Toolserver-l June 2011

toolserver-l@lists.wikimedia.org

35 participants
21 discussions

Apache testing
by River Tarnell 20 Jun '11

20 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've set up an Apache instance on wolfsbane for testing. Please have a look at <https://wiki.toolserver.org/view/Apache_testing> and then test your tools (note the caveat about PHP, in particular). We're not in any rush to move off ZWS, so this is mostly just preliminary testing. Nonetheless, it would be useful to know about any problems now rather than later. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk3/ahAACgkQIXd7fCuc5vI6+gCfe58t1WD4D1NYnQlACu5miPjV WUsAnR0jWJDB2bkXFQFl2qhnPUt3iDfX =EFB1 -----END PGP SIGNATURE-----

2 3

Outage
by River Tarnell 18 Jun '11

18 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, There was an outage this morning (mostly of the web server) caused by a fault on the fibre between hemlock and its storage array, which hosts user-store. I have unmounted user-store until the problem is resolved, so www is now working again. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk38jgYACgkQIXd7fCuc5vJyGgCgj0fRjG/YA9QHkLdBY4EVDqwu PvYAn1Pen5ayAadqbsL9Awlbc8+sSgzk =VtdB -----END PGP SIGNATURE-----

2 2

Maintenance on web servers
by River Tarnell 17 Jun '11

17 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Either today or tomorrow I will be reinstalling the two web servers (wolfsbane and ortelius). This should not have any effect on users, and crontabs will be backed up and restored afterwards. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk37lngACgkQIXd7fCuc5vLK+ACgp1nGvciXLPNgbn5M3R9Zl4As b4gAn1tJaeFegx7JDO8MGFC1WuuwmYTL =Azzf -----END PGP SIGNATURE-----

1 0

General maintenance notice: Monday, June 6th
by River Tarnell 16 Jun '11

16 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On the morning (UTC) of June 6th we will performance general maintenance[0] on all servers. Services will be affected as follows: Service | Expected impact --------------------------+-------------------------------------------------- Entire platform | As described in maintenance schedule[0] FishEye | Unavailable for < 10 minutes [0] https://wiki.toolserver.org/view/Maintenance_schedule Start time: Monday, 6th June, 0800h UTC (or possibly earlier) http://time.tcx.org.uk/utc/2011-06-06/00:00 End time: Monday, 6th June, 1200h UTC (estimated) http://time.tcx.org.uk/utc/2011-06-06/12:00 Details: We will install current operating system patches on all servers, which will require a reboot of each system. -- We will enable IPv6 on the NFS server, which might make /home unavailable for a short period even if hosts are up. -- FishEye will be upgraded to 2.5.5. -- We will perform general software upgrades for ts-specs (/opt/ts). A list of software to be upgraded can be found at: <https://wiki.toolserver.org/view/Admin:Pending_maintenance_tasks> Some software may be unavailable or function incorrectly during the upgrade process, which we estimate will take under 30 minutes. Note: Mono will not be upgraded due to a build failure which was not fixed in time for the maintenance. ts-specs (/opt/ts software) changes - ----------------------------------- We now build software with GCC stack-smashing protection (-fstack-protector) by default, and several packages have been rebuilt to benefit from this. This should not cause any user-noticable changes. Some notable changes are detailed below: webp - ---- The "webpconv" binary is no longer provided; instead, use cwebp and dwebp. OpenSSL - ------- We will install a set of root CA certificates for OpenSSL, which will enable SSL connections (e.g. from cURL or wget) to work by default, as long as the certificate is valid, rather than requiring the user to provide a certificate or disable checking. The set of installed certificates will be the current Mozilla root certificate set (from Firefox) and the Toolserver CA certificate from https://fingerprints.toolserver.org. Python 3 - -------- The default version of Python 3 (/usr/bin/python3) will change to 3.2. Python 3.1 will be removed during the following maintenance. MySQL - ----- The MySQL client will be upgraded to 5.5.12, and will move from /opt/ts/mysql/5.1/bin to /opt/ts/bin. If you currently call "mysql" without a path, you do not need to change anything. If you use "/opt/ts/mysql/5.1/bin/mysql", you should change to "/opt/ts/bin/mysql" (or preferably remove the path and rely on $PATH). The old (5.1) client will still be available for now. The MySQL client library will also move to /opt/ts/lib. The old client library will still be available, but if you have any compiled software which links against MySQL, you should re-compile it with the client library in /opt/ts/lib. libpng - ------ libpng has been upgraded from 1.4 to 1.5. A 1.4 runtime library is provided for compatibility, but if you have any software that links against libpng, you should recompile it with 1.5. The following warning (from the libpng documentation) applies to this upgrade: The libpng 1.5.x series continues the evolution of the libpng API, finally hiding the contents of the venerable and hoary png_struct and png_info data structures inside private (i.e., non-installed) header files. Instead of direct struct-access, applications should be using the various png_get_xxx() and png_set_xxx() accessor functions, which have existed for almost as long as libpng itself. (Apps that compiled against libpng 1.4 without warnings about deprecated features should happily compile against 1.5, too.) GCC - --- GCC has been upgraded to 4.6.0. This should be backwards compatible, so there is no need to recompile software. There are two relevant changes for C++ users: * If you define _XOPEN_SOURCE, you need to use -D_XOPEN_SOURCE=600. -D_XOPEN_SOURCE=500 will not work. * GCC 4.6 will no longer accept a const object without a ctor, i.e.: struct S { }; const S o; The fix is to either add an empty constructor, or explicitly default-initialise the object: const S o = S(); - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk3lYHIACgkQIXd7fCuc5vKCpgCfTKXkByYIjD8f7sFhSRk+kMSl BksAoI86/sVpyhFt6YoFpYjI+OUS+OQj =+Pc2 -----END PGP SIGNATURE-----

