Reference

See also

Software Development Handbook for access to monitoring and hosting services

Monitoring

Ahrefs

SEO issues are audited by Ahrefs.com’s Site Audit.

Access the most recent crawl, and:

  • Review All Issues, filtering by Importance.

  • Review the Crawl log for URLs that were Discarded due to Monthly page crawl limit reached. If there are any:

    • To review the discarded URLs, click Uncrawled from the crawl’s Overview, and set an Advanced filter of Target no-crawl reason = Monthly page crawl limit reached.

    • To exclude URLs from future crawls, click the top-right gear icon, click Project settings, click Crawl settings, and add one pattern per line to Don’t crawl URLs matching the pattern.

      The current patterns are:

      # OCP's archived corporate website.
      archive\.open-contracting\.org
      # Uploads to an archived website.
      challenge\.open-contracting\.org(/en)?/wp-content/uploads/
      # Page sources for OCDS documentation.
      standard\.open-contracting\.org/\S+\.md\.txt$
      # Sort options on directory listings.
      standard\.open-contracting\.org/\S+\?C=[DMNS];O=[AD]$
      # Default WordPress category pages.
      www\.open-contracting\.org(/(es|ru))?/(audience|author|category|country|events/page|issue|learning-resource-category|open-contracting|region|resource-type|tag)/
      

Prometheus

Servers are monitored by Prometheus. Read the user guide to learn how to use Prometheus.

Salt is used to:

  • Install a Node Exporter service on each server, to export hardware and OS metrics like disk space used, memory used, etc.

  • Set up a Prometheus server to collect metrics from all servers, and to email alerts if metrics are out of bounds

Sentry

Application errors are reported to Sentry, which notifies individual email addresses. All Salt-managed, OCP-authored services report errors to Sentry.

Tip

From the All Events tab of an issue, to filter out frequent events to find infrequent events:

  1. Click the … button in the TITLE column

  2. Click the Exclude from filter menu item

  3. If needed, replace the end of the title with the wildcard character *

You can also type a negated key like !message:, and Sentry will display autocomplete options.

SecurityScorecard

Cybersecurity issues are monitored by SecurityScorecard.

Patching cadence issues are mostly false positives. To dismiss such issues:

  1. Check whether the CVE was resolved by Ubuntu

  2. Check the checkboxes in the table

  3. Click the Other resolutions dropdown

  4. Click the I cannot reproduce this issue and I think it’s incorrect item

  5. Add the comment: The software is patched/backported.

  6. Click the Submit button

WordFence

WordPress issues are monitored by WordFence.

WordFence is managed in each WordPress installation, rather than by visiting its website.

Hosting

Servers are hosted by:

Unmanaged services are:

Administrative access

See also

Software Development Handbook, for access to third-party services

The server managers are:

Open Contracting Partnership (OCP) staff also have administrative roles.

Root access

Server owners (OCP) and server managers should have root access. Otherwise, only developers who are reasonably expected to deploy to a development server should have root access to that server; anyone with root access can grant that developer root access.

Root access should be routinely reviewed. If a developer did not deploy (and was not granted root access) to a server within the last six months, their root access to that server should be revoked.

The ssh.root lists in Pillar files and the ssh.admin list in the pillar/common.sls file give people access to servers. All people should belong to the above organizations.