Hi all
I'm happy to let you know that new hardware has been ordered by Wikimedia
Deutschland and will arrive probably in about two weeks. We will get two new
systems:
* A more powerful web server, to replace hemlock: Sun Fire X4150, 2x Quad-Core
Xeon, 8GB RAM, 2x73GB SAS HDD. The current web server only has two cores.
* Another database server, to be used for S1 (english wikipedia), so S1 and S3
no longer have to share a server: Sun Fire X4250, 2x Quad-Core Xeon, 32GB RAM,
16x146GB SAS RAID.
This should improve performance and give us some head space for growth. Once the
new servers arrive, S3 will be re-imported too, so we will have live data again.
Any ideas for names? To stay with the nightshade theme, how about Jurubeba and
Erubia? Or perhaps we go the "witches' weed" way, with Datura and Mandrake?
Henbane is taken, i think. Amanita sounds nice, too :)
A third server has been ordered, which will also be installed in Amsterdam, but
will not be part of the toolserver cluster. It's a storage server (X4540, 24TB
RAID) that will keep a live backup of all media files.
Cheers,
Daniel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On the morning (UTC) of June 6th we will performance general maintenance[0]
on all servers. Services will be affected as follows:
Service | Expected impact
--------------------------+--------------------------------------------------
Entire platform | As described in maintenance schedule[0]
FishEye | Unavailable for < 10 minutes
[0] https://wiki.toolserver.org/view/Maintenance_schedule
Start time: Monday, 6th June, 0800h UTC (or possibly earlier)
http://time.tcx.org.uk/utc/2011-06-06/00:00
End time: Monday, 6th June, 1200h UTC (estimated)
http://time.tcx.org.uk/utc/2011-06-06/12:00
Details:
We will install current operating system patches on all servers, which will
require a reboot of each system.
--
We will enable IPv6 on the NFS server, which might make /home
unavailable for a short period even if hosts are up.
--
FishEye will be upgraded to 2.5.5.
--
We will perform general software upgrades for ts-specs (/opt/ts). A list of
software to be upgraded can be found at:
<https://wiki.toolserver.org/view/Admin:Pending_maintenance_tasks>
Some software may be unavailable or function incorrectly during the upgrade
process, which we estimate will take under 30 minutes.
Note: Mono will not be upgraded due to a build failure which was not
fixed in time for the maintenance.
ts-specs (/opt/ts software) changes
- -----------------------------------
We now build software with GCC stack-smashing protection (-fstack-protector) by
default, and several packages have been rebuilt to benefit from this. This
should not cause any user-noticable changes.
Some notable changes are detailed below:
webp
- ----
The "webpconv" binary is no longer provided; instead, use cwebp and dwebp.
OpenSSL
- -------
We will install a set of root CA certificates for OpenSSL, which will enable
SSL connections (e.g. from cURL or wget) to work by default, as long as the
certificate is valid, rather than requiring the user to provide a certificate
or disable checking.
The set of installed certificates will be the current Mozilla root certificate
set (from Firefox) and the Toolserver CA certificate from
https://fingerprints.toolserver.org.
Python 3
- --------
The default version of Python 3 (/usr/bin/python3) will change to 3.2. Python
3.1 will be removed during the following maintenance.
MySQL
- -----
The MySQL client will be upgraded to 5.5.12, and will move from
/opt/ts/mysql/5.1/bin to /opt/ts/bin. If you currently call "mysql" without a
path, you do not need to change anything. If you use
"/opt/ts/mysql/5.1/bin/mysql", you should change to "/opt/ts/bin/mysql" (or
preferably remove the path and rely on $PATH). The old (5.1) client will still
be available for now.
The MySQL client library will also move to /opt/ts/lib. The old client library
will still be available, but if you have any compiled software which links
against MySQL, you should re-compile it with the client library in /opt/ts/lib.
libpng
- ------
libpng has been upgraded from 1.4 to 1.5. A 1.4 runtime library is provided
for compatibility, but if you have any software that links against libpng, you
should recompile it with 1.5. The following warning (from the libpng
documentation) applies to this upgrade:
The libpng 1.5.x series continues the evolution of the libpng API,
finally hiding the contents of the venerable and hoary png_struct and
png_info data structures inside private (i.e., non-installed) header
files. Instead of direct struct-access, applications should be using
the various png_get_xxx() and png_set_xxx() accessor functions, which
have existed for almost as long as libpng itself. (Apps that compiled
against libpng 1.4 without warnings about deprecated features should
happily compile against 1.5, too.)
GCC
- ---
GCC has been upgraded to 4.6.0. This should be backwards compatible, so there
is no need to recompile software. There are two relevant changes for C++ users:
* If you define _XOPEN_SOURCE, you need to use -D_XOPEN_SOURCE=600.
-D_XOPEN_SOURCE=500 will not work.
* GCC 4.6 will no longer accept a const object without a ctor, i.e.:
struct S { };
const S o;
The fix is to either add an empty constructor, or explicitly default-initialise
the object:
const S o = S();
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3lYHIACgkQIXd7fCuc5vKCpgCfTKXkByYIjD8f7sFhSRk+kMSl
BksAoI86/sVpyhFt6YoFpYjI+OUS+OQj
=+Pc2
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
It is now possible to access toolserver.org via SSL, e.g.