4 6

Python module missing
by Kay Drangmeister 14 Jun '11

14 Jun '11

Hi. Some of my python scripts use the psycopg2 module, which existed before but seems to be gone now on willow: kayd@willow:~/parkingicons$ which python /opt/ts/python/2.7/bin/python kayd@willow:~/parkingicons$ python Python 2.7.1 (r271:86832, Jan 4 2011, 13:57:14) [GCC 4.5.2] on sunos5 Type "help", "copyright", "credits" or "license" for more information. >>> import psycopg2 Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: No module named psycopg2 or on nightshade: kayd@nightshade:~/parkingicons$ which python /opt/ts/python/2.7/bin/python kayd@nightshade:~/parkingicons$ python Python 2.7.1 (r271:86832, Jan 4 2011, 13:57:14) [GCC 4.5.2] on sunos5 Type "help", "copyright", "credits" or "license" for more information. >>> import psycopg2 Traceback (most recent call last): File "<stdin>", line 1, in <module> ImportError: No module named psycopg2 >>> Could you please re-install it, or could I do that myself? psycopg2 is used for postrges interfacing: http://www.initd.org/psycopg/ If there is a (better) alternative I should use instead, I would be pleased to use it :-) Kind regards, Kay

2 1

Changes to TS structures affecting ACC's IP recording
by Manish Goregaokar 10 Jun '11

10 Jun '11

Recently there have been a few changes to the toolserver, including IPv6. Around the same time, ACC (enwp Account Creation Project) stopped recording request IPs and replacing them with wikimedia IPs. Examples are 91.198.174.197 and 91.198.174.208. Could it be anything from the toolserver side? I don't think we have had any changes made to the ACC code in the past few days (Though stwalkerster might have updated the stuff from the sandbox to live--though we haven't had any changes in the IP section anyways). -ManishEarth

5 5

Re: [Toolserver-l] [Maps-l] IPv6 test day on toolserver / tileserver?
by River Tarnell 08 Jun '11

08 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 River Tarnell: > Kai Krueger: > > tomorrow is world IPv6 day [1]. If I have read correctly, Wikimedia is > > intending to participate in the test day. I was wondering if that > > extends to the toolserver as well and in particular to the tile server? > No. Actually, I changed my mind: toolserver.org. 3600 IN AAAA 2620:0:862:101::1:4 We'll see how it goes. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk3uu4UACgkQIXd7fCuc5vL1agCgmBXeeo+OHiBLkbkCWR4lYtYt CFMAmgIENbHGd2+BPXlV9MRjuu8vJCqt =Mgtr -----END PGP SIGNATURE-----

1 0

Two Python libraries
by Alex Brollo 07 Jun '11

07 Jun '11

While testing a way to convert it.source texts into ePub format, a friend asked me to know if genshi <http://genshi.edgewall.org/wiki/Download> and lxml <http://pypi.python.org/pypi/lxml/> (python libraries) are already installed and usable into toolserver. I told him that I didn't know... and even if I knew that they are installed, I had no idea about their access and use. I browsed a little into toolserver wiki, but I didn't find anything about shared python libraries. Can I have some help and direction by you? Thanks! Alex brollo <http://pypi.python.org/pypi/lxml/>

