Timeline


and

Jun 24, 2009:

1:54 PM Changeset [1208] by quentin
Add ImageMagick PHP extension
1:18 AM Ticket #25 (document LVS so as not to confuse users and their code) closed by mitchb
fixed: While it doesn't explain LVS in detail, almost none of our users …
12:57 AM Ticket #61 (get certs signed by a real CA) closed by mitchb
fixed: EQUIFAX FTW!!!!!!!ONE
12:53 AM Ticket #68 (Trying to make a cert-protected WordPress results in a redirection loop) closed by mitchb
worksforme: You can actually create a cert-protected WordPress? without hitting a …
12:48 AM Ticket #76 (Upgrade Joomla) closed by mitchb
fixed: It would seem that we have once again reached the end of time. I've …
12:40 AM Changeset [1207] by mitchb
Complete overhaul of Joomla autoinstaller for version 1.5.11

Jun 22, 2009:

4:09 PM Changeset [1206] by ezyang
More documentation updates.

Jun 20, 2009:

11:39 PM Changeset [1205] by ezyang
Improve install docs from not-backward install.

Jun 17, 2009:

2:34 AM Changeset [1204] by quentin
Don't allow users to DoS the finger server on syn
2:33 AM Changeset [1203] by quentin
Apparently, ipvsadm, sed, and awk need more than 1 meg to run :(
2:30 AM Changeset [1202] by quentin
Don't allow HTTP and finger clients to steal too much RAM
2:24 AM Changeset [1201] by quentin
Browsers won't let you send HTTP to the finger port... :(
2:20 AM Changeset [1200] by quentin
HTTP-based list of scripts servers on http://scripts.mit.edu:78/
12:50 AM Changeset [1199] by quentin
Give finger port to the LVS directors

Jun 15, 2009:

11:30 PM Ticket #20 (scripts LVS design issues) closed by quentin
fixed: The LVS directors now run a local sorry-server that responds to all …
11:19 PM Ticket #89 (@reboot cron jobs sometimes start before afsagent gets tokens) closed by quentin
fixed: Fixed in r1187

Jun 14, 2009:

5:26 AM Changeset [1198] by mitchb
Merge r1178:1197 from trunk to branches/fc11-dev
5:21 AM Changeset [1197] by mitchb
Turn off the new php extensions in Fedora 11
5:20 AM Changeset [1196] by mitchb
New php ini files appeared in Fedora 11
3:54 AM Changeset [1195] by geofft
LVS: b-k has more RAM now, so put it on equal priority.
3:51 AM Changeset [1194] by geofft
LVS: Add a fingerd Also punt some old ports that tried to run commands that no longer exist. Much as I'd like it to run as nobody, ipvsadm needs to run as root.
3:31 AM Changeset [1193] by ezyang
Commiting enabling of dom.ini, pending further performance review.

Jun 13, 2009:

4:41 PM Changeset [1192] by geofft
RECOVERY alert - maintainer/geofft is OK
2:12 PM Changeset [1191] by mitchb
Remove expired test cert and config for geofft.mit.edu

Jun 12, 2009:

7:35 PM Changeset [1190] by mitchb
Make the server install directions slightly more complete
2:31 AM Changeset [1189] by mitchb
Apply OpenAFS delta linux26-defer-cred-changing-20090511 The OpenAFS newsletter claims we need this on Fedora 11, and it will be present in the upcoming 1.4.11 release.
1:35 AM Changeset [1188] by andersk
webaccess: No more chmod 777 .ht*.

