summaryrefslogtreecommitdiff
path: root/README.mdwn
Commit message (Collapse)AuthorAgeFilesLines
* Fixes for SSL keys generation/deploymentPedro Alvarez Piedehierro2017-05-201-2/+18
|
* Update certificates in Gerrit instancePedro Alvarez2017-05-021-0/+2
|
* Ensure all certificate files needed are createdPedro Alvarez2017-05-021-3/+15
|
* certs: Make spec.bo and docs.bo part of the frontend certPedro Alvarez2017-03-221-2/+1
|
* Add notes for SSL certs generation and setupPedro Alvarez2017-03-171-0/+97
|
* README: Document how to add a new repo/projectSam Thursfield2016-02-261-0/+34
| | | | Change-Id: I35ffce1f48cdde871d021216be464947092c4aa0
* README: Add some info on security updates!Sam Thursfield2016-02-231-2/+203
| | | | Change-Id: Ib2254a599c222653444316a5b71ec09ce1453deb
* baserock_database: Update on top of Fedora 23, redeploySam Thursfield2016-02-191-1/+7
| | | | Change-Id: I9a25d9aad540c291aaea45f00e38065981ff3f50
* baserock_mail: Update on top of Fedora 23, redeploySam Thursfield2016-02-191-4/+21
| | | | | | | | The instance-config.yml script was failing to create a valid EXIM config against the default /etc/exim.conf in Fedora 23, this is fixed now. The regexp configuration approach is rather fragile. Change-Id: Id1b4e3a854cb579ee58c1c4f7674415c6e8c096a
* baserock_openid_provider: Update on top of Fedora 23, and without PackerSam Thursfield2016-02-191-57/+9
| | | | | | | | | | | | | | | | | | | | | | This means we no longer use Packer for anything, which is good. The switch from Django 1.7 to Django 1.9 caused some problems in the openid_provider module. Upstream for that module is here: https://bitbucket.org/romke/django_openid_provider/ At the time of writing there was no fix upstream for these issues, it would be good to submit them. We have other unsubmitted changes against that upstream in our openid_provider code. One issue was use of import_module (which is now available from importlib, doesn't need to be imported from django.utils any more). Another is use of WSGIRequest.REQUEST, which is deprecated since Django 1.7 and removed in Django 1.9. We now need to use .POST or .GET to get that info. Change-Id: I60793aaf0d84d81b89ff59efbe08240d99b7973f
* baserock_frontend: Update deploy instructions for Fedora 23Sam Thursfield2016-02-171-2/+3
| | | | | | | Flavour is also changed because the previous flavour no longer exists. Smallest flavour should be fine for something that is just a proxy. Change-Id: I7d6f3befaa32f41d909eb5336e221b2514403f12
* baserock_storyboard: Upgrade to latest and use Ansible for deploymentPedro Alvarez2016-01-221-16/+18
| | | | Change-Id: If4578c0d97aa2aee1a1a7e57bb7e2c42917ba077
* README.mdwn: Add info about deploying the TrovePedro Alvarez2015-11-191-0/+45
| | | | Change-Id: I12dc2ce76acf22c0ead6c5122f962c0cdaa27c24
* README.mdwn: Morph workspaces are not neededPedro Alvarez2015-11-111-4/+4
| | | | Change-Id: I5d2ec00e84742aa825ab06c69540a2bb911540dd
* README.mdwn: Add commands needed to have backups workingPedro Alvarez2015-11-051-0/+10
| | | | Change-Id: Ib239a561eaaaa0a5a0ae91af2ee45889ae2e30b3
* README.mdwn: Add extra info about restoring gerrit backupsPedro Alvarez2015-11-051-0/+20
| | | | Change-Id: I4b6f3a01fcfbd4e5c1a431361b71f991e7e82191
* README.mdwn: Add extra help for restoring database backupsPedro Alvarez2015-11-051-0/+9
| | | | Change-Id: I7266a4cc19bf7973089cca0e229ff73ba423b394
* Little fix in the README.mdwnPedro Alvarez2015-11-041-1/+1
| | | | Change-Id: I3f6660c09d47d5e2a60b1a64f97f02cf7b35a8a8
