]> git.openstreetmap.org Git - chef.git/log
chef.git
20 months agoRemove size limits on firewall sets
Tom Hughes [Sun, 5 Mar 2023 19:45:59 +0000 (19:45 +0000)]
Remove size limits on firewall sets

20 months agoEnable rate limits
Tom Hughes [Sun, 5 Mar 2023 17:28:14 +0000 (17:28 +0000)]
Enable rate limits

20 months agoUpdate networking tests for nftables switch
Tom Hughes [Sun, 5 Mar 2023 16:20:59 +0000 (16:20 +0000)]
Update networking tests for nftables switch

20 months agoEnable connections limits on a per-source basis
Tom Hughes [Sun, 5 Mar 2023 15:33:44 +0000 (15:33 +0000)]
Enable connections limits on a per-source basis

20 months agoDisable rate and connection limits
Tom Hughes [Sun, 5 Mar 2023 14:00:05 +0000 (14:00 +0000)]
Disable rate and connection limits

20 months agoAllow AWS DNS queries through the firewall
Tom Hughes [Sun, 5 Mar 2023 12:40:05 +0000 (12:40 +0000)]
Allow AWS DNS queries through the firewall

20 months agoSwitch remaining servers to nftables
Tom Hughes [Sun, 5 Mar 2023 12:21:34 +0000 (12:21 +0000)]
Switch remaining servers to nftables

20 months agoSwitch machines in Amsterdam to use nftables
Tom Hughes [Sun, 5 Mar 2023 11:09:30 +0000 (11:09 +0000)]
Switch machines in Amsterdam to use nftables

20 months agoMatch interfaces by name so we can start nftables before they exist
Tom Hughes [Sun, 5 Mar 2023 10:33:30 +0000 (10:33 +0000)]
Match interfaces by name so we can start nftables before they exist

20 months agoLimit NAT to IPv4 interfaces
Tom Hughes [Sun, 5 Mar 2023 09:35:57 +0000 (09:35 +0000)]
Limit NAT to IPv4 interfaces

20 months agoSwitch machines in Dublin to use nftables
Tom Hughes [Sun, 5 Mar 2023 09:33:32 +0000 (09:33 +0000)]
Switch machines in Dublin to use nftables

20 months agoFix typo
Tom Hughes [Sat, 4 Mar 2023 15:55:20 +0000 (15:55 +0000)]
Fix typo

20 months agoFix flag matches to work on 20.04
Tom Hughes [Sat, 4 Mar 2023 15:53:25 +0000 (15:53 +0000)]
Fix flag matches to work on 20.04

20 months agoHandle machines with no external interface
Tom Hughes [Sat, 4 Mar 2023 15:50:22 +0000 (15:50 +0000)]
Handle machines with no external interface

20 months agoSwitch all machines at UCL to use nftables
Tom Hughes [Sat, 4 Mar 2023 15:47:15 +0000 (15:47 +0000)]
Switch all machines at UCL to use nftables

20 months agoBlock unspecified and multicast addresses on the outside
Tom Hughes [Sat, 4 Mar 2023 15:38:58 +0000 (15:38 +0000)]
Block unspecified and multicast addresses on the outside

20 months agoLimit echo on a per source basis
Tom Hughes [Sat, 4 Mar 2023 15:32:38 +0000 (15:32 +0000)]
Limit echo on a per source basis

20 months agoMake nftables block various invalid TCP flag combinations
Tom Hughes [Sat, 4 Mar 2023 15:27:15 +0000 (15:27 +0000)]
Make nftables block various invalid TCP flag combinations

20 months agoDon't log rate limited echo request packets
Tom Hughes [Sat, 4 Mar 2023 15:16:45 +0000 (15:16 +0000)]
Don't log rate limited echo request packets

20 months agoAvoid dropping third party tables when stopping an nftables firewall
Tom Hughes [Sat, 4 Mar 2023 14:58:19 +0000 (14:58 +0000)]
Avoid dropping third party tables when stopping an nftables firewall

20 months agoEliminate need for dummy addresses in when running under test
Tom Hughes [Sat, 4 Mar 2023 14:44:05 +0000 (14:44 +0000)]
Eliminate need for dummy addresses in when running under test

20 months agoRevert "Only flush our table to avoid disrupting other nftables users"
Tom Hughes [Sat, 4 Mar 2023 13:00:40 +0000 (13:00 +0000)]
Revert "Only flush our table to avoid disrupting other nftables users"

This reverts commit 400fc6d71c476dba84aa52c5bf694caa8c4346dd.

20 months agoOnly flush our table to avoid disrupting other nftables users
Tom Hughes [Sat, 4 Mar 2023 12:57:20 +0000 (12:57 +0000)]
Only flush our table to avoid disrupting other nftables users

20 months agoUse named sets for OSM IP addresses
Tom Hughes [Sat, 4 Mar 2023 12:46:14 +0000 (12:46 +0000)]
Use named sets for OSM IP addresses

20 months agoLimit mail connections from smarthosts by address
Tom Hughes [Sat, 4 Mar 2023 12:32:41 +0000 (12:32 +0000)]
Limit mail connections from smarthosts by address

20 months agoAllow all mail relays to relay from any host
Tom Hughes [Sat, 4 Mar 2023 12:26:20 +0000 (12:26 +0000)]
Allow all mail relays to relay from any host

20 months agoFix port range syntax for nftables
Tom Hughes [Sat, 4 Mar 2023 12:03:53 +0000 (12:03 +0000)]
Fix port range syntax for nftables

20 months agoDon't bother disabling shorewall before we remove it
Tom Hughes [Sat, 4 Mar 2023 11:53:34 +0000 (11:53 +0000)]
Don't bother disabling shorewall before we remove it

20 months agoFix typo
Tom Hughes [Sat, 4 Mar 2023 11:51:16 +0000 (11:51 +0000)]
Fix typo

20 months agoUse strings for network families
Tom Hughes [Sat, 4 Mar 2023 11:49:05 +0000 (11:49 +0000)]
Use strings for network families

20 months agoSwitch noquiklos to use an nftables firewall
Tom Hughes [Sat, 4 Mar 2023 11:45:53 +0000 (11:45 +0000)]
Switch noquiklos to use an nftables firewall

20 months agoAdd support for using an nftables based firewall
Tom Hughes [Fri, 3 Mar 2023 18:07:47 +0000 (18:07 +0000)]
Add support for using an nftables based firewall

20 months agodns: fix dnscontrol dpkg install
Grant Slater [Thu, 2 Mar 2023 17:44:19 +0000 (17:44 +0000)]
dns: fix dnscontrol dpkg install

20 months agodns: Upgrade dnscontrol to 3.27.1
Grant Slater [Thu, 2 Mar 2023 05:56:17 +0000 (05:56 +0000)]
dns: Upgrade dnscontrol to 3.27.1

Signed-off-by: Grant Slater <github@firefishy.com>
20 months agoFix alerting for failed chef runs
Tom Hughes [Tue, 28 Feb 2023 08:26:55 +0000 (08:26 +0000)]
Fix alerting for failed chef runs

20 months agoFix alerting for failed chef runs
Tom Hughes [Mon, 27 Feb 2023 22:33:53 +0000 (22:33 +0000)]
Fix alerting for failed chef runs

20 months agoMerge remote-tracking branch 'github/pull/584'
Tom Hughes [Sun, 26 Feb 2023 18:43:57 +0000 (18:43 +0000)]
Merge remote-tracking branch 'github/pull/584'

20 months agotile: Serve a tilejson pointing at the correct tile URLs
Paul Norman [Thu, 23 Feb 2023 04:51:07 +0000 (20:51 -0800)]
tile: Serve a tilejson pointing at the correct tile URLs

20 months agoRun collectors as oneshot services
Tom Hughes [Fri, 24 Feb 2023 22:24:58 +0000 (22:24 +0000)]
Run collectors as oneshot services

This ensures that the post step that renames the output won't
run until the collector is finished.