2 2

Re: [Toolserver-l] operating systems and web servers
by Jeremy Baron 07 Jun '11

07 Jun '11

(Take with some grains of salt: never used FreeBSD or Solaris shells myself and am not a ts-admin. Also, this is a cell phone and I shouldn't even be awake now!) Also, what do you lose with FreeBSD? so far I can think of: * zfs dedupe * there's no longer a single "goto" company to get support from (guessing...) so you lose that annual cost but it may be non trivial to find the right hacker to find/fix a problem in an emergency. of course much of that support is likely to come for free (a guess) * you're still a different platform from the rest of wikimedia (basically the foundation) and so lose economy of scale * you mentioned SGE would still be available but it may be unmaintained (last I checked its enwp article, it said oracle was close sourcing it) just to keep in mind, I wouldn't stay just for SGE things you lose with linux vs. FreeBSD: * zfs is gone and (assuming lvm2 + traditional RAID vs. zfs) generally thin storage provisioning and snapshotting is much more limited and wasteful and fragile/more room for error. also most storage expansions will end up w/ transition periods that have *no* redundancy. * zones/jails I haven't kept up with the status in the last ~8 months but debian-kfreebsd may have matured enough to warrant a look. (See #debian-kbsd on oftc) -Jeremy On Jun 7, 2011 2:58 AM, "Daniel Kinzler" <daniel(a)brightbyte.de> wrote:

3 2

operating systems and web servers
by River Tarnell 07 Jun '11

07 Jun '11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, So, this is not an announcement of any intent to change anything, I just want to get an idea of how people feel about two things we could, perhaps, change in the future: 1. ZWS to Apache on the web server 2. Solaris to FreeBSD on login servers #2 depends on #1, so it seems sensible to discuss both together. I don't have any strong opinion about either of these myself, but I would like to hear what users think. ZWS to Apache: I know it annoyed people when we moved from Apache to ZWS initially, because rewrite rules had to be redone, some .htaccess stuff stopped working, etc. At the time we were using mod_suphp for per-user (suexec) PHP scripts, and it was extremely inefficient; the system spent most of its time doing nothing. ZWS allowed us to fix the problem cheaply (no new hardware required), and I think for most users it worked just the same. Since then, two things have changed: firstly, Apache with mod_fcgid now has decent FastCGI support, and with only a little work could be made to support suexec PHP as well. Secondly, ZWS is now in maintenance, and won't see any further development (so it might be better to switch now, rather than wait until one month before ZWS support ends entirely and be forced to switch). With that in mind, it makes sense to consider moving back to Apache. The main downside is that rewrite rules would have to be converted back to Apache format (mod_rewrite). OTOH, .htaccess features missing from ZWS would be available again (I don't know if anyone actually needs this, but I believe at least a few users have complained about missing features.) Solaris to FreeBSD: Of the two changes, I think this one would actually be the less disruptive. For users, nearly everything would stay the same: we already provide the GNU userland ('ls', etc) by default (and would continue to do so) and the third-party software in /opt/ts would be identical, as would cronie, SGE, Perl/Python/..., etc. Software-wise, since nothing would really change, I don't see any particular advantages for users. Disadvantages: 'ps -eaf' would stop working ;-) and anyone with locally-compiled software (C/C++, or XS Perl modules, etc.) would need to recompile them. For us (admins), the main advantage is reduced maintenance overhead: FreeBSD releases a new minor version about once a year, and supports each for 2 years; each release branch only gets very infrequent updates for security or errata. In comparison, there is a new Solaris update every 6 months, and during yesterday's maintenance we installed 358 (!) separate patches. Oracle doesn't provide a security-updates-only release, and it's difficult to mix-and-match patches (e.g. to only get security patches). This doesn't directly affect users, but fewer OS changes should lead to less lengthy / disruptive maintenance and less frequent reboots. OTOH, I don't know if this has a noticeable impact on users at the moment, and the previous maintenance was the first for ~170 days. - river. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iEYEARECAAYFAk3thyIACgkQIXd7fCuc5vJjsgCfYfbW28r+eW3Lr6L1T+BrzGV/ v4YAn3lkZ7+YfG8ajKBQRx7DBQRKhfnS =lcFN -----END PGP SIGNATURE-----

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Toolserver-l June 2011