]> git.openstreetmap.org Git - chef.git/log
chef.git
21 months agobind: add missing networking dependency
Grant Slater [Wed, 15 Mar 2023 14:56:01 +0000 (14:56 +0000)]
bind: add missing networking dependency

21 months agowordpress: Allow access to robots.txt and similar files
Grant Slater [Wed, 15 Mar 2023 14:03:35 +0000 (14:03 +0000)]
wordpress: Allow access to robots.txt and similar files

21 months agowordpress: Remove duplicate memory limit. Add ENV type
Grant Slater [Wed, 15 Mar 2023 14:02:55 +0000 (14:02 +0000)]
wordpress: Remove duplicate memory limit. Add ENV type

21 months agowordpress: Increase memory limit to allow large image resizes
Grant Slater [Wed, 15 Mar 2023 13:10:52 +0000 (13:10 +0000)]
wordpress: Increase memory limit to allow large image resizes

21 months agowordpress: Disable fail2ban health filter check
Grant Slater [Wed, 15 Mar 2023 12:37:33 +0000 (12:37 +0000)]
wordpress: Disable fail2ban health filter check

21 months agowordpress: update RewriteRule to recommendation
Grant Slater [Wed, 15 Mar 2023 12:03:18 +0000 (12:03 +0000)]
wordpress: update RewriteRule to recommendation

21 months agowordpress: enable CGIPassAuth
Grant Slater [Wed, 15 Mar 2023 12:02:27 +0000 (12:02 +0000)]
wordpress: enable CGIPassAuth

21 months agowordpress: add php-imagick
Grant Slater [Tue, 14 Mar 2023 17:51:37 +0000 (17:51 +0000)]
wordpress: add php-imagick

21 months agowordpress: install wordpress cli
Grant Slater [Tue, 14 Mar 2023 13:26:45 +0000 (13:26 +0000)]
wordpress: install wordpress cli

21 months agoSimplify generation of ACLs for munin and logstash
Tom Hughes [Mon, 13 Mar 2023 20:57:10 +0000 (20:57 +0000)]
Simplify generation of ACLs for munin and logstash

21 months agoSimplify named configuration
Tom Hughes [Mon, 13 Mar 2023 20:20:02 +0000 (20:20 +0000)]
Simplify named configuration

21 months agoAdd tools to block and unblock addresses
Tom Hughes [Sun, 12 Mar 2023 11:41:21 +0000 (11:41 +0000)]
Add tools to block and unblock addresses

21 months agoPreserve blocklists over firewall restarts
Tom Hughes [Sun, 12 Mar 2023 11:07:07 +0000 (11:07 +0000)]
Preserve blocklists over firewall restarts

21 months agoRemove unused template
Tom Hughes [Sun, 12 Mar 2023 11:01:59 +0000 (11:01 +0000)]
Remove unused template

21 months agoGeneralise configuration of firewall sets
Tom Hughes [Sat, 11 Mar 2023 14:45:43 +0000 (14:45 +0000)]
Generalise configuration of firewall sets

21 months agoFix newline suppression in ERB template
Tom Hughes [Sat, 11 Mar 2023 14:45:11 +0000 (14:45 +0000)]
Fix newline suppression in ERB template

21 months agoFix munin node configuration
Tom Hughes [Sat, 11 Mar 2023 14:34:10 +0000 (14:34 +0000)]
Fix munin node configuration

21 months agoRefactor firewall rules to simplify IPv4/IPv6 handling
Tom Hughes [Thu, 9 Mar 2023 18:26:46 +0000 (18:26 +0000)]
Refactor firewall rules to simplify IPv4/IPv6 handling

21 months agoMake sure database backups abort on error
Tom Hughes [Sat, 11 Mar 2023 07:51:44 +0000 (07:51 +0000)]
Make sure database backups abort on error

21 months agoDrop role for pummelzacken
Tom Hughes [Fri, 10 Mar 2023 12:20:27 +0000 (12:20 +0000)]
Drop role for pummelzacken

