This reverts commit c25e91f496.
This script parses the Apache logs and writes out a local count of the
404 data to files.openstack.org, and then exports it via
files.openstack.org.
As part of the spec [1] we're trying to remove publishing from local
volumes, in general.
Since this is not widely used, there is only one link to it, it's not
discoverable from the landing page of files.openstack.org (which just
shows the afs directory listing), it has a very long latency making it
not that useful for debugging and grepping the logs there have been no
accesses in the past 2 weeks (as far back as logs go) I propose we
remove it.
If we want to retain this, we should publish the output alongside the
docs AFS volume. That could certainly be done by distributing the
docs keytab to the host and having it write out in a similar cron job.
Another option could be to setup a keypair for remote login and keep
that as a secret in Zuul, and do the same from a periodic job
(complicated by apache logs being root only, so needs some sudo magic
or similar). Or, we could figure out an altogether better, privacy
respecting client analytics solution.
[1] https://docs.opendev.org/opendev/infra-specs/latest/specs/retire-static.html
Depends-On: https://review.opendev.org/709036
Change-Id: Iccf24a72cf82592bae8c699f9f857aa54fc74f10
We were setting the cert file contents to the paths rather than updating
the paths to point at the new LE certs. Fix this by setting the _file
vars which update the path.
This includes a partial revert of the previous change to not switch
git.zuul-ci.org over to LE as we haven't provisioned an LE cert for it
yet.
Change-Id: I41c2aa1d03afba4ebf6378e9abf8276154666df7
This switches the zuul-ci.org/zuulci.org vhost to use newly issued
letsencrypt certs. It also does the same for git.zuul-ci.org, which
is a different vhost. Since that vhost is tied into a configuration
which can't accept cert file paths (only content), adjust it to use
the newer "website" manifest pattern which can.
Change-Id: I0cd0407754466327147917390c578da336e61269
As part of the move to Gitea, we're creating compatibility redirects
from our old Cgit and Git HTTP backend sites to opendev.org. This
introduces Apache vhosts for each of git.airshipit.org,
git.openstack.org, git.starlingx.io and git.zuul-ci.org which all
serve the same docroot on the files.openstack.org server. This
docroot houses a single .htaccess file with the relevant redirect
rules.
Change-Id: I729fe39bcbe0a0cae237e9036ed8fa980f897e68
Co-Authored-By: James E. Blair <jeblair@redhat.com>
Task: #29705
Used content but should've used source parameter instead. Currently we
have a file whose contents are the path to the puppet source...
Change-Id: I753d6d59022a04be5c7d6a07987899acc1626172
This generates a list of 404s by count for docs.openstack.org.
This simple list will be hosted at https://files.openstack.org/docs-404s
and can be used by projects to update their rewrite rules to properly
redirect old urls to current urls.
Change-Id: Ic4c184b59eab3e5c6080452f8526a26892abe52e
This patch allows puppet to handle configuration of the mpm_worker
apache mod. The config file added here is copied from an Ubuntu Trusty
apache package with the value of MaxRequestWorkers changed from 150 to
400. I reason that this is a reasonable number based on the
MaxRequestWorkers documentation claiming the default is 400 for
mpm_worker[1]:
For threaded and hybrid servers (e.g. event or worker)
MaxRequestWorkers restricts the total number of threads that will be
available to serve clients. For hybrid MPMs the default value is 16
(ServerLimit) multiplied by the value of 25 (ThreadsPerChild).
Therefore, to increase MaxRequestWorkers to a value that requires
more than 16 processes, you must also raise ServerLimit.
If 400 is too few, we can increase it but we must also increase
ServerLimit, which requires not just an apache restart but a full stop
and start[2]:
Any attempts to change this directive during a restart will be ignored
[1] https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
[2] https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit
Change-Id: Iab0012e02506f5b7212fe273cfe673f95279d440
This is a follow-on from I064b81076bcfcb200e0990627fc1aa0be8bbf058
We see the same issues with "scoreboard is full" and segfaults/dropped
connections on this host. It's a semi-frequent issue in
logs.o.o seems to be working fine with this, so switch here too. We
can reconsider in Xenial timeframe when we've got a later apache.
Change-Id: I05f1b1731cb6358e2e37574a90692ffe91f07ad3
Add X.509 certificates, certificate chains and private keys for
https://developer.openstack.org/ and https://docs.openstack.org/
separately using SNI (as the list grows we can consider condensing
these into a single cert using ServerAltNames later).
Change-Id: Ia365be3363b611e5ee3b6dceb38ec311456466ec
Remove the aliases, we do not need them anymore.
Note to reviewers: An infra-root needs to remove the DNS entry for
developer-beta and docs-beta as well.
Change-Id: I429248ad270ed16ac9fc68ca2cc6e36e46d68192
Add new website for AFS based developer.openstack.org. Also, add
developer-beta.o.o as alias for now.
This reuses the docs.vhost.erb, it should be parmeterized properly and
there's no need for any different setup.
Change-Id: I43ea64b91d6e8a2a71ce1feccf2ff0a5f379e9c4
To check the current status of our AFS publishing, we need to preview
the site.
Use docs-beta.openstack.org for this, create a server alias.
Change-Id: I796df29d0851e0a9563b415de84462070b00b8d4
Now that we are publishing docs to AFS, add a new vhost for apache.
Change-Id: I8bc1bfefc5190f3c607905bbdc91c1cf2e47c83b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Ian Wienand