Moving Ask Fedora to Staging
by Rahul Sundaram
Hi
We have been running Ask Fedora in the devel instance for a while now
and updated several times as upstream fixed bugs and responded to
feature requests
http://ask01.dev.fedoraproject.org/questions/
We have a custom CSS file thanks to Suchakra and with the help of PJP
(co-sysadmin, cc'ed), we have configured it to run with Apache. I
haven't setup Postfix or memcached yet on the devel instance but atleast
Postfix has been tested locally. We will have to think about whether we
should be running our own instances or hook into the existing
infrastructure.
A SOP has been written as well
https://fedoraproject.org/wiki/Ask_Fedora_SOP
We will add more details we go forward. As a side note, while I was
looking at memcached, ran into a alternative python binding (pylibmc)
for memcached which apparently performs much faster and is being used by
reddit. This has been packaged as well as the Django (django-pylibmc)
module for that. Details at
http://amix.dk/blog/post/19471
Let me know what I need to do to move Ask Fedora to Staging
Rahul
12 years, 8 months
Unplanned Proxy Outage: - 2011-08-19 16:30 UTC
by Toshio Kuratomi
Summary of Event
================
Tonight there was an unplanned outage of two proxy servers (proxy01 and
proxy02). The proxies were unresponsive and needed to be rebooted in order
to come back online. Proxy01 being down caused a cascade of other issues
that should have had very little end-user impact. As far as we know, the
applications on admin.fp.o would have been up but appeared very slow and the
wiki would have been up for reading but logging in would have failed.
Explanation to follow.
Proxy01 is the only proxy server that is used for app servers (web apps,
cronjobs, etc) in phx2 that need to talk to our web applications in phx2.
This was setup because the router that handles traffic into and out of phx2
does not allow us to "hairpin", send a request for data from phx2 to an
external ip address that then resolves back to a server in phx2. As
currently implemented, we have an /etc/hosts entry that points
admin.fedoraproject.org at the internal ip address of phx2.
When proxy01 went down, things in PHX2 that needed to talk to
admin.fedoraproject.org were no longer able to get the data they needed.
For the wiki, this meant that attempting to login during the outage would be
unable to verify the password in fas. For the TurboGears apps on
admin.fedoraproject.org the situation was worse. TG1 apps' identity
management depends on visit tracking to work. Visit tracking hits fas for
every request. This means that no page could be served for the TG1 apps
from the phx2 app servers.
We have two app servers that reside outside of phx2. Because of network
latency between these servers and the database server in phx2, these servers
are configured to be backups for the servers in phx2, not handling requests
unless phx2 is unable to. The remaining proxy servers detected that the app
servers within phx2 were down and properly switched over to app servers
outside of phx2 so there was no apparent outage for people trying to use
admin.fedoraproject.org, although response time would have been drastically
less.
Looking at the haproxy status page for proxy03 during the outage we noticed
that only one of the two app servers outside of phx2 (app05 at ibiblio) was
handling traffic. app06 (at telia) was not. We are not sure why this is.
One possibility is that telia's network latency is just too high so haproxy
decided that app06 was also down and did not pass traffic to it.
Action Items
============
There are some open questions to try to resolve:
* Why did proxy01 and proxy02 die? A brief look at the logs has not
revealed a cause for this.
* Why didn't app06 take up any of the slack when haproxy started passing
traffic to the backups?
We have identified one means of mitigating this in the future:
If we ran internal DNS for phx2 then we could have admin.fedoraproject.org
resolve to different proxy servers (using internal ip addresses for the
proxies inside of PHX2). This should remove the SPOF on proxy01. We have
not yet determined whether we'd need to run more proxy servers inside of
PHX2 or if hairpinning would not be an issue if we used proxy servers
outside of phx2.
-Toshio
12 years, 8 months
[PATCH] modify all the TG apps (except for bodhi since its logging config is different) to not dump the world to stdout.
