Reference

Contents

• Downtime Protocol
• OCDS Documentation
• Power BI

See also

Software Development Handbook for access to monitoring and hosting services

Monitoring

See also

Monitor DMARC reports

Ahrefs

SEO issues are audited by Ahrefs.com’s Site Audit.

Access the most recent crawl, and:

• Review All Issues, filtering by Importance.

• Review the Crawl log for URLs that were Discarded due to Monthly page crawl limit reached. If there are any:

  • To review the discarded URLs, click Uncrawled from the crawl’s Overview, and set an Advanced filter of Target no-crawl reason = Monthly page crawl limit reached.

  • To exclude URLs from future crawls, click the top-right gear icon, click Project settings, click Crawl settings, and add one pattern per line to Don’t crawl URLs matching the pattern.

    The current patterns are:

    # OCP's archived corporate website.
    archive\.open-contracting\.org
    # Uploads to an archived website.
    challenge\.open-contracting\.org(/en)?/wp-content/uploads/
    # Page sources for OCDS documentation.
    standard\.open-contracting\.org/\S+\.md\.txt$
    # Sort options on directory listings.
    standard\.open-contracting\.org/\S+\?C=[DMNS];O=[AD]$
    # Default WordPress category pages.
    www\.open-contracting\.org(/(es|ru))?/(audience|author|category|country|events/page|issue|learning-resource-category|open-contracting|region|resource-type|tag)/
    

Prometheus

Servers are monitored by Prometheus. Read the user guide to learn how to use Prometheus.

Salt is used to:

• Install a Node Exporter service on each server, to export hardware and OS metrics like disk space used, memory used, etc.

• Set up a Prometheus server to collect metrics from all servers, and to email alerts if metrics are out of bounds

Sentry

Application errors are reported to Sentry, which notifies individual email addresses. All Salt-managed, OCP-authored services report errors to Sentry.

Tip

From the All Events tab of an issue, to filter out frequent events to find infrequent events:

1. Click the … button in the TITLE column

2. Click the Exclude from filter menu item

3. If needed, replace the end of the title with the wildcard character *

You can also type a negated key like !message:, and Sentry will display autocomplete options.

See also

• Sentry search reference

SecurityScorecard

Cybersecurity issues are monitored by SecurityScorecard.

Patching cadence issues are mostly false positives. To dismiss such issues:

1. Check whether the CVE was resolved by Ubuntu

2. Check the checkboxes in the table

3. Click the Other resolutions dropdown

4. Click the I cannot reproduce this issue and I think it’s incorrect item

5. Add the comment: The software is patched/backported.

6. Click the Submit button

WordFence

WordPress issues are monitored by WordFence.

WordFence is managed in each WordPress installation, rather than by visiting its website.

Hosting

Servers are hosted by:

• Hetzner for hardware servers (Network status)

• Linode for VPS servers. Servers are configured to have one daily backup and two weekly backups. (Network status: Regions > EU-West (London) and Backups > EU-West (London) Backups)

• Hetzner Cloud for VPS servers that must be colocated with Hetzner hardware servers

• Microsoft Azure for temporary servers for Microsoft-related projects (Network status)

Unmanaged services are:

• Cloudflare Pages for static websites (Network status)

  Why not GitHub Pages?

  It doesn’t allow custom response headers, notably Strict-Transport-Policy and Content-Security-Policy.

• Heroku for the OCP Library and OCP Form Server (Network status)

  Note

  Heroku is only used for tiny services that can run on Basic containers.

• ReadTheDocs for project documentation (Network status)

  See also

  Software Development Handbook for configuring ReadTheDocs projects

Administrative access

See also

Software Development Handbook, for access to third-party services

The server managers are:

• Robert Hooper (GMT/BST) (servers@robhooper.net) for Linux servers

• RBC Group (EET/EEST) for Windows servers

Open Contracting Partnership (OCP) staff also have administrative roles.

Root access

Server owners (OCP) and server managers should have root access. Otherwise, only developers who are reasonably expected to deploy to a development server should have root access to that server; anyone with root access can grant that developer root access.

Root access should be routinely reviewed. If a developer did not deploy (and was not granted root access) to a server within the last six months, their root access to that server should be revoked.

The ssh.root lists in Pillar files and the ssh.admin list in the pillar/common.sls file give people access to servers. All people should belong to the above organizations.