-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've set up an Apache instance on wolfsbane for testing. Please have a
look at <https://wiki.toolserver.org/view/Apache_testing> and then test
your tools (note the caveat about PHP, in particular).
We're not in any rush to move off ZWS, so this is mostly just
preliminary testing. Nonetheless, it would be useful to know about any
problems now rather than later.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3/ahAACgkQIXd7fCuc5vI6+gCfe58t1WD4D1NYnQlACu5miPjV
WUsAnR0jWJDB2bkXFQFl2qhnPUt3iDfX
=EFB1
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
There was an outage this morning (mostly of the web server) caused by a
fault on the fibre between hemlock and its storage array, which hosts
user-store. I have unmounted user-store until the problem is resolved,
so www is now working again.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk38jgYACgkQIXd7fCuc5vJyGgCgj0fRjG/YA9QHkLdBY4EVDqwu
PvYAn1Pen5ayAadqbsL9Awlbc8+sSgzk
=VtdB
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Either today or tomorrow I will be reinstalling the two web servers
(wolfsbane and ortelius). This should not have any effect on users,
and crontabs will be backed up and restored afterwards.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk37lngACgkQIXd7fCuc5vLK+ACgp1nGvciXLPNgbn5M3R9Zl4As
b4gAn1tJaeFegx7JDO8MGFC1WuuwmYTL
=Azzf
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On the morning (UTC) of June 6th we will performance general maintenance[0]
on all servers. Services will be affected as follows:
Service | Expected impact
--------------------------+--------------------------------------------------
Entire platform | As described in maintenance schedule[0]
FishEye | Unavailable for < 10 minutes
[0] https://wiki.toolserver.org/view/Maintenance_schedule
Start time: Monday, 6th June, 0800h UTC (or possibly earlier)
http://time.tcx.org.uk/utc/2011-06-06/00:00
End time: Monday, 6th June, 1200h UTC (estimated)
http://time.tcx.org.uk/utc/2011-06-06/12:00
Details:
We will install current operating system patches on all servers, which will
require a reboot of each system.
--
We will enable IPv6 on the NFS server, which might make /home
unavailable for a short period even if hosts are up.
--
FishEye will be upgraded to 2.5.5.
--
We will perform general software upgrades for ts-specs (/opt/ts). A list of
software to be upgraded can be found at:
<https://wiki.toolserver.org/view/Admin:Pending_maintenance_tasks>
Some software may be unavailable or function incorrectly during the upgrade
process, which we estimate will take under 30 minutes.
Note: Mono will not be upgraded due to a build failure which was not
fixed in time for the maintenance.
ts-specs (/opt/ts software) changes
- -----------------------------------
We now build software with GCC stack-smashing protection (-fstack-protector) by
default, and several packages have been rebuilt to benefit from this. This
should not cause any user-noticable changes.
Some notable changes are detailed below:
webp
- ----
The "webpconv" binary is no longer provided; instead, use cwebp and dwebp.
OpenSSL
- -------
We will install a set of root CA certificates for OpenSSL, which will enable
SSL connections (e.g. from cURL or wget) to work by default, as long as the
certificate is valid, rather than requiring the user to provide a certificate
or disable checking.
The set of installed certificates will be the current Mozilla root certificate
set (from Firefox) and the Toolserver CA certificate from
https://fingerprints.toolserver.org.
Python 3
- --------
The default version of Python 3 (/usr/bin/python3) will change to 3.2. Python
3.1 will be removed during the following maintenance.
MySQL
- -----
The MySQL client will be upgraded to 5.5.12, and will move from
/opt/ts/mysql/5.1/bin to /opt/ts/bin. If you currently call "mysql" without a
path, you do not need to change anything. If you use
"/opt/ts/mysql/5.1/bin/mysql", you should change to "/opt/ts/bin/mysql" (or
preferably remove the path and rely on $PATH). The old (5.1) client will still
be available for now.
