summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* baserock_ostree: Upgrade buildstream versionpedro/update-bst-in-ostree-serverPedro Alvarez2017-07-261-1/+1
|
* Merge branch 'sam/update-ostree' into 'master'Sam Thursfield2017-07-214-1/+34
|\ | | | | | | | | baserock_ostree: Update for changes in BuildStream See merge request !6
| * baserock_ostree: Update for changes in BuildStreamsam/update-ostreeSam Thursfield2017-07-214-1/+34
|/ | | | | | | | | We now need a timer job to update the summary file, see: https://buildstream.gitlab.io/buildstream/artifacts.html#summary-file-updates I also updated BuildStream which changes the artifact push protocol. Sadly the protocol isn't versioned yet so old versions will now fail to push with weird errors.
* Merge branch 'sam/ostree' into 'master'Pedro Alvarez Piedehierro2017-07-1318-1150/+1360
|\ | | | | | | | | Add ostree.baserock.org definitions See merge request !5
| * baserock_ostree: Add the private GitLab CI key (encrypted)sam/ostreeSam Thursfield2017-07-131-0/+167
| |
| * baserock_ostree: Enable write accessSam Thursfield2017-07-137-2/+37
| | | | | | | | | | | | | | | | | | | | | | So far this is limited to the existing Baserock ops team, and a new key that I will try to install into our GitLab CI configuration so that build runners can push artifacts. We don't to hand out access too widely because we currently don't do any verification that the submitted artifacts actually corresponds to the cache key that it's supposed to. This is fine as long as access is limited to autobuilders that we control and trusted developers.
| * firewall.yml: Open morph-cache-server port on git-server security groupSam Thursfield2017-07-131-1/+11
| | | | | | | | | | | | This is used by YBD for resolving remote Git commit SHA1s to tree SHA1s. Previously the port was opened by the shared-artifact-cache security group, but it no longer is.
| * Add ostree.baserock.org systemSam Thursfield2017-07-1312-787/+911
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a new instance that can be used as an artifact cache by the BuildStream build tool. Anyone can download artifacts over HTTPS. Those given SSH access to the machine can write to the artifact cache (this will likely be limited to automated build machines). DNS is now set to point cache.baserock.org and ostree.baserock.org to the HAProxy frontend. The SSL certificate for the frontend-haproxy system has been regenerated to include the cache.baserock.org and ostree.baserock.org domains.
| * firewall.yml: Update to use OpenStack modules from Ansible 2.0Sam Thursfield2017-07-132-351/+262
| | | | | | | | Previously we depended on 3rd party openstack-ansible-modules.
| * Remove obsolete hostsSam Thursfield2017-07-121-4/+0
| |
| * README.mdwn: Remove MasonsSam Thursfield2017-07-121-33/+0
| | | | | | | | | | | | These are obsolete, see: https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-January/013765.html
| * README.mdwn: Replace Yum with DNFSam Thursfield2017-07-121-1/+1
|/
* Merge branch 'pedro/no-push-notifications' into 'master'Pedro Alvarez Piedehierro2017-05-222-6/+6
|\ | | | | | | | | Pedro/no push notifications See merge request !3
| * baserock_bots: restart bot, to update changes in serverpedro/no-push-notificationsPedro Alvarez Piedehierro2017-05-221-2/+2
| |
| * baserock_bots: Disable push notifications for BaserockPedro Alvarez Piedehierro2017-05-221-4/+4
|/
* Merge branch 'pedro/gitlab-bot-multichannel' into 'master'Pedro Alvarez Piedehierro2017-05-222-9/+45
|\ | | | | | | | | baserock_bots: configure Gitlab bot for Baserock too See merge request !2
| * baserock_bots: configure Gitlab bot for Baserock toopedro/gitlab-bot-multichannelPedro Alvarez Piedehierro2017-05-222-9/+45
|/
* Merge branch 'pedro/ssl-may-2017' into 'master'Pedro Alvarez Piedehierro2017-05-2119-1626/+1884
|\ | | | | | | | | Pedro/ssl may 2017 See merge request !1
| * Fixes for SSL keys generation/deploymentPedro Alvarez Piedehierro2017-05-202-2/+19
| |
| * Update SSL certsPedro Alvarez Piedehierro2017-05-2017-1624/+1865
|/
* Add Ansible scripts for Gitlab IRC botPedro Alvarez Piedehierro2017-05-154-0/+98
|
* Update certificates in Gerrit instancePedro Alvarez2017-05-022-8/+11
|
* Apply manually changes from previous commit for frontend.pemPedro Alvarez2017-05-022-59/+96
|
* Ensure all certificate files needed are createdPedro Alvarez2017-05-023-8/+16
|
* certs: Make spec.bo and docs.bo part of the frontend certPedro Alvarez2017-03-224-679/+685
|
* baserock_frontend: Prepare to redirect spec and docs subdomainsPedro Alvarez Piedehierro2017-03-221-3/+10
| | | | This will let us use easily more SSL certs from our HAProxy instance
* Add dnsapi.config.txt file for SSL generationPedro Alvarez2017-03-171-0/+6
|
* Remove old SSL certificate filesPedro Alvarez2017-03-173-285/+0
|
* Add notes for SSL certs generation and setupPedro Alvarez2017-03-171-0/+97
|
* baserock_storyboard: Update for new SSL certsPedro Alvarez2017-03-171-3/+3
|
* ansible.cfg: Allow Ansible tmpfiles to be readable by any userPedro Alvarez2017-03-171-1/+2
| | | | | | This worksaround an issue with newer versions of Ansible. See https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user for more information.
