I, JP, will help to identify the spam attack vectors, so this access
will allow me to directly edit the config file, adjust, add plugins and tail the log files to
determine what method to use to stop the spam which will then be rolled back
and submitted as an official patch.
Change-Id: Ieadd8e0e36ecd9f32bb29b5cb850968ab8cc9ae1
Here we are updating our defaults to have hiera store our question /
answers for mediawiki captcha.
Change-Id: Iff0c326401ed9a4c3b40f8d43826603e599dc4a4
Depends-On: I102ff6991831901c578dab4107b0c23245da9d4b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This should be a noop change, we are just moving the settings into
puppet.
Change-Id: Ic533a5fb125125e9791c40312318be79cbbe4826
Depends-On: I1ad6da353c25aed8976806f00cc39d6c3c93e7ae
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This patch upgrades the mysql module version as well as upgrading the
usage of that module in openstack_project. This includes:
- upgrading the syntax to set the root password
- no longer setting bind_address anywhere since it defaults to 127.0.0.1
- upgrading the syntax to set the default storage engine using the new
override_options param
- upgrading the database and database_grant puppet resources to use the
mysql_database and mysql_grant types. These types were renamed and
are now more strict about how the title should look and what
parameters need to be specified rather than inferred from the title.
There is also no longer any reason to specify the 'mysql' provider
since they gave up on the generic database provider idea.
Changes to the system that we can expect:
- /etc/mysql/my.cnf will have its parameters reordered. The key_buffer
config parameter was renamed to key_buffer_size and the log_error
parameter was renamed to log-error. Default values haven't changed.
- The change in /etc/mysql/my.conf will trigger a mysql restart
- /root/.my.cnf now adds single quotes around the password value. This
won't change how mysql or the module reads the value, but puppet
will report the file as having changed.
This patch should not be merged until a downtime is prepared for the
paste and wiki services.
Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854
Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
The subversion module was a trivial module, so rather than split
it out, just remove the indirection and have the wiki class
install the subversion package.
Change-Id: Ida58a545aba32bb6df65af677f4b4b93c0152851
Didn't seem worth it to try to split this small of a module out.
I could be happy moving it into an openstack_project::openssl
class.
Change-Id: I36a27c5cddd2c4cbdd95cdcc015e54780fd441ae
* modules/openstack_project/manifests/wiki.pp: The latest mediawiki
cirrus extension uses groovy instead of mvel, so we need to be
running a 1.3.x release of elasticsearch on wiki.openstack.org to
support groovy.
Change-Id: I7f543ab217d5a16aab7d5cba654ef0d80b16d9e3
wiki.o.o is much smaller than our typical elasticsearch nodes. For it to
use elasticsearch it needs to allocate a much smaller heap. Make the
heap size configurable (keep the 16g default) and set the heap size to
1g for wiki.o.o.
Change-Id: I0c5fb4865eb07c0fa5bbe4cf698a9f0e9ea9f2fc
openstack_project::elasticsearch exists, so the scoping for this
is incorrect. We want to find the module instead.
Change-Id: I29b28af957f6aadc779c61fb0360bce98e64cb9b
elasticsearch is needed for the CirrusSearch MediaWiki extension,
which would be a much nicer search than the default database
search currently being done.
Change-Id: I2e014ff6713c9ed797bece482ea4460cbffb1300
Puppetlabs-mysql 0.6.1 correctly removes the local ::1 root user in the
account_security manifest. Upgrade to this version to take advantage of
that. Do not upgrade to latest version (0.9.0) to minimize delta that
needs testing.
Change-Id: Ic8265733f1159f34ae0afcccdea4c7d8cd44e3cb
The version of puppetlabs-mysql that we use does not remove the local
::1 root user from the mysqld. Explicitly remove this user.
Change-Id: I626fcc77c75a29d3f3cab57217b714e68a30b468
* modules/openstack_project/manifests/review_dev.pp: Remove
mysql_backup, gerrit.pp will do this for review_dev now.
* modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in
central Gerrit manifest. This will backup MySQL locally for review and
review-dev.
* modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB
locally wth the mysql_backup module.
These changes make it possible to do offsite DB backups with bup by
first backing up the databases locally.
Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
Change-Id: Ia0ec8657aedc4bafda396255b011382382d7287c
Reviewed-on: https://review.openstack.org/19827
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
It's ideal for the image location in mediawiki to be outside of
its path. This allows you to have multiple copies of the software
while having the uploads in a shared spot.
Change-Id: Iae0ac3e13213353d6f101c62f5e150cf844b5694
Reviewed-on: https://review.openstack.org/17575
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I6c6ad0ddd000e3f140cb08faef7dce2cb9ae7079
Reviewed-on: https://review.openstack.org/18349
Reviewed-by: Ryan Lane
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Now with extra unwrap!
Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins