]> git.openstreetmap.org Git - chef.git/log
chef.git
10 years agoRevert "Move readonly database traffic to katla"
Tom Hughes [Sat, 22 Nov 2014 18:21:27 +0000 (18:21 +0000)]
Revert "Move readonly database traffic to katla"

This reverts commit edbe311b82bafe71634634d1dfc49b82af2c392d.

10 years agoMove readonly database traffic to katla
Tom Hughes [Fri, 21 Nov 2014 18:28:59 +0000 (18:28 +0000)]
Move readonly database traffic to katla

10 years agoUpdate piwik to 2.9.1
Tom Hughes [Fri, 21 Nov 2014 00:17:46 +0000 (00:17 +0000)]
Update piwik to 2.9.1

10 years agoSend PHP requests to PHP-FPM without checking the file exists
Tom Hughes [Fri, 21 Nov 2014 00:15:38 +0000 (00:15 +0000)]
Send PHP requests to PHP-FPM without checking the file exists

10 years agoRemove some unused APT sources
Tom Hughes [Mon, 17 Nov 2014 15:21:25 +0000 (15:21 +0000)]
Remove some unused APT sources

10 years agoUpdate carto stylesheet to v2.24.0
Tom Hughes [Sat, 15 Nov 2014 16:42:04 +0000 (16:42 +0000)]
Update carto stylesheet to v2.24.0

10 years agoRidley is now a G6 machine
Tom Hughes [Fri, 14 Nov 2014 19:22:59 +0000 (19:22 +0000)]
Ridley is now a G6 machine

10 years agoUpdate piwik to 2.9.0
Tom Hughes [Fri, 14 Nov 2014 18:58:00 +0000 (18:58 +0000)]
Update piwik to 2.9.0

10 years agoOnly pass PHP files which exist to PHP-FPM
Tom Hughes [Thu, 13 Nov 2014 09:28:08 +0000 (09:28 +0000)]
Only pass PHP files which exist to PHP-FPM

10 years agoMake sure we log the real client IP on the web backends
Tom Hughes [Sun, 9 Nov 2014 12:23:16 +0000 (12:23 +0000)]
Make sure we log the real client IP on the web backends

10 years agoDelete the secret_key_base attribute when dropping a dev site
Tom Hughes [Fri, 7 Nov 2014 19:50:18 +0000 (19:50 +0000)]
Delete the secret_key_base attribute when dropping a dev site

10 years agoDrop use of sender callout verification completely
Tom Hughes [Fri, 7 Nov 2014 15:46:46 +0000 (15:46 +0000)]
Drop use of sender callout verification completely

10 years agoDrop some old dev sites
Tom Hughes [Fri, 7 Nov 2014 11:57:12 +0000 (11:57 +0000)]
Drop some old dev sites

10 years agoExempt some github addresses from sender callouts
Tom Hughes [Tue, 4 Nov 2014 10:30:25 +0000 (10:30 +0000)]
Exempt some github addresses from sender callouts

10 years agoOnly install osmadmins on 12.04 machines
Tom Hughes [Sun, 2 Nov 2014 08:43:13 +0000 (08:43 +0000)]
Only install osmadmins on 12.04 machines

10 years agoUse old-releases.ubuntu.com for quantal machines
Tom Hughes [Sun, 2 Nov 2014 08:40:08 +0000 (08:40 +0000)]
Use old-releases.ubuntu.com for quantal machines

10 years agoInstall haveged to avoid entropy starvation
Grant Slater [Sun, 2 Nov 2014 01:43:58 +0000 (01:43 +0000)]
Install haveged to avoid entropy starvation

10 years agoCorrect location of archived logs for expiry
Tom Hughes [Fri, 31 Oct 2014 10:19:03 +0000 (10:19 +0000)]
Correct location of archived logs for expiry

10 years agoUpdate carto stylesheet to v2.23.0
Tom Hughes [Wed, 29 Oct 2014 19:13:27 +0000 (19:13 +0000)]
Update carto stylesheet to v2.23.0

10 years agoReduce tile expiry threshold to 14 days
Tom Hughes [Wed, 29 Oct 2014 15:28:52 +0000 (15:28 +0000)]
Reduce tile expiry threshold to 14 days

