]>
git.openstreetmap.org Git - chef.git/log
Tom Hughes [Wed, 20 Mar 2024 12:45:49 +0000 (12:45 +0000)]
Validate local parts for messages.openstreetmap.org to untaint them
Grant Slater [Wed, 20 Mar 2024 10:32:54 +0000 (10:32 +0000)]
networking: ensure nftables script checks input
Ensure the nftables script does not prematurely exit on any invalid input.
eg: If unblocking a set of IPs skip any not currently blocked instead of premature exit.
Signed-off-by: Grant Slater <github@firefishy.com>
Grant Slater [Tue, 19 Mar 2024 23:41:02 +0000 (23:41 +0000)]
apache: increase mod_evasive page_count to reduce iD false positives
Tom Hughes [Tue, 19 Mar 2024 21:20:03 +0000 (21:20 +0000)]
Fix fail2ban evasive filter
Grant Slater [Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)]
networking: add flush command to nftables script
Grant Slater [Mon, 18 Mar 2024 17:50:31 +0000 (17:50 +0000)]
podman: fix typo in param
Grant Slater [Mon, 18 Mar 2024 17:33:01 +0000 (17:33 +0000)]
podman: increase default pid limit.
Workaround 2048 pid limit. Extremely low, causing issues with titiler.
Ideally should be set using a paramater.
Signed-off-by: Grant Slater <github@firefishy.com>
Tom Hughes [Mon, 18 Mar 2024 17:28:05 +0000 (17:28 +0000)]
Add alert for node exporter text file scrape errors
Grant Slater [Mon, 18 Mar 2024 14:49:38 +0000 (14:49 +0000)]
imagery: use https for tiler
Grant Slater [Mon, 18 Mar 2024 14:08:27 +0000 (14:08 +0000)]
imagery: add ngi-aerial code
Tom Hughes [Fri, 15 Mar 2024 15:56:57 +0000 (15:56 +0000)]
Revet accidental commit
Grant Slater [Fri, 15 Mar 2024 12:18:39 +0000 (12:18 +0000)]
community: security bump version
Tom Hughes [Fri, 15 Mar 2024 10:02:27 +0000 (10:02 +0000)]
Disable exim paniclog watcher
Tom Hughes [Fri, 15 Mar 2024 10:01:26 +0000 (10:01 +0000)]
Fix exim daemon options for Ubuntu
Tom Hughes [Thu, 14 Mar 2024 11:19:04 +0000 (11:19 +0000)]
Drop attempt at SPF checking
Tom Hughes [Thu, 14 Mar 2024 10:52:05 +0000 (10:52 +0000)]
Accept any mail that passes an osmfoundation.org SPF check
Tom Hughes [Thu, 14 Mar 2024 09:42:26 +0000 (09:42 +0000)]
Reject incoming mail which fails SPF checks
Grant Slater [Wed, 13 Mar 2024 14:48:11 +0000 (14:48 +0000)]
Add munin web redirects to prometheus
Grant Slater [Wed, 13 Mar 2024 14:39:59 +0000 (14:39 +0000)]
Scrub last munin traces
Signed-off-by: Grant Slater <github@firefishy.com>
Grant Slater [Wed, 13 Mar 2024 14:31:29 +0000 (14:31 +0000)]
Remove munin-server GHA test
Grant Slater [Wed, 13 Mar 2024 14:29:13 +0000 (14:29 +0000)]
Remove munin server role
Grant Slater [Tue, 12 Mar 2024 20:45:46 +0000 (20:45 +0000)]
Remove munin
Fixed: https://github.com/openstreetmap/operations/issues/501
Signed-off-by: Grant Slater <github@firefishy.com>
Grant Slater [Tue, 12 Mar 2024 21:15:16 +0000 (21:15 +0000)]
hardware: do not fail if node[:hardware][:pci] is undefined (tests)
Grant Slater [Tue, 12 Mar 2024 14:05:05 +0000 (14:05 +0000)]
git: use extended combined_extended
Tom Hughes [Tue, 12 Mar 2024 13:19:13 +0000 (13:19 +0000)]
