Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ooni/sysadmin

System administration tools
https://github.com/ooni/sysadmin

airflow: deploy shovel:0.0.10

1709191352a36a33f8cfe733f428aea77c258d9a authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: fix quotes in alert annotations that trigger NPE

eb7ac3c6e3b4936cb43ea974c42a119c1ce1b6d8 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: SSLCert freshness warning on <=25days

772feeab8172d24a6c557f34772f8cf495e8ef41 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: add missing braces for SSLCertExpiringInAWeek, better texts for Disk* alerts

0f0b1aa4627474d0adbafd0a779afb5501093f7b authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: alerts on disk space < 20%, inodes < 50%, better texts

3e230fb2025fc2e7d82ae5e1ad9b769a803f9159 authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: make ext/known_hosts sort order locale-independent

e3c0a44fc0bb8ef46b5e3654273581284dce13ef authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

f86ab1e76060c8fbafb704edf88215cba181743a authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

9ea77275b9e9d4da4d58436174b831d6f44813e7 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

6214d7f1b78b62edb87832c9b4d7af0901186cdc authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: drop decomissioned VMs & DNS records

26d5dfe97ee88a787be38890e1927e4cdc532b83 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

ac07bf6a2e4e838316072541f4da3c166e2bcf5d authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: do not notify whole team@ till pipeline stabilises

2e7a642fb25fa789a13dc5aa5b9ac033fda62c5c authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: deploy shovel:0.0.9

6dc361b04e3a4b9fca2e47ad779fd8c97a919df4 authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: deploy shovel:0.0.8

2aad927eac20507f28a362ec4b4926ddb245c38e authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #154 from TheTorProject/feature/jupyter

Feature/jupyter

1e3871a0fd4aad7e4bbb06948ea34a1cb7933bdb authored over 7 years ago by Arturo Filastò <[email protected]>
Bump inventory hash

cf3f411f5267af8f597d061e1ec9fc4a12cda5ac authored over 7 years ago by Arturo Filastò <[email protected]>
Annotate variable with `CHANGE_ME` as suggested by @darkk

0617e2e4d2ad7452d899a6591170f39f74d49fc1 authored over 7 years ago by Arturo Filastò <[email protected]>
Update the known_hosts

47ffea8a3485bedf1eb52e94e6bb2573f10b8e26 authored over 7 years ago by Arturo Filastò <[email protected]>
Make travis happy?

bf8061daafcd3f5d8087087f75d913053c2f5b1b authored over 7 years ago by Arturo Filastò <[email protected]>
It's called py-radix

cf4a24318583ec4c298ae467bdd6b0f86d053f6f authored over 7 years ago by Arturo Filastò <[email protected]>
Fix pip package reference

bde9009297a34caec4e7f64e83eb7606edc46733 authored over 7 years ago by Arturo Filastò <[email protected]>
Set the home directory

e3e642609c56afa63c0c57beccbb8452957c099e authored over 7 years ago by Arturo Filastò <[email protected]>
Fix template references

f32026bf88fbcc38eec453b5de83b90c648dd24e authored over 7 years ago by Arturo Filastò <[email protected]>
Add role for deploying jupyter notebook server

c12847ce03b8643ef827c349351d7f82aecadd63 authored over 7 years ago by Arturo Filastò <[email protected]>
Add jupyter to hosts

fa1719704d6b3f17efaaa0da4d170a7526b535b0 authored over 7 years ago by Arturo Filastò <[email protected]>
Current external inventory state

15a0f90cd3434638838935493e3df6ab5112cc50 authored over 7 years ago by Leonid Evdokimov <[email protected]>
scripts: some oneliners to check chameleon against S3 & datacollector

4d8fd528f9f3b5f9f81de50b2b7a9e0027a45920 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #152 from TheTorProject/airflow-mail

Airflow mail

fb23b8f186db02151e09c8c55eef2013839af2d0 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: use noreply email like airflow (`notifcation` was likely a typo)

557f2194684deef3b4f0c2b42e4dcfe1b8ccd073 authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: send email to team@ on failures & drop user creation (done in `passwd`)

f2afd3116b58ee82ac96bf06489ad4dfb3046752 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #151 from TheTorProject/feature/grav

Feature/grav

fde67d7ae02c966573441b863136f0b890a8ac60 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Revert "grav: declare grav playbook broken"

This reverts commit 742a19b5817b35c0306d5774300637bf2301c93d.

a8ac33d51823b10311ecebf7942cc211ec56f44e authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'master' into feature/grav

715b96de38953836f11b8d3f30e143a311d8fe1e authored over 7 years ago by Leonid Evdokimov <[email protected]>
Ensure directory is not present also before extracting

e94d21784b620ce36db6495833816781d5deaa17 authored over 7 years ago by Arturo Filastò <[email protected]>
Delete path before creating symlink

5de99aeb5a310366d76760f0fe08327ae2f77d91 authored over 7 years ago by Arturo Filastò <[email protected]>
Fix symlinking

f9ec7881d80c9c8cfe9785b6dc71bc17abc1d602 authored over 7 years ago by Arturo Filastò <[email protected]>
Merge pull request #126 from TheTorProject/feature/grav

feature/grav (that may become grave, there are no backups)

03616117f45953784c2bb152f56dd15401efee8d authored over 7 years ago by Leonid Evdokimov <[email protected]>
grav: declare grav playbook broken

742a19b5817b35c0306d5774300637bf2301c93d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Symlink the users directory

ef9b49b201a820c45915f8861809093907a67a82 authored over 7 years ago by Arturo Filastò <[email protected]>
dom0 inventory: add msg.ooni.io & cleanup unused variables

bb0d67068c47fe439dd006311e66b0373c1a036d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'feature/grav' of github.com:TheTorProject/ooni-sysadmin into feature/grav

* 'feature/grav' of github.com:TheTorProject/ooni-sysadmin: (137 commits)
inventory: check DC ...

a8f6bb046ef36e0473a07c5f73fb6ccc8a1ac342 authored over 7 years ago by Arturo Filastò <[email protected]>
Add msg.ooni.io vault

46245a6a1ea76a5d87dcc4ecdbd4aa3d1b561d1e authored over 7 years ago by Arturo Filastò <[email protected]>
Merge branch 'master' into feature/grav

Conflicts:
ansible/group_vars/all/vars.yml
ansible/inventory

a474a2432b8c66b675889bca951040168d059753 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #127 from TheTorProject/feature/piwik

Add role for deploying piwik

12f275e59b4d53764eca558530c2bd45a7478021 authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: check DC using intra-DC RTT to enforce DC tag correctness

d66a927b9495ec2c6f7a8f495670c74c638e71e3 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0 inventory: add analytics.ooni.io

8c34de7c4beaf2c7194c1a583b57c81d085639bb authored over 7 years ago by Leonid Evdokimov <[email protected]>
piwik: strip `vault_` prefix in vars.yml, drop unused variables

2e11f1d63f5c9adb46d3ffff74dfa9fb2ef69f2f authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: fix `analytics.ooni.io` DC

888f6c3f357baad3457569c7986a5f5d1d8cf848 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'master' into feature/piwik

Conflicts:
ansible/group_vars/all/vars.yml
ansible/inventory

40335a4eba9e3d40b53d01b5d7279660079945f0 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Use delta instead of predict_linear for performance reasons (#148)

58606f0687afadd79a5dc2ce244e45a014c6d4de authored over 7 years ago by Arturo Filastò <[email protected]>
Add certificate expiration checks to alert manager and disk quota alert (#147)

* Add certificate expiration checks to alert manager and disk quota alert

* Use a simple delt...