10 years agoReorder find arguments to avoid warning
Tom Hughes [Wed, 29 Oct 2014 15:13:23 +0000 (15:13 +0000)]
Reorder find arguments to avoid warning

10 years agoUse postgres 9.3 for dev apis
Tom Hughes [Tue, 28 Oct 2014 17:34:48 +0000 (17:34 +0000)]
Use postgres 9.3 for dev apis

10 years agoManage postgres 9.3 on the dev server
Tom Hughes [Tue, 28 Oct 2014 17:34:02 +0000 (17:34 +0000)]
Manage postgres 9.3 on the dev server

10 years agoUpdate apache config for 2.4
Tom Hughes [Tue, 28 Oct 2014 10:34:18 +0000 (10:34 +0000)]
Update apache config for 2.4

10 years agoAvoid relying on per-host options in NFS export files
Tom Hughes [Sun, 26 Oct 2014 19:26:43 +0000 (19:26 +0000)]
Avoid relying on per-host options in NFS export files

10 years agoRemove site specific SSL config
Tom Hughes [Sun, 26 Oct 2014 15:00:00 +0000 (15:00 +0000)]
Remove site specific SSL config

10 years agoSwitch chef back to using https for the internal forward
Tom Hughes [Sun, 26 Oct 2014 14:57:27 +0000 (14:57 +0000)]
Switch chef back to using https for the internal forward

10 years agoFix PHP start tag compatibility
Grant Slater [Sun, 26 Oct 2014 13:51:51 +0000 (13:51 +0000)]
Fix PHP start tag compatibility

10 years agoCome back online
Tom Hughes [Sun, 26 Oct 2014 12:54:15 +0000 (12:54 +0000)]
Come back online

10 years agoBring site back online in readonly mode on ramoth
Tom Hughes [Sun, 26 Oct 2014 12:44:08 +0000 (12:44 +0000)]
Bring site back online in readonly mode on ramoth

10 years agoUpdate replication ACL
Tom Hughes [Sun, 26 Oct 2014 12:06:18 +0000 (12:06 +0000)]
Update replication ACL

10 years agoCorrect archive path
Tom Hughes [Sun, 26 Oct 2014 12:02:10 +0000 (12:02 +0000)]
Correct archive path

10 years agoSwap database roles
Tom Hughes [Sun, 26 Oct 2014 11:50:08 +0000 (11:50 +0000)]
Swap database roles

10 years agoGo to offline mode
Tom Hughes [Sun, 26 Oct 2014 11:35:41 +0000 (11:35 +0000)]
Go to offline mode

10 years agoRequire ruby-dev so we can build native extensions
Tom Hughes [Sun, 26 Oct 2014 11:31:14 +0000 (11:31 +0000)]
Require ruby-dev so we can build native extensions

10 years agoThere isn't a separate rubygems package in 14.04
Tom Hughes [Sun, 26 Oct 2014 11:28:40 +0000 (11:28 +0000)]
There isn't a separate rubygems package in 14.04

10 years agoThe portmap service is now rpcbind
Tom Hughes [Sun, 26 Oct 2014 11:25:12 +0000 (11:25 +0000)]
The portmap service is now rpcbind

10 years agoUpdate chef server version mapping
Tom Hughes [Sun, 26 Oct 2014 11:20:58 +0000 (11:20 +0000)]
Update chef server version mapping

10 years agoProxy chef to http for now
Tom Hughes [Sun, 26 Oct 2014 11:17:49 +0000 (11:17 +0000)]
Proxy chef to http for now

10 years agoUpdate planet to use apache 2.4 permissions
Tom Hughes [Sun, 26 Oct 2014 11:14:11 +0000 (11:14 +0000)]
Update planet to use apache 2.4 permissions

10 years agoRewriteLock is not needed in apache 2.4
Tom Hughes [Sun, 26 Oct 2014 11:10:38 +0000 (11:10 +0000)]
RewriteLock is not needed in apache 2.4

10 years agoOnly allow external SMTP connections on the mail server
Tom Hughes [Fri, 24 Oct 2014 16:48:39 +0000 (17:48 +0100)]
Only allow external SMTP connections on the mail server

10 years agoOnly add a domein to relay_to_domains if we are really relaying to it
Tom Hughes [Fri, 24 Oct 2014 16:44:02 +0000 (17:44 +0100)]
Only add a domein to relay_to_domains if we are really relaying to it