Jun 11, 2009:

11:32 AM Changeset [1187] by quentin
Always ensure we have tokens before starting crond

Jun 10, 2009:

1:58 PM Ticket #94 (Shibboleth authentication) created by quentin
We should support Shibboleth authentication, as implemented by MIT …

Jun 9, 2009:

4:56 PM Changeset [1186] by geofft
Apparently FC11 changes /etc/httpd/run's target and mode
2:57 PM Changeset [1185] by quentin
Update Munin plugins for watching FWMs
2:32 PM Changeset [1184] by quentin
Change the LVS configuration to use the same source hashing; FWM 1 is the same as before, FWM 2 is Apache-bound traffic, and FWM 3 is Postfix-bound traffic
2:30 PM Changeset [1183] by quentin
Tweak sorry server configuration for maximum performance
10:48 AM Changeset [1182] by mitchb
Configure yum-updatesd with the scripts customizations o Check every 4 hours instead of every hour o E-mail us about updates o Download updates and their dependencies automatically
10:46 AM Changeset [1181] by mitchb
Add yum-updatesd config file to the repo
10:07 AM Changeset [1180] by mitchb
Provide enough memory for java to spit out its usage message Java has become an insanely memory-hungry hog and requires the virtual memory address space limits to be raised beyond anything sane. Bump the "as" limit in limits.conf from 1GB to 1.25GB, and the "RLimitMEM" directive in httpd.conf from 0.5GB to 1.25GB.

Jun 8, 2009:

1:07 PM Changeset [1179] by mitchb
Merge r1121:1178 from trunk to branches/fc11-dev
7:51 AM Changeset [1178] by mitchb
Make installation of a scripts server less of a hazing ritual by explaining some of the mysterious things you'll otherwise botch. Plenty of hazing remains, though.

Jun 7, 2009:

2:31 AM Changeset [1177] by quentin
Document how to generate a pkcs12 file from a PEM certificate and key
1:21 AM Changeset [1176] by mitchb
Add c-w to relevant hostgroups in Nagios

Jun 6, 2009:

10:55 PM Changeset [1175] by mitchb
Bash whatever keeps clobbering resolv.conf at boot time over the head
10:00 PM Changeset [1174] by mitchb
Monitor new scripts webserver cats-whiskers
9:49 PM Changeset [1173] by mitchb
Add AFS sysnames for scripts on Leonidas (F11)
9:48 PM Changeset [1172] by mitchb
Allow more AFS sysnames... you can never have enough
1:57 PM Changeset [1171] by quentin
Script for checking certificate expiration times

Jun 5, 2009:

4:18 PM Changeset [1170] by geofft
scripts.mit.edu Equifax-signed 2-year cert
12:24 AM Changeset [1169] by geofft
suexec: Hardcode the JAVA_TOOL_OPTIONS value. Because, otherwise, suexec doesn't save you from JAVA_TOOL_OPTIONS="-cp /path/to/sketchy/code.jar". Reported by Anders.

Jun 4, 2009:

11:32 PM Changeset [1168] by geofft
Make Java work again by reducing its maximum heap size. Otherwise, it will crash with an out-of-memory error on startup because it tries to allocate 1.05 G. While one option is to increase our memory limits, a better one is to make it grab less RAM. The startup code's idea of "a reasonable fraction" of total physical memory in the machine is not our idea of a reasonable amount for one process on scripts to use. Reported by tabbott, debugged by quentin and geofft, fix suggested by mitchb.
10:47 PM Changeset [1167] by geofft
suexec: Let the JAVA_TOOL_OPTIONS environment variable through.
9:04 PM Changeset [1166] by geofft
Replace *.scripts' cert with an Equifax-signed one from RapidSSL.
5:20 AM Changeset [1165] by geofft
limits.conf: Actually, keep data and as around. rss isn't respected according to quentin's testing, so we should keep the data and as limits so we still have a memory usage limit. On the other hand, Anders is right that we have no reason to _increase_ memlock from its defaults.
5:18 AM Changeset [1164] by quentin
Revert r1162 (DDoS over?)
2:13 AM Changeset [1163] by andersk
Punt memory limits other than rss.

