Yesterday we were having lots of issues with proxy01/10 in IAD2.
They would stop processing connections. Restarting httpd seemed to clear
it up for a while, then it would get stuck again.
My current theory is that we were hitting the limit of 900 clients for
some reason and it wasn't processing them correctly when it got to that
So, I increased that limit to 1500 and also setup a SSL session cache
(which it was complaining about that we didn't have). Since then,
proxy01/10 with those changes have been running ok.
I'd like to push this out to the other proxies now as well, as some of
them have been alerting from time to time and it could be this same
I already pushed this commit because I wanted 01/10 to be in sync/in
+1's to push it to the rest of the proxies?
Author: Kevin Fenzi <kevin(a)scrye.com>
Date: Tue Sep 21 16:19:14 2021 -0700
proxies: increase max workers
Also add a ssl connection cache.
These changes are live on proxy01/10 and seem to have made them stable
again. Will look at pushing to the rest tomorrow.
Signed-off-by: Kevin Fenzi <kevin(a)scrye.com>
diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies
index c04531a57..5b0a25fee 100644
@@ -7,7 +7,7 @@ num_cpus: 6
# This is used in the httpd.conf to determine the value for serverlimit and
# maxrequestworkers. On 8gb proxies, 900 seems fine. But on 4gb proxies, this
# should be lowered in the host vars for that proxy.
# For apache, generally.
diff --git a/roles/httpd/proxy/templates/httpd.conf.j2 b/roles/httpd/proxy/templates/httpd.conf.j2
index 00947131f..5b1e0debf 100644
@@ -773,3 +773,5 @@ EnableSendfile on
# Configure a location for OCSP stapling
The PR  will enable automated signing for f36-openh264 tag which is
needed to update the openh264 repos for rawhide/f36 and also fix
issues in f35. Currently the pungi compose is failing due to missing
signed rpms, this will fix that issue.
We have put a number of SOPs together, related to Openshift 4, installation
and configuration on Fedora Infra, we are hoping to get some feedback!
If you get a minute please check the following:
Community Platform Engineering @ Red Hat
T: +(353) 86-8624108 IM: @dkirwan
I am requesting permissions to run the batcave
playbook to update rbac permissions to allow the
sysadmin-analysis group run the logserver playbook
as requested in this ticket:
As always comments/+1's welcome
I have a dns patch for review.
We would like to add a second datanommer db server
so that we can migrate the current database to it and
make some changes such as adding the timescaledb
plugin to improve performance. This second server would
allow the migration to happen without affecting the main
The patch is available to view here:
Please chime in with comments or +1's
It turns out that the configuration for rhbz was changed without an announcement and now the max number of bugs returned for any query is 20. Some of the queries that we use in blockerbugs return more than 20 bugs so I have a hotfix to deal with the new pagination requirements. I've attached the patch to this email.
I'd like to apply this patch to production. Unfortunately, we're in the middle of a non-trivial rewrite that's currently on stg so testing the patch isn't really an option and that code isn't ready for production use right now.
Over the last weeks we prepared adding CentOS Stream to Fedora's
MirrorManager instance and are now at a point where we would like to
push the changes to ansible.
The current state can be seen at:
(https just broke over the weekend)
To enable CentOS Stream in MirrorManager not only configuration file
changes are necessary, but it also requires an update of all software
components. This is mainly due to the fact that CentOS Stream is using
an empty topdir. (topdir in MirrorManager are things like 'epel/' or
'fedora/linux' or 'fedora-secondary/').
Unfortunately all code assumed that topdir is not '' and hard-coded the
removal of a slash all over the place.
All corresponding projects have been update to handle empty topdirs.
To apply https://pagure.io/fedora-infra/ansible/pull-request/775 for
prod I need this FBR.
There are risks doing code changes like this during a freeze. So far I
have not seen any problems in staging, but staging is not using using
MirrorManager as thoroughly as prod. I don't expect any major problems
with this change.
I hope someone from the CentOS team can weigh if this is very time
critical to get running or if we can wait until after the freeze.
This is a request to run the batcave playbook to update rbac permissions to
allow the sysadmin-openshift group to run all the openshift playbooks in
The group currently contains the people who are putting up the new
openshift 4 cluster along with myself. This would give the group a large
amount of permissions so in future there would be a relatively high bar for
joining the group.
Please feel free to share thoughts or +1's