21 months agoAdd an alert for RAID controller battery failures
Tom Hughes [Fri, 24 Feb 2023 14:28:18 +0000 (14:28 +0000)]
Add an alert for RAID controller battery failures

21 months agoAllow CAP_SYS_RAWIO for the ohai collector
Tom Hughes [Fri, 24 Feb 2023 14:26:25 +0000 (14:26 +0000)]
Allow CAP_SYS_RAWIO for the ohai collector

21 months agoMonitor battery/capacitor status for HP RAID controller
Tom Hughes [Fri, 24 Feb 2023 14:03:24 +0000 (14:03 +0000)]
Monitor battery/capacitor status for HP RAID controller

21 months agoMerge remote-tracking branch 'github/pull/582'
Tom Hughes [Thu, 23 Feb 2023 17:52:44 +0000 (17:52 +0000)]
Merge remote-tracking branch 'github/pull/582'

21 months agotile: clean up old static files
Paul Norman [Thu, 23 Feb 2023 04:38:33 +0000 (20:38 -0800)]
tile: clean up old static files

These files are either no longer used, or have whitespace cleanups.

21 months agocommunity: use sudo to install plugins
Grant Slater [Thu, 23 Feb 2023 03:51:32 +0000 (03:51 +0000)]
community: use sudo to install plugins

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoMove remaining planet serving work to norbert
Tom Hughes [Mon, 20 Feb 2023 10:24:50 +0000 (10:24 +0000)]
Move remaining planet serving work to norbert

21 months agoMove planetdump role to norbert
Tom Hughes [Sun, 19 Feb 2023 19:22:08 +0000 (19:22 +0000)]
Move planetdump role to norbert

21 months agoRemove backup role from ironbelly
Tom Hughes [Sun, 19 Feb 2023 09:49:48 +0000 (09:49 +0000)]
Remove backup role from ironbelly

21 months agoAdd backup role to norbert
Tom Hughes [Sat, 18 Feb 2023 17:29:12 +0000 (17:29 +0000)]
Add backup role to norbert

21 months agonominatim: add static files to serve in production
Sarah Hoffmann [Sat, 18 Feb 2023 09:42:27 +0000 (10:42 +0100)]
nominatim: add static files to serve in production

These came previously with the OSMF-specific Nominatim source code.
This doesn't work anymore since the project directory is used for
serving.

21 months agoRemove cleanup code
Tom Hughes [Fri, 17 Feb 2023 19:10:35 +0000 (19:10 +0000)]
Remove cleanup code

21 months agofoundation: use noreply wiki sender
Grant Slater [Fri, 17 Feb 2023 18:45:24 +0000 (18:45 +0000)]
foundation: use noreply wiki sender

21 months agohardware: Do not scale CPU frequency for niced processes
Grant Slater [Fri, 17 Feb 2023 16:09:27 +0000 (16:09 +0000)]
hardware: Do not scale CPU frequency for niced processes

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoReduce sensitivity of postgres replication alarms
Tom Hughes [Thu, 16 Feb 2023 19:03:53 +0000 (19:03 +0000)]
Reduce sensitivity of postgres replication alarms

21 months agoMerge remote-tracking branch 'github/pull/572'
Tom Hughes [Thu, 16 Feb 2023 18:24:20 +0000 (18:24 +0000)]
Merge remote-tracking branch 'github/pull/572'

21 months agobuild(deps): bump serverspec from 2.42.1 to 2.42.2
dependabot[bot] [Thu, 16 Feb 2023 11:56:54 +0000 (11:56 +0000)]
build(deps): bump serverspec from 2.42.1 to 2.42.2

Bumps [serverspec](http://serverspec.org/) from 2.42.1 to 2.42.2.

---
updated-dependencies:
- dependency-name: serverspec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
21 months agoserverinfo: fix run order
Grant Slater [Wed, 15 Feb 2023 16:01:06 +0000 (16:01 +0000)]
serverinfo: fix run order

21 months agoserverinfo: fix vendor folder
Grant Slater [Wed, 15 Feb 2023 15:56:43 +0000 (15:56 +0000)]
serverinfo: fix vendor folder

21 months agoserverinfo: Do not install gems as root
Grant Slater [Wed, 15 Feb 2023 15:49:37 +0000 (15:49 +0000)]
serverinfo: Do not install gems as root