<https://toolserver.org/~river/>. This is otherwise identical to normal
HTTP access.
Unfortunately, because of how this is implemented, it's not possible to
require that SSL be used for a particular page, or for a CGI script to
check if SSL is in use. If anyone has a need for this, it might be
possible to implement <https://secure.toolserver.org/> or similar.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3lXzYACgkQIXd7fCuc5vKg7ACgiwaaPDKhhabddeQsQI0la0OJ
rFkAn3/jyhY6XyupfT/FozxbpfK6MHiz
=9+QL
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have switched toolserver.org HTTP to use a Squid reverse proxy for
load-balancing instead of Solaris Cluster. In case of problems (like
odd HTTP errors), please file an issue in JIRA.
NB: This is unrelated to the previous IPv6 changes.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3kKkUACgkQIXd7fCuc5vK+JACglpYP1/yEV0k66fByrDT+Ztom
x7QAmwXkPp9zXkhXRgIs6u4g5+ob4INh
=vX+x
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
During the next maintenance window I plan to start the (somewhat
overdue) deployment of IPv6 at the Toolserver. In preparation for this,
I will be adding IPv6 addresses to all hosts today.
I don't expect this to cause any problems for users, except that the IP
address for willow (which already has one) will change. I will leave
the old IP in place until everything has migrated, but the new IP will
be used for outgoing connections.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3h5w4ACgkQIXd7fCuc5vIc4QCggvuH0CpZ1scPjb82g8xjxcmX
IkoAoK8xKuYW2WO8Zqv4T8qUbamZPAvQ
=c2zi
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have added a page on the wiki to suggest new features or changes to
the Toolserver: <https://wiki.toolserver.org/view/Suggestions>. If you
have a suggestion (even if you think it's not feasible), you can add it
to that page we will consider it.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3f+5oACgkQIXd7fCuc5vK55wCgn6AYfpneISzv50AXWradPBFm
mpUAnjC0680tZVpRBJvR3waEnUa2nqlU
=l1UE
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
At some point in the future we plan to make some changes to how mail
sending on the Toolserver works. Unless you have tools which send mail
(not including mail from cron or SGE), this change does not affect you.
Specifically, we will no longer allow users to inject mail into the
Toolserver mail system via SMTP, unless the mail is to a Toolserver
address; in other words, internal hosts will be treated identically to
any Internet host. This means you cannot send mail via SMTP to
mail.toolserver.org or localhost.
It will also be forbidden to send mail directly to Internet hosts,
but this will not be enforced by technical means.
If you send mail using /usr/lib/sendmail (or a comparable mechanism,
such as /usr/bin/mail or Mutt), you do not need to do anything. (This
includes PHP's mail() function.)
If you send mail via SMTP, you should stop doing that, and instead use
/usr/lib/sendmail. This generally means invoking
"/usr/lib/sendmail -oi -bm -- <address>" and sending the mail body to
it on stdin (including headers). Remember to escape any shell
metacharacters in the address, if applicable.
It should generally be trivial to convert anything that uses SMTP to use
sendmail instead, and you should do this now rather than waiting. If
you think this is not possible for some reason, you should let us know
sooner rather than later.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3f5k8ACgkQIXd7fCuc5vLKwQCgnb388KrYECUXroxuogkART3p
VMgAn1vZGwNyr7POKIKqP+DM3gxYpcN3
=7Dq0
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The SSL certificate for https://svn.toolserver.org has changed. The new
fingerprint is available on <https://fingerprints.toolserver.org/> and
also below:
SHA-1: E8:62:65:9A:89:CA:1C:0D:8B:97:80:93:F3:CA:04:F7:5F:B8:A8:D5
SHA-256: 4D:45:9B:60:E1:82:F6:57:4B:D0:EB:66:1C:22:25:21:95:24:2E:5A:7C:A6:C1:BC:B7:6D:FC:F4:6C:AF:84:E4
Your SVN client may require you to (re-)accept this key before you can
access the repository.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (SunOS)
iEYEARECAAYFAk3eYHMACgkQIXd7fCuc5vKW4ACdGqJNwbqxWfe8h828VNSkJjb/
pxAAoJ3hF/V8vC4G/wcsf/nBBVAVqOKd
=ebwa
-----END PGP SIGNATURE-----
As you know, there has been a license change of openstreetmap that rejects
creative commons.
http://wiki.openstreetmap.org/wiki/Open_Database_License
there are a number of forks of the osm data set under the creative commons
license, one is fosm.org that is to continue under the cc-by-sa license.
Would it be possible to use the toolserver for rendering of the fosm tiles?
https://wiki.toolserver.org/view/Rules mentions openstreetmap and related
projects, this project is related but not the same.
please advise, thanks
mike
--
James Michael DuPont
Member of Free Libre Open Source Software Kosova and Albania flossk.orgflossal.org