5212a48d3b
puppet: Only install ipython on the app servers
...
I'd like to have this everywhere, but it has a bunch of X dependencies.
(imported from commit c0c4089909ab7b3a5b6f9620c19eb0435b72762c)
2012-12-05 14:12:36 -05:00
01b070a122
puppet: Install emacs without X support
...
(imported from commit b15e63613c6b6cf1815a8f5bb660bd8c8e80604c)
2012-12-05 14:12:36 -05:00
c34d39caf8
puppet: Separate out some packages needed only by the app servers
...
(imported from commit 447837f1d5f68d0bf160dec2a9a37fc1cb7e62d5)
2012-12-05 14:12:36 -05:00
d8b4cefccb
nagios: Remove AllowOverride AuthConfig
...
We don't use it.
(imported from commit 875148e24e0de2815737b6bc03eeb7f1cb8d770d)
2012-12-03 17:54:16 -05:00
2cf49c4ff2
nagios: Go straight to the service detail page
...
This bypasses the side navigation frame, but I think said frame currently
provides negative value.
(imported from commit b067d546e4a7fb95e7de2a35be7e7f947c7a0da1)
2012-12-03 17:54:16 -05:00
d435f29308
Add X-Frame-Options header on nagios, trac, wiki
...
Prevents clickjacking attacks.
(imported from commit 8b3872e607d8a4e714c280a3226465fde0d5a6ed)
2012-12-03 17:54:16 -05:00
7c495d7232
Move the nagios Apache authentication directives to a <Location> block
...
Following the trac Apache config.
(imported from commit 01e773f2361d85f45f190f6ade2510b84a2f88ee)
2012-12-03 17:54:15 -05:00
41319fe820
Rework the nagios Apache config as a proper vhost
...
This also adds HSTS. Based on the trac Apache config.
Fixes #435 .
Suggested viewing: git show -w
(imported from commit e7e9fe74687b88497ddb21f74febfc7fdf9b1979)
2012-12-03 17:54:15 -05:00
a9c16b38ce
Fix up whitespace in Apache configs
...
(imported from commit 605253abf9b029e18774f80979d23c60ffca034b)
2012-12-03 17:54:15 -05:00
922b44a1da
Add iptables config for zmirror.humbughq.com
...
For now we allow all UDP traffic. I'll look into doing something clever.
This isn't puppetized, either.
(imported from commit bdf53df87a5f6c8af6d950b25946b5ec8a4f910b)
2012-12-03 17:43:04 -05:00
ed0cb0a5f8
Puppetize nginx.conf
...
Fixes #201 .
(imported from commit 0feaff372d94009fa51dabf2bda55062826e2ed5)
2012-12-03 15:58:16 -05:00
4aa7615234
Nginx: Use $host instead of $server_name
...
The latter is just the first name in the 'server_name' directive.
The former uses the HTTP Host header, if provided.
This fixes the redirect
from http://zephyr.humbughq.com
to https://zephyr.humbughq.com
(imported from commit be47b05f4f055bb2d1d82aebbe155579f49c538d)
2012-11-30 17:12:42 -05:00
500a5e29c3
Nginx: Redirect unknown hostnames to https://humbughq.com
...
(imported from commit f6dd65c1db033d09f1df8f0a5972f067f3aeb80a)
2012-11-30 15:32:32 -05:00
ac18c533c8
Nginx: Serve the cert for zephyr.humbughq.com rather than app.humbughq.com
...
This will cause SSL errors for anyone still using the deprecated
app.humbughq.com name, which we concluded is (almost?) nobody.
(imported from commit 7f3c149a4064e7bdae8ec944f2bb8a482df6f90d)
2012-11-30 15:32:32 -05:00
2fcb9cfd49
Nginx: Make zephyr.humbughq.com an alias for humbughq.com
...
(imported from commit d23ef5aeed990a04f294b7dffe322b8d174c1f07)
2012-11-30 15:32:32 -05:00
0f20150a81
Nagios: move /var/lib/nagios/humbug-api to /usr/local/lib/humbug
...
(imported from commit ff3ff1e3cc54a4c556479e62e058002229143627)
2012-11-26 16:58:51 -05:00
d7b3afef6b
Send Nagios alerts to Humbug
...