by Seth Vidal
From: Seth Vidal <skvidal(a)fedoraproject.org>
---
modules/fas/files/fas-log.cfg | 2 +-
modules/fas/templates/fas.cfg.erb | 2 +-
.../fedora-packagedb/templates/pkgdb-prod.cfg.erb | 2 +-
.../templates/mirrormanager-prod.cfg.erb | 2 +-
modules/smolt/templates/prod.cfg.erb | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/modules/fas/files/fas-log.cfg b/modules/fas/files/fas-log.cfg
index 3f7843d..a1ed30c 100644
--- a/modules/fas/files/fas-log.cfg
+++ b/modules/fas/files/fas-log.cfg
@@ -19,7 +19,7 @@ formatter='full_content'
[[[access_out]]]
class='StreamHandler'
-level='INFO'
+level='WARN'
args='(sys.stdout,)'
formatter='message_only'
diff --git a/modules/fas/templates/fas.cfg.erb b/modules/fas/templates/fas.cfg.erb
index 5908fc4..48ab522 100644
--- a/modules/fas/templates/fas.cfg.erb
+++ b/modules/fas/templates/fas.cfg.erb
@@ -206,7 +206,7 @@ handlers=['debug_out']
#propagate=0
[[[identity]]]
-level='INFO'
+level='WARN'
qualname='turbogears.identity'
handlers=['access_out']
propagate=0
diff --git a/modules/fedora-packagedb/templates/pkgdb-prod.cfg.erb b/modules/fedora-packagedb/templates/pkgdb-prod.cfg.erb
index 4f28dce..ce4990a 100644
--- a/modules/fedora-packagedb/templates/pkgdb-prod.cfg.erb
+++ b/modules/fedora-packagedb/templates/pkgdb-prod.cfg.erb
@@ -133,7 +133,7 @@ formatter='full_content'
[[[access_out]]]
class='StreamHandler'
-level='INFO'
+level='WARN'
args='(sys.stdout,)'
formatter='message_only'
diff --git a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
index b4d18b9..39345fa 100644
--- a/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
+++ b/modules/mirrormanager/templates/mirrormanager-prod.cfg.erb
@@ -121,7 +121,7 @@ level='INFO'
handlers=['debug_out']
[[[access]]]
-level='INFO'
+level='WARN'
qualname='turbogears.access'
handlers=['access_out']
propagate=0
diff --git a/modules/smolt/templates/prod.cfg.erb b/modules/smolt/templates/prod.cfg.erb
index cc22b5a..0e10dbd 100644
--- a/modules/smolt/templates/prod.cfg.erb
+++ b/modules/smolt/templates/prod.cfg.erb
@@ -78,7 +78,7 @@ level='INFO'
handlers=['debug_out']
[[[access]]]
-level='INFO'
+level='WARN'
qualname='turbogears.access'
handlers=['access_out']
propagate=0
--
1.7.2.1
12 years, 8 months
[PATCH] change access_out to WARN from INFO - testing to quiet down apache error_log
by Seth Vidal
From: Seth Vidal <skvidal(a)fedoraproject.org>
---
modules/elections/templates/elections-prod.cfg.erb | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/modules/elections/templates/elections-prod.cfg.erb b/modules/elections/templates/elections-prod.cfg.erb
index e0f4ab9..6f92258 100644
--- a/modules/elections/templates/elections-prod.cfg.erb
+++ b/modules/elections/templates/elections-prod.cfg.erb
@@ -80,7 +80,7 @@ level='INFO'
handlers=['debug_out']
[[[access]]]
-level='INFO'
+level='WARN'
qualname='turbogears.access'
handlers=['access_out']
propagate=0
--
1.7.2.1
12 years, 8 months
Meeting Agenda Item: Introduction Mahrud
by Mahrud S
Hi
I'm Mahrud. irc username: mahrud.
*Skills:
*
I've learned working with these things while working on different projects
or digging my linux laptop: LinuxPAM, SELinux, chroot, squid, LDAP, git,
Wireless Cryptography & OpenSSL, Linux network/security administration,
monitoring and troubleshooting, embedded linux (OpenWRT on a WRT54GL), etc.
programming: native c/cpp and adv. bash, familiar with ruby, python, php,
javascript, a bit assembly, understand perl, hate Visual Studio and
specially VB.
Algorithmic programing and data structure (intended school classes).
*Projects:*
HelliJudge <http://hellicode.allamehelli.ir/git/> (an online judge system;
details<http://users.allamehelli.ir/%7Em_sayrafi/blog/2011/08/project-hellijudge/>),
OpenSchoolNetwork (a local system for Allamehelli HS (my previous high
school), it's goal is to find and train future admin of
server<http://allamehelli.ir/>of Allamehelli from students by giving
them a jailed ssh account on server.
It uses a central authentication system using LDAP for squid on the same
server and sshd on another server using the same ldap server)
*Hobbies:
*
Digging Linux! hack (but not crack)! Remote administrating Allamehelli's
network and server.
*Weaknesses:*
If there isn't any problem to solve, then I'll be so lazy and waste my time
on google reader! Back in Iran I were working on Allamehelli's server, but
now in US due to loss of physical access I'm unable to work with that server
(because in case of problem in ssh or auth, I'll have to wait about a day
for my friends to take is up again), and that's why I want to join you in
administrating the fedora infrastructure.
Still in high school (12th grade).
Hope you are not bored :)
I'm interested in working on
this<https://fedorahosted.org/fedora-infrastructure/ticket/230>or
this <https://fedorahosted.org/fedora-infrastructure/ticket/833>, but I'll
be glad to work on anything related to Linux (even if there is a
requirement, I'll learn it through the project, just like all of the above)
**--
Best wishes
Mahrud <http://users.allamehelli.ir/%7Em_sayrafi/>
12 years, 8 months
Activity
by Jesse N. Richardson
I've finally gotten my computer fixed everyone. Can someone please add me back to the team?