35df3b5dc5c4fcecce8b18e2ff954e54a5342fa5 authored over 7 years ago by Arturo Filastò <[email protected]>
dom0: add missing template for ext/known_hosts (since fc121262)

dd22aa4b8d0377efddabeee8bc94aee1a0a91404 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #146 from TheTorProject/ntp-test

test env for ntp test & public ext/known_hosts

bcd46c495124b1d2d3701239cda7237e574b139f authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: drop stopped hosts, run inventory-check & enforce Travis inventory checksum check

Actually, the reason for previous commit about SSH keys was failing
inventory-check :)

a3b36522a4dc9da21fb853bbeadbe968d47cd317 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

498698429a0d6e709647f83e51e5925a53dd3833 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: update ext/known_hosts with server SSH keys

That's done to prevent ansible playbook interruptions caused by SSH key
change during playbook e...

fc121262744a233147f404e3fcdc0386a4778ca1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: add ntp implementations test env

a5144a3cc6450487f950d0814628c3d29d39b44c authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #112 from TheTorProject/feature/orchestration

Feature/orchestration

df0b67da52cee8dcb0c297ab1c1576f6ccb34cd6 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'master' into feature/orchestration

Conflicts:
ansible/inventory

2430ead4b7599bf192bb0a2656f3ffb752850710 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: limit log filename length on Linux

3af4a33a8df7ee77c3ca65da55b5e888bc6ae3c1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
node_exporter: fix systemd-related leftovers after 9533b917

85f8c3a145c7f60f28f8536b24d32e20be32285b authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: `run_once` should not be combined with `when`

See https://github.com/ansible/ansible/issues/9784 and
https://github.com/ansible/ansible/issues...

6562c6609090ce353335982606db00959b7abe5f authored over 7 years ago by Leonid Evdokimov <[email protected]>
orchestration: drop shared `proteus` system UID for services

1f22f0924a3af94ca53df2c9a9839df9ba2a179f authored over 7 years ago by Leonid Evdokimov <[email protected]>
orchestration: restart gorush instead of proteus in gorush tasks (was it typo?)

6ade6dda13764a6fb42a7413e97982d2e09c967d authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: fix template loops that happened after bling `vault_` prefix stripping at f47ab38b

7757a11f14db907b15e7d3d68395ad3687cc6ffa authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: rearrange the file, bring irc-bouncer back to `hkg`

358ebf94296ddb0b47e64a60f2dbd11d2e56fd7a authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: drop docker from `orchestration` group

c85a9710cce6f5a75869cb7112a5d1be0fbda406 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #144 from TheTorProject/pg-user-for-superset

pipeline: grant read-only access from superset to hkgmetadb

0c7fff542e365e5504e2cb13df064d253125b171 authored over 7 years ago by Leonid Evdokimov <[email protected]>
pipeline: grant read-only access from superset to hkgmetadb

33521e997373345022ccdc5fb80dbeec451c66e5 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #143 from TheTorProject/fix-ping-perms

dom0: fix /bin/ping permissions

422c8892e69fc0c8d8cbb38227031698d2aa54c6 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: fix /bin/ping permissions & move dom0/sshd settings to separate include

1b5955215ba1ec7ba1550007c670caa05ed2f46d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Add missing vault file

91fa6daf881f29311204f923f403355b295e3c50 authored over 7 years ago by Arturo Filastò <[email protected]>
ansible: avoid vault_ names once again, check that in Travis

f47ab38baa78f1169baf15622d9a2516366038ea authored over 7 years ago by Leonid Evdokimov <[email protected]>
README: fix syntax

4c91cd196fb42f6ab54ffc9804e3654e285d579b authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: avoid vault_ names everywhere besides vars.yml close to vault

f0abef3ba1a6212fdfc5048e0d3437a3ab3e8d83 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'master' into feature/orchestration

