]>
git.openstreetmap.org Git - chef.git/log
Grant Slater [Sun, 23 Nov 2014 00:39:04 +0000 (00:39 +0000)]
cgiirc: add #osmf-gm
Tom Hughes [Sat, 22 Nov 2014 20:39:44 +0000 (20:39 +0000)]
Check for file existence properly
Tom Hughes [Sat, 22 Nov 2014 18:21:27 +0000 (18:21 +0000)]
Revert "Move readonly database traffic to katla"
This reverts commit
edbe311b82bafe71634634d1dfc49b82af2c392d .
Tom Hughes [Fri, 21 Nov 2014 18:28:59 +0000 (18:28 +0000)]
Move readonly database traffic to katla
Tom Hughes [Fri, 21 Nov 2014 00:17:46 +0000 (00:17 +0000)]
Update piwik to 2.9.1
Tom Hughes [Fri, 21 Nov 2014 00:15:38 +0000 (00:15 +0000)]
Send PHP requests to PHP-FPM without checking the file exists
Tom Hughes [Mon, 17 Nov 2014 15:21:25 +0000 (15:21 +0000)]
Remove some unused APT sources
Tom Hughes [Sat, 15 Nov 2014 16:42:04 +0000 (16:42 +0000)]
Update carto stylesheet to v2.24.0
Tom Hughes [Fri, 14 Nov 2014 19:22:59 +0000 (19:22 +0000)]
Ridley is now a G6 machine
Tom Hughes [Fri, 14 Nov 2014 18:58:00 +0000 (18:58 +0000)]
Update piwik to 2.9.0
Tom Hughes [Thu, 13 Nov 2014 09:28:08 +0000 (09:28 +0000)]
Only pass PHP files which exist to PHP-FPM
Tom Hughes [Sun, 9 Nov 2014 12:23:16 +0000 (12:23 +0000)]
Make sure we log the real client IP on the web backends
Tom Hughes [Fri, 7 Nov 2014 19:50:18 +0000 (19:50 +0000)]
Delete the secret_key_base attribute when dropping a dev site
Tom Hughes [Fri, 7 Nov 2014 15:46:46 +0000 (15:46 +0000)]
Drop use of sender callout verification completely
Tom Hughes [Fri, 7 Nov 2014 11:57:12 +0000 (11:57 +0000)]
Drop some old dev sites
Tom Hughes [Tue, 4 Nov 2014 10:30:25 +0000 (10:30 +0000)]
Exempt some github addresses from sender callouts
Tom Hughes [Sun, 2 Nov 2014 08:43:13 +0000 (08:43 +0000)]
Only install osmadmins on 12.04 machines
Tom Hughes [Sun, 2 Nov 2014 08:40:08 +0000 (08:40 +0000)]
Use old-releases.ubuntu.com for quantal machines
Grant Slater [Sun, 2 Nov 2014 01:43:58 +0000 (01:43 +0000)]
Install haveged to avoid entropy starvation
Tom Hughes [Fri, 31 Oct 2014 10:19:03 +0000 (10:19 +0000)]
Correct location of archived logs for expiry
Tom Hughes [Wed, 29 Oct 2014 19:13:27 +0000 (19:13 +0000)]
Update carto stylesheet to v2.23.0
Tom Hughes [Wed, 29 Oct 2014 15:28:52 +0000 (15:28 +0000)]
Reduce tile expiry threshold to 14 days
Tom Hughes [Wed, 29 Oct 2014 15:13:23 +0000 (15:13 +0000)]
Reorder find arguments to avoid warning
Tom Hughes [Tue, 28 Oct 2014 17:34:48 +0000 (17:34 +0000)]
Use postgres 9.3 for dev apis
Tom Hughes [Tue, 28 Oct 2014 17:34:02 +0000 (17:34 +0000)]
Manage postgres 9.3 on the dev server
Tom Hughes [Tue, 28 Oct 2014 10:34:18 +0000 (10:34 +0000)]
Update apache config for 2.4
Tom Hughes [Sun, 26 Oct 2014 19:26:43 +0000 (19:26 +0000)]
Avoid relying on per-host options in NFS export files