* baserock_gerrit: Use git_commit_and_push module for access controlSam Thursfield2015-08-241-13/+6
| | | | | | | This is a custom Ansible module I wrote, available from <https://github.com/ssssam/ansible-gerrit>. Change-Id: I7a4819e06cbd9dd9ec9bb1af1ffa4448bc3f7e95
* Avoid using Packer for the frontend systemSam Thursfield2015-07-131-16/+24
| | | | | | | | | | | Also, move it into baserock_frontend so it is clearly differentiated from the upstream definitions.git stuff. It's now based off Fedora 21 instead of Fedora 20. This is now deployed at baserock.org. Change-Id: Icaabc84f9513d08479d8d22c19e8b632ac5108b5
* Avoid using Packer for database deploymentSam Thursfield2015-07-031-8/+21
| | | | | | | Also, add some info to the README about restoring the database from a backup of the /var/lib/mysql volume. Change-Id: I2907e3bc01fdcb7adbc0cccfa47bc662d96dd264
* Ensure Masons can /only/ fetch sources from git.baserock.orgSam Thursfield2015-05-121-0/+33
| | | | | | | | | | | | This is done by using 'internal-only' instead of 'default' as the security group. I've updated the README to note this. To make Mason work in the absence of DNS we also have to change the 'trove-host' setting to be the actual IP of git.baserock.org. The idea is to enforce the policy that the Baserock reference system definitions can only use 'baserock:' and 'upstream:' keyed URLs. Change-Id: I114fc89a707f6f626e4b758426558f48e5fafb73
* Add general instructions for deploying infrastructure to OpenStackSam Thursfield2015-04-101-3/+56
| | | | | | | | Also, add some placeholders to README so we can make the instructions listed in the README easier to cut-n-paste, even when deploying to somewhere other than DataCentred. Change-Id: I32ca1073b7a956a7b8a21ad67682c6292c9d91af
* Note in README that I no longer think Packer is the right tool for usSam Thursfield2015-04-101-0/+17
| | | | Change-Id: I9b61036d8ead0e5a27873781d14cbd3c1b48591f
* Use HTTPS for all infrastructure.Sam Thursfield2015-03-301-0/+14
| | | | | | | | | | | | This is implemented with the HAProxy frontend doing 'SSL termination'. So internal traffic between the frontend_haproxy instance and the various machines serving content is unencrypted HTTP as before, but all traffic that goes over the public internet is encrypted now. Note that storyboard.baserock.org is not behind HAProxy, and currently uses a different, self-signed certificate. Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
* Add a simple data backup mechanismSam Thursfield2015-03-301-21/+13
| | | | | | | | | | | | | | | The technique used is: create a new SSH key for backup automation, and authorize it to log in as 'root' to instances. To reduce potential harm if the key somehow gets compromised, it is limited to logging in from a single IP, and it is limited to running the 'backup-snapshot' program on the instances. Inside each instance, the `backup-snapshot` script is used as a wrapper for the `rsync --server` process. This script pauses running services, takes a snapshot of the data volume, and then runs the RSync server. Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
* Add simple mail relay instanceSam Thursfield2015-03-261-0/+10
| | | | | | This is a Fedora Cloud 21 instance running exim4, for the moment. Change-Id: I6298a134bb474c65dd57a1bda87469dc3cd88441
* gerrit: Improvements to READMESam Thursfield2015-03-171-20/+25
|
* gerrit: Add mirroring configurationSam Thursfield2015-03-131-2/+57
| | | | | This pulls from git.baserock.org with lorry-controller, and pushes 'master' back to git.baserock.org using gerrit-replication.