Sent from my iPod
On Aug 14, 2011, at 8:00 AM, infrastructure-request(a)lists.fedoraproject.org wrote:
> Send infrastructure mailing list submissions to
> infrastructure(a)lists.fedoraproject.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> or, via email, send a message with subject or body 'help' to
> infrastructure-request(a)lists.fedoraproject.org
>
> You can reach the person managing the list at
> infrastructure-owner(a)lists.fedoraproject.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of infrastructure digest..."
>
>
> Today's Topics:
>
> 1. Re: infrastructure Digest, Vol 63, Issue 17 (F?bio Falc?o)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 13 Aug 2011 23:06:33 +0100
> From: F?bio Falc?o <fawcao(a)gmail.com>
> Subject: Re: infrastructure Digest, Vol 63, Issue 17
> To: infrastructure(a)lists.fedoraproject.org
> Message-ID:
> <CAM4+sV0MPs77tWq_fcKsj6Dsjv5d+e9LZszHPhee0=qAHrHR4Q(a)mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi, i'm new here too.
>
> i working with systems development today, but always worked with
> infrastructure, specifically in clusters and grids. Currently I master's
> degree in computer engineering in Coimbra and my area of ??research is in
> the area of ??secure protocols.
>
> 2011/8/13 <infrastructure-request(a)lists.fedoraproject.org>
>
>> Send infrastructure mailing list submissions to
>> infrastructure(a)lists.fedoraproject.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>> or, via email, send a message with subject or body 'help' to
>> infrastructure-request(a)lists.fedoraproject.org
>>
>> You can reach the person managing the list at
>> infrastructure-owner(a)lists.fedoraproject.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of infrastructure digest..."
>>
>>
>> Today's Topics:
>>
>> 1. joining with the Fedora Infra team - Hello (Buddhika Kurera)
>> 2. Re: joining with the Fedora Infra team - Hello
>> (Stephen John Smoogen)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sat, 13 Aug 2011 07:28:25 +0530
>> From: Buddhika Kurera <bckurera(a)fedoraproject.org>
>> Subject: joining with the Fedora Infra team - Hello
>> To: Infrastructure Ffedora Project
>> <infrastructure(a)lists.fedoraproject.org>
>> Message-ID:
>> <CAMkiuStsQxX4790swwTajS6vwGX5jMC9oa3jKg4PNKrsmvwpSQ(a)mail.gmail.com
>>>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello Infra team,
>>
>> I am Buddhika Kurera[1] and working with Fedora Ambassadors and Design
>> teams
>> plus free media teams currently.
>>
>> I am interested in joining with the infrastructure team too. Therefore I ll
>> be keep in touch though the ML.
>> Further as I am new to this team please help me to understand the workings
>> with the teams.
>>
>> If any tickets, requests please share, I can give my helping hand.
>>
>> I am a good at PHP development and web related technologies. That is my
>> tech
>> background. See you soon.
>>
>> [1] fedoraproject.org/wiki/User:bckurera
>>
>> --
>> Regards,
>> *Buddhike Chandradeepa Kurera*
>> Fedora Ambassador Sri Lanka
>> Event Liaison - Design Team
>>
12 years, 8 months
Questions before requesting new mailing list
by James Laska
Greetings,
I'm about to submit a ticket requesting a new mailing list on
lists.fedoraproject.org. Before submitting, I'd like to ask a few
questions. The new list is really an existing list that will be
migrating to lists.fedoraproject.org. Because of this, the list has
existing members, and archives.
What is the procedure for migrating the existing subscriber list? I
gather that's something I'd setup after the list is created, but thought
I'd ask here first.
Also, is it at all possible to migrate the existing list archives to the
new lists.fedoraproject.org location? I suspect this would be fairly
painful, but again, can't hurt to ask. :)
Thanks,
James
12 years, 8 months
[PATCH 1/2] since we're running all of fasClients from cron now - comment out this run of fasClients from puppet.
by Seth Vidal
From: Seth Vidal <skvidal(a)fedoraproject.org>
I think but am not positive that it is causing this log error:
restorecond: set context /var/db/shadow.db->system_u:object_r:shadow_t:s0 failed:'Permission denied'
due to fasClient running from cron at the same time as from puppet.
---
modules/fas/manifests/init.pp | 9 ---------
1 files changed, 0 insertions(+), 9 deletions(-)
diff --git a/modules/fas/manifests/init.pp b/modules/fas/manifests/init.pp
index f1eb7ac..64676bb 100644
--- a/modules/fas/manifests/init.pp
+++ b/modules/fas/manifests/init.pp
@@ -66,15 +66,6 @@ class fas::client {
type => "user_home_dir_t",
}
- exec { "make-accounts":
- command => "/usr/bin/fasClient -e; /usr/bin/fasClient -i",
- timeout => 90,
- creates => "/var/db/shadow.db",
- require => [
- File["/etc/fas.conf"],
- Package["fas-clients"],
- ],
- }
}
# May want to merge this into fas::client in the future if we want yubikey
--
1.7.2.1
12 years, 8 months