The MySQL client library will also move to /opt/ts/lib. The old client library
will still be available, but if you have any compiled software which links
against MySQL, you should re-compile it with the client library in /opt/ts/lib.
libpng
- ------
libpng has been upgraded from 1.4 to 1.5. A 1.4 runtime library is provided
for compatibility, but if you have any software that links against libpng, you
should recompile it with 1.5. The following warning (from the libpng
documentation) applies to this upgrade:
The libpng 1.5.x series continues the evolution of the libpng API,
finally hiding the contents of the venerable and hoary png_struct and
png_info data structures inside private (i.e., non-installed) header
files. Instead of direct struct-access, applications should be using
the various png_get_xxx() and png_set_xxx() accessor functions, which
have existed for almost as long as libpng itself. (Apps that compiled
against libpng 1.4 without warnings about deprecated features should
happily compile against 1.5, too.)
GCC
- ---
GCC has been upgraded to 4.6.0. This should be backwards compatible, so there
is no need to recompile software. There are two relevant changes for C++ users:
* If you define _XOPEN_SOURCE, you need to use -D_XOPEN_SOURCE=600.
-D_XOPEN_SOURCE=500 will not work.
* GCC 4.6 will no longer accept a const object without a ctor, i.e.:
struct S { };
const S o;
The fix is to either add an empty constructor, or explicitly default-initialise
the object:
const S o = S();
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3lYHIACgkQIXd7fCuc5vKCpgCfTKXkByYIjD8f7sFhSRk+kMSl
BksAoI86/sVpyhFt6YoFpYjI+OUS+OQj
=+Pc2
-----END PGP SIGNATURE-----
Hi.
Some of my python scripts use the psycopg2 module, which existed before
but seems to be gone now on willow:
kayd@willow:~/parkingicons$ which python
/opt/ts/python/2.7/bin/python
kayd@willow:~/parkingicons$ python
Python 2.7.1 (r271:86832, Jan 4 2011, 13:57:14)
[GCC 4.5.2] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> import psycopg2
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named psycopg2
or on nightshade:
kayd@nightshade:~/parkingicons$ which python
/opt/ts/python/2.7/bin/python
kayd@nightshade:~/parkingicons$ python
Python 2.7.1 (r271:86832, Jan 4 2011, 13:57:14)
[GCC 4.5.2] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> import psycopg2
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named psycopg2
>>>
Could you please re-install it, or could I do that myself?
psycopg2 is used for postrges interfacing: http://www.initd.org/psycopg/
If there is a (better) alternative I should use instead, I would be
pleased to use it :-)
Kind regards,
Kay
Recently there have been a few changes to the toolserver, including IPv6.
Around the same time, ACC (enwp Account Creation Project) stopped recording
request IPs and replacing them with wikimedia IPs. Examples
are 91.198.174.197 and 91.198.174.208. Could it be anything from the
toolserver side? I don't think we have had any changes made to the ACC code
in the past few days (Though stwalkerster might have updated the stuff from
the sandbox to live--though we haven't had any changes in the IP section
anyways).
-ManishEarth
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
River Tarnell:
> Kai Krueger:
> > tomorrow is world IPv6 day [1]. If I have read correctly, Wikimedia is
> > intending to participate in the test day. I was wondering if that
> > extends to the toolserver as well and in particular to the tile server?
> No.
Actually, I changed my mind:
toolserver.org. 3600 IN AAAA 2620:0:862:101::1:4
We'll see how it goes.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3uu4UACgkQIXd7fCuc5vL1agCgmBXeeo+OHiBLkbkCWR4lYtYt
CFMAmgIENbHGd2+BPXlV9MRjuu8vJCqt
=Mgtr
-----END PGP SIGNATURE-----
While testing a way to convert it.source texts into ePub format, a friend
asked me to know if genshi <http://genshi.edgewall.org/wiki/Download> and
lxml <http://pypi.python.org/pypi/lxml/> (python libraries) are already
installed and usable into toolserver. I told him that I didn't know... and
even if I knew that they are installed, I had no idea about their access and
use.
I browsed a little into toolserver wiki, but I didn't find anything about
shared python libraries. Can I have some help and direction by you? Thanks!
Alex brollo
<http://pypi.python.org/pypi/lxml/>
(Take with some grains of salt: never used FreeBSD or Solaris shells myself
and am not a ts-admin. Also, this is a cell phone and I shouldn't even be
awake now!)
