|Open||None||T106913 Use Sentry on non-production Wikimedia wikis, Tool Labs and other sites/tools|
|Stalled||Tgr||T100332 Log translatewiki.net errors via Sentry|
|Open||None||T106915 Use Sentry in production|
|Declined||None||T106920 Integrate Sentry with beta cluster|
|Resolved||Tgr||T84956 Create basic puppet role for Sentry|
|Open||None||T96054 Puppet resource for creating a postgresql database|
|Resolved||jcrespo||T112228 Need to run postgresql::user twice to set the password|
|Open||None||T189531 All Wikimedia developer services should use single sign-on|
|Open||None||T97133 Login integration for Sentry|
The task is private.
The current Sentry role used nginx (that was recommended in the Sentry docs, presumably because it scales better). Nginx does not have native LDAP support. On the internets people usually recommend compiling in nginx-auth-ldap, which does not inspire confidence.
Maybe I can run both apache and nginx, on different ports/vhosts? The user interface does not need to scale and the logging interface does not need auth. I am not sure I can set separate base URLs for them though. Or just discard nginx completely and how apache will be fine under load. Or go back to django_ldap_auth...
Thanks, I'll do that.
I'm not sure I understand the point of having two vhosts. Can't you just configure mod_authnz to ask for credentials but then not require valid-user, or use mod_authn_anon?