Restore comment
Grant Slater [Tue, 12 Mar 2024 13:14:03 +0000 (13:14 +0000)]
apache: remove unneeded combined_extended hack for 20.04
Tom Hughes [Tue, 12 Mar 2024 12:57:46 +0000 (12:57 +0000)]
Tidy up mod_evasive configuration
Grant Slater [Tue, 12 Mar 2024 12:56:59 +0000 (12:56 +0000)]
wordpress: use combined_extended logging
Grant Slater [Tue, 12 Mar 2024 12:42:06 +0000 (12:42 +0000)]
mediawiki: add back missing param
Grant Slater [Tue, 12 Mar 2024 12:39:55 +0000 (12:39 +0000)]
mediawiki: disable Extension:LocalisationUpdate
Grant Slater [Tue, 12 Mar 2024 12:36:38 +0000 (12:36 +0000)]
mediawiki: add RewriteCond for server-info
Grant Slater [Tue, 12 Mar 2024 12:31:14 +0000 (12:31 +0000)]
apache: set our correct defaults for mod_evasive
Grant Slater [Tue, 12 Mar 2024 12:17:31 +0000 (12:17 +0000)]
apache: relax mod_evasive further
Grant Slater [Tue, 12 Mar 2024 12:08:59 +0000 (12:08 +0000)]
apache: parameterise mod_evasive
Sarah Hoffmann [Tue, 12 Mar 2024 11:02:09 +0000 (12:02 +0100)]
nominatim: migrate versions before installing the software
Avoids disruptions where the migration is needed for the frontend
to function properly (e.g. when creating new indexes).
Sarah Hoffmann [Tue, 12 Mar 2024 11:01:24 +0000 (12:01 +0100)]
overpass: remove last traces of timer for area processor
Tom Hughes [Tue, 12 Mar 2024 09:00:20 +0000 (09:00 +0000)]
Adjust trigger for evasive jail
Tom Hughes [Tue, 12 Mar 2024 08:52:58 +0000 (08:52 +0000)]
Restrict fail2ban to evasive blocks instead of all 403 errors
Tom Hughes [Mon, 11 Mar 2024 21:27:37 +0000 (21:27 +0000)]
Relax evasive limits some more
Tom Hughes [Mon, 11 Mar 2024 20:13:00 +0000 (20:13 +0000)]
Make evasive configuration work
Tom Hughes [Mon, 11 Mar 2024 19:18:32 +0000 (19:18 +0000)]
Pass bantime and findtime to jail config correctly
Tom Hughes [Mon, 11 Mar 2024 19:12:03 +0000 (19:12 +0000)]
Reduce look back for forbidden request jail
Tom Hughes [Mon, 11 Mar 2024 18:20:56 +0000 (18:20 +0000)]
Relax site count limit for evasive
Tom Hughes [Mon, 11 Mar 2024 17:48:37 +0000 (17:48 +0000)]
Relax page count limit for evasive
Tom Hughes [Mon, 11 Mar 2024 17:41:32 +0000 (17:41 +0000)]
Actively disable mod_evasive when necessary
Tom Hughes [Mon, 11 Mar 2024 17:39:18 +0000 (17:39 +0000)]
Disable mod_evasive for prometheus
Tom Hughes [Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)]
Use fail2ban to block IPs getting repeated HTTP forbidden responses
Tom Hughes [Mon, 11 Mar 2024 17:15:10 +0000 (17:15 +0000)]
Enable mod_evasive for all apache instances except render servers
Tom Hughes [Mon, 11 Mar 2024 17:18:16 +0000 (17:18 +0000)]
Drop unused attribute
Tom Hughes [Mon, 11 Mar 2024 08:40:10 +0000 (08:40 +0000)]
Add an alert for mysql connection errors
Tom Hughes [Mon, 11 Mar 2024 08:27:44 +0000 (08:27 +0000)]
Increase mysql connection limit for the wiki
Tom Hughes [Sun, 10 Mar 2024 21:06:38 +0000 (21:06 +0000)]
Remove ifupdown to stop it trying to manage the network