Tom Hughes [Sun, 26 Oct 2014 15:00:00 +0000 (15:00 +0000)]
Remove site specific SSL config
Tom Hughes [Sun, 26 Oct 2014 14:57:27 +0000 (14:57 +0000)]
Switch chef back to using https for the internal forward
Grant Slater [Sun, 26 Oct 2014 13:51:51 +0000 (13:51 +0000)]
Fix PHP start tag compatibility
Tom Hughes [Sun, 26 Oct 2014 12:54:15 +0000 (12:54 +0000)]
Come back online
Tom Hughes [Sun, 26 Oct 2014 12:44:08 +0000 (12:44 +0000)]
Bring site back online in readonly mode on ramoth
Tom Hughes [Sun, 26 Oct 2014 12:06:18 +0000 (12:06 +0000)]
Update replication ACL
Tom Hughes [Sun, 26 Oct 2014 12:02:10 +0000 (12:02 +0000)]
Correct archive path
Tom Hughes [Sun, 26 Oct 2014 11:50:08 +0000 (11:50 +0000)]
Swap database roles
Tom Hughes [Sun, 26 Oct 2014 11:35:41 +0000 (11:35 +0000)]
Go to offline mode
Tom Hughes [Sun, 26 Oct 2014 11:31:14 +0000 (11:31 +0000)]
Require ruby-dev so we can build native extensions
Tom Hughes [Sun, 26 Oct 2014 11:28:40 +0000 (11:28 +0000)]
There isn't a separate rubygems package in 14.04
Tom Hughes [Sun, 26 Oct 2014 11:25:12 +0000 (11:25 +0000)]
The portmap service is now rpcbind
Tom Hughes [Sun, 26 Oct 2014 11:20:58 +0000 (11:20 +0000)]
Update chef server version mapping
Tom Hughes [Sun, 26 Oct 2014 11:17:49 +0000 (11:17 +0000)]
Proxy chef to http for now
Tom Hughes [Sun, 26 Oct 2014 11:14:11 +0000 (11:14 +0000)]
Update planet to use apache 2.4 permissions
Tom Hughes [Sun, 26 Oct 2014 11:10:38 +0000 (11:10 +0000)]
RewriteLock is not needed in apache 2.4
Tom Hughes [Fri, 24 Oct 2014 16:48:39 +0000 (17:48 +0100)]
Only allow external SMTP connections on the mail server
Tom Hughes [Fri, 24 Oct 2014 16:44:02 +0000 (17:44 +0100)]
Only add a domein to relay_to_domains if we are really relaying to it
Tom Hughes [Thu, 23 Oct 2014 21:56:39 +0000 (22:56 +0100)]
Update piwik to 2.8.3
Tom Hughes [Thu, 23 Oct 2014 21:50:14 +0000 (22:50 +0100)]
Bring piwik installation/upgrade under chef control
Tom Hughes [Tue, 21 Oct 2014 09:23:11 +0000 (10:23 +0100)]
Disable SSLv3
Tom Hughes [Mon, 20 Oct 2014 18:14:30 +0000 (19:14 +0100)]
Disable setting of Access-Control-Allow-Origin by taginfo
Grant Slater [Sat, 18 Oct 2014 20:01:52 +0000 (21:01 +0100)]
Add #osm-ar, #osm-bw, #osm-cz, #osm-pt & #osm-ht to irc list
Sarah Hoffmann [Wed, 15 Oct 2014 21:19:40 +0000 (23:19 +0200)]
deactivate nominatim cron scripts on poldi
Sarah Hoffmann [Tue, 14 Oct 2014 18:14:49 +0000 (20:14 +0200)]
match complete URIs in nominatim's apache conf
Grant Slater [Sat, 11 Oct 2014 18:47:36 +0000 (19:47 +0100)]
apache ssl: faster timeout on slow OCSP responses
Grant Slater [Sat, 11 Oct 2014 18:09:27 +0000 (19:09 +0100)]
apache ssl: Do not pass OCSP stapling failures to client
Do not pass OCSP stapling failures to client.