Fixes #385 .
(imported from commit 7dac013debd6ccff031fc4da0dd7185e198b4498)
2012-11-26 14:42:55 -05:00
b609840e82
puppet: Install memcached on app servers
...
We use the default Debian configuration, which listens on localhost only.
(imported from commit efa8333c7fa423e71a99ec06b2b420cae36fddfb)
2012-11-26 11:59:48 -05:00
be27ec1ad4
nagios: Change zephyr mirror liveness check to only care about aggregate statistics.
...
Too many individual users occasionally don't update their mirrors,
causing us to be permanently alerting; we have sufficient user
notification at this point (plus Waseem keeping an eye on /activity)
that we don't need to alert on individual users.
We do, however, still care if something happens (say, Linerva going
down) that causes many users' mirrors to go down.
(imported from commit 392952c95739e183d4a711120e3a963671cec289)
2012-11-26 10:31:29 -05:00
75526a2c67
nagios: Drop ssh -o StrictHostKeyChecking=no
...
This is bad for security.
I've checked that all currently known hosts for nagios@nagios.humbughq.com
match one of our existing servers. When adding servers to nagios in the
future, it will be necessary to do an initial manual ssh from nagios@ and check
the host key fingerprint.
(imported from commit adfd1d29f03343d4be04e87c5e26a018f31e5194)
2012-11-26 00:25:15 -05:00
043f0d8e15
nagios: Use lowercase host aliases
...
(imported from commit c653d5948894e651a5040339e8cd6af50af712b3)
2012-11-26 00:25:15 -05:00
1939b55b5a
nagios: Remove wiki.humbughq.com
...
This is the same machine as git.humbughq.com.
(imported from commit 8aa9306668d672052aa38a2f4453cb0127ab5cc5)
2012-11-26 00:25:15 -05:00
f761643724
nagios: Monitor bots.humbughq.com
...
(imported from commit 83cb5cc3c3c4bf54e1339d877bd60cd05586783b)
2012-11-26 00:25:15 -05:00
f8a065ed2c
nagios: Remove dev.humbughq.com
...
This is an alias for staging.humbughq.com.
(imported from commit b2d2777e57773052dd59b3f5c067e23eafb60681)
2012-11-26 00:25:15 -05:00
b9c8f4a770
nagios: Enable ssh-based checks on all machines
...
(imported from commit 3905ad03cc2ed5dec6f8eb6b20d4b4f0896f164c)
2012-11-26 00:25:14 -05:00
25916d9ce5
nagios: Check Debian update availability
...
(imported from commit 59da03c409281b6b2f5cf3612e5f7bd0caa76226)
2012-11-26 00:25:14 -05:00
4b1a2e8a8a
Install nagios-plugins-basic on every machine
...
We need this for check_debian_packages.
(imported from commit 588dfbe7d5b69acfd1db7fcf4060b64ec5151c2d)
2012-11-26 00:25:14 -05:00
5836462cb4
Import check_debian_packages Nagios plugin
...
From http://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/check-debian-packages/details
(imported from commit 6304a2aa315a91fd48e9ad79fcdb584ba8a2ccb4)
2012-11-26 00:25:14 -05:00
685deba16b
Puppetize APT::Periodic config
...
(imported from commit 2ccdeb4f9c8173a83c7014987977304187651f67)
2012-11-26 00:25:14 -05:00
8dd1f1efc0
Puppetize iptables config
...
(imported from commit aa58d06255aaf5a2979a7fcc4e0746c1ac2d91a7)
2012-11-19 11:06:33 -05:00
905f2d3235
nagios: add monitoring for the liveness of our users' zephyr mirrors.
...
Using the check_user_zephyr_mirror_liveness plugin.
(imported from commit c17e112fe8696fab583a0dbc228ea9fb6e6988b0)
2012-11-16 11:36:33 -05:00
5498557b4b
nagios: add monitoring for Zephyr mirroring.
...
Using the check_zephyr_mirror plugin.
(imported from commit 8ef5d4870c3a2ec547729c191de838504cea1d3d)
2012-11-16 11:36:16 -05:00
b86ddf4ddc
nagios: add a check_user_zephyr_mirror_liveness plugin.
...