21 months agoDrop role for noquiklos
Tom Hughes [Fri, 10 Mar 2023 07:05:25 +0000 (07:05 +0000)]
Drop role for noquiklos

21 months agoReorder authorization matches
Tom Hughes [Thu, 9 Mar 2023 21:54:21 +0000 (21:54 +0000)]
Reorder authorization matches

21 months agoImprove error handling in API statistics daemon
Tom Hughes [Thu, 9 Mar 2023 21:49:23 +0000 (21:49 +0000)]
Improve error handling in API statistics daemon

21 months agoAdd a metric to track usage of API authentication methods
Tom Hughes [Thu, 9 Mar 2023 21:34:56 +0000 (21:34 +0000)]
Add a metric to track usage of API authentication methods

21 months agoRestart smokeping exporter when the configuration changes
Tom Hughes [Thu, 9 Mar 2023 13:47:48 +0000 (13:47 +0000)]
Restart smokeping exporter when the configuration changes

21 months agoDrop roles for clifford and sarel
Tom Hughes [Thu, 9 Mar 2023 12:49:47 +0000 (12:49 +0000)]
Drop roles for clifford and sarel

21 months agoRelax thresholds for packet loss reporting
Tom Hughes [Thu, 9 Mar 2023 08:26:59 +0000 (08:26 +0000)]
Relax thresholds for packet loss reporting

21 months agodns: upgrade dnscontrol to 3.27.2
Grant Slater [Thu, 9 Mar 2023 07:15:47 +0000 (07:15 +0000)]
dns: upgrade dnscontrol to 3.27.2

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoScale some percentage values correctly in alerts
Tom Hughes [Wed, 8 Mar 2023 22:44:29 +0000 (22:44 +0000)]
Scale some percentage values correctly in alerts

21 months agoAdd a packet loss alert
Tom Hughes [Wed, 8 Mar 2023 20:28:06 +0000 (20:28 +0000)]
Add a packet loss alert

21 months agoFix sandboxing of smokeping exporter
Tom Hughes [Wed, 8 Mar 2023 19:25:41 +0000 (19:25 +0000)]
Fix sandboxing of smokeping exporter

21 months agoFix typo
Tom Hughes [Wed, 8 Mar 2023 18:51:43 +0000 (18:51 +0000)]
Fix typo

21 months agoSort ping targets
Tom Hughes [Wed, 8 Mar 2023 18:35:40 +0000 (18:35 +0000)]
Sort ping targets

21 months agoRun smokeping exporter on gateways
Tom Hughes [Wed, 8 Mar 2023 18:33:24 +0000 (18:33 +0000)]
Run smokeping exporter on gateways

21 months agocommunity: minor feed url fix
Grant Slater [Wed, 8 Mar 2023 14:34:28 +0000 (14:34 +0000)]
community: minor feed url fix

21 months agocommunity: add workaround method to add custom feed
Grant Slater [Wed, 8 Mar 2023 14:16:39 +0000 (14:16 +0000)]
community: add workaround method to add custom feed

21 months agocommunity: disable feed for moment
Grant Slater [Wed, 8 Mar 2023 13:54:12 +0000 (13:54 +0000)]
community: disable feed for moment

21 months agoRemove old forum code. Add cert to discourse
Grant Slater [Wed, 8 Mar 2023 09:15:30 +0000 (09:15 +0000)]
Remove old forum code. Add cert to discourse

21 months agocommunity: Add missing atom file
Grant Slater [Wed, 8 Mar 2023 09:12:39 +0000 (09:12 +0000)]
community: Add missing atom file

21 months agoDon't filter outgoing multicast packets
Tom Hughes [Wed, 8 Mar 2023 08:59:26 +0000 (08:59 +0000)]
Don't filter outgoing multicast packets