Conflicts:
ansible/roles/adm/tasks/main.yml

f3c1bc38486ad228fb4801f1628c1369cb99c540 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #142 from TheTorProject/further-ssh-adventures

dom0: add `sbs` to admins & some more

ca26b09c46d3c36006f77cbaa866f00654977970 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: stamp the inventory that was checked

1f8a9681331d07c95ab7ae3fd995406341068326 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: add @bassosimone to list of admins

3f342ab89d936177f54caa53563ada470172ce0e authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: chmod 0444 public keys so ansible `setup` module can read them without root

bc76b3d3930a69cfa9c61e35605bf242adcad536 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #141 from TheTorProject/more-dom0-fixes

More dom0 fixes

1ec62acb2efe8e3ff39ee2eac0e90a7f889bdf29 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: fix nginx-prometheus taking over /var/lib/nginx, see incident #138

20edcc02d3ac0ca091bbf9bbfeb1ae0d87f6e70b authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: add `inventory-check` playbook to verify that new hosts added to inventory are OK

9e97d4d22968ca46367680973c7457014067e6ab authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: regenerate possibly compromised "bootstrap" host keys, see #140

456dbc1ff41bef713ccd694c307b34b27b073a6d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #139 from TheTorProject/more-dom0-goodness

More dom0 goodness

a7f05cab76f488611a23ecb5c506056f34544bfd authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: add comment to superq SSH key

07a0edfa217076daee56011371aa21059f47d0bf authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: adopt sshd_config to old openssh-server

d07ecc765bebf0d66a31358f18a249ff78b25499 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: chameleon sshd should listen port 8080

4ec863ff9604e786adc4da75cc9ec147affefda1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: sshd_config without DNS PTR check, PasswordAuthentication, DSA ECDSA keys

8a131e88c684752699ad39b1f05153d06d8e725f authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: add common GH ssh_config (to diff against)

a9505ab74c54ca1c9970c2f0654d3439e229ca7e authored over 7 years ago by Leonid Evdokimov <[email protected]>
dom0: add `screen` for people preferring old-school terminal multiplexers

4704d4a8eac016db1ab09bf83586c792432fadb2 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: make `mk-travis-vault` script frienldy to non-GNU find

1e64b4133f1cf35f3b5fd27ee60dac34d56cafd5 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #136 from TheTorProject/prometheus-agent

Merging various fixes for node_exporter (prometheus agent) required to deploy it everywhere.

cc540fb5ee79b86334adb3fa865aed16cece6a59 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: add tag `prometheus-conf` to re-deploy configs faster

1ee0954ac140c8f88ae0f46796128231f4101399 authored over 7 years ago by Leonid Evdokimov <[email protected]>
node_exporter: deploy to `all` adding support for sysvinit and upstart

`dom0-defaults` are also here as `ca-certificates` is required to fetch
anything from github via...

9533b9175c4d6057265dbd6e9b61c9231b31e2ee authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: move prometheus_basic_auth_password to host_vars

The nginx htpasswd for it was dropped since 0de5366f

d71c4eee422b67abfedd305a72ab5bdec680c25b authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: renumber UIDs for conflicting logins at b.echo.th.ooni.io, run dom0 on `all` instead of `gh`

adc61dbfcdb234062f98fa3e0426e98a02015150 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Rename variable for readability

f2c75c477d98f44f3911e962fa49ce238ec80984 authored over 7 years ago by Leonid Evdokimov <[email protected]>
node_exporter: punch hole in firewall, cleanup stale smartmon_metrics, cache SHA256SUMS to speedup deploy

a7828bd33c61c84312affbc3fb6dc3e16c973adf authored over 7 years ago by Leonid Evdokimov <[email protected]>
node_exporter: fix deployment, add entropy & ntp collectors

Wrong User caused broken deployments.

`entropy` is added because of curiosity, `mdadm` is remov...

5571758969f9ba70dd1bb268d0ee9f495ddc164e authored over 7 years ago by Leonid Evdokimov <[email protected]>