10 years agoUpdate piwik to 2.8.3
Tom Hughes [Thu, 23 Oct 2014 21:56:39 +0000 (22:56 +0100)]
Update piwik to 2.8.3

10 years agoBring piwik installation/upgrade under chef control
Tom Hughes [Thu, 23 Oct 2014 21:50:14 +0000 (22:50 +0100)]
Bring piwik installation/upgrade under chef control

10 years agoDisable SSLv3
Tom Hughes [Tue, 21 Oct 2014 09:23:11 +0000 (10:23 +0100)]
Disable SSLv3

10 years agoDisable setting of Access-Control-Allow-Origin by taginfo
Tom Hughes [Mon, 20 Oct 2014 18:14:30 +0000 (19:14 +0100)]
Disable setting of Access-Control-Allow-Origin by taginfo

10 years agoAdd #osm-ar, #osm-bw, #osm-cz, #osm-pt & #osm-ht to irc list
Grant Slater [Sat, 18 Oct 2014 20:01:52 +0000 (21:01 +0100)]
Add #osm-ar, #osm-bw, #osm-cz, #osm-pt & #osm-ht to irc list

10 years agodeactivate nominatim cron scripts on poldi
Sarah Hoffmann [Wed, 15 Oct 2014 21:19:40 +0000 (23:19 +0200)]
deactivate nominatim cron scripts on poldi

10 years agomatch complete URIs in nominatim's apache conf
Sarah Hoffmann [Tue, 14 Oct 2014 18:14:49 +0000 (20:14 +0200)]
match complete URIs in nominatim's apache conf

10 years agoapache ssl: faster timeout on slow OCSP responses
Grant Slater [Sat, 11 Oct 2014 18:47:36 +0000 (19:47 +0100)]
apache ssl: faster timeout on slow OCSP responses

10 years agoapache ssl: Do not pass OCSP stapling failures to client
Grant Slater [Sat, 11 Oct 2014 18:09:27 +0000 (19:09 +0100)]
apache ssl: Do not pass OCSP stapling failures to client

Do not pass OCSP stapling failures to client.
CA's OCSP servers occionally fail, propagating an error is undesireable and causes Firefox and other clients by default to reject the connection.

10 years agowiki: remove Lacking_proper_attribution from robots.txt
Grant Slater [Sat, 11 Oct 2014 16:50:08 +0000 (17:50 +0100)]
wiki: remove Lacking_proper_attribution from robots.txt

10 years agoMove mediawiki + wiki cookbook to public repo
Grant Slater [Sat, 11 Oct 2014 16:04:11 +0000 (17:04 +0100)]
Move mediawiki + wiki cookbook to public repo

10 years agoForce eth hwaddr on ouroboros before HW switch-out
Grant Slater [Sat, 11 Oct 2014 13:42:50 +0000 (14:42 +0100)]
Force eth hwaddr on ouroboros before HW switch-out

10 years agoget rid of multiviews and locationmatch to make apache 2,4 happy
Sarah Hoffmann [Tue, 7 Oct 2014 20:13:21 +0000 (22:13 +0200)]
get rid of multiviews and locationmatch to make apache 2,4 happy

10 years agoAdd #osm-latam
Tom Hughes [Mon, 6 Oct 2014 20:02:42 +0000 (21:02 +0100)]
Add #osm-latam

10 years agoUpdate carto stylesheet to v2.22.0
Tom Hughes [Mon, 6 Oct 2014 17:59:32 +0000 (18:59 +0100)]
Update carto stylesheet to v2.22.0

10 years agoInstall libwww-perl for the apache munin plugins
Tom Hughes [Mon, 6 Oct 2014 12:23:40 +0000 (13:23 +0100)]
Install libwww-perl for the apache munin plugins

10 years agoenable nominatim cron jobs on pummelzacken
Sarah Hoffmann [Mon, 6 Oct 2014 12:12:24 +0000 (14:12 +0200)]
enable nominatim cron jobs on pummelzacken

10 years agoForce Access-Control-Allow-Origin for taginfo api responses
Tom Hughes [Mon, 6 Oct 2014 08:54:35 +0000 (09:54 +0100)]
Force Access-Control-Allow-Origin for taginfo api responses