21 months agocommunity: Add custom static atom feed
Grant Slater [Wed, 8 Mar 2023 08:48:19 +0000 (08:48 +0000)]
community: Add custom static atom feed

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoFix test failures
Tom Hughes [Tue, 7 Mar 2023 21:25:18 +0000 (21:25 +0000)]
Fix test failures

21 months agoFix icmp echo rate limiting
Tom Hughes [Tue, 7 Mar 2023 20:27:37 +0000 (20:27 +0000)]
Fix icmp echo rate limiting

21 months agoReintroduce helper support and implement it
Tom Hughes [Tue, 7 Mar 2023 19:55:11 +0000 (19:55 +0000)]
Reintroduce helper support and implement it

21 months agoPort custom firewall rule to nftables
Tom Hughes [Tue, 7 Mar 2023 19:19:14 +0000 (19:19 +0000)]
Port custom firewall rule to nftables

21 months agoSimplify rate limit and connection limit configuration
Tom Hughes [Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)]
Simplify rate limit and connection limit configuration

21 months agoDrop unused support for conntrack helpers
Tom Hughes [Tue, 7 Mar 2023 19:14:35 +0000 (19:14 +0000)]
Drop unused support for conntrack helpers

21 months agoDrop tcp vs tcp:syn distinction
Tom Hughes [Tue, 7 Mar 2023 19:13:38 +0000 (19:13 +0000)]
Drop tcp vs tcp:syn distinction

21 months agoMerge http and https rules
Tom Hughes [Tue, 7 Mar 2023 19:07:36 +0000 (19:07 +0000)]
Merge http and https rules

21 months agoSimpligy configuration of port numbers in firewall rules
Tom Hughes [Tue, 7 Mar 2023 19:06:00 +0000 (19:06 +0000)]
Simpligy configuration of port numbers in firewall rules

21 months agoUse interval sets for blocklists
Tom Hughes [Tue, 7 Mar 2023 18:04:34 +0000 (18:04 +0000)]
Use interval sets for blocklists

21 months agoRename firewall tables to avoid any clash with iptables
Tom Hughes [Tue, 7 Mar 2023 18:00:02 +0000 (18:00 +0000)]
Rename firewall tables to avoid any clash with iptables

21 months agofoundation: add pptx to dwg
Grant Slater [Tue, 7 Mar 2023 08:47:59 +0000 (08:47 +0000)]
foundation: add pptx to dwg

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoDrop test override that is no longer needed
Tom Hughes [Sun, 5 Mar 2023 19:38:13 +0000 (19:38 +0000)]
Drop test override that is no longer needed

21 months agoDrop support for shorewall
Tom Hughes [Sun, 5 Mar 2023 19:19:12 +0000 (19:19 +0000)]
Drop support for shorewall

21 months agoAdd alert for failing discourse jobs
Tom Hughes [Mon, 6 Mar 2023 14:39:13 +0000 (14:39 +0000)]
Add alert for failing discourse jobs

21 months agoFix statuscake alerts
Tom Hughes [Mon, 6 Mar 2023 00:21:06 +0000 (00:21 +0000)]
Fix statuscake alerts

21 months agoDon't expire connection limit sets
Tom Hughes [Sun, 5 Mar 2023 20:39:23 +0000 (20:39 +0000)]
Don't expire connection limit sets

21 months agoExpire rate limit sets
Tom Hughes [Sun, 5 Mar 2023 20:33:41 +0000 (20:33 +0000)]
Expire rate limit sets

21 months agoRemove size limits on firewall sets
Tom Hughes [Sun, 5 Mar 2023 19:45:59 +0000 (19:45 +0000)]
Remove size limits on firewall sets

21 months agoEnable rate limits
Tom Hughes [Sun, 5 Mar 2023 17:28:14 +0000 (17:28 +0000)]
Enable rate limits

21 months agoUpdate networking tests for nftables switch
Tom Hughes [Sun, 5 Mar 2023 16:20:59 +0000 (16:20 +0000)]
Update networking tests for nftables switch