Also, what do you lose with FreeBSD?
so far I can think of:
* zfs dedupe
* there's no longer a single "goto" company to get support from
(guessing...) so you lose that annual cost but it may be non trivial to find
the right hacker to find/fix a problem in an emergency. of course much of
that support is likely to come for free (a guess)
* you're still a different platform from the rest of wikimedia (basically
the foundation) and so lose economy of scale
* you mentioned SGE would still be available but it may be unmaintained
(last I checked its enwp article, it said oracle was close sourcing it) just
to keep in mind, I wouldn't stay just for SGE
things you lose with linux vs. FreeBSD:
* zfs is gone and (assuming lvm2 + traditional RAID vs. zfs) generally thin
storage provisioning and snapshotting is much more limited and wasteful and
fragile/more room for error. also most storage expansions will end up w/
transition periods that have *no* redundancy.
* zones/jails
I haven't kept up with the status in the last ~8 months but debian-kfreebsd
may have matured enough to warrant a look. (See #debian-kbsd on oftc)
-Jeremy
On Jun 7, 2011 2:58 AM, "Daniel Kinzler" <daniel(a)brightbyte.de> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
So, this is not an announcement of any intent to change anything, I just
want to get an idea of how people feel about two things we could,
perhaps, change in the future:
1. ZWS to Apache on the web server
2. Solaris to FreeBSD on login servers
#2 depends on #1, so it seems sensible to discuss both together.
I don't have any strong opinion about either of these myself, but I
would like to hear what users think.
ZWS to Apache:
I know it annoyed people when we moved from Apache to ZWS initially,
because rewrite rules had to be redone, some .htaccess stuff stopped
working, etc. At the time we were using mod_suphp for per-user (suexec)
PHP scripts, and it was extremely inefficient; the system spent most of
its time doing nothing. ZWS allowed us to fix the problem cheaply (no
new hardware required), and I think for most users it worked just the
same.
Since then, two things have changed: firstly, Apache with mod_fcgid now
has decent FastCGI support, and with only a little work could be made to
support suexec PHP as well. Secondly, ZWS is now in maintenance, and
won't see any further development (so it might be better to switch now,
rather than wait until one month before ZWS support ends entirely and be
forced to switch).
With that in mind, it makes sense to consider moving back to Apache.
The main downside is that rewrite rules would have to be converted back
to Apache format (mod_rewrite). OTOH, .htaccess features missing from
ZWS would be available again (I don't know if anyone actually needs
this, but I believe at least a few users have complained about missing
features.)
Solaris to FreeBSD:
Of the two changes, I think this one would actually be the less
disruptive. For users, nearly everything would stay the same: we
already provide the GNU userland ('ls', etc) by default (and would
continue to do so) and the third-party software in /opt/ts would be
identical, as would cronie, SGE, Perl/Python/..., etc.
Software-wise, since nothing would really change, I don't see any
particular advantages for users. Disadvantages: 'ps -eaf' would stop
working ;-) and anyone with locally-compiled software (C/C++, or XS Perl
modules, etc.) would need to recompile them.
For us (admins), the main advantage is reduced maintenance overhead:
FreeBSD releases a new minor version about once a year, and supports
each for 2 years; each release branch only gets very infrequent updates
for security or errata. In comparison, there is a new Solaris update
every 6 months, and during yesterday's maintenance we installed 358 (!)
separate patches. Oracle doesn't provide a security-updates-only
release, and it's difficult to mix-and-match patches (e.g. to only get
security patches).
This doesn't directly affect users, but fewer OS changes should lead to
less lengthy / disruptive maintenance and less frequent reboots. OTOH,
I don't know if this has a noticeable impact on users at the moment, and
the previous maintenance was the first for ~170 days.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3thyIACgkQIXd7fCuc5vJjsgCfYfbW28r+eW3Lr6L1T+BrzGV/
v4YAn3lkZ7+YfG8ajKBQRx7DBQRKhfnS
=lcFN
-----END PGP SIGNATURE-----