It will alert when our users' mirrors don't appear to be running, as
assessed by having recently made a get_message API request.
(imported from commit 4b8c5f51b007568a90a92f7b095c51f3566d5117)
2012-11-16 11:28:37 -05:00
fcf5eb8f1f
nagios: add a check_zephyr_mirror plugin.
...
It checks the output of api/bots/check-mirroring and alerts if we
aren't able to send and receive mirrored Zephyrs.
(imported from commit 6c9abc380fca955d00462f829fa7dcadfef24221)
2012-11-16 11:28:28 -05:00
a0aa1b31c8
nagios: Add remote disk and load checks.
...
(imported from commit 1f0a1f5540212357ac2ed0c8d50fb2291a1812ed)
2012-11-16 11:25:22 -05:00
5ec66f467b
nagios: add basic monitoring for new servers, and a hostgroup for SSH-based checks.
...
(imported from commit 7e5ad2bb024eb935bf6640a894cad762e45c0ab0)
2012-11-16 11:25:14 -05:00
010f15c66e
nagios: add a test contact and contact group for testing new alerts.
...
(imported from commit 9cc1ef2b7af6c84bfd87dc38c6a558ea3b36d267)
2012-11-16 11:24:46 -05:00
609ff161a1
nagios: send the full multi-line alert data in Nagios e-mails.
...
(imported from commit c906bd2b6a2a1e0f009e4743a0f7b1968f371919)
2012-11-16 11:24:45 -05:00
a4289e6553
Install the 'host' command on our servers.
...
(imported from commit 21171e553cf6974cd19170c47a79e3e7389b5534)
2012-11-14 16:57:21 -05:00
35171b9d3e
Tweak gitit config
...
The "signup code" was left over from a very early era. We now use HTTP auth
and there's no way to register an account within Gitit at all.
(imported from commit 20f1e10de1fd978d0045c2fed2254e37ab6f7b6c)
2012-11-07 17:46:46 -05:00
b9452b5644
apache/ports.conf: Document which part is custom
...
(imported from commit b25c4ce8847509ce07d98e1caee402aa33369c4d)
2012-11-07 17:46:46 -05:00
adab0c1880
Add staging/dev certs to puppet configuration.
...
(imported from commit 1415d909a4619adecc3b43ad0b7817f473bc2a73)
2012-11-06 16:59:28 -05:00
0c25a091d2
Install ntp on all our servers.
...
(imported from commit 59cb9ef4350a8ec9a528623fb3247e7ba6c15405)
2012-11-06 14:19:14 -05:00
4a3bf99fa0
Add staging server nginx configuration.
...
(imported from commit 560621e48098925d526c7a29681dc03c4508a878)
2012-11-06 14:12:18 -05:00
7d35c3135b
Puppet: Update default classes for building new server.
...
(imported from commit 7283498779108992456c98d3d18b01751ccbb5b6)
2012-11-02 10:50:59 -04:00
c0b75ed93a
Add Nagios config files to git.
...
(imported from commit 5d6ba166cf35afdd76ca4f2cfc8a13988cfdeaea)
2012-11-01 10:47:50 -04:00
545476c6a4
Puppet: Don't install sudo
...
We're no longer using it, and fewer setuid programs is better.
Fixes #225 .
(imported from commit 68b06bb8afedc0854d96ad072b5de718832932ed)
2012-10-30 12:30:18 -04:00
f0c2421f00
Customize the 404 error page Nginx serves for missing static content
...
(imported from commit 70fc821f9ae29b8a902c48ce57e39273c90f57ff)
2012-10-30 11:00:10 -04:00
85ead77956
Splitting SSL out didn't fix the dependency problems.
...
(imported from commit 14515ea1abecb6212842a4a5cba90eb705f65755)
2012-10-29 13:19:41 -04:00
e6f196f372
Move certs .gitignore to where the certs are now.
...
(imported from commit c1a92978a7d835cb3d3eec5647ef7aa4f4f73b35)
2012-10-29 13:19:41 -04:00
0f211673ac
Puppet: Add missing packages python-flup
...
Needed for Django runfcgi.
(imported from commit cfd1f20a2f7a08c21e8ab3b321c2928a28319a54)
2012-10-27 12:11:22 -04:00
d71b9594fe
Configure nginx for the new server
...
