]> git.openstreetmap.org Git - chef.git/log
chef.git
7 months agoaccount: update ligfietser ssh key
Grant Slater [Wed, 27 Mar 2024 12:47:01 +0000 (12:47 +0000)]
account: update ligfietser ssh key

Close: https://github.com/openstreetmap/operations/issues/1044

Signed-off-by: Grant Slater <github@firefishy.com>
7 months agoimagery: improve tiler caching and keepalive
Grant Slater [Tue, 26 Mar 2024 20:56:17 +0000 (20:56 +0000)]
imagery: improve tiler caching and keepalive

7 months agopodman: revert to using default slirp4netns mtu
Grant Slater [Tue, 26 Mar 2024 20:48:04 +0000 (20:48 +0000)]
podman: revert to using default slirp4netns mtu

7 months agotests: move imagery-tiler to only test on debian
Grant Slater [Tue, 26 Mar 2024 20:40:11 +0000 (20:40 +0000)]
tests: move imagery-tiler to only test on debian

podman on ubuntu 22.04 unresolved race condition start up bugs.
The version in debian 12 is reliable. In production the container starts
up successfully after a few tries, but this behaviour breaks tests.

Signed-off-by: Grant Slater <github@firefishy.com>
7 months agodev: sort users list
Grant Slater [Tue, 26 Mar 2024 20:24:24 +0000 (20:24 +0000)]
dev: sort users list

7 months agodev: activate ligfietser
Grant Slater [Tue, 26 Mar 2024 20:22:17 +0000 (20:22 +0000)]
dev: activate ligfietser

8 months agonominatim: disallow details requests without referer
Sarah Hoffmann [Tue, 26 Mar 2024 19:47:44 +0000 (20:47 +0100)]
nominatim: disallow details requests without referer

8 months agoInstall libbrotli-dev on the dev server
Tom Hughes [Mon, 25 Mar 2024 21:47:40 +0000 (21:47 +0000)]
Install libbrotli-dev on the dev server

8 months agoUpdate bundle
Tom Hughes [Wed, 20 Mar 2024 18:36:20 +0000 (18:36 +0000)]
Update bundle

8 months agoTry and detaint messages.openstreetmap.org deliveries
Tom Hughes [Wed, 20 Mar 2024 17:43:10 +0000 (17:43 +0000)]
Try and detaint messages.openstreetmap.org deliveries

8 months agoValidate local parts for messages.openstreetmap.org to untaint them
Tom Hughes [Wed, 20 Mar 2024 12:45:49 +0000 (12:45 +0000)]
Validate local parts for messages.openstreetmap.org to untaint them

8 months agonetworking: ensure nftables script checks input
Grant Slater [Wed, 20 Mar 2024 10:32:54 +0000 (10:32 +0000)]
networking: ensure nftables script checks input

Ensure the nftables script does not prematurely exit on any invalid input.
eg: If unblocking a set of IPs skip any not currently blocked instead of premature exit.

Signed-off-by: Grant Slater <github@firefishy.com>
8 months agoapache: increase mod_evasive page_count to reduce iD false positives
Grant Slater [Tue, 19 Mar 2024 23:41:02 +0000 (23:41 +0000)]
apache: increase mod_evasive page_count to reduce iD false positives

8 months agoFix fail2ban evasive filter
Tom Hughes [Tue, 19 Mar 2024 21:20:03 +0000 (21:20 +0000)]
Fix fail2ban evasive filter

8 months agonetworking: add flush command to nftables script
Grant Slater [Tue, 19 Mar 2024 11:15:05 +0000 (11:15 +0000)]
networking: add flush command to nftables script

8 months agopodman: fix typo in param
Grant Slater [Mon, 18 Mar 2024 17:50:31 +0000 (17:50 +0000)]
podman: fix typo in param

8 months agopodman: increase default pid limit.
Grant Slater [Mon, 18 Mar 2024 17:33:01 +0000 (17:33 +0000)]
podman: increase default pid limit.

Workaround 2048 pid limit. Extremely low, causing issues with titiler.
Ideally should be set using a paramater.

