]>
WPIA git - infra.git/log
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Felix Dörre [Sat, 15 Dec 2018 00:37:59 +0000 (01:37 +0100)]
add: ipv6 for container and for external http(s) dnats
Change-Id: I999b72d3c6a079049ecacc47f03a6aa1b934af3c
Felix Dörre [Wed, 19 Dec 2018 00:12:13 +0000 (01:12 +0100)]
chg: make installed keys owned by puppet
Change-Id: Ifdd581d6b869367b019b6f8cda464f8d60c89e71
Felix Dörre [Tue, 4 Dec 2018 22:56:26 +0000 (23:56 +0100)]
chg: bootstrap user needs to add domain before making himself admin (via sql)
afterwards the primary bootstrapper cannot add more domains to the org.
Change-Id: Ibb551d420f6648fbeaf550e46067f377871ae42d
Felix Dörre [Tue, 4 Dec 2018 22:56:25 +0000 (23:56 +0100)]
chg: fix path in lxc-base image creation
Change-Id: Ia14a8582d651cdf1d6450ab07263b1c9ea3b4df8
Felix Dörre [Tue, 4 Dec 2018 22:56:25 +0000 (23:56 +0100)]
chg: deb signing key moved
Change-Id: I63b3be93c2f629acc473b63bf94d577103049f9a
Felix Dörre [Tue, 4 Dec 2018 22:56:24 +0000 (23:56 +0100)]
chg: puppetlabs-postgresql requires stdlib < 5.0.0
Change-Id: I7d425bdc9171df4246fae2e1eb5a6ca6cff32861
Martin Gummi [Tue, 20 Mar 2018 22:38:58 +0000 (23:38 +0100)]
add: readme in root dir
Change-Id: I396f87aaffefb246fad7445aa3fa7a8709e7d331
Felix Dörre [Tue, 9 Jan 2018 09:43:15 +0000 (10:43 +0100)]
fix: postgres for quiz
Change-Id: Ide5ec67d80adc016d7a7ae6a9ea0a417fc9af518
Felix Dörre [Thu, 14 Dec 2017 21:46:14 +0000 (22:46 +0100)]
fix: replication needs max_wal_senders
This is necessary for the initial backup (using pg_basebackup), which
connects to the postgres server and receives the Write-Ahead Log while
it is created, so the server needs to have at least one session
available for this. See also the pg_basebackup documentation [1].
[1]: https://www.postgresql.org/docs/9.6/static/app-pgbasebackup.html
Change-Id: I953e2731df2f5b7dc71ae27191cd20318e36b84a
Felix Dörre [Thu, 14 Dec 2017 21:31:59 +0000 (22:31 +0100)]
fix: ensure postgres-client for quiz-setup
Change-Id: I32d60ee3a55c98fa2ef6ad0e12037052a9f5949e
Felix Dörre [Thu, 30 Nov 2017 20:10:24 +0000 (21:10 +0100)]
add: archiving of container-journals
Change-Id: Ifa920794c3b4dbc7cc619f5d6570b5d82505f200
Felix Dörre [Tue, 14 Nov 2017 22:53:55 +0000 (23:53 +0100)]
add: backup mechanism for postgresql
Change-Id: I65c9cd6c52b7d539fbc7dc59cc7436b64186dd73
Felix Dörre [Tue, 14 Nov 2017 22:18:39 +0000 (17:18 -0500)]
add: make postgresql write archives
Change-Id: I6ab6b8730f93f2d7b7e4593797ffe6601226f0ec
Felix Dörre [Mon, 6 Nov 2017 10:29:04 +0000 (11:29 +0100)]
upd: puppetlabs-stdlib to >=4.21
Change-Id: I9b5dbc49eb65982fe8530fe2dbcb0146fc91292a
Felix Dörre [Fri, 16 Jun 2017 21:36:24 +0000 (23:36 +0200)]
upd: move quiz to postgres
Note: this change does not migrate the data from the mysql database
Change-Id: I00a85c38054c759a37fde05a5e0b9f32a16d66ec
Felix Dörre [Fri, 16 Jun 2017 21:36:10 +0000 (23:36 +0200)]
upd: cleanup file-dependencies for lxcs
lxc containers with bind mounts require the file resources of the source
paths of those bind mounts. Declare this in the lxc module, instead of
declaring those requirements individually in the module definitions.
Change-Id: If8beec5f772e3ce316a6f9d6b47484d891e4cfa1
Felix Dörre [Tue, 10 Oct 2017 23:22:51 +0000 (01:22 +0200)]
fix: typo in init-vm script
Change-Id: I6c29ef942bc7eeefca88e2dfe5e8d492b8963cf1
Felix Dörre [Mon, 2 Oct 2017 16:39:19 +0000 (18:39 +0200)]
fix: agent needs no-daemonize when there's currently an agent running
Change-Id: I6d5a8cadf5f649d1f11fa663a2bbc3aa23415d8f
Felix Dörre [Wed, 11 Oct 2017 17:55:32 +0000 (19:55 +0200)]
fix: pin puppet-stdlib version more strictly
Change-Id: I045298549a63d5d5ed7070b4bc644e2c412ec96b
Felix Dörre [Sun, 16 Jul 2017 20:34:55 +0000 (22:34 +0200)]
add: script for an admin to manage certificates
Change-Id: Ie85f6686f1e04314aafc0726704d5406968cc1e7
Felix Dörre [Sun, 16 Jul 2017 17:06:16 +0000 (19:06 +0200)]
upd: cleanup inclusion of config and document config elements
Change-Id: I8ee625b6e8ad85ae68c75875d07f9bd829de442a
Felix Dörre [Sat, 3 Jun 2017 13:33:58 +0000 (09:33 -0400)]
add: ocsp server configuration
Change-Id: I85f96f989ecb11a584a8ca3a808764e761a0051d
Felix Dörre [Sat, 3 Jun 2017 14:46:31 +0000 (16:46 +0200)]
upd: remove unneccesary quotes in [[
Word Splitting is disabled in [[ ]] expressions.
Change-Id: Ie2f4f229a84ea3acaa5a8a8ef814066ae1711504
Felix Dörre [Sun, 21 May 2017 15:16:54 +0000 (11:16 -0400)]
add: infradocs package
Change-Id: Ie9da7f3f7e032d53cde7bad92f1a1c1651d15a13
Felix Dörre [Sat, 22 Apr 2017 20:39:33 +0000 (16:39 -0400)]
upd: rename certificate renewal commands + add force mode
Change-Id: Ia98af2321a0d676dc44f987f34262c66d72d7a55
Felix Dörre [Sat, 22 Apr 2017 22:07:44 +0000 (00:07 +0200)]
