| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Change-Id: I35ffce1f48cdde871d021216be464947092c4aa0
|
|
|
|
| |
Change-Id: Ib2254a599c222653444316a5b71ec09ce1453deb
|
|
|
|
| |
Change-Id: I9a25d9aad540c291aaea45f00e38065981ff3f50
|
|
|
|
|
|
|
|
| |
The instance-config.yml script was failing to create a valid EXIM config
against the default /etc/exim.conf in Fedora 23, this is fixed now. The
regexp configuration approach is rather fragile.
Change-Id: Id1b4e3a854cb579ee58c1c4f7674415c6e8c096a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means we no longer use Packer for anything, which is good.
The switch from Django 1.7 to Django 1.9 caused some problems in the
openid_provider module. Upstream for that module is here:
https://bitbucket.org/romke/django_openid_provider/
At the time of writing there was no fix upstream for these issues, it
would be good to submit them. We have other unsubmitted changes against
that upstream in our openid_provider code.
One issue was use of import_module (which is now available from
importlib, doesn't need to be imported from django.utils any more).
Another is use of WSGIRequest.REQUEST, which is deprecated since
Django 1.7 and removed in Django 1.9. We now need to use .POST or
.GET to get that info.
Change-Id: I60793aaf0d84d81b89ff59efbe08240d99b7973f
|
|
|
|
|
|
|
| |
Flavour is also changed because the previous flavour no longer exists.
Smallest flavour should be fine for something that is just a proxy.
Change-Id: I7d6f3befaa32f41d909eb5336e221b2514403f12
|
|
|
|
| |
Change-Id: If4578c0d97aa2aee1a1a7e57bb7e2c42917ba077
|
|
|
|
| |
Change-Id: I12dc2ce76acf22c0ead6c5122f962c0cdaa27c24
|
|
|
|
| |
Change-Id: I5d2ec00e84742aa825ab06c69540a2bb911540dd
|
|
|
|
| |
Change-Id: Ib239a561eaaaa0a5a0ae91af2ee45889ae2e30b3
|
|
|
|
| |
Change-Id: I4b6f3a01fcfbd4e5c1a431361b71f991e7e82191
|
|
|
|
| |
Change-Id: I7266a4cc19bf7973089cca0e229ff73ba423b394
|
|
|
|
| |
Change-Id: I3f6660c09d47d5e2a60b1a64f97f02cf7b35a8a8
|
|
|
|
|
|
|
| |
This is a custom Ansible module I wrote, available from
<https://github.com/ssssam/ansible-gerrit>.
Change-Id: I7a4819e06cbd9dd9ec9bb1af1ffa4448bc3f7e95
|
|
|
|
|
|
|
|
|
|
|
| |
Also, move it into baserock_frontend so it is clearly differentiated
from the upstream definitions.git stuff.
It's now based off Fedora 21 instead of Fedora 20.
This is now deployed at baserock.org.
Change-Id: Icaabc84f9513d08479d8d22c19e8b632ac5108b5
|
|
|
|
|
|
|
| |
Also, add some info to the README about restoring the database from
a backup of the /var/lib/mysql volume.
Change-Id: I2907e3bc01fdcb7adbc0cccfa47bc662d96dd264
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is done by using 'internal-only' instead of 'default' as the
security group. I've updated the README to note this. To make Mason
work in the absence of DNS we also have to change the 'trove-host'
setting to be the actual IP of git.baserock.org.
The idea is to enforce the policy that the Baserock reference system
definitions can only use 'baserock:' and 'upstream:' keyed URLs.
Change-Id: I114fc89a707f6f626e4b758426558f48e5fafb73
|
|
|
|
|
|
|
|
| |
Also, add some placeholders to README so we can make the instructions
listed in the README easier to cut-n-paste, even when deploying to
somewhere other than DataCentred.
Change-Id: I32ca1073b7a956a7b8a21ad67682c6292c9d91af
|
|
|
|
| |
Change-Id: I9b61036d8ead0e5a27873781d14cbd3c1b48591f
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is implemented with the HAProxy frontend doing 'SSL termination'.
So internal traffic between the frontend_haproxy instance and the
various machines serving content is unencrypted HTTP as before, but all
traffic that goes over the public internet is encrypted now.
Note that storyboard.baserock.org is not behind HAProxy, and currently
uses a different, self-signed certificate.
Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The technique used is: create a new SSH key for backup automation, and
authorize it to log in as 'root' to instances.
To reduce potential harm if the key somehow gets compromised, it is
limited to logging in from a single IP, and it is limited to running
the 'backup-snapshot' program on the instances.
Inside each instance, the `backup-snapshot` script is used as a wrapper
for the `rsync --server` process. This script pauses running services,
takes a snapshot of the data volume, and then runs the RSync server.
Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
|
|
|
|
|
|
| |
This is a Fedora Cloud 21 instance running exim4, for the moment.
Change-Id: I6298a134bb474c65dd57a1bda87469dc3cd88441
|
| |
|
|
|
|
|
| |
This pulls from git.baserock.org with lorry-controller, and pushes
'master' back to git.baserock.org using gerrit-replication.
|
|
|
|
|
| |
These came about after I redeployed gerrit.baserock.org from scratch
(but using the same database).
|
| |
|
|
|
|
|
| |
These are implemented mostly using an Ansible playbook built on these
Ansible Gerrit modules I wrote: https://github.com/ssssam/ansible-gerrit
|
| |
|
|\
| |
| |
| |
| |
| | |
Conflicts:
README.mdwn
strata/trove.morph
|
| |
| |
| |
| |
| |
| | |
These instructions allow deploying a production-ready Gerrit instance.
Integrating the gerrit.baserock.org with git.baserock.org will be done
separately.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use $keyname as a placeholder for key pair name so that I can copy and
paste the command as-is and set keypair= in my environment, instead of
manually replacing the <key-name> placeholder each time.
Also note that database/instance-mariadb-config.yml can be rerun any
time to update the MariaDB users and tables.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use $keyname as a placeholder for key pair name so that I can copy and
paste the command as-is and set keypair= in my environment, instead of
manually replacing the <key-name> placeholder each time.
Also note that database/instance-mariadb-config.yml can be rerun any
time to update the MariaDB users and tables.
|
|/ |
|
|
|
|
|
|
|
|
|
| |
To enable backups, the contents of /var/lib/mysql are now stored in a
logical volume managed by LVM. We can take a snapshot of this volume in
a matter of seconds, meaning we can take a clean, local snapshot of the
state of the database with only small amount of downtime. The snapshot
can then be mounted and its contents copied out of the system while the
MariaDB service is running again.
|
|
|
|
|
|
|
|
|
| |
This includes some tweaks to how deployment is done. There is now an
'instance configuration' stage, where an Ansible playbook injects
instance-specific info like the database password into the machine, and
runs database migrations. It makes sense for this to be a separate stage
because it may need to be re-executed during the lifetime of the
instance, for example if the database passwords change.
|
|
|
|
|
| |
Now that there is a log file, the manage.py tool needs to be run a
s the user who owns the log file.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This contains the public keys of the Baserock Ops team, who are
collectively reponsible for maintainance and security updates for the
baserock.org instances.
I added a note to the README.mdwn too.
|
| |
|
| |
|
|
|
|
| |
Also, add Storyboard user.
|
| |
|