Signed-off-by: Grant Slater <github@firefishy.com>
8 months agoAdd alert for node exporter text file scrape errors
Tom Hughes [Mon, 18 Mar 2024 17:28:05 +0000 (17:28 +0000)]
Add alert for node exporter text file scrape errors

8 months agoimagery: use https for tiler
Grant Slater [Mon, 18 Mar 2024 14:49:38 +0000 (14:49 +0000)]
imagery: use https for tiler

8 months agoimagery: add ngi-aerial code
Grant Slater [Mon, 18 Mar 2024 14:08:27 +0000 (14:08 +0000)]
imagery: add ngi-aerial code

8 months agoRevet accidental commit
Tom Hughes [Fri, 15 Mar 2024 15:56:57 +0000 (15:56 +0000)]
Revet accidental commit

8 months agocommunity: security bump version
Grant Slater [Fri, 15 Mar 2024 12:18:39 +0000 (12:18 +0000)]
community: security bump version

8 months agoDisable exim paniclog watcher
Tom Hughes [Fri, 15 Mar 2024 10:02:27 +0000 (10:02 +0000)]
Disable exim paniclog watcher

8 months agoFix exim daemon options for Ubuntu
Tom Hughes [Fri, 15 Mar 2024 10:01:26 +0000 (10:01 +0000)]
Fix exim daemon options for Ubuntu

8 months agoDrop attempt at SPF checking
Tom Hughes [Thu, 14 Mar 2024 11:19:04 +0000 (11:19 +0000)]
Drop attempt at SPF checking

8 months agoAccept any mail that passes an osmfoundation.org SPF check
Tom Hughes [Thu, 14 Mar 2024 10:52:05 +0000 (10:52 +0000)]
Accept any mail that passes an osmfoundation.org SPF check

8 months agoReject incoming mail which fails SPF checks
Tom Hughes [Thu, 14 Mar 2024 09:42:26 +0000 (09:42 +0000)]
Reject incoming mail which fails SPF checks

8 months agoAdd munin web redirects to prometheus
Grant Slater [Wed, 13 Mar 2024 14:48:11 +0000 (14:48 +0000)]
Add munin web redirects to prometheus

8 months agoScrub last munin traces
Grant Slater [Wed, 13 Mar 2024 14:39:59 +0000 (14:39 +0000)]
Scrub last munin traces

Signed-off-by: Grant Slater <github@firefishy.com>
8 months agoRemove munin-server GHA test
Grant Slater [Wed, 13 Mar 2024 14:31:29 +0000 (14:31 +0000)]
Remove munin-server GHA test

8 months agoRemove munin server role
Grant Slater [Wed, 13 Mar 2024 14:29:13 +0000 (14:29 +0000)]
Remove munin server role

8 months agoRemove munin
Grant Slater [Tue, 12 Mar 2024 20:45:46 +0000 (20:45 +0000)]
Remove munin

Fixed: https://github.com/openstreetmap/operations/issues/501
Signed-off-by: Grant Slater <github@firefishy.com>
8 months agohardware: do not fail if node[:hardware][:pci] is undefined (tests)
Grant Slater [Tue, 12 Mar 2024 21:15:16 +0000 (21:15 +0000)]
hardware: do not fail if node[:hardware][:pci] is undefined (tests)

8 months agogit: use extended combined_extended
Grant Slater [Tue, 12 Mar 2024 14:05:05 +0000 (14:05 +0000)]
git: use extended combined_extended

8 months agoRestore comment
Tom Hughes [Tue, 12 Mar 2024 13:19:13 +0000 (13:19 +0000)]
Restore comment

8 months agoapache: remove unneeded combined_extended hack for 20.04
Grant Slater [Tue, 12 Mar 2024 13:14:03 +0000 (13:14 +0000)]
apache: remove unneeded combined_extended hack for 20.04

8 months agoTidy up mod_evasive configuration
Tom Hughes [Tue, 12 Mar 2024 12:57:46 +0000 (12:57 +0000)]
Tidy up mod_evasive configuration

8 months agowordpress: use combined_extended logging
Grant Slater [Tue, 12 Mar 2024 12:56:59 +0000 (12:56 +0000)]
wordpress: use combined_extended logging

8 months agomediawiki: add back missing param
Grant Slater [Tue, 12 Mar 2024 12:42:06 +0000 (12:42 +0000)]
mediawiki: add back missing param

8 months agomediawiki: disable Extension:LocalisationUpdate
Grant Slater [Tue, 12 Mar 2024 12:39:55 +0000 (12:39 +0000)]
mediawiki: disable Extension:LocalisationUpdate

