Feb 25, 2010:

6:33 PM Changeset [1491] by mitchb
Make it possible for Accounts to create users on scripts (new moira, again) (Yes, you misread that.)
3:10 AM Changeset [1490] by mitchb
New moira packages

Feb 23, 2010:

11:44 PM Changeset [1489] by mitchb
Fix directions for adding static extensions ========= Instance: 1149427 Time: Mon Feb 8 20:29:45 2010 Host: BYTE-ME.MIT.EDU From: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day. [FAILED] <mitchb> Also, those directions need to be taken out back and shot. We don't do things like that anymore. ========= Done.
11:21 PM Changeset [1488] by mitchb
Various tweaks to rails autoreloading code o Don't watch all of public, as apps may cache files there and cause the fcgi to repeatedly die and destroy any fcgi performance gains o Specifically watch .htaccess and dispatch.fcgi o Raise an error to die instead of trying to reload code and dying in the process because you can't o Explain that killing the fcgi process results in a reload of the code at the next request (Merge of r1411:1486 from branches/locker-dev to trunk, originally from gdb)
11:00 PM Changeset [1487] by mitchb
Renewed certificate for schuh.mit.edu

Feb 22, 2010:

3:47 AM Changeset [1486] by gdb
Explain why we raise an error here
3:37 AM Changeset [1485] by gdb
Time to be honest with ourselves. We're not reloading anything here.
3:31 AM Changeset [1484] by gdb
Watch specific files as well
3:09 AM Changeset [1483] by geofft
__scripts/needcerts: Add support for working around Safari Safari on Mac OS X (or more properly, CFNetwork and the rest of the SSL stack) doesn't properly support SSLVerifyClient Optional, which is our default for :444. In particular, if you don't have an identity preference set, only SSLVerifyClient Require will trigger the dialog to set an identity preference and present a certificate to the site: http://lists.apple.com/archives/apple-cdsa/2009/Apr/msg00041.html We can work around this by checking for the Safari user-agent in /__scripts/needcerts and renegotiating SSLVerifyclient Require. Forcing the Require behavior on Safari users that reach this page is reasonable because this page is only (supported to be) reached as an ErrorDocument 401; if you're intentionally using AuthOptional on to take advantage of the optional authentication, you'll never trigger the 401 error.

Feb 20, 2010:

6:18 PM Changeset [1482] by ezyang
Take upstream changes to use alternative runtime directory for fcgi; revert previous changes to chmod /var/run/httpd.
4:25 PM Changeset [1481] by ezyang
Don't chmod /var/run/httpd 0700, since that breaks fcgid.
4:49 AM Changeset [1480] by mitchb
Hit the turbo button and make those gears spin!
4:31 AM Changeset [1479] by mitchb
* Don't put SQL passwords in command-line arguments. * When using sqlalchemy, use ~/.my.cnf instead of hardcoding the SQL password. (Merge of r1477:1478 from locker-dev to trunk, originally from xavid)
4:24 AM Changeset [1478] by mitchb
* Don't put SQL passwords in command-line arguments. * When using sqlalchemy, use ~/.my.cnf instead of hardcoding the SQL password. (originally from xavid)
4:21 AM Changeset [1477] by mitchb
* Initial commit of TG autoinstaller, for some reason. (from trunk@1476, originally from xavid)

Feb 19, 2010:

4:58 PM Changeset [1476] by ezyang
Add environment variables for CPS for nicer graph titles.
4:49 PM Changeset [1475] by ezyang
Read graph_title from environment.
4:18 PM Changeset [1474] by ezyang
Specify uid 102 is signup, and remove dead SELinux code.
3:44 AM Changeset [1473] by mitchb
LDAP, now with 200% more indexed queries! Previously, only about 1/3 of our LDAP queries were actually being answered using indices. ns-slapd was routinely observed to be eating a huge portion of our CPU. Coincidence? You be the judge. We're going to stop being morons now and use <1% CPU for LDAP.
1:11 AM Changeset [1472] by quentin
Use the right script...

Feb 18, 2010:

10:56 PM Changeset [1471] by quentin
make r-m's RAM match
7:07 PM Changeset [1470] by quentin
b-b and p-b have real hardware, yay
3:05 PM Changeset [1469] by gdb
Changed list of watched directories in rails fcgi

Feb 17, 2010:

11:44 AM Changeset [1468] by gdb
Fixed the exception type problem in this code; fixed up remove-servers.