This is a horrid hack as a workaround pending a fix to the actual
bug in apache:

https://issues.apache.org/bugzilla/show_bug.cgi?id=56898

10 years agoFix permissions handling replies to OTRS messages
Tom Hughes [Thu, 2 Oct 2014 21:44:51 +0000 (22:44 +0100)]
Fix permissions handling replies to OTRS messages

10 years agoConsider tiles not accessed in last 21 days for expiry
Tom Hughes [Mon, 29 Sep 2014 20:07:24 +0000 (21:07 +0100)]
Consider tiles not accessed in last 21 days for expiry

10 years agoRemove horntail and konqi roles
Tom Hughes [Mon, 29 Sep 2014 19:24:35 +0000 (20:24 +0100)]
Remove horntail and konqi roles

10 years agoUpdate carto stylesheet to v2.21.0
Tom Hughes [Sat, 27 Sep 2014 13:17:55 +0000 (14:17 +0100)]
Update carto stylesheet to v2.21.0

10 years agoEnable deletion of trac tickets
Tom Hughes [Mon, 22 Sep 2014 13:59:49 +0000 (14:59 +0100)]
Enable deletion of trac tickets

10 years agoUpdate chef client to 11.16.2-1
Tom Hughes [Fri, 19 Sep 2014 15:46:54 +0000 (16:46 +0100)]
Update chef client to 11.16.2-1

10 years agoUpdate taginfo 'about' text.
Jochen Topf [Fri, 19 Sep 2014 08:11:30 +0000 (10:11 +0200)]
Update taginfo 'about' text.

10 years agoAdd new 'projects' source to taginfo.
Jochen Topf [Thu, 18 Sep 2014 12:42:00 +0000 (14:42 +0200)]
Add new 'projects' source to taginfo.

10 years agoWP plugin XML Sitemap Generator now internally handles sitemap.xml
Grant Slater [Mon, 15 Sep 2014 21:33:30 +0000 (22:33 +0100)]
WP plugin XML Sitemap Generator now internally handles sitemap.xml

10 years agoUpdate chef client to 11.16.0-1
Tom Hughes [Sun, 14 Sep 2014 17:38:41 +0000 (18:38 +0100)]
Update chef client to 11.16.0-1

10 years agoput db back in normal mode on pummelzacken
Sarah Hoffmann [Thu, 11 Sep 2014 19:13:04 +0000 (21:13 +0200)]
put db back in normal mode on pummelzacken

10 years agoCorrect IPv6 prefix length for viserion
Tom Hughes [Thu, 11 Sep 2014 11:42:25 +0000 (12:42 +0100)]
Correct IPv6 prefix length for viserion

10 years agoUpdate IPv6 gateway for viserion
Tom Hughes [Thu, 11 Sep 2014 11:39:11 +0000 (12:39 +0100)]
Update IPv6 gateway for viserion

10 years agoFix IPv6 address for viserion
Tom Hughes [Thu, 11 Sep 2014 11:11:47 +0000 (12:11 +0100)]
Fix IPv6 address for viserion

10 years agoRemvoe tilecache role from viserion for now
Tom Hughes [Thu, 11 Sep 2014 10:48:26 +0000 (11:48 +0100)]
Remvoe tilecache role from viserion for now

10 years agoFix typo
Tom Hughes [Thu, 11 Sep 2014 10:38:17 +0000 (11:38 +0100)]
Fix typo

10 years agoAdd role for viserion
Tom Hughes [Thu, 11 Sep 2014 10:12:10 +0000 (11:12 +0100)]
Add role for viserion

10 years agoEnable OCSP stapling on 14.04 machines
Tom Hughes [Tue, 9 Sep 2014 21:38:28 +0000 (22:38 +0100)]
Enable OCSP stapling on 14.04 machines

10 years agoUpdate carto stylesheet to v2.20.1
Tom Hughes [Mon, 8 Sep 2014 21:26:08 +0000 (22:26 +0100)]
Update carto stylesheet to v2.20.1

10 years agoput pummelzacken in import mode
Sarah Hoffmann [Sat, 6 Sep 2014 19:57:08 +0000 (21:57 +0200)]
put pummelzacken in import mode

10 years agoUpdate carto stylesheet to v2.20.0
Tom Hughes [Sat, 6 Sep 2014 11:12:23 +0000 (12:12 +0100)]
Update carto stylesheet to v2.20.0