8 months agomediawiki: add RewriteCond for server-info
Grant Slater [Tue, 12 Mar 2024 12:36:38 +0000 (12:36 +0000)]
mediawiki: add RewriteCond for server-info

8 months agoapache: set our correct defaults for mod_evasive
Grant Slater [Tue, 12 Mar 2024 12:31:14 +0000 (12:31 +0000)]
apache: set our correct defaults for mod_evasive

8 months agoapache: relax mod_evasive further
Grant Slater [Tue, 12 Mar 2024 12:17:31 +0000 (12:17 +0000)]
apache: relax mod_evasive further

8 months agoapache: parameterise mod_evasive
Grant Slater [Tue, 12 Mar 2024 12:08:59 +0000 (12:08 +0000)]
apache: parameterise mod_evasive

8 months agonominatim: migrate versions before installing the software
Sarah Hoffmann [Tue, 12 Mar 2024 11:02:09 +0000 (12:02 +0100)]
nominatim: migrate versions before installing the software

Avoids disruptions where the migration is needed for the frontend
to function properly (e.g. when creating new indexes).

8 months agooverpass: remove last traces of timer for area processor
Sarah Hoffmann [Tue, 12 Mar 2024 11:01:24 +0000 (12:01 +0100)]
overpass: remove last traces of timer for area processor

8 months agoAdjust trigger for evasive jail
Tom Hughes [Tue, 12 Mar 2024 09:00:20 +0000 (09:00 +0000)]
Adjust trigger for evasive jail

8 months agoRestrict fail2ban to evasive blocks instead of all 403 errors
Tom Hughes [Tue, 12 Mar 2024 08:52:58 +0000 (08:52 +0000)]
Restrict fail2ban to evasive blocks instead of all 403 errors

8 months agoRelax evasive limits some more
Tom Hughes [Mon, 11 Mar 2024 21:27:37 +0000 (21:27 +0000)]
Relax evasive limits some more

8 months agoMake evasive configuration work
Tom Hughes [Mon, 11 Mar 2024 20:13:00 +0000 (20:13 +0000)]
Make evasive configuration work

8 months agoPass bantime and findtime to jail config correctly
Tom Hughes [Mon, 11 Mar 2024 19:18:32 +0000 (19:18 +0000)]
Pass bantime and findtime to jail config correctly

8 months agoReduce look back for forbidden request jail
Tom Hughes [Mon, 11 Mar 2024 19:12:03 +0000 (19:12 +0000)]
Reduce look back for forbidden request jail

8 months agoRelax site count limit for evasive
Tom Hughes [Mon, 11 Mar 2024 18:20:56 +0000 (18:20 +0000)]
Relax site count limit for evasive

8 months agoRelax page count limit for evasive
Tom Hughes [Mon, 11 Mar 2024 17:48:37 +0000 (17:48 +0000)]
Relax page count limit for evasive

8 months agoActively disable mod_evasive when necessary
Tom Hughes [Mon, 11 Mar 2024 17:41:32 +0000 (17:41 +0000)]
Actively disable mod_evasive when necessary

8 months agoDisable mod_evasive for prometheus
Tom Hughes [Mon, 11 Mar 2024 17:39:18 +0000 (17:39 +0000)]
Disable mod_evasive for prometheus

8 months agoUse fail2ban to block IPs getting repeated HTTP forbidden responses
Tom Hughes [Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)]
Use fail2ban to block IPs getting repeated HTTP forbidden responses

8 months agoEnable mod_evasive for all apache instances except render servers
Tom Hughes [Mon, 11 Mar 2024 17:15:10 +0000 (17:15 +0000)]
Enable mod_evasive for all apache instances except render servers

8 months agoDrop unused attribute
Tom Hughes [Mon, 11 Mar 2024 17:18:16 +0000 (17:18 +0000)]
Drop unused attribute

8 months agoAdd an alert for mysql connection errors
Tom Hughes [Mon, 11 Mar 2024 08:40:10 +0000 (08:40 +0000)]
Add an alert for mysql connection errors

8 months agoIncrease mysql connection limit for the wiki
Tom Hughes [Mon, 11 Mar 2024 08:27:44 +0000 (08:27 +0000)]
Increase mysql connection limit for the wiki

