Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/ooni/sysadmin

System administration tools
https://github.com/ooni/sysadmin

prometheus: improve nginx frontent to exporters

Using system-wide nginx is not robust as it serves client traffic and
may suffer from connection...

0de5366f0f78e8fe12e5c79c3ea2121fe9b86e31 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: make `vault` launchable from any dir

f6f45885e5a1d278d84afc3c4f08c339e6e6fe94 authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: mark ubuilder.infra.ooni.io as to-be-deleted

148df5d51db123cd854c614c76c1f84ccf6322b0 authored over 7 years ago by Leonid Evdokimov <[email protected]>
fix(proteus-events): use correct topic for iOS production

68eaf4122f056d6f34295070ed7adc7de424dd64 authored over 7 years ago by Simone Basso <[email protected]>
feature(roles/proteus-*): use v0.1.0-beta.9

310050f782bacae5f6684bcf6483072c4cb9861f authored over 7 years ago by Simone Basso <[email protected]>
Current external inventory state

f1eb9450112312860fcbc414b92c6263aedd2a76 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Apply dom0 to all recorded hosts, fix duplicate entries in inventory

stage.ooni.io and test.ooni.io are replaced with generic
ooni-zoo.infra.ooni.io as that VM has t...

1133c33461f74627cf37649538834f8f5ce4af0a authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

52769dc0fed55b3cf66485b70a2a3bea8e4e9ac1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

b90296a926c8f410f867496e6681bcf510148810 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

2a63bcf7bd7900361d169ca17f9910c4cb30ac37 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ext: treat ansible/inventory as another external inventory

05639a7a75e210f2b072a60a55702e83285935ff authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

32b0c4a3ea816bd85e31ab0a3658692ccee7f2d7 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

9291bf4a029c9b9519decef7e0ea53ac6d43d9d0 authored over 7 years ago by Leonid Evdokimov <[email protected]>
inventory: drop discontinued hosts from inventory and DNS

f195f6520f544db6281ac49e881d9c013e362706 authored over 7 years ago by Leonid Evdokimov <[email protected]>
adm: add @lorenzoPrimi to notify.proteus.test.ooni.io

ed0588d28392800c568abd44e97c4ee92b5da723 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: add ability to run `ansible` to `play` wrapper

f96da31934fbc08e252b1d9099036637d2301aff authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

f5d134a6bc8ea75954196090f6520474a4c2536d authored over 7 years ago by Leonid Evdokimov <[email protected]>
ext: convert namecheap XML to readable txt file

aa615aa56b3ee6afc6f93c252726212ee94d3a52 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #125 from TheTorProject/measurements-beta

Deploy measurements-beta.ooni.io

6670912f61ae0fb70c8980aa8c9dd56f1f592fdb authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: move some variables from group_vars/all to corresponding role/*

e9cdae515336a22a76431671b33304b6d4f0b90b authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: fix slashes and quotes in .ooni-sysadmin dir names, since 4f47b405

b2720be01edcef02f50e434e354e83888b9b0b87 authored over 7 years ago by Leonid Evdokimov <[email protected]>
travis: add .travis.vault for psk_oomsm_beta

dcd224a791c6d3dd62a68ed9a595943413c4993e authored over 7 years ago by Leonid Evdokimov <[email protected]>
measurements: fix UID conflict

UID 2300 was concurrently taken by piwik at #127

723ec3996e58b3af20f0b6388e0a28cdd968ab25 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge branch 'master' into measurements-beta

To check playbooks before merging the PR.

021ad5d10fefed85d74abdddc5d104bc030ba9a1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #108 from TheTorProject/feature/monitoring

Feature/monitoring

d0eae57ca7cafc1d72f135e4aa2b678584e1a4b1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: drop playbook from e4d584ec for #77 that does not pass syntax check

fa6b1641a4118a9e21d18b36447c2a7aa9e5cbe9 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: replace bogus `vault_` references with nonexistent `CHANGE_ME` variable

d9300f7b20e91d8e931db663fc7c08cd7d2ae47a authored over 7 years ago by Leonid Evdokimov <[email protected]>
README: more text on vaults & ansible-version

d9eedd1c95046c1f9d8aab1fd6ee20ea655a994e authored over 7 years ago by Leonid Evdokimov <[email protected]>
fix(proteus-events): propagate Android click_action

b5b547b92b5f411c336f2bd43ab629a69538d3bb authored over 7 years ago by Simone Basso <[email protected]>
feature(roles/proteus-*): use proteus v0.1.0-beta.8