Grant Slater [Sun, 10 Mar 2024 20:20:20 +0000 (20:20 +0000)]
mailman: automate year match code
Grant Slater [Sun, 10 Mar 2024 20:15:25 +0000 (20:15 +0000)]
apache: fix combined_extended compatibility with Ubuntu 20.04
Grant Slater [Sun, 10 Mar 2024 19:49:49 +0000 (19:49 +0000)]
apache: use new combined_extended log format instead of combined
Grant Slater [Sun, 10 Mar 2024 19:45:12 +0000 (19:45 +0000)]
Remove gorwen DNS and DHCP
Grant Slater [Sun, 10 Mar 2024 15:37:16 +0000 (15:37 +0000)]
wiki: Delay abusive scrapers
Tom Hughes [Sun, 10 Mar 2024 13:46:40 +0000 (13:46 +0000)]
Increase size of php-fpm pool for the main wiki
Tom Hughes [Sun, 10 Mar 2024 13:44:45 +0000 (13:44 +0000)]
Drop separate secure logs for mediawiki instances
Tom Hughes [Sun, 10 Mar 2024 13:42:46 +0000 (13:42 +0000)]
Define an extended log format for apachae requests
Adds the request time and SSL details to the standard combined format.
Grant Slater [Sun, 10 Mar 2024 13:07:01 +0000 (13:07 +0000)]
mediawiki: add apache request duration logging
Grant Slater [Sun, 10 Mar 2024 13:06:25 +0000 (13:06 +0000)]
wiki: remove outdated file
Guillaume RISCHARD [Fri, 8 Mar 2024 23:02:48 +0000 (18:02 -0500)]
Try 307 redirect instead of 308
Tom Hughes [Fri, 8 Mar 2024 09:31:49 +0000 (09:31 +0000)]
Drop cleanup code
Tom Hughes [Fri, 8 Mar 2024 09:26:07 +0000 (09:26 +0000)]
Delete mediawiki link refresh service and timer
Tom Hughes [Fri, 8 Mar 2024 09:16:05 +0000 (09:16 +0000)]
Disable mediawiki link refresh job on all wikis
Tom Hughes [Thu, 7 Mar 2024 22:06:11 +0000 (22:06 +0000)]
Drop role for gorwen
Tom Hughes [Thu, 7 Mar 2024 17:47:57 +0000 (17:47 +0000)]
Drop user_tokens table
Grant Slater [Thu, 7 Mar 2024 11:45:54 +0000 (11:45 +0000)]
osqa: block login access and conditional posts
Grant Slater [Thu, 7 Mar 2024 11:08:40 +0000 (11:08 +0000)]
planet: always set cors header
Always set CORS header to ensure the header is also set on redirects.
Fixes: https://github.com/openstreetmap/operations/issues/1038
Signed-off-by: Grant Slater <github@firefishy.com>
Guillaume Rischard [Wed, 6 Mar 2024 23:53:42 +0000 (18:53 -0500)]
Use 308 redirect to keep IDN POST parameters
With many thanks to @MegaphoneJon for the precious help!
Tom Hughes [Tue, 5 Mar 2024 10:35:44 +0000 (10:35 +0000)]
Enable hardware watchdog support on more machines
Tom Hughes [Mon, 4 Mar 2024 19:18:27 +0000 (19:18 +0000)]
Enable hardware watchdog on HP machines
Sarah Hoffmann [Mon, 4 Mar 2024 14:44:12 +0000 (15:44 +0100)]
overpass: update to newest version
Also avoid failing import script when systemd scripts not yet enabled.
Tom Hughes [Mon, 4 Mar 2024 08:16:46 +0000 (08:16 +0000)]
Add overpass-query role to grisu
Tom Hughes [Fri, 1 Mar 2024 08:15:58 +0000 (08:15 +0000)]
Disable registration of OAuth 1 clients
Tom Hughes [Tue, 20 Feb 2024 20:46:34 +0000 (20:46 +0000)]
Add Yandex to imagery blacklist
Sarah Hoffmann [Mon, 19 Feb 2024 09:35:43 +0000 (10:35 +0100)]
nominatim: disable luajit
Something is potentially buggy with luajit and causes data loss.
Tom Hughes [Wed, 14 Feb 2024 21:43:05 +0000 (21:43 +0000)]
Update chef client to 18.4.2
Tom Hughes [Thu, 8 Feb 2024 20:01:10 +0000 (20:01 +0000)]
Disable OAuth 1.0 support
Tom Hughes [Wed, 7 Feb 2024 11:43:45 +0000 (11:43 +0000)]
Merge remote-tracking branch 'github/pull/649'
dependabot[bot] [Wed, 7 Feb 2024 11:41:08 +0000 (11:41 +0000)]
build(deps): bump cookstyle from 7.32.2 to 7.32.8
Bumps [cookstyle](https://github.com/chef/cookstyle) from 7.32.2 to 7.32.8.
- [Release notes](https://github.com/chef/cookstyle/releases)
- [Changelog](https://github.com/chef/cookstyle/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chef/cookstyle/compare/v7.32.2...v7.32.8)
---
updated-dependencies:
- dependency-name: cookstyle
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Guillaume RISCHARD [Sat, 3 Feb 2024 15:36:25 +0000 (10:36 -0500)]
Civicrm extension update
Guillaume RISCHARD [Sat, 3 Feb 2024 00:25:01 +0000 (19:25 -0500)]
Civicrm core version bump
Tom Hughes [Wed, 31 Jan 2024 15:37:41 +0000 (15:37 +0000)]
Enable rate limiting for dev cgimap instances
Tom Hughes [Fri, 26 Jan 2024 12:36:28 +0000 (12:36 +0000)]
Add a test instance for the login/signup rework
Tom Hughes [Wed, 24 Jan 2024 09:33:10 +0000 (09:33 +0000)]
Extend search period and ban time for trackpoint jail
Tom Hughes [Wed, 24 Jan 2024 08:31:24 +0000 (08:31 +0000)]
Add fail2ban block for repeated timeouts on the trackpoints API call
Tom Hughes [Wed, 24 Jan 2024 08:23:41 +0000 (08:23 +0000)]
Fix active query alerts
Tom Hughes [Tue, 23 Jan 2024 09:10:10 +0000 (09:10 +0000)]
Drop duplicate replication lag alert
Tom Hughes [Tue, 23 Jan 2024 09:09:38 +0000 (09:09 +0000)]
Add alerts for high numbers of active queries on the main database
Tom Hughes [Tue, 23 Jan 2024 08:56:21 +0000 (08:56 +0000)]
Drop redundant alert that does nothing
Tom Hughes [Thu, 18 Jan 2024 12:21:35 +0000 (12:21 +0000)]
Tighten timeouts and log request timeouts
Grant Slater [Mon, 15 Jan 2024 17:12:50 +0000 (17:12 +0000)]
imagery: workaround account issue in tests
Tom Hughes [Mon, 15 Jan 2024 09:51:12 +0000 (09:51 +0000)]
Move yearly reindex to start a day earlier
Grant Slater [Sat, 13 Jan 2024 21:30:07 +0000 (21:30 +0000)]
imagery: tiler env var tweaks
Grant Slater [Thu, 11 Jan 2024 14:03:21 +0000 (14:03 +0000)]
dns: upgrade dnscontrol to 4.8.1
Tom Hughes [Thu, 11 Jan 2024 09:27:24 +0000 (09:27 +0000)]
Revert "Disable login with facebook"
This reverts commit
31e786d715dbb4599a129f5e3bbfdda7c1c54cbb .
Tom Hughes [Wed, 10 Jan 2024 14:14:05 +0000 (14:14 +0000)]
Disable login with facebook
Grant Slater [Wed, 10 Jan 2024 11:37:37 +0000 (11:37 +0000)]
imagery: add forwarded header