21 months agoFix name of stateofthemap site
Tom Hughes [Wed, 15 Feb 2023 12:25:51 +0000 (12:25 +0000)]
Fix name of stateofthemap site

21 months agoMerge remote-tracking branch 'github/pull/580'
Tom Hughes [Wed, 15 Feb 2023 12:13:54 +0000 (12:13 +0000)]
Merge remote-tracking branch 'github/pull/580'

21 months agoRemove tile per IP rate limiting
Paul Norman [Sun, 12 Feb 2023 04:24:58 +0000 (20:24 -0800)]
Remove tile per IP rate limiting

With the ability to ratelimit on the CDN, this is no longer necessary

21 months agohardware: Change CPU energy_perf_bias performance -> balance-performance
Grant Slater [Wed, 15 Feb 2023 02:26:30 +0000 (02:26 +0000)]
hardware: Change CPU energy_perf_bias performance -> balance-performance

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoSwitch containerised sites to use podman_site
Tom Hughes [Mon, 13 Feb 2023 18:59:26 +0000 (18:59 +0000)]
Switch containerised sites to use podman_site

21 months agoAdd podman_site resource
Tom Hughes [Mon, 13 Feb 2023 18:59:18 +0000 (18:59 +0000)]
Add podman_site resource

21 months agoMerge remote-tracking branch 'github/pull/579'
Tom Hughes [Tue, 14 Feb 2023 10:28:18 +0000 (10:28 +0000)]
Merge remote-tracking branch 'github/pull/579'

21 months agostateofthemap: Move Chooser to container
Grant Slater [Mon, 13 Feb 2023 22:06:45 +0000 (22:06 +0000)]
stateofthemap: Move Chooser to container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agosvn: Move to container
Grant Slater [Mon, 13 Feb 2023 22:05:42 +0000 (22:05 +0000)]
svn: Move to container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agotrac: Move to container
Grant Slater [Mon, 13 Feb 2023 22:05:29 +0000 (22:05 +0000)]
trac: Move to container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoFix rubocop rule name
Tom Hughes [Mon, 13 Feb 2023 20:17:46 +0000 (20:17 +0000)]
Fix rubocop rule name

21 months agoFix reloading of timers
Tom Hughes [Mon, 13 Feb 2023 19:15:53 +0000 (19:15 +0000)]
Fix reloading of timers

21 months agoDon't require description for timers
Tom Hughes [Mon, 13 Feb 2023 19:07:11 +0000 (19:07 +0000)]
Don't require description for timers

21 months agoModify existing podman update timer instead of creating a new one
Tom Hughes [Mon, 13 Feb 2023 19:01:55 +0000 (19:01 +0000)]
Modify existing podman update timer instead of creating a new one

21 months agoAdd dropin support for systemd timers
Tom Hughes [Mon, 13 Feb 2023 18:58:20 +0000 (18:58 +0000)]
Add dropin support for systemd timers

21 months agopodman: Increase podman-auto-update.service frequency
Grant Slater [Mon, 13 Feb 2023 18:38:52 +0000 (18:38 +0000)]
podman: Increase podman-auto-update.service frequency

21 months agoMerge remote-tracking branch 'github/pull/578'
Tom Hughes [Sun, 12 Feb 2023 22:42:24 +0000 (22:42 +0000)]
Merge remote-tracking branch 'github/pull/578'

21 months agoMove switch2osm role from ridley -> naga
Grant Slater [Sun, 12 Feb 2023 22:40:54 +0000 (22:40 +0000)]
Move switch2osm role from ridley -> naga

21 months agoswitch2osm: Use container
Grant Slater [Sun, 12 Feb 2023 22:13:48 +0000 (22:13 +0000)]
switch2osm: Use container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agosotm: increase docker_external_port offset
Grant Slater [Sun, 12 Feb 2023 22:18:52 +0000 (22:18 +0000)]
sotm: increase docker_external_port offset

21 months agoMerge remote-tracking branch 'github/pull/573'
Tom Hughes [Sun, 12 Feb 2023 19:01:02 +0000 (19:01 +0000)]
Merge remote-tracking branch 'github/pull/573'