473d17b4ad14cbcb867b1806793ccedc855a2077 authored over 7 years ago by Simone Basso <[email protected]>
feature(roles/proteus-*): use proteus v0.1.0-beta.7

d17573272d6a7d9a00a08057023843e94c950cea authored over 7 years ago by Simone Basso <[email protected]>
Merge pull request #129 from TheTorProject/fix/fcm

fix,refactor(proteus-events): topics correctness

09d7cd859045067aaa30ac69776f57616389b31c authored over 7 years ago by Leonid Evdokimov <[email protected]>
fix,refactor(proteus-events): topics correctness

1) As stated in TheTorProject/proteus#13, we must not set a topic
for Android because that leads...

dc8781077d3394caf20852028fee6f0f165ba3ea authored over 7 years ago by Simone Basso <[email protected]>
ansible: auto-update .travis.vault, check link between vault and plaintext vars

f4f39b15c610fc405cd34c7a251d6df974057a50 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: tighten various security & reliability settings

Cache SHA256SUMS locally to avoid re-downloading tarball on every
configuration file update.

Cr...

482d6716f5c273df0d9af630ef1d504ace94a3b5 authored over 7 years ago by Leonid Evdokimov <[email protected]>
ansible: turn ssh pipelining on

It speedups execution of one of playbooks from 2m10s to 45s

ddbd344d1508b25b33fd7b4dffa2e984d28f2382 authored over 7 years ago by Leonid Evdokimov <[email protected]>
adm: drop root creation from other playbooks, make `adm_passwd` proper variable

48e6a85116586855ab5358341eca26d6442a598e authored over 7 years ago by Leonid Evdokimov <[email protected]>
passwd: verify that corresponding shell exists

863e01a1a7004353e52b9dada83eebe28036f804 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: cleanup user creation

- there is no `user` field in `passwd` dict, it's `login`
- `group` field in `passwd` dict is ju...

6451914b4c388e2bc57d9a70d01ca3572d8496c4 authored over 7 years ago by Leonid Evdokimov <[email protected]>
prometheus: use ambient capabilities instead of setcap

d3e91ab1bb2ba03efa3f2d47bec0182412c39693 authored over 7 years ago by Leonid Evdokimov <[email protected]>
travis: specify inventory for `ansible-playbook --syntax-check`

a1597295bb907555dc543291dadc4d202fc1be27 authored over 7 years ago by Leonid Evdokimov <[email protected]>
travis: run `ansible-playbook --syntax-check`

9b48318dd8029f39b5fb834ce7b8147ec9b8172c authored over 7 years ago by Leonid Evdokimov <[email protected]>
Always restart the frontend

4a561be37846a0ad23b08c3e33f0a2c6ff494138 authored over 7 years ago by Arturo Filastò <[email protected]>
Install yarn globally for proteus-frontend

e2dc0147bdcd6837e7bf93d1fad7c7143625e516 authored over 7 years ago by Arturo Filastò <[email protected]>
r/p-e/d/main.yml: fix typo

5028e44fbb03a709eed567285745a1445f06038c authored over 7 years ago by Simone Basso <[email protected]>
Fix proteus_db_url hostname

3a9cb82707b735305ed07d1e998793452eed7654 authored over 7 years ago by Arturo Filastò <[email protected]>
Use sudo as become method

a64930a18642f4e491356722c73fee43e3b7e87b authored over 7 years ago by Arturo Filastò <[email protected]>
Remove dom0 related role

6164b31b1c578ab4b4785ad28746175f23a62c42 authored over 7 years ago by Arturo Filastò <[email protected]>
g/o/vault: add testing FCM key

3f4b92709535c2d4ec823f0af81b9d8e3764c4f9 authored over 7 years ago by Simone Basso <[email protected]>
requirements.txt: force v2.2.2 for ansible

e185aca003cb1505ac9071986b6889a0c447d1df authored over 7 years ago by Simone Basso <[email protected]>
.gitignore: ignore `venv` and `.DS_Store`

a863c940ba143e42757fb747a7ca2ef81dee7a38 authored over 7 years ago by Simone Basso <[email protected]>
Add deploy playbook for msg

