This is our semi regular python base image rebuild. This ensures we're
running relatively up to date python builds as well as base system
packages (though many of our image builds update the base system too).
Change-Id: Ice918219a64bd5845de9dc3330bf292261c6a80e
We're noticing that mailman's uwsgi queue is filling up. Before we try
to extend the queue apply our user agent filter to apache to reduce the
number of requests that hit the queue in the first place.
Change-Id: Ib821a7fffa6239a9affcc4c6698eef2dc9378cd1
We've noticed that our uwsgi queues are filling up and a lot of requests
are being made to robots.txt which ends up 500/503 erroring. Add a
robots.txt file which allows crawling of our lists and archives with a
delay value in hopes this will cause bots to cache results and not fill
up the queue with repetetive requests.
Change-Id: I660d8d43f6b2d96663212d93ec48e67d86e9e761
Gitea wants us to move the robots.txt file to a new location. It
currently logs a warning about it:
2024/04/17 19:30:56 cmd/web.go:191:serveInstalled() [E] Found legacy public
asset "robots.txt" in CustomPath. Please move it to
/custom/public/robots.txt
Change-Id: Ic4a7f3bbe4633972e0409b37b511fdb03f968442
Crawlers that ignore our robots.txt are triggering archive creation
so rapidly our rootfs fills up between weekly purges, so doing it
once a day should hopefully mitigate further problems.
Change-Id: Ib4e56fbd666f7bf93c017739697d8443d527b8c7
This is a bugfix update upgrade from v1.21.10 to v1.21.11. None of the
templates we override have been changed between these two versions
according to git diff.
A full changelog can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.11/CHANGELOG.md
Change-Id: I4d3648e311fe87b275856f2d73aca4a79c2c5507
This updates our production 3.8 image to the latest bugfix release and
our future upgrade image to 3.9.4. Importantly this addresses problems
with reindexing in 3.9 which will allow us to start upgrade testing in
earnest.
Change-Id: I21f692121665d5630b68c17901b80fc3102ea280
Adding the information about which host we were checking for certcheck
did help in debugging. It pointed out that a specific host was at fault
(nb02 in this case though it could change over time) and further
investigation of this host showed acme.sh was not running there at all
due to earlier failures. Rather than the playbook ending at that point
it continued to run until building the certcheck list and then had a
fatal error leading to the confusion.
Add a breadcrumb comment to the Ansible role to help point this behavior
out in the future.
Change-Id: Ib607665d75eb666d19c8508346eb217783b98eb5
Ansible Galaxy appears to be served behind cloudflare and is currently
throwing 504 errors waiting for the backend to respond on /api/
requests. Since we know this is already not working and this is
preventing other changes from landing lets just go ahead and completely
disable the testing of this proxy.
We can always add the test back if and when effort is made to proxy the
new version of galaxy's api.
Change-Id: Iad35fc19ce4f8bb8ec3c57eb995b44fc5e61a06c
We don't need the Mailman 2 service deployment playbook, as we're no
longer running it. This was simply overlooked in the earlier mass
cleanup change, and even refers to a no longer existing role.
Change-Id: I7e65fdf9e81858f780bef8dce15ef88823345be8
We are currently running MariaDB 10.6 for Mailman. We use the
MARIADB_AUTO_UPGRADE flag to automatically upgrade the mariadb
install to 10.11 when switching the image version over to 10.11.
This was successfully performed against several other services
already.
Change-Id: I675753df142d635eca60c15728ece2870b406134
This increases the innodb buffer pool size from the default of
128M to 4G. Some increase is necessary for creating large indexes,
but probably not this much. Having a large pool allows for
significant performance improvement. To that end, allocate half of
our RAM to this.
https://mariadb.com/kb/en/innodb-buffer-pool/#innodb_buffer_pool_size
Change-Id: I0a20cb2e11edc88dac6a55191a05637e7634773f
This is some evidence these vhosts are impacted. Mitigate that with our
rules.
While we are at it we modify the ruleset to add a newly noticed item.
Change-Id: I8c20193e4e474898a0bdc395b25fd9de94469dd6
These docs had lived on the server in question in a text file as they
were sort of cobbled together from emails. Since then multiple renewals
have been successfully performed so we may as well add the process to
our actual documentation.
Change-Id: I13267ad08c1e4ef6007e5cbea040c274ea2f27d5
Gitea and OpenDev are playing a game of tag. Whenever we bump our
deployment up to the lastest version they release a new version the next
day. That means there is now a v1.21.10 available shortly after updating
to v1.21.9.
Again this appears to be a fairly straight forward bug fix release.
There are no diffs in the templates we override between 1.21.9 and
1.21.10. Full release notes can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.10/CHANGELOG.md
Change-Id: I7491d18b14100ca6457d42994a45de1e70de8758
Almost immediately after we upgraded to 1.21.8 a new 1.21.9 release
became available. Again this appears to largely be a bugfix release with
no super important changes for us. However, there are performance
improvements which are always nice to see. The template files that we
override have not changed between 1.21.8 and 1.21.9.
Full change log can be found here:
https://github.com/go-gitea/gitea/blob/v1.21.9/CHANGELOG.md
Change-Id: Ica763081203d9be44c9de0923a261afa820c891b
Zuul