* baserock_frontend: Update for new SSL certsPedro Alvarez2017-03-171-8/+5
|
* baserock_trove: Adapt for new certsPedro Alvarez2017-03-172-6/+6
|
* Add new SSL certsPedro Alvarez2017-03-178-0/+1674
|
* Add letsencrypt Root certificatePedro Alvarez2017-03-171-0/+58
| | | | | Combination of "ISRG Root X1" and "Encrypt Authority X3" certificates downloaded from https://letsencrypt.org/certificates/
* baserock_frontend: Remove acl rules for deprecated serversPedro Alvarez2017-03-171-18/+0
|
* Start logging #buildstream in GimpNetPedro Alvarez2017-02-022-4/+13
|
* Upgrade Gerrit to 2.13.1Pedro Alvarez2016-10-061-1/+1
| | | | Change-Id: I144f449a22cdcae6967bacf5f3c08ce660a998d8
* Add #cip in Freenode to irclogsPedro Alvarez2016-09-192-1/+4
| | | | Change-Id: Iccbaedfcfde6025f0f76959771c59f4615ecc0e8
* Add #trustable in Freenode to irclogsPedro Alvarez2016-09-152-1/+3
| | | | Change-Id: I8b974008f4c4c487c3386131993b442f936eb146
* Use Ansible Vaults to contain secret files/variablesPedro Alvarez2016-08-1517-7/+539
| | | | | | | | | | Having them in files lying around in a local repository is dangerous, they could be commited and pushed by accident. Also, having these files in a mail is not good either, and makes this repository complicated to use for us. Change-Id: I644e1fb8228e3cb081a004547abaf654e9c449b7
* baserock_storyboard: Upgrade Ansible role to 2.1.0Pedro Alvarez2016-07-191-1/+1
| | | | | | | This new version allows configuring the instance with comments edition. Change-Id: I1b889b630f72e17588f332f31d6f9f1a45d5cb7c
* Upgrade gerrit to 2.12.3Pedro Alvarez2016-07-111-3/+3
| | | | | | | | | This new version brings bugs and security fixes, see release notes for more info: https://gerrit.googlesource.com/gerrit/+/HEAD/ReleaseNotes/ReleaseNotes-2.12.3.txt Change-Id: I8848c50339994263513362096e2f0126989d5bd4
* baserock_storyboard: Update to new role version (2.0.2), and Ansible 2.0.1Pedro Alvarez2016-06-244-8/+6
| | | | Change-Id: I829c2af49210e348ec26fe601c93f80dade3648b
* baserock_gerrit: Ensure hostname is 'gerrit' and not '$HOSTNAME'Pedro Alvarez2016-05-161-0/+1
| | | | Change-Id: I420d839b895cd263d9b912506a74811125b5b9e4
* Merge remote-tracking branch 'definitions/master'Pedro Alvarez2016-05-164-5/+7
|\
| * Upgrade util-linux to v2.28Pedro Alvarez2016-05-161-2/+2
| | | | | | | | | | | | | | | | | | | | Systemd requires a version >= 2.27.1, and 2.28 also includes various btrfs fixes. For more infromation see the release notes: http://git.baserock.org/cgit/delta/util-linux.git/tree/Documentation/releases/v2.28-ReleaseNotes Change-Id: If6d44eb3d06eb7f511b9a5b6ea2166a7cf0af468
| * strata/core/util-linux.morph: Compile with --enable-libmount-force-mountinfoJavier Jardón2016-05-161-0/+1
| | | | | | | | | | | | Required by systemd (see systemd README) Change-Id: I65d8dae4c31c31ddc4de8fa90f4faa83518c20d3
| * lvm2: Update udev rules path to /usr/libPedro Alvarez2016-05-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | These udev rules were being ignored since we configured Systemd to install things in /usr/bin and /usr/lib in 0a0da35e1a693fc909d1628f5e81cb3b2693c057. LVM device nodes weren't being created, and as a result, systems that had LVM volumes configured in fstab, weren't booting. Installing the udev rules in /usr/lib fixes the problem. Change-Id: Ia3372676700c78c655af8721bb8568549eb64666
| * Upgrade tbdiff to get a fix for upgradesPedro Alvarez2016-05-161-1/+1
| | | | | | | | | | | | | | | | Symlinks weren't being updated during upgrades, keeping the current version even if that wasn't modified by the user. Change-Id: I2f4290108d7dddc3bef5f25d3eb1e331be77e748
View Lorry Controller Status