Reference¶
See also
Software Development Handbook for access to monitoring and hosting services
Monitoring¶
See also
Ahrefs¶
SEO issues are audited by Ahrefs.com’s Site Audit.
Access the most recent crawl, and:
Review All Issues, filtering by Importance.
Review the Crawl log for URLs that were Discarded due to Monthly page crawl limit reached. If there are any:
To review the discarded URLs, click Uncrawled from the crawl’s Overview, and set an Advanced filter of Target no-crawl reason = Monthly page crawl limit reached.
To exclude URLs from future crawls, click the top-right gear icon, click Project settings, click Crawl settings, and add one pattern per line to Don’t crawl URLs matching the pattern.
The current patterns are:
# OCP's archived corporate website. archive\.open-contracting\.org # Uploads to an archived website. challenge\.open-contracting\.org(/en)?/wp-content/uploads/ # Page sources for OCDS documentation. standard\.open-contracting\.org/\S+\.md\.txt$ # Sort options on directory listings. standard\.open-contracting\.org/\S+\?C=[DMNS];O=[AD]$ # Default WordPress category pages. www\.open-contracting\.org(/(es|ru))?/(audience|author|category|country|events/page|issue|learning-resource-category|open-contracting|region|resource-type|tag)/
Prometheus¶
Servers are monitored by Prometheus. Read the user guide to learn how to use Prometheus.
Salt is used to:
Install a Node Exporter service on each server, to export hardware and OS metrics like disk space used, memory used, etc.
Set up a Prometheus server to collect metrics from all servers, and to email alerts if metrics are out of bounds
Sentry¶
Application errors are reported to Sentry, which notifies individual email addresses. All Salt-managed, OCP-authored services report errors to Sentry.
Tip
From the All Events tab of an issue, to filter out frequent events to find infrequent events:
Click the … button in the TITLE column
Click the Exclude from filter menu item
If needed, replace the end of the title with the wildcard character
*
You can also type a negated key like !message:
, and Sentry will display autocomplete options.
See also
SecurityScorecard¶
Cybersecurity issues are monitored by SecurityScorecard.
Patching cadence issues are mostly false positives. To dismiss such issues:
Check the checkboxes in the table
Click the Other resolutions dropdown
Click the I cannot reproduce this issue and I think it’s incorrect item
Add the comment: The software is patched/backported.
Click the Submit button
WordFence¶
WordPress issues are monitored by WordFence.
WordFence is managed in each WordPress installation, rather than by visiting its website.
Hosting¶
Servers are hosted by:
Hetzner for hardware servers (Network status)
Linode for VPS servers. Servers are configured to have one daily backup and two weekly backups. (Network status: Regions > EU-West (London) and Backups > EU-West (London) Backups)
Hetzner Cloud for VPS servers that must be colocated with Hetzner hardware servers
Microsoft Azure for temporary servers for Microsoft-related projects (Network status)
Unmanaged services are:
Cloudflare Pages for static websites (Network status)
Why not GitHub Pages?
It doesn’t allow custom response headers, notably
Strict-Transport-Policy
andContent-Security-Policy
.Heroku for the OCP Library and OCP Form Server (Network status)
Note
Heroku is only used for tiny services that can run on Basic containers.
ReadTheDocs for project documentation (Network status)
Administrative access¶
See also
Software Development Handbook, for access to third-party services
The server managers are:
Dogsbody Technology (GMT/BST) (sysadmin@dogsbody.com) for Linux servers
Open Contracting Partnership (OCP) staff also have administrative roles.
Root access¶
Server owners (OCP) and server managers should have root access. Otherwise, only developers who are reasonably expected to deploy to a development server should have root access to that server; anyone with root access can grant that developer root access.
Root access should be routinely reviewed. If a developer did not deploy (and was not granted root access) to a server within the last six months, their root access to that server should be revoked.
The ssh.root
lists in Pillar files and the ssh.admin
list in the pillar/common.sls
file give people access to servers. All people should belong to the above organizations.