CA's OCSP servers occionally fail, propagating an error is undesireable and causes Firefox and other clients by default to reject the connection.
Grant Slater [Sat, 11 Oct 2014 16:50:08 +0000 (17:50 +0100)]
wiki: remove Lacking_proper_attribution from robots.txt
Grant Slater [Sat, 11 Oct 2014 16:04:11 +0000 (17:04 +0100)]
Move mediawiki + wiki cookbook to public repo
Grant Slater [Sat, 11 Oct 2014 13:42:50 +0000 (14:42 +0100)]
Force eth hwaddr on ouroboros before HW switch-out
Sarah Hoffmann [Tue, 7 Oct 2014 20:13:21 +0000 (22:13 +0200)]
get rid of multiviews and locationmatch to make apache 2,4 happy
Tom Hughes [Mon, 6 Oct 2014 20:02:42 +0000 (21:02 +0100)]
Add #osm-latam
Tom Hughes [Mon, 6 Oct 2014 17:59:32 +0000 (18:59 +0100)]
Update carto stylesheet to v2.22.0
Tom Hughes [Mon, 6 Oct 2014 12:23:40 +0000 (13:23 +0100)]
Install libwww-perl for the apache munin plugins
Sarah Hoffmann [Mon, 6 Oct 2014 12:12:24 +0000 (14:12 +0200)]
enable nominatim cron jobs on pummelzacken
Tom Hughes [Mon, 6 Oct 2014 08:54:35 +0000 (09:54 +0100)]
Force Access-Control-Allow-Origin for taginfo api responses
This is a horrid hack as a workaround pending a fix to the actual
bug in apache:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56898
Tom Hughes [Thu, 2 Oct 2014 21:44:51 +0000 (22:44 +0100)]
Fix permissions handling replies to OTRS messages
Tom Hughes [Mon, 29 Sep 2014 20:07:24 +0000 (21:07 +0100)]
Consider tiles not accessed in last 21 days for expiry
Tom Hughes [Mon, 29 Sep 2014 19:24:35 +0000 (20:24 +0100)]
Remove horntail and konqi roles
Tom Hughes [Sat, 27 Sep 2014 13:17:55 +0000 (14:17 +0100)]
Update carto stylesheet to v2.21.0
Tom Hughes [Mon, 22 Sep 2014 13:59:49 +0000 (14:59 +0100)]
Enable deletion of trac tickets
Tom Hughes [Fri, 19 Sep 2014 15:46:54 +0000 (16:46 +0100)]
Update chef client to 11.16.2-1
Jochen Topf [Fri, 19 Sep 2014 08:11:30 +0000 (10:11 +0200)]
Update taginfo 'about' text.
Jochen Topf [Thu, 18 Sep 2014 12:42:00 +0000 (14:42 +0200)]
Add new 'projects' source to taginfo.
