Timeline


and

Apr 16, 2011:

7:59 PM Changeset [1807] by achernya
Necessary changes to build the Scripts RPMs on Fedora 15: * Stop scriptsifying 389-ds-base, as it appears to have Mitch's patch * Update krb5.spec.patch for krb5-1.9 * Update the krb5-kuserok-scripts.patch to work with krb5-1.9 (code review requested) * Update httpd.spec.patch to apply properly to Fedora's newly cleaned-up httpd.spec * Bump zephyr to version 3.0.1
3:44 AM Changeset [1806] by adehnert
Make Django properly handle the index page Without this, the URL that Django sees for the index page will be $addrend. With it, it sees the empty string, which seems to make more sense.
3:37 AM Changeset [1805] by adehnert
git smart HTTP transport autoinstaller

Apr 15, 2011:

9:28 PM Changeset [1804] by achernya
Added mock configuration for Fedora 15, edited make file to use fc15-dev
9:18 PM Changeset [1803] by achernya
Creating a branch for Fedora 15 development.

Apr 13, 2011:

2:37 AM Changeset [1802] by adehnert
New certs for bc and asa

Apr 11, 2011:

4:07 AM Changeset [1801] by adehnert
Revert part of r1800
4:05 AM Changeset [1800] by adehnert
Set permissions properly on Apache log files

Apr 4, 2011:

3:22 PM Changeset [1799] by geofft
Lower s-a's (the current primary) priority This isn't actually right, because it should track the current primary, but it's close enough for now.

Apr 3, 2011:

3:38 AM Ticket #198 (svn doesn't deal with unknown vhosts or repos well) created by adehnert
While working on #166 (git doesn't handle unknown vhosts), I looked …

Apr 2, 2011:

3:58 AM Ticket #197 (Making setting up the git smart HTTP server easy) created by adehnert
At the moment, we support read/write SVN repos and read-only git …
3:50 AM Changeset [1798] by adehnert
Useful error with unknown git vhost (Trac: #166)

Mar 27, 2011:

8:41 PM Changeset [1797] by adehnert
New cert for tibetforum

Mar 26, 2011:

9:53 AM Changeset [1796] by mitchb
New mod_original_dst - makes Apache use original destination IP In a setup where requests have passed through a transparent proxy, or an iptables REDIRECT rule, the destination address of the traffic changes. The netfilter code provides an option (SO_ORIGINAL_DST) to find out the original destination address. In an Apache vhost that is IP-based instead of name-based, you may need the original address in order to match the vhost. This module causes Apache to always see the original, instead of the redirected, destination. Apache module written by Anders Kaseorg Method for obtaining the original address pointed out by Quentin Smith Trivial packaging updates for Scripts by Mitch Berger

Mar 25, 2011:

8:21 PM Changeset [1795] by mitchb
Bump krb5 release number and rebuild for upstream update
7:06 PM Changeset [1794] by mitchb
Update version in Postfix's documentation directories Because postfix seems to think it's okay to declare things like your config files as... well... config files, and then go and edit them anyway.

Mar 21, 2011:

8:30 AM Changeset [1793] by mitchb
Pristine upstream copy of iptables-config
7:39 AM Changeset [1792] by mitchb
LVS configuration for scripts-primary.mit.edu

Mar 19, 2011:

12:57 AM Ticket #103 (Logging into Trac takes you back to the main page) closed by andersk
fixed
12:48 AM Changeset [1791] by andersk
trac: Mangle HTTP_REFERER to let the login link keep you on the same page. (Merge of r1526:1528 from branches/locker-dev to trunk, from andersk)

Mar 18, 2011:

11:38 PM Changeset [1790] by andersk
trac.fcgi: Stop relying on fcgi_frontend details that Trac 0.12 will break In Trac 0.12, trac.web.fcgi_frontend does ‘from _fcgi import WSGIServer’ instead of ‘import _fcgi’, and also conditionally wraps dispatch_request in FlupMiddleware.
10:49 AM Changeset [1789] by mitchb
Add missing backend route to not-backward You know, because we were sending it traffic... backward.
10:30 AM Changeset [1788] by mitchb
Switch from "strict" to "loose" reverse-path filtering Reverse-path filtering controls what happens when you receive traffic on an interface directly claiming to be from an IP address that your routing rules indicate shouldn't be part of the network(s) directly attached to that interface. It's meant to help guard against IP spoofing. There are three legal values: 0 - "off" - does not block anything 1 - "strict" - blocks any traffic that "shouldn't" have arrived on this interface according to your routing rules 2 - "loose" - blocks any traffic that "shouldn't" have arrived on any of your interfaces according to your routing rules (but allows traffic from addresses that should be on directly attached networks and arrive on the "wrong" interface); recommended for sites with asymmetric routing configurations where traffic to a given address is expected to return through a different interface than it leaves on A normal non-multihomed machine should usually use "strict" mode, and in fact this was a simple boolean between "off" and "strict" in older kernels throguh somewhere in the 2.6.20s. Back then, the kernel ANDed the value of net.ipv4.conf.all.rp_filter and net.ipv4.conf.${iface}.rp_filter, so to enable it, you needed to turn it on under both "all" and the interface hierarchy. When it became a trinary value, this logic was overlooked, so the only (undocumented) way to use "loose" mode on some interfaces and "strict" mode on others was to set rp_filter in the "all" hierarchy to the undocumented value "3". At some point in 2.6.31, the rp_filter behavior was corrected to use the max() of the "all" and interface value. Until now, we've been setting net.ipv4.conf.default.rp_filter to "1", which causes the interface values to be "1". The "all" value defaults to "0" on Fedora. Since the last kernel in Fedora 11 was 2.6.30.10, this means that we never actually used reverse-path filtering until we upgraded to Fedora 13, at which point we began using strict filtering without intending to have changed anything. This behavior is incorrect for us because we do have asymmetric routing scenarious and intend to add more. The specific example where we want this is to allow a Scripts LVS realserver to also be an LVS client. It will send traffic to the Scripts LVS-balanced IP addresses on the frontend network (eth0) because those addresses only exist on the frontend, where LVS will assign it to a given realserver to handle and forward it along. That realserver will try to respond to the requesting realserver on the backend network (eth1) because of the static routes we have installed to prefer servers talking to each other over the non-public segment. If rp_filter is in "strict" mode, this traffic will be dropped, and the scripts servers on the backend can never talk to the balanced addresses. We also want non-realserver machines on our backend network (such as not-backward) to be able to be LVS clients.
Note: See TracTimeline for information about the timeline view.