21 months agoMerge remote-tracking branch 'github/pull/577'
Tom Hughes [Sun, 12 Feb 2023 18:37:02 +0000 (18:37 +0000)]
Merge remote-tracking branch 'github/pull/577'

21 months agoMerge remote-tracking branch 'github/pull/575'
Tom Hughes [Sun, 12 Feb 2023 18:35:15 +0000 (18:35 +0000)]
Merge remote-tracking branch 'github/pull/575'

21 months agoirc: Use container
Grant Slater [Sun, 12 Feb 2023 16:24:29 +0000 (16:24 +0000)]
irc: Use container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agotrac: remove unused files
Grant Slater [Sun, 12 Feb 2023 14:49:55 +0000 (14:49 +0000)]
trac: remove unused files

21 months agoUse SotM 2013 container and rename jekyll recipe to container
Grant Slater [Sun, 12 Feb 2023 13:53:18 +0000 (13:53 +0000)]
Use SotM 2013 container and rename jekyll recipe to container

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoMove foundation::owg to naga
Grant Slater [Sun, 12 Feb 2023 12:57:14 +0000 (12:57 +0000)]
Move foundation::owg to naga

21 months agoUse operations.osmfoundation.org container
Grant Slater [Sun, 12 Feb 2023 12:56:42 +0000 (12:56 +0000)]
Use operations.osmfoundation.org container

21 months agoActivation of "Catwatch"
Tigerfell [Sat, 17 Dec 2022 13:39:21 +0000 (14:39 +0100)]
Activation of "Catwatch"

implements openstreetmap/operations#351

21 months agoMove jekyll based stateofthe map sites to naga
Tom Hughes [Sun, 12 Feb 2023 12:33:50 +0000 (12:33 +0000)]
Move jekyll based stateofthe map sites to naga

21 months agoUse consistent ordering in apache configuration
Tom Hughes [Sun, 12 Feb 2023 12:31:35 +0000 (12:31 +0000)]
Use consistent ordering in apache configuration

21 months agoMerge remote-tracking branch 'github/pull/571'
Tom Hughes [Sun, 12 Feb 2023 12:28:18 +0000 (12:28 +0000)]
Merge remote-tracking branch 'github/pull/571'

21 months agoRedirect welcome alias to primary site
Grant Slater [Sun, 12 Feb 2023 12:17:29 +0000 (12:17 +0000)]
Redirect welcome alias to primary site

21 months agosotm: Switch to using containers for jekyll sites
Grant Slater [Sat, 11 Feb 2023 22:49:47 +0000 (22:49 +0000)]
sotm: Switch to using containers for jekyll sites

Signed-off-by: Grant Slater <github@firefishy.com>
21 months agoReduce sensitivity of render rate alarm
Tom Hughes [Sun, 12 Feb 2023 11:18:17 +0000 (11:18 +0000)]
Reduce sensitivity of render rate alarm

21 months agopodman: use 1500 mtu with slirp4netns for max performance
Grant Slater [Sat, 11 Feb 2023 19:28:48 +0000 (19:28 +0000)]
podman: use 1500 mtu with slirp4netns for max performance

21 months agoDeploy welcome.openstreetmap.org on naga
Tom Hughes [Sat, 11 Feb 2023 17:19:44 +0000 (17:19 +0000)]
Deploy welcome.openstreetmap.org on naga

21 months agoMerge remote-tracking branch 'github/pull/570'
Tom Hughes [Sat, 11 Feb 2023 17:21:10 +0000 (17:21 +0000)]
Merge remote-tracking branch 'github/pull/570'

21 months agonominatim: add new dependency
Sarah Hoffmann [Sat, 11 Feb 2023 13:16:34 +0000 (14:16 +0100)]
nominatim: add new dependency

21 months agoAdd foundation-welcome to GHA tests
Grant Slater [Fri, 27 Jan 2023 16:17:25 +0000 (16:17 +0000)]
Add foundation-welcome to GHA tests

21 months agoAdd docker based welcome.openstreetmap.org
Grant Slater [Fri, 27 Jan 2023 15:57:25 +0000 (15:57 +0000)]
Add docker based welcome.openstreetmap.org