Grant Slater [Mon, 15 Sep 2014 21:33:30 +0000 (22:33 +0100)]
WP plugin XML Sitemap Generator now internally handles sitemap.xml
Tom Hughes [Sun, 14 Sep 2014 17:38:41 +0000 (18:38 +0100)]
Update chef client to 11.16.0-1
Sarah Hoffmann [Thu, 11 Sep 2014 19:13:04 +0000 (21:13 +0200)]
put db back in normal mode on pummelzacken
Tom Hughes [Thu, 11 Sep 2014 11:42:25 +0000 (12:42 +0100)]
Correct IPv6 prefix length for viserion
Tom Hughes [Thu, 11 Sep 2014 11:39:11 +0000 (12:39 +0100)]
Update IPv6 gateway for viserion
Tom Hughes [Thu, 11 Sep 2014 11:11:47 +0000 (12:11 +0100)]
Fix IPv6 address for viserion
Tom Hughes [Thu, 11 Sep 2014 10:48:26 +0000 (11:48 +0100)]
Remvoe tilecache role from viserion for now
Tom Hughes [Thu, 11 Sep 2014 10:38:17 +0000 (11:38 +0100)]
Fix typo
Tom Hughes [Thu, 11 Sep 2014 10:12:10 +0000 (11:12 +0100)]
Add role for viserion
Tom Hughes [Tue, 9 Sep 2014 21:38:28 +0000 (22:38 +0100)]
Enable OCSP stapling on 14.04 machines
Tom Hughes [Mon, 8 Sep 2014 21:26:08 +0000 (22:26 +0100)]
Update carto stylesheet to v2.20.1
Sarah Hoffmann [Sat, 6 Sep 2014 19:57:08 +0000 (21:57 +0200)]
put pummelzacken in import mode
Tom Hughes [Sat, 6 Sep 2014 11:12:23 +0000 (12:12 +0100)]
Update carto stylesheet to v2.20.0
Tom Hughes [Sat, 6 Sep 2014 09:59:44 +0000 (10:59 +0100)]
Run spamassassin as debian-spamd
Tom Hughes [Wed, 3 Sep 2014 12:56:00 +0000 (13:56 +0100)]
Ignore bogus ipmi_temp warnings on G6 machines
Tom Hughes [Wed, 3 Sep 2014 12:37:31 +0000 (13:37 +0100)]
Increase parallelism of munin-update
Tom Hughes [Tue, 2 Sep 2014 20:45:12 +0000 (21:45 +0100)]
Add munin monitoring of rrdcached
Tom Hughes [Tue, 2 Sep 2014 20:29:40 +0000 (21:29 +0100)]
Use rrdcached with munin
Tom Hughes [Tue, 2 Sep 2014 18:43:45 +0000 (19:43 +0100)]
Update munin to apache 2.4 style access controls
Tom Hughes [Tue, 2 Sep 2014 08:20:46 +0000 (09:20 +0100)]
Update piwik to apache 2.4 style access controls
Tom Hughes [Mon, 1 Sep 2014 09:21:17 +0000 (10:21 +0100)]
Exclude noreply.openstreetmap.org from alias expansion
Tom Hughes [Fri, 29 Aug 2014 15:47:56 +0000 (16:47 +0100)]
Don't allow SSL proxy connections to be reused
If we allow reuse of SSL connections then we may sent a Host
header that doesn't match the name sent in SNI when the connection
was setup, and the backend will then reject it.
Tom Hughes [Fri, 29 Aug 2014 15:16:10 +0000 (16:16 +0100)]
Revert "Use http for all backend requests"
This reverts commit
b7579691793f64a2cc7fd86930ed33ffcde88b98 .
Tom Hughes [Fri, 29 Aug 2014 14:46:31 +0000 (15:46 +0100)]
Remove 12.04 support in web cookbook
Tom Hughes [Fri, 29 Aug 2014 14:38:07 +0000 (15:38 +0100)]
Use http for all backend requests
Tom Hughes [Fri, 29 Aug 2014 14:32:30 +0000 (15:32 +0100)]
Add custom DH parameters our main certificate
Java before version 7 can't cope with DH parameters longer
than 1024 bits but Apache 2.4 bases the DH parameter length
on the certificate key length, which is 2048 bits.
http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
Tom Hughes [Fri, 29 Aug 2014 12:57:00 +0000 (13:57 +0100)]
Add some more apache 2.4 access rules
Tom Hughes [Fri, 29 Aug 2014 12:11:18 +0000 (13:11 +0100)]
Enable mod_lbmethod_byrequests for frontends running 14.04
Tom Hughes [Fri, 29 Aug 2014 12:06:20 +0000 (13:06 +0100)]
Enable mod_lbmethod_bybusyness for frontends running 14.04