate.log file { '/etc/logrotate.d/geoipupdate': content = template('geoip/geoipupdate.logrotate.erb'), require = Cron['geoipupdate'], - } - - # if $environment was passed in, - # set it on the geoipupdate commands - if ($environment != undef) { -Exec['geoipupdate'] { environment = $environment } -Cron['geoipupdate'] { environment = $environment } } } diff --git a/modules/geoip/templates/GeoIP.conf.erb b/modules/geoip/templates/GeoIP.conf.erb index 9bc3b458..475b877 100644 --- a/modules/geoip/templates/GeoIP.conf.erb +++ b/modules/geoip/templates/GeoIP.conf.erb @@ -19,3 +19,7 @@ # 133 - GeoIPCity.datCity database # 115 - GeoIPRegion.dat Region database ProductIds %= @product_ids.join(' ') % + +% if @proxy -% +Proxy %= @proxy % +% end -% diff --git a/modules/puppetmaster/manifests/geoip.pp b/modules/puppetmaster/manifests/geoip.pp index 292e9e3..8539ab1 100644 --- a/modules/puppetmaster/manifests/geoip.pp +++ b/modules/puppetmaster/manifests/geoip.pp @@ -4,7 +4,7 @@