21 months agoEnable connections limits on a per-source basis
Tom Hughes [Sun, 5 Mar 2023 15:33:44 +0000 (15:33 +0000)]
Enable connections limits on a per-source basis

21 months agoDisable rate and connection limits
Tom Hughes [Sun, 5 Mar 2023 14:00:05 +0000 (14:00 +0000)]
Disable rate and connection limits

21 months agoAllow AWS DNS queries through the firewall
Tom Hughes [Sun, 5 Mar 2023 12:40:05 +0000 (12:40 +0000)]
Allow AWS DNS queries through the firewall

21 months agoSwitch remaining servers to nftables
Tom Hughes [Sun, 5 Mar 2023 12:21:34 +0000 (12:21 +0000)]
Switch remaining servers to nftables

21 months agoSwitch machines in Amsterdam to use nftables
Tom Hughes [Sun, 5 Mar 2023 11:09:30 +0000 (11:09 +0000)]
Switch machines in Amsterdam to use nftables

21 months agoMatch interfaces by name so we can start nftables before they exist
Tom Hughes [Sun, 5 Mar 2023 10:33:30 +0000 (10:33 +0000)]
Match interfaces by name so we can start nftables before they exist

21 months agoLimit NAT to IPv4 interfaces
Tom Hughes [Sun, 5 Mar 2023 09:35:57 +0000 (09:35 +0000)]
Limit NAT to IPv4 interfaces

21 months agoSwitch machines in Dublin to use nftables
Tom Hughes [Sun, 5 Mar 2023 09:33:32 +0000 (09:33 +0000)]
Switch machines in Dublin to use nftables

21 months agoFix typo
Tom Hughes [Sat, 4 Mar 2023 15:55:20 +0000 (15:55 +0000)]
Fix typo

21 months agoFix flag matches to work on 20.04
Tom Hughes [Sat, 4 Mar 2023 15:53:25 +0000 (15:53 +0000)]
Fix flag matches to work on 20.04

21 months agoHandle machines with no external interface
Tom Hughes [Sat, 4 Mar 2023 15:50:22 +0000 (15:50 +0000)]
Handle machines with no external interface

21 months agoSwitch all machines at UCL to use nftables
Tom Hughes [Sat, 4 Mar 2023 15:47:15 +0000 (15:47 +0000)]
Switch all machines at UCL to use nftables

21 months agoBlock unspecified and multicast addresses on the outside
Tom Hughes [Sat, 4 Mar 2023 15:38:58 +0000 (15:38 +0000)]
Block unspecified and multicast addresses on the outside

21 months agoLimit echo on a per source basis
Tom Hughes [Sat, 4 Mar 2023 15:32:38 +0000 (15:32 +0000)]
Limit echo on a per source basis

21 months agoMake nftables block various invalid TCP flag combinations
Tom Hughes [Sat, 4 Mar 2023 15:27:15 +0000 (15:27 +0000)]
Make nftables block various invalid TCP flag combinations

21 months agoDon't log rate limited echo request packets
Tom Hughes [Sat, 4 Mar 2023 15:16:45 +0000 (15:16 +0000)]
Don't log rate limited echo request packets

21 months agoAvoid dropping third party tables when stopping an nftables firewall
Tom Hughes [Sat, 4 Mar 2023 14:58:19 +0000 (14:58 +0000)]
Avoid dropping third party tables when stopping an nftables firewall

21 months agoEliminate need for dummy addresses in when running under test
Tom Hughes [Sat, 4 Mar 2023 14:44:05 +0000 (14:44 +0000)]
Eliminate need for dummy addresses in when running under test

21 months agoRevert "Only flush our table to avoid disrupting other nftables users"
Tom Hughes [Sat, 4 Mar 2023 13:00:40 +0000 (13:00 +0000)]
Revert "Only flush our table to avoid disrupting other nftables users"

This reverts commit 400fc6d71c476dba84aa52c5bf694caa8c4346dd.

