View systemctl-set-property.md
$ systemctl --version
systemd 229
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN

$ sudo systemctl show -p StartLimitInterval nginx.service
StartLimitInterval=10000000

$ sudo systemctl set-property nginx.service StartLimitInterval=0
Unknown assignment StartLimitInterval=0
View remove-unused-fields-from-assets.md

Rails console

irb> a = Asset.create!(file: File.open('README.md'), access_limited: true, organisation_slug: 'organisation-slug')
=> #<Asset _id: 5a68c81c3e489e7bb5baac3e, deleted_at(deleted_at): nil, created_at: 2018-01-24 17:53:32 UTC, updated_at: 2018-01-24 17:53:32 UTC, state: "unscanned", filename_history: [], uuid: "0b0d0cb0-c49f-4f47-b204-a991c8af9cbf", access_limited: true, organisation_slug: "organisation-slug", etag: "5a68c81c-2f81", last_modified: 2018-01-24 17:53:32 UTC, md5_hexdigest: "d463b46b2c42d1f043e56920a03de458", file: "README.md", _type: "Asset">
irb(main):003:0> a.access_limited?
=> true
irb(main):004:0> a.organisation_slug
=> "organisation-slug"
View asset-manager-unpermitted-parameters.md

Create mainstream asset

$ echo `date` > tmp.txt
$ curl http://localhost:3000/assets --form "asset[file]=@tmp.txt" --form "asset[access_limited]=1" --form "asset[organisation_slug]=foo"

Rails log

View router__assets_origin_spec.rb
puts subject.call.resources.detect { |r| r.type == 'Nginx::Config::Site' && r['name'] == 'assets-origin.dev.gov.uk' }['content']
View assets-origin-nginx.log
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Host: assets-origin.dev.gov.uk"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Connection: keep-alive"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safar
i/537.36"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Upgrade-Insecure-Requests: 1"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Accept-Encoding: gzip, deflate"
2018/01/23 16:17:58 [debug] 18102#0: *15 http header: "Accept-Language: en-GB,en-US;q=0.9,en;q=0.8"
GET /media/5a67581d759b7424f4e81ba1/README.md?jm345 HTTP/1.0
View asset-manager-nginx.log
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "Host: asset-manager.dev.gov.uk"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "X-Real-IP: 127.0.0.1"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "X-Forwarded-Server: static.dev.gov.uk"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "X-Forwarded-For: 127.0.0.1"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "X-Forwarded-Host: static.dev.gov.uk"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "Connection: close"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari
/537.36"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "Upgrade-Insecure-Requests: 1"
2018/01/23 16:11:22 [debug] 17761#0: *5 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
View 2018-01-23-gds-updates.md

Achievements

  • Migrated more non-attachment assets from Whitehall to Asset Manager
  • Started serving the migrated Whitehall non-attachment assets from Asset Manager

Ongoing and next

  • Continuing to migrate remaining non-attachment assets from Whitehall to Asset Manager and removing them from NFS
  • Continuing to switch these Whitehall assets over to be served from Asset Manager
  • Spiking on supporting attachment assets from Whitehall in Asset Manager (authorisation for drafts)
View whitehall-attachment-problem.md

Backend/Admin

jamesmead@ec2-integration-blue-whitehall_backend-ip-10-1-6-139:~$ curl -s -v "https://whitehall-admin.integration.govuk-internal.digital/government_data/file/672533/netLec7.pdf" >/dev/null
* Hostname was NOT found in DNS cache
*   Trying 10.1.6.248...
* Connected to whitehall-admin.integration.govuk-internal.digital (10.1.6.248) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
View 2018-01-16-gds-updates.md

Achievements

  • Deleted all Asset Manager assets from NFS - they are now stored on S3
  • Started serving more of the migrated Whitehall assets from Asset Manager
  • Fixed problem with migrating assets with non-ascii characters in filenames
  • Improved performance of Whitehall-related actions in Asset Manager
  • Helped diagnose problems with assets relating to the move of the integration environment to AWS

Ongoing and next

View GDS_SSO_STRATEGY.log
vagrant@development:/var/apps/whitehall$ sudo sh -c "echo 'real' > /etc/govuk/whitehall/env.d/GDS_SSO_STRATEGY"
vagrant@development:/var/apps/whitehall$ sudo cat /etc/govuk/whitehall/env.d/GDS_SSO_STRATEGY
real