0bc42b125ac38a44ac13d73fd017a74419db53b0 authored over 7 years ago by Arturo Filastò <[email protected]>
Add role for deploying grav

82b04c68a3843cefca4ec2bd7c3ffda7b580af3f authored over 7 years ago by Arturo Filastò <[email protected]>
Move proteus_database_url outside of vault

f3a8d3bf4c9a8f9d3ad135794a42e6e981a82fc2 authored over 7 years ago by Arturo Filastò <[email protected]>
Remove DB requirements (now managed via migration scripts)

50a9e1c9a1fb75e90beac507b1a27f6141987025 authored over 7 years ago by Arturo Filastò <[email protected]>
Remove duplicate string in vault

f13c90409517f8a65102c3d7b2e93f228d540157 authored over 7 years ago by Arturo Filastò <[email protected]>
Bump proteus-* to beta.5

* Add sbs' key

1df5c72939759be909d7777cda1d7dc1598cf6f1 authored over 7 years ago by Arturo Filastò <[email protected]>
Bump version of ooni-measurements to beta.3

Remove unneeded bug workaround

0b18ef190e9240df7c42d7d83ac3e278bff9dd6f authored over 7 years ago by Arturo Filastò <[email protected]>
Deploy measurements-beta.ooni.io

7b44022a1cdb1c08ec364c00e309f5e16369f663 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

9dc2e15bb06c4faad4c1fac5fecbcf745eb1598d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

6c6a0a079564dbcc2f0c3d475037e0c20ffe782b authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

c9f6707b281d026febfdc6507b500b3d2ad6664f authored over 7 years ago by Leonid Evdokimov <[email protected]>
Add role for deploying piwik

e67183192e0c036dbada0bebd609cc37b9b8100a authored over 7 years ago by Arturo Filastò <[email protected]>
Update orchestration roles to deploy production endpoints

581e2f0eba8be1920d2bab5820c5093fb510e54e authored over 7 years ago by Arturo Filastò <[email protected]>
Bump versions of proteus-*

b8cee0dd308c54cdb52cc6470f5e5236ac5cfd80 authored over 7 years ago by Arturo Filastò <[email protected]>
Merge branch 'master' into feature/orchestration

8fc0fc0254f960ba539829943c6a554e9baad8ef authored over 7 years ago by Arturo Filastò <[email protected]>
Merge branch 'master' into feature/monitoring

8645cec6da361804434abb1740ad242944b1b4fe authored over 7 years ago by Arturo Filastò <[email protected]>
firewall: add rule for munin.ooni.io to poll agents

84291896f8bfb8ed926a504137d6048c8bfd8973 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Create all users from global passwd to prevent UID collisions like #108

ef189f5235599053187c4485da799bd238926c82 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

1cf319a9f4ba9a5fcc244f862aea400c2de4c404 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Add canonical way to store firewall rules for INPUT and OUTPUT

Other chains and tables are heavily infected by docker, so they should
rather be not touched. It...

b40573d371373de45e5fe0a0b252c75e8ede617a authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #121 from TheTorProject/airflow-pipeline

Airflow pipeline, pt.2

27d6d47d609f505e02661c6239a9d246ccefdb9f authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: pipeline ticking every 24h

It's delayed by 24h compared to luigi pipeline as ${bucket_date} changed
it meaning some time ag...

255081f35d42c300b524d66eef0e704fedb03a17 authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: unify bash scripts used for DAG

137359fa2ff6756f7a6b925eb987e0f31b52db3c authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: deploy shovel:0.0.7

245fc932b49c9ac9bb946b949048daeae4f835dd authored over 7 years ago by Leonid Evdokimov <[email protected]>
Move prometheus related users, groups and UIDs into group_vars

26795d9f09752b7c7e9f6d485a55c235e1577586 authored over 7 years ago by Arturo Filastò <[email protected]>
Fix UID collision as spotted by @darkk

e82dcc616f8e49079dc68da64447f3a75f00a753 authored over 7 years ago by Arturo Filastò <[email protected]>
inventory: update FQDN ssdamsterdam.infra to ssdams.infra

2bab744e668f54fdb4394e561646fcd5e82c69fe authored over 7 years ago by Leonid Evdokimov <[email protected]>
slack-irc: add another channel

fae40994569efc1d68fc95669b9ea8c87535ec74 authored over 7 years ago by Leonid Evdokimov <[email protected]>
Merge pull request #114 from TheTorProject/role/slackin

re-integrate role/slackin back into master

76fc09a98e9f8a70cf53ab0debfed1a1de1342b9 authored over 7 years ago by Leonid Evdokimov <[email protected]>
slack-irc: comments on IP-based ACL and messageSplit bug

b3840808e28ec0f775f4a69c137ddebfd6c33cdd authored over 7 years ago by Leonid Evdokimov <[email protected]>
slack-irc: turn on TLS, stripColors and #ooni-bots

These settings were logs while migrating the service from
irc-bouncer.service.ooni.io

75a9ce7a0d55213386eb3f29532da79a19ffb87b authored over 7 years ago by Leonid Evdokimov <[email protected]>
slack-irc-bridge: fix secrets

`#channel` without proper quotes is just a comment :-)

43b32e803fcf56021298a25515b9a09457c86ffb authored over 7 years ago by Leonid Evdokimov <[email protected]>
Fix bad quote in slackin_domains

slack.openobservatory.org was down since 2017-06-25 20:10:02 UTC because
of the quote:

> 2017/0...

47895aeee77b0138c61b729bd07c3e585bfd697e authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: Add link about PGPASSWORD environment variable

888807d7f742ec2d0ebc8e3c531f2e4213fdb4ec authored over 7 years ago by Leonid Evdokimov <[email protected]>
Fix slack-in deployment script

* Add missing variable definition
* Remove unneeded checks at the end of the file (ansible is fo...

df5c48eeed5b114cde679762a643a373f9baed0b authored over 7 years ago by Arturo Filastò <[email protected]>
Refactor vars to minimise the amount of secrecy

b6f247ebca25dc00985735fecd50d024397183ee authored over 7 years ago by Arturo Filastò <[email protected]>
Fix broken slackin configuration

7a3910e1b82b87c7b66fde66294163a8a0896cac authored over 7 years ago by Arturo Filastò <[email protected]>
airflow: deploy shovel:0.0.6

819fc6e84ffefd34365d55f66a21b2a26ba62ff1 authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: move metadb to separate VM & deploy shovel:0.0.5

eb2035fbff86d7c3f67d60fecaf25795390650ad authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: move some tasks into includes

963bb7c469db51c94fe4d32aed5cd202d1ad983b authored over 7 years ago by Leonid Evdokimov <[email protected]>
airflow: postgres chmods data directory to 0700

8a3dbfdbbd14e2dfda7751a06af3d4a3b300606d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

1456cc3bd2fd4fe6821e302e0503017d0b1e338d authored over 7 years ago by Leonid Evdokimov <[email protected]>
Current external inventory state

d65e6b9761436c944e6dde7afe74474671d0730b authored over 7 years ago by Leonid Evdokimov <[email protected]>
Update to proteus v0.1.0-beta.3

0579e4aa9f7e574e431e3f4b5d54539c40f8fba1 authored over 7 years ago by Arturo Filastò <[email protected]>
Add slackin ansible role, fix docker pip version bugs (#89)

* Add slackin ansible role, fix docker pip version bugs

* Add slack irc bridge deployment

...

2c6f6231d3c5b7e7a2168575746b5bb086a8f7c1 authored over 7 years ago by anadahz <[email protected]>
Add the remaining feedback highlighted by @darkk

2e9d391ffe553c34d2e30cd3457b6de13d80b49e authored over 7 years ago by Arturo Filastò <[email protected]>
Write all log files to ~/.ooni-sysadmin/logs/ to keep working tree tidy

4f47b40521bacac93d16e3eaa3d63cfbf79abfc2 authored over 7 years ago by Arturo Filastò <[email protected]>
Add support for signing certs locally and then uploading them

As suggested by @darkk

3e03947c0f510a7b450f15106805c9cd564d3661 authored over 7 years ago by Arturo Filastò <[email protected]>
Split up proteus deployment playbooks

* Add admin password to vault
* Write the proteus notify certificates

968ca4d4a3daa31630d39ce66c3c57586bd884ea authored over 7 years ago by Arturo Filastò <[email protected]>