-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
the stable server will be shut down at 5AM UTC, June 14th, for maintenance.
this should last less than one hour.
web services hosted on vandale (JIRA, Confluence, MediaWiki, FishEye, Roller)
will also be affected.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkhSN+AACgkQIXd7fCuc5vKuwQCggIZvvhUhEuPf0sk50G0xs4Er
FqkAn3skZnMt0yLz1N8mJNx/O2zgYG5m
=sOKB
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nikola Smolenski:
> No free license?
not sure there's much point using a free license for a blog, but i've added a
CC-BY license.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkhAu0oACgkQIXd7fCuc5vKQQQCeM+EWkGILWIBH2BaM3XWk17zG
qcYAn2SSsfPt8vBKMdgGJUX3Q0YMkkkT
=YKuH
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hello,
toolserver.org can now be used for SSH logins (login.toolserver.org), URLs
(http://toolserver.org/~username/), and email (username(a)toolserver.org).
moving of other services (e.g. JIRA) will happen later.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkg8L5MACgkQIXd7fCuc5vJkzwCdEItVtTfXTVjKqScv/XR4oF5v
iNYAoKDnIgf3hz2dLSoF3c+PTNBDnaRt
=hKwr
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
per [0], i have disabled the authorized_keys of users with affected keys.
if you can no longer log into hemlock, you should contact ts-admins(a)wikimedia.org
and provide a new public key, generated on a system which is not using the
affected version of OpenSSL.
- river.
[0] http://lists.debian.org/debian-security-announce/2008/msg00152.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
iEYEARECAAYFAkgq4FQACgkQIXd7fCuc5vKKZACgkT3HhKdWcpSNAV6nlikLCJd7
EE4An0/Id2wOLjhK8mMlzfkU0L72kxjf
=CUQ9
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
anyone who has used hemlock to generate cryptographic keys (e.g. SSL
certificates or SSH keys), or used keys generated elsewhere on
hemlock, should be aware of this Debian security advisory:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
such keys should be considered compromised, and replaced with newly
generated keys. the version of OpenSSL currently installed on
hemlock is not affected by this problem.
this does not affect keys generated or used on the stable server.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIKY9FIXd7fCuc5vIRAlugAKCFXJwNlKw+iLWwGo/5yQCHO43LcgCfV19J
XpAR+TE9OFKv0TvF4a3yfdI=
=cZ29
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
over the next couple of weeks (hopefully) a couple of changes will be
made to the toolserver that affect users.
1. toolserver.org
the toolserver will move to the new domain "toolserver.org". this
will have the following effects on the names of things:
- - URLs for users' public_html directories, i.e.
http://tools.wikimedia.de/~<username>/, will change to
http://toolserver.org/~<username>/.
the old URLs will redirect (HTTP moved permanently) to the new
address.
- - services under *.ts.wikimedia.org will move to the same name
under toolserver.org. for example, http://wiki.ts.wikimedia.org/
will become http://wiki.toolserver.org/.
this does not apply to stable.ts.wikimedia.org; please read below
if you have projects on the stable server.
- - email addresses for toolserver users will be of the form
"<username>@toolserver.org". existing addresses of the form
"<username>@ts.wikimedia.org", "<username>@tools.wikimedia.de"
and "<username>@hemlock.ts.wikimedia.org" will continue to work.
(please remember that these addressses are only to be used for
purposes directly related to the toolserver, they are not
general-purpose forwarding addresses.)
some things will not change: the mailing lists (which will remain at
lists.wikimedia.org), the ts-admins support address (which will
remain at wikimedia.org).
2. new login server
a new login server will be added; hemlock (the existing login server)
will become the web server. no name has been chosen for the new
server, but rather than logging into the server by name, a new alias
will be added: login.toolserver.org. this is the host users should
connect to via SSH to log in. (this should have been done when hemlock
was installed; sorry for the inconvenience.)
it will still be possible to log in to hemlock for the sole purpose of
diagnosing problems with CGI scripts; running any other tasks on that
server will be forbidden.
migration from hemlock to the new login server is expected to take
less than a day, during which both servers will be inaccessible. other
than the name, the new server will appear identical to hemlock;
crontabs will be copied, an identical set of software will be
installed, etc.
changes to the login server (e.g. software installation) will be made
to the web server at the same time, so there should be no problems
with developing scripts on one system and running them on the other.