* gerrit: Improvements to deploymentSam Thursfield2015-03-131-18/+27
| | | | | These came about after I redeployed gerrit.baserock.org from scratch (but using the same database).
* gerrit: README updatesSam Thursfield2015-03-131-1/+6
|
* gerrit: Add initial access control rulesSam Thursfield2015-03-131-0/+36
| | | | | These are implemented mostly using an Ansible playbook built on these Ansible Gerrit modules I wrote: https://github.com/ssssam/ansible-gerrit
* README.mdwn: add security groups now that we have themSam Thursfield2015-03-101-0/+4
|
* Merge branch 'sam/gerrit'Sam Thursfield2015-02-181-0/+41
|\ | | | | | | | | | | Conflicts: README.mdwn strata/trove.morph
| * Add baserock_gerrit systemSam Thursfield2015-01-301-0/+42
| | | | | | | | | | | | These instructions allow deploying a production-ready Gerrit instance. Integrating the gerrit.baserock.org with git.baserock.org will be done separately.
| * Tweak READMESam Thursfield2015-01-301-3/+7
| | | | | | | | | | | | | | | | | | Use $keyname as a placeholder for key pair name so that I can copy and paste the command as-is and set keypair= in my environment, instead of manually replacing the <key-name> placeholder each time. Also note that database/instance-mariadb-config.yml can be rerun any time to update the MariaDB users and tables.
* | README: fix bad grammarsSam Thursfield2015-01-301-1/+1
| |
* | Tweak READMESam Thursfield2015-01-301-3/+7
| | | | | | | | | | | | | | | | | | Use $keyname as a placeholder for key pair name so that I can copy and paste the command as-is and set keypair= in my environment, instead of manually replacing the <key-name> placeholder each time. Also note that database/instance-mariadb-config.yml can be rerun any time to update the MariaDB users and tables.
* | Update READMESam Thursfield2015-01-301-113/+114
|/
* database: Get ready for production!Sam Thursfield2015-01-261-24/+30
| | | | | | | | | To enable backups, the contents of /var/lib/mysql are now stored in a logical volume managed by LVM. We can take a snapshot of this volume in a matter of seconds, meaning we can take a clean, local snapshot of the state of the database with only small amount of downtime. The snapshot can then be mounted and its contents copied out of the system while the MariaDB service is running again.
* openid_provider: Get ready for production!Sam Thursfield2015-01-261-12/+17
| | | | | | | | | This includes some tweaks to how deployment is done. There is now an 'instance configuration' stage, where an Ansible playbook injects instance-specific info like the database password into the machine, and runs database migrations. It makes sense for this to be a separate stage because it may need to be re-executed during the lifetime of the instance, for example if the database passwords change.
* openid_provider: Tweak READMESam Thursfield2015-01-261-1/+1
| | | | | Now that there is a log file, the manage.py tool needs to be run a s the user who owns the log file.
* Fix the Ansible examples (need -y to avoid blocking waiting for input)Sam Thursfield2015-01-091-2/+2
|
* Note that all systems should prevent SSH login with passwordSam Thursfield2015-01-091-0/+9
|
* Allow administrating all baserock.org systems using AnsibleSam Thursfield2015-01-091-0/+15
|
* Add standard cloud-config script for baserock.org infrastructureSam Thursfield2014-12-091-4/+10
| | | | | | | | This contains the public keys of the Baserock Ops team, who are collectively reponsible for maintainance and security updates for the baserock.org instances. I added a note to the README.mdwn too.
* storyboard: Work in progress on production deploymentSam Thursfield2014-12-051-0/+21
|
* frontend: Add some info to READMESam Thursfield2014-12-051-0/+20
|
* database: Fix deployment to productionSam Thursfield2014-12-051-11/+19
| | | | Also, add Storyboard user.
* Update READMESam Thursfield2014-12-051-1/+3
|
View Lorry Controller Status