This allows us to in particular reschedule a Nagios check to run
immediately, which I've in the past found super useful when trying to
figure out whether we actually fixed a problem.
Unfortunately, Nagios config sucks and there's no easy way to create a
group containing all of us as people able to issue commands; you have
to list them in like 8 different places.
(imported from commit 2c1e53330eff1e47e09d0b1917136f101d64e86a)
This fixes trac #670, and also adds the "-u humbug" parameter on the
other check_procs run, since that is a good practice move to help
avoid the check counting its parent process as one of the matches.
(imported from commit 43ae9b4863ba67579a21c86a910b73019f85a538)
This will help us avoid making things accidentally pageable.
Also, explicitly set contact_groups for all our services, to help
encourage making explicit decisions about which new items are
pageable.
(imported from commit 740c6550d4a7091e58681435eeb7aaabf98df75c)
Manual deployment steps: The same Nginx reload as for "Get rid of the
static-access-control mechanism". If deploying both commits at once,
just do it once.
(imported from commit dd8dbbf14b95fce0a4b6f66f462fa0a6b50bfb8c)
We will minify our code, rather than trying to restrict who can see the
un-minified code. Removing access control first simplifies things.
Manual deployment steps:
scp servers/puppet/files/nginx/humbug-include/app root@staging.humbughq.com:/etc/nginx/humbug-include/
ssh root@staging.humbughq.com service nginx reload
and then the same for app.humbughq.com once deployed to prod.
(imported from commit 63788aa3fa7ba5fd97fcf85b05760abb5e7cae4b)
We'll still need a conversion script, but it should be easy.
pgFouine requires a log prefix of '%t [%p]: [%l-1] '. We instead use
'%m [%c]: [%l-1] ' which contains strictly more data. Specifically,
"%m" is "%t" (time) but with milliseconds and "%c" is "%p" (pid) but
with the process start time.
(imported from commit a0bb583b563bdea0ca19b8b21677df0b9a18092a)
This will ensure that we always get state change alerts, even when the
service is changing states frequently.
(imported from commit 57fa5a941dd1a6042eb782dbac2fed0e4cb934ba)
This bypasses the side navigation frame, but I think said frame currently
provides negative value.
(imported from commit b067d546e4a7fb95e7de2a35be7e7f947c7a0da1)
This also adds HSTS. Based on the trac Apache config.
Fixes#435.
Suggested viewing: git show -w
(imported from commit e7e9fe74687b88497ddb21f74febfc7fdf9b1979)
For now we allow all UDP traffic. I'll look into doing something clever.
This isn't puppetized, either.
(imported from commit bdf53df87a5f6c8af6d950b25946b5ec8a4f910b)
The latter is just the first name in the 'server_name' directive.
The former uses the HTTP Host header, if provided.
This fixes the redirect
from http://zephyr.humbughq.com
to https://zephyr.humbughq.com
(imported from commit be47b05f4f055bb2d1d82aebbe155579f49c538d)
This will cause SSL errors for anyone still using the deprecated
app.humbughq.com name, which we concluded is (almost?) nobody.
(imported from commit 7f3c149a4064e7bdae8ec944f2bb8a482df6f90d)
Too many individual users occasionally don't update their mirrors,
causing us to be permanently alerting; we have sufficient user
notification at this point (plus Waseem keeping an eye on /activity)
that we don't need to alert on individual users.
We do, however, still care if something happens (say, Linerva going
down) that causes many users' mirrors to go down.
(imported from commit 392952c95739e183d4a711120e3a963671cec289)
This is bad for security.
I've checked that all currently known hosts for nagios@nagios.humbughq.com
match one of our existing servers. When adding servers to nagios in the
future, it will be necessary to do an initial manual ssh from nagios@ and check
the host key fingerprint.
(imported from commit adfd1d29f03343d4be04e87c5e26a018f31e5194)
Tim Abbott
Keegan McAllister
Leo Franchi
Jessica McKellar
Zev Benjamin
Luke O'Malley
Luke Faraone