Jun 3, 2009:

1:31 PM Changeset [1162] by quentin
Temporarily reduce request timeouts in order to deal with DDoS
12:03 PM Changeset [1161] by mitchb
Restore accidentally lost lines in syslog-ng.conf
11:30 AM Changeset [1160] by mitchb
Config for ssh and networking to interact with cats-whiskers
11:27 AM Changeset [1159] by mitchb
Update for current version of munin config files
11:27 AM Changeset [1158] by mitchb
Update for current version of limits.conf
11:26 AM Changeset [1157] by mitchb
Don't change the commented-out stat-user in nscd.conf
11:25 AM Changeset [1156] by mitchb
Update for current version of nrpe.cfg Mostly reformatting, but significantly, use the package's created 'nrpe' user instead of the nonexistent 'nagios' user
11:23 AM Changeset [1155] by mitchb
Update for current version of syslog-ng.conf Mostly reformatting, but also uses more meaningful names for the default set of filters
11:22 AM Changeset [1154] by mitchb
No reason to empty out the default comments in our empty printcap
11:21 AM Changeset [1153] by mitchb
Bump version of postfix
11:19 AM Changeset [1152] by mitchb
updatedb is in /usr/bin, not /usr/sbin
11:18 AM Changeset [1151] by mitchb
Apache's PID file path changed
11:17 AM Changeset [1150] by mitchb
Don't pull any packages from testing on Fedora 11 yet
11:16 AM Changeset [1149] by mitchb
Punt the acpi config so that soft poweroff will work
6:51 AM Changeset [1148] by mitchb
Use the scripts fc11 yum repo
6:50 AM Changeset [1147] by mitchb
Build system updates for Fedora 11 o Don't fetch upstream pysvn source o Fedora 11 does i586, not i386, for 32-bit packages o krb5 needs texlive-latex to build o openssh needs fipscheck-devel to build o gobject-devel isn't available, and openssh doesn't really need it o Add build dependencies for php
6:46 AM Changeset [1146] by mitchb
Version, context, etc. fixups to build Apache on Fedora 11
6:43 AM Changeset [1145] by mitchb
Context fixups to build PHP on Fedora 11
6:42 AM Changeset [1144] by mitchb
Version, context, etc. fixups to build nss-ldapd on Fedora 11
6:41 AM Changeset [1143] by mitchb
Version, context, etc. fixups to build OpenSSH on Fedora 11
6:38 AM Changeset [1142] by mitchb
Stop building a scriptsified pysvn
6:37 AM Changeset [1141] by mitchb
Version, context, etc. fixups to build krb5 on Fedora 11
6:35 AM Changeset [1140] by mitchb
Don't require scripts-pysvn in scripts-base anymore Since we're not forcing a newer version of svn than in the base distribution, it's no longer necessary to rebuild pysvn against it.
6:33 AM Changeset [1139] by mitchb
Apply OpenAFS delta dprintf-rename-20090427 Renames the dpatch #define, which conflicts in Fedora 11
2:28 AM Changeset [1138] by andersk
Remove huge autogenerated tests directory.
2:15 AM Changeset [1137] by quentin
Import scripts PHP module

Jun 2, 2009:

5:47 PM Changeset [1136] by geofft
Also delete the config
5:47 PM Changeset [1135] by geofft
cycling-club.scripts' 30-day cert expired, so revert to the *.scripts cert

May 30, 2009:

1:44 AM Ticket #93 (autoinstallers internally depend on vhost/~lockername working) reopened by geofft
Okay, I should be a little more clear about what I'm seeing. I have a …
1:40 AM Ticket #93 (autoinstallers internally depend on vhost/~lockername working) closed by andersk
worksforme: No it doesn’t.
1:05 AM Ticket #93 (autoinstallers internally depend on vhost/~lockername working) created by geofft
Figure out if we can in the general case make webapps run out of two …

May 26, 2009:

10:57 PM Changeset [1134] by ezyang
Update OpenAFS patch to not need 777 for .htaccess files. Symlinks to files that are not named .htaccess still need to be 777; if a file is hard linked, Apache can access it through its .htaccess name but not through any other name.
Note: See TracTimeline for information about the timeline view.