3. new stable server
the current stable.ts.wikimedia.org is a virtual server on vandale.
we will be installing a new server to replace this.
the new server will have an identical configuration (in terms of
software, user/project setup, etc.) to the current stable server.
however, home directories and projects will not be copied over
automatically. rather, the old server at stable.ts.wikimedia.org
will remain up, and the new server will be called
stable.toolserver.org. when a project is ready, it will be moved to
the new server and an HTTP redirect (if applicable) added on the old
server. projects can be moved by an administrator, or by a project
developer, whichever is easier.
other than the move, there will be no downtime for tools hosted on
the stable server.
- ----
there is no fixed timeline for these changes. the move to
toolserver.org will happen soonest; Arne should have assigned the
domain to us by today (Tuesday) at which time i will begin the
migration immediately.
as the load on hemlock is more urgent than the stable server, this
will happen next, depending on when the server is set up at the colo
(hopefully that will be this week). i'll send another mail to the
list when we're ready to start on this.
the new stable server will be set up after the migration to the new
login server is complete.
if you have any questions about these changes, please reply to
toolserver-l (not my personal address).
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIDVH/IXd7fCuc5vIRAqkyAJ9sgvFiyyw1htkn4MW7WblWxlRBKgCgrdmT
uT426/vTgHI+caLwrSpu+Oo=
=LtFg
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
from the update notes for the latest subversion package in Debian,
which is now installed on hemlock:
If you are using BDB repositories, you will get "DB_VERSION_MISMATCH"
errors when you try to use them with recent Subversion, due to the move
to db4.6. To fix this, just run 'svnadmin recover /path/to/repo' for
each affected repository. We apologise for the inconvenience.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH5AW0IXd7fCuc5vIRArh6AJ0fdOAiWc9BEl421NBy3pE8Gp2QigCfeE2L
LX6bEDnqzCH766fE0upui1s=
=OsZN
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
maintenance at Wikimedia has resulted in the MySQL binlogs for s3
being deleted before the toolserver was able to replicate them. the
only way to fix this is to dump and reimport the entire cluster;
until that is done, s3 will not replicate.
this will take at least a few days to fix.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH0Yf2IXd7fCuc5vIRAll9AJ94+ObLsl3JanGZc7988WQ5yeHhSACfZwUs
maVr2xkE10JSU32Hq3Pl/GE=
=FD2z
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hello,
as you may have noticed, there is a shortage of spare time for the
current toolserver admins, which means it takes a long time for
requests to get done. i would like to add an additional admin (or
several) to help the situation.
if you're interested, please drop me a mail. ideally, candidates
will:
+ have been a member of a Wikimedia project for a long time, with
some level of additional access (e.g. checkuser, OTRS, ...)
+ have an advanced knowledge of Unix (at least several years
experience)
+ have experience with Linux or Solaris system administration in a
production environment (another Unix would be okay if you're
willing to learn something new)
+ have experience with MySQL database administration
+ be available on the toolserver IRC channel to help users (this
isn't a requirement, but it would be helpful)
+ experience with these products/technologies would be an advantage:
Apache; JIRA; PostgreSQL; Sun Web Server; Sun Directory Server / LDAP;
GlassFish; Kerberos; StorageTek SAM-QFS; Veritas.
the job of a toolserver admin is to:
+ process user requests in the TS and SUPPORT projects in JIRA
+ create new user accounts
+ make sure the toolserver systems are working acceptably (for
example, resolving performance problems with the system or broken
tools)
+ participate in discussions about the future of the toolserver (for
example, what hardware to buy, what additional services to offer,
etc.)
please, no CVs (but a short description of your background/experience
is fine). anyone who is accepted will be required to provide the
Wikimedia office with proof of their real-life identity; please don't
apply if you're not comfortable with that.
as this is a volunteer position, the amount of time you put into it
is entirely up to you; but at a minimum, you should be willing to
spend at least a couple of hours each week on the toolserver.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH0ShVIXd7fCuc5vIRAhjVAKC+5i5JUJj8KUDCNjGliIOufyyTOACeLAS8
LpQ66as5esGLgds1OaQOtJM=
=9XKz
-----END PGP SIGNATURE-----