8 months agoRemove ifupdown to stop it trying to manage the network
Tom Hughes [Sun, 10 Mar 2024 21:06:38 +0000 (21:06 +0000)]
Remove ifupdown to stop it trying to manage the network

8 months agomailman: automate year match code
Grant Slater [Sun, 10 Mar 2024 20:20:20 +0000 (20:20 +0000)]
mailman: automate year match code

8 months agoapache: fix combined_extended compatibility with Ubuntu 20.04
Grant Slater [Sun, 10 Mar 2024 20:15:25 +0000 (20:15 +0000)]
apache: fix combined_extended compatibility with Ubuntu 20.04

8 months agoapache: use new combined_extended log format instead of combined
Grant Slater [Sun, 10 Mar 2024 19:49:49 +0000 (19:49 +0000)]
apache: use new combined_extended log format instead of combined

8 months agoRemove gorwen DNS and DHCP
Grant Slater [Sun, 10 Mar 2024 19:45:12 +0000 (19:45 +0000)]
Remove gorwen DNS and DHCP

8 months agowiki: Delay abusive scrapers
Grant Slater [Sun, 10 Mar 2024 15:37:16 +0000 (15:37 +0000)]
wiki: Delay abusive scrapers

8 months agoIncrease size of php-fpm pool for the main wiki
Tom Hughes [Sun, 10 Mar 2024 13:46:40 +0000 (13:46 +0000)]
Increase size of php-fpm pool for the main wiki

8 months agoDrop separate secure logs for mediawiki instances
Tom Hughes [Sun, 10 Mar 2024 13:44:45 +0000 (13:44 +0000)]
Drop separate secure logs for mediawiki instances

8 months agoDefine an extended log format for apachae requests
Tom Hughes [Sun, 10 Mar 2024 13:42:46 +0000 (13:42 +0000)]
Define an extended log format for apachae requests

Adds the request time and SSL details to the standard combined format.

8 months agomediawiki: add apache request duration logging
Grant Slater [Sun, 10 Mar 2024 13:07:01 +0000 (13:07 +0000)]
mediawiki: add apache request duration logging

8 months agowiki: remove outdated file
Grant Slater [Sun, 10 Mar 2024 13:06:25 +0000 (13:06 +0000)]
wiki: remove outdated file

8 months agoTry 307 redirect instead of 308
Guillaume RISCHARD [Fri, 8 Mar 2024 23:02:48 +0000 (18:02 -0500)]
Try 307 redirect instead of 308

8 months agoDrop cleanup code
Tom Hughes [Fri, 8 Mar 2024 09:31:49 +0000 (09:31 +0000)]
Drop cleanup code

8 months agoDelete mediawiki link refresh service and timer
Tom Hughes [Fri, 8 Mar 2024 09:26:07 +0000 (09:26 +0000)]
Delete mediawiki link refresh service and timer

8 months agoDisable mediawiki link refresh job on all wikis
Tom Hughes [Fri, 8 Mar 2024 09:16:05 +0000 (09:16 +0000)]
Disable mediawiki link refresh job on all wikis

8 months agoDrop role for gorwen
Tom Hughes [Thu, 7 Mar 2024 22:06:11 +0000 (22:06 +0000)]
Drop role for gorwen

8 months agoDrop user_tokens table
Tom Hughes [Thu, 7 Mar 2024 17:47:57 +0000 (17:47 +0000)]
Drop user_tokens table

8 months agoosqa: block login access and conditional posts
Grant Slater [Thu, 7 Mar 2024 11:45:54 +0000 (11:45 +0000)]
osqa: block login access and conditional posts

8 months agoplanet: always set cors header
Grant Slater [Thu, 7 Mar 2024 11:08:40 +0000 (11:08 +0000)]
planet: always set cors header

Always set CORS header to ensure the header is also set on redirects.

Fixes: https://github.com/openstreetmap/operations/issues/1038
Signed-off-by: Grant Slater <github@firefishy.com>
8 months agoUse 308 redirect to keep IDN POST parameters
Guillaume Rischard [Wed, 6 Mar 2024 23:53:42 +0000 (18:53 -0500)]
Use 308 redirect to keep IDN POST parameters

With many thanks to @MegaphoneJon for the precious help!