21 months agoOnly flush our table to avoid disrupting other nftables users
Tom Hughes [Sat, 4 Mar 2023 12:57:20 +0000 (12:57 +0000)]
Only flush our table to avoid disrupting other nftables users

21 months agoUse named sets for OSM IP addresses
Tom Hughes [Sat, 4 Mar 2023 12:46:14 +0000 (12:46 +0000)]
Use named sets for OSM IP addresses

21 months agoLimit mail connections from smarthosts by address
Tom Hughes [Sat, 4 Mar 2023 12:32:41 +0000 (12:32 +0000)]
Limit mail connections from smarthosts by address

21 months agoAllow all mail relays to relay from any host
Tom Hughes [Sat, 4 Mar 2023 12:26:20 +0000 (12:26 +0000)]
Allow all mail relays to relay from any host

21 months agoFix port range syntax for nftables
Tom Hughes [Sat, 4 Mar 2023 12:03:53 +0000 (12:03 +0000)]
Fix port range syntax for nftables

21 months agoDon't bother disabling shorewall before we remove it
Tom Hughes [Sat, 4 Mar 2023 11:53:34 +0000 (11:53 +0000)]
Don't bother disabling shorewall before we remove it

21 months agoFix typo
Tom Hughes [Sat, 4 Mar 2023 11:51:16 +0000 (11:51 +0000)]
Fix typo

21 months agoUse strings for network families
Tom Hughes [Sat, 4 Mar 2023 11:49:05 +0000 (11:49 +0000)]
Use strings for network families

21 months agoSwitch noquiklos to use an nftables firewall
Tom Hughes [Sat, 4 Mar 2023 11:45:53 +0000 (11:45 +0000)]
Switch noquiklos to use an nftables firewall

21 months agoAdd support for using an nftables based firewall
Tom Hughes [Fri, 3 Mar 2023 18:07:47 +0000 (18:07 +0000)]
Add support for using an nftables based firewall

21 months agodns: fix dnscontrol dpkg install
Grant Slater [Thu, 2 Mar 2023 17:44:19 +0000 (17:44 +0000)]
dns: fix dnscontrol dpkg install

21 months agodns: Upgrade dnscontrol to 3.27.1
Grant Slater [Thu, 2 Mar 2023 05:56:17 +0000 (05:56 +0000)]
dns: Upgrade dnscontrol to 3.27.1

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoFix alerting for failed chef runs
Tom Hughes [Tue, 28 Feb 2023 08:26:55 +0000 (08:26 +0000)]
Fix alerting for failed chef runs

21 months agoFix alerting for failed chef runs
Tom Hughes [Mon, 27 Feb 2023 22:33:53 +0000 (22:33 +0000)]
Fix alerting for failed chef runs

22 months agoMerge remote-tracking branch 'github/pull/584'
Tom Hughes [Sun, 26 Feb 2023 18:43:57 +0000 (18:43 +0000)]
Merge remote-tracking branch 'github/pull/584'

22 months agotile: Serve a tilejson pointing at the correct tile URLs
Paul Norman [Thu, 23 Feb 2023 04:51:07 +0000 (20:51 -0800)]
tile: Serve a tilejson pointing at the correct tile URLs

22 months agoRun collectors as oneshot services
Tom Hughes [Fri, 24 Feb 2023 22:24:58 +0000 (22:24 +0000)]
Run collectors as oneshot services

This ensures that the post step that renames the output won't
run until the collector is finished.

22 months agoAdd an alert for RAID controller battery failures
Tom Hughes [Fri, 24 Feb 2023 14:28:18 +0000 (14:28 +0000)]
Add an alert for RAID controller battery failures

22 months agoAllow CAP_SYS_RAWIO for the ohai collector
Tom Hughes [Fri, 24 Feb 2023 14:26:25 +0000 (14:26 +0000)]
Allow CAP_SYS_RAWIO for the ohai collector