10 years agoRun spamassassin as debian-spamd
Tom Hughes [Sat, 6 Sep 2014 09:59:44 +0000 (10:59 +0100)]
Run spamassassin as debian-spamd

10 years agoIgnore bogus ipmi_temp warnings on G6 machines
Tom Hughes [Wed, 3 Sep 2014 12:56:00 +0000 (13:56 +0100)]
Ignore bogus ipmi_temp warnings on G6 machines

10 years agoIncrease parallelism of munin-update
Tom Hughes [Wed, 3 Sep 2014 12:37:31 +0000 (13:37 +0100)]
Increase parallelism of munin-update

10 years agoAdd munin monitoring of rrdcached
Tom Hughes [Tue, 2 Sep 2014 20:45:12 +0000 (21:45 +0100)]
Add munin monitoring of rrdcached

10 years agoUse rrdcached with munin
Tom Hughes [Tue, 2 Sep 2014 20:29:40 +0000 (21:29 +0100)]
Use rrdcached with munin

10 years agoUpdate munin to apache 2.4 style access controls
Tom Hughes [Tue, 2 Sep 2014 18:43:45 +0000 (19:43 +0100)]
Update munin to apache 2.4 style access controls

10 years agoUpdate piwik to apache 2.4 style access controls
Tom Hughes [Tue, 2 Sep 2014 08:20:46 +0000 (09:20 +0100)]
Update piwik to apache 2.4 style access controls

10 years agoExclude noreply.openstreetmap.org from alias expansion
Tom Hughes [Mon, 1 Sep 2014 09:21:17 +0000 (10:21 +0100)]
Exclude noreply.openstreetmap.org from alias expansion

10 years agoDon't allow SSL proxy connections to be reused
Tom Hughes [Fri, 29 Aug 2014 15:47:56 +0000 (16:47 +0100)]
Don't allow SSL proxy connections to be reused

If we allow reuse of SSL connections then we may sent a Host
header that doesn't match the name sent in SNI when the connection
was setup, and the backend will then reject it.

10 years agoRevert "Use http for all backend requests"
Tom Hughes [Fri, 29 Aug 2014 15:16:10 +0000 (16:16 +0100)]
Revert "Use http for all backend requests"

This reverts commit b7579691793f64a2cc7fd86930ed33ffcde88b98.

10 years agoRemove 12.04 support in web cookbook
Tom Hughes [Fri, 29 Aug 2014 14:46:31 +0000 (15:46 +0100)]
Remove 12.04 support in web cookbook

10 years agoUse http for all backend requests
Tom Hughes [Fri, 29 Aug 2014 14:38:07 +0000 (15:38 +0100)]
Use http for all backend requests

10 years agoAdd custom DH parameters our main certificate
Tom Hughes [Fri, 29 Aug 2014 14:32:30 +0000 (15:32 +0100)]
Add custom DH parameters our main certificate

Java before version 7 can't cope with DH parameters longer
than 1024 bits but Apache 2.4 bases the DH parameter length
on the certificate key length, which is 2048 bits.

http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh

10 years agoAdd some more apache 2.4 access rules
Tom Hughes [Fri, 29 Aug 2014 12:57:00 +0000 (13:57 +0100)]
Add some more apache 2.4 access rules

10 years agoEnable mod_lbmethod_byrequests for frontends running 14.04
Tom Hughes [Fri, 29 Aug 2014 12:11:18 +0000 (13:11 +0100)]
Enable mod_lbmethod_byrequests for frontends running 14.04

10 years agoEnable mod_lbmethod_bybusyness for frontends running 14.04
Tom Hughes [Fri, 29 Aug 2014 12:06:20 +0000 (13:06 +0100)]
Enable mod_lbmethod_bybusyness for frontends running 14.04

10 years agoUse mod_proxy_fcgi for the map call
Tom Hughes [Fri, 29 Aug 2014 08:34:55 +0000 (09:34 +0100)]
Use mod_proxy_fcgi for the map call

10 years agoFixes for building cgimap on 14.04 machines
Tom Hughes [Fri, 29 Aug 2014 08:24:08 +0000 (09:24 +0100)]
Fixes for building cgimap on 14.04 machines