(imported from commit d073276912ea844e75fd710689f152fd7a2213c7)
2012-10-27 11:38:15 -04:00
92b10e3bc2
settings.py: Change deployed check
...
This is security-critical so we have two checks.
(imported from commit adaa1cefe2d08526cdaac2fb0d8cc02773390224)
2012-10-27 11:18:51 -04:00
cbdbc12ab0
Remove config for Apache as app frontend
...
(imported from commit ae4072bdf59cdfccec76eeee7fd3b99a899eaa19)
2012-10-27 10:56:14 -04:00
fdba3addc8
Update puppet configuration to be slightly more accurate.
...
This still needs a lot of work though.
(imported from commit 4472488c399f7c5b96bcf900b1a5e957625cb450)
2012-10-26 14:58:05 -04:00
8c20bafb98
Add Nagios configuration to puppet.
...
(imported from commit 34c09661e63b31bd177b9704b69a0d8d0d644de7)
2012-10-26 14:15:27 -04:00
f8540dcdae
Wrap some other extremely long lines
...
(imported from commit e7d55f318c8865ca953bf4520d1b07f7e84a4aeb)
2012-10-25 15:22:18 -04:00
2f5e7ba1ad
Properly format wiki code highlighting CSS
...
(imported from commit 216ff55aa55847fa61a32a1d87737de273c21ae4)
2012-10-25 15:22:18 -04:00
811604021e
puppet: Install requests module on servers.
...
(imported from commit 2aa2e5740065e9e46020cca0d22854e57e81a407)
2012-10-24 16:24:02 -04:00
7be626ff2f
Run trac on top of Apache rather than the standalone server.
...
(imported from commit 2e9ee69a6f36b4c145d83abdf975bbe5d7ec1c7d)
2012-10-23 15:58:02 -04:00
c5f262987f
Add apache2 site configuration for trac.
...
(imported from commit 81d173070a449168d6d8e08a557134dbda66f2bb)
2012-10-23 14:52:04 -04:00
7079efba8d
puppet: Make humbug's authorized_keys file owned by humbug.
...
(imported from commit 4237203722d7782cb5c479e408966494bc703149)
2012-10-23 14:52:04 -04:00
7a56448a35
Move humbug-self-signed.key to new certs directory.
...
(imported from commit ed8ff32739e21cca3d6173e19bb425da8a3a18ea)
2012-10-23 14:52:04 -04:00
9ed02e220c
puppet: Disable creating new servers as wiki/frontend for now.
...
(imported from commit 20250365a3d82479d5dd33ecb0ee9b5c3db68029)
2012-10-23 13:32:34 -04:00
9ff633ccfe
Add nginx config
...
This is not yet hooked up to Puppet.
(imported from commit 1d0368285a5a9ef5a4af0651001db4930cf77578)
2012-10-22 18:00:37 -04:00
0dcc7c2914
puppet: Remove humbug from sudoers
...
(imported from commit cdc8aafdcbfafe5fe97a18dfd32b5a7f15a77102)
2012-10-15 14:56:12 -04:00
45273643ec
Move humbug-self-signed.crt into a common directory
...
(imported from commit 0c914b87c06be7cd7b370d8d0f38efc9f1aaf57f)
2012-10-15 13:29:47 -04:00
b040615cbe
Move our server configuration into puppet.
...
(imported from commit fb1c096b46f23c56f2e08952cbbcc99b34ae0586)
2012-09-20 17:00:24 -04:00
1d36bbecef
puppet-apt: Make priorities configurable.
...
(imported from commit 82ca93e510ec07251fed4c32bc0165c6e9187d6b)
2012-09-20 17:00:24 -04:00
d757b630bf
Import puppet-common from https://github.com/camptocamp/puppet-common.git
...
(imported from commit bb3ccac0dd0cc5688be0f1487092cbe34b107002)
2012-09-20 17:00:24 -04:00
5a4a5b0fc0
Import puppet-apt from https://github.com/camptocamp/puppet-apt.git .
...
(imported from commit 4940c1479b518971e1f3513315b046a571323604)
2012-09-20 17:00:24 -04:00
Keegan McAllister
Jessica McKellar
Tim Abbott