Feb 16, 2010:

11:46 AM Ticket #116 (Certificate login fallback to password) created by foley
I've run into this situation a number of times on setting up wiki/CMS …

Feb 15, 2010:

10:11 PM Ticket #115 (actively break sudo for users who aren't supposed to) created by geofft
PAM is a good choice here. So is replacing our uses of sudo …

Feb 13, 2010:

5:36 PM Changeset [1467] by gdb
Minor hacron fixes
5:21 PM Changeset [1466] by gdb
Another pass over hacron
12:55 AM Changeset [1465] by quentin
QuickPrint cronjob (so it runs on every host)

Feb 12, 2010:

3:52 AM Changeset [1464] by mitchb
What's that? I can't hear you over the static! o Make Apache, suEXEC, and static-cat case-insensitive about extensions o Add wav, mid, and midi as static extensions o Add missing mime-type for svg files
2:47 AM Changeset [1463] by andersk
mod_vhost_ldap: Copy the server_rec instead of corrupting it in place.

Feb 8, 2010:

3:06 AM Changeset [1462] by geofft
install-howto.sh: IBTSOCS
2:25 AM Changeset [1461] by geofft
surprise I'm installing GDChart

Feb 7, 2010:

4:07 AM Ticket #108 (rack-backward and rack-forward aren’t even the right part of speech.) closed by mitchb
invalid: Sometimes a name is just a name. Also, you used up your "this is a …

Feb 6, 2010:

4:50 AM Changeset [1460] by mitchb
Certificate and Apache config for isawyou.mit.edu
4:43 AM Changeset [1459] by mitchb
Backport cluster-glue, heartbeat, and pacemaker from F12 We want to use pacemaker for hacron. It's presently available in F12, but not F11. In F12, it's built against heartbeat 3, which is a completely different beast than the heartbeat 2 available in F11, so we need to backport that as well. heartbeat 3, in turn, depends on cluster-glue, which is not presently in F11. All three of these build cleanly with no source changes so long as their dependencies are present.
4:39 AM Changeset [1458] by mitchb
Allow "buildroot override" functionality in mock via a local repo If you're building a chain of packages that have requirements on each other, and aren't yet ready to publish them to the world, mock needs a way to find the dependencies that aren't in a regular repo yet. Configure it to treat /home/scripts-build/mock-local as a local repo that it can install packages from to satisfy dependencies. This is analogous to Fedora's "buildroot overrides" used when building packages that depend on each other and need to be pushed to production together instead of serially. For more details, see: http://fedoraproject.org/wiki/Buildroot_override_SOP
3:46 AM Ticket #114 (better story for importing outside Django sites) created by geofft
We do a lot of custom stuff in setting up Django -- splitting between …

Feb 5, 2010:

11:35 PM Changeset [1457] by gdb
Now with lock timeouts
11:30 PM Changeset [1456] by gdb
Added hacron script
8:57 AM Changeset [1455] by mitchb
Certificate and Apache config for classmates.mit.edu

Feb 2, 2010:

4:23 AM Ticket #113 (Django auto-installs on a machine where USER != ATHENA_USER get wrong ...) created by adehnert
Currently, the Django auto-installer bakes the username of the running …
2:11 AM Changeset [1454] by mitchb
Enable mod_deflate In these harsh economic times, scripts should handle inflation (and deflation).

Feb 1, 2010:

2:45 AM Changeset [1453] by mitchb
Stop scriptsifying gzip Fedora has released a package with the relevant patches

Jan 30, 2010:

7:30 PM Changeset [1452] by mitchb
Speed up postfix acceptance of mail to foo@scripts.mit.edu Postfix does virtual alias expansion on *all* addresses, both virtual/remote and local, which means that even mail to a normal scripts user will be looked up in not only the regular aliases file, but the virtual maps we set up. If we don't match those addresses in either the hashed virtual file or the regexp virtual file, then an LDAP query will occur instead of quickly accepting the RCPT address. Short-circuit that by matching *@scripts.mit.edu as a regexp and mapping it with no change. If we rewrite it as the unqualified user, then a recursive virtual match happens (all virtual rewrites are subject to recursive matching). Simple, eh?
7:14 PM Changeset [1451] by quentin
Add Munin configuration to the install instructions

Jan 29, 2010:

1:10 PM Changeset [1450] by mitchb
More LDAP customizations needed on test servers
12:51 PM Changeset [1449] by mitchb
Handle vhosts that have multiple defined aliases
12:26 PM Changeset [1448] by mitchb
Renewed certificate for eastgate.mit.edu

Jan 26, 2010:

7:13 PM Changeset [1447] by quentin
Reify *.blue-sun-corp.com
7:13 PM Changeset [1446] by quentin
Missed a ServerAlias
7:04 PM Changeset [1445] by quentin
Handle vhosts that don't have any defined aliases
6:57 PM Changeset [1444] by quentin
Add *.blue-sun-corp.com cert
10:48 AM Changeset [1443] by mitchb
I Bemoan The State Of Postfix (LDAP and mail hosting for all our vhosts)
10:09 AM Changeset [1442] by mitchb
Deploy clarifications to the fascist locker signup error message (Merge of r1440:1441 from branches/locker-dev to trunk)
3:10 AM Changeset [1441] by mitchb
Missed a couple spots on the bikeshed (more clarity for fascist locker error)
Note: See TracTimeline for information about the timeline view.