8 months agoEnable hardware watchdog support on more machines
Tom Hughes [Tue, 5 Mar 2024 10:35:44 +0000 (10:35 +0000)]
Enable hardware watchdog support on more machines

8 months agoEnable hardware watchdog on HP machines
Tom Hughes [Mon, 4 Mar 2024 19:18:27 +0000 (19:18 +0000)]
Enable hardware watchdog on HP machines

8 months agooverpass: update to newest version
Sarah Hoffmann [Mon, 4 Mar 2024 14:44:12 +0000 (15:44 +0100)]
overpass: update to newest version

Also avoid failing import script when systemd scripts not yet enabled.

8 months agoAdd overpass-query role to grisu
Tom Hughes [Mon, 4 Mar 2024 08:16:46 +0000 (08:16 +0000)]
Add overpass-query role to grisu

8 months agoDisable registration of OAuth 1 clients
Tom Hughes [Fri, 1 Mar 2024 08:15:58 +0000 (08:15 +0000)]
Disable registration of OAuth 1 clients

9 months agoAdd Yandex to imagery blacklist
Tom Hughes [Tue, 20 Feb 2024 20:46:34 +0000 (20:46 +0000)]
Add Yandex to imagery blacklist

9 months agonominatim: disable luajit
Sarah Hoffmann [Mon, 19 Feb 2024 09:35:43 +0000 (10:35 +0100)]
nominatim: disable luajit

Something is potentially buggy with luajit and causes data loss.

9 months agoUpdate chef client to 18.4.2
Tom Hughes [Wed, 14 Feb 2024 21:43:05 +0000 (21:43 +0000)]
Update chef client to 18.4.2

9 months agoDisable OAuth 1.0 support
Tom Hughes [Thu, 8 Feb 2024 20:01:10 +0000 (20:01 +0000)]
Disable OAuth 1.0 support

9 months agoMerge remote-tracking branch 'github/pull/649'
Tom Hughes [Wed, 7 Feb 2024 11:43:45 +0000 (11:43 +0000)]
Merge remote-tracking branch 'github/pull/649'

9 months agobuild(deps): bump cookstyle from 7.32.2 to 7.32.8
dependabot[bot] [Wed, 7 Feb 2024 11:41:08 +0000 (11:41 +0000)]
build(deps): bump cookstyle from 7.32.2 to 7.32.8

Bumps [cookstyle](https://github.com/chef/cookstyle) from 7.32.2 to 7.32.8.
- [Release notes](https://github.com/chef/cookstyle/releases)
- [Changelog](https://github.com/chef/cookstyle/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chef/cookstyle/compare/v7.32.2...v7.32.8)

---
updated-dependencies:
- dependency-name: cookstyle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
9 months agoCivicrm extension update
Guillaume RISCHARD [Sat, 3 Feb 2024 15:36:25 +0000 (10:36 -0500)]
Civicrm extension update

9 months agoCivicrm core version bump
Guillaume RISCHARD [Sat, 3 Feb 2024 00:25:01 +0000 (19:25 -0500)]
Civicrm core version bump

9 months agoEnable rate limiting for dev cgimap instances
Tom Hughes [Wed, 31 Jan 2024 15:37:41 +0000 (15:37 +0000)]
Enable rate limiting for dev cgimap instances

9 months agoAdd a test instance for the login/signup rework
Tom Hughes [Fri, 26 Jan 2024 12:36:28 +0000 (12:36 +0000)]
Add a test instance for the login/signup rework

10 months agoExtend search period and ban time for trackpoint jail
Tom Hughes [Wed, 24 Jan 2024 09:33:10 +0000 (09:33 +0000)]
Extend search period and ban time for trackpoint jail

10 months agoAdd fail2ban block for repeated timeouts on the trackpoints API call
Tom Hughes [Wed, 24 Jan 2024 08:31:24 +0000 (08:31 +0000)]
Add fail2ban block for repeated timeouts on the trackpoints API call

10 months agoFix active query alerts
Tom Hughes [Wed, 24 Jan 2024 08:23:41 +0000 (08:23 +0000)]
Fix active query alerts

10 months agoDrop duplicate replication lag alert
Tom Hughes [Tue, 23 Jan 2024 09:10:10 +0000 (09:10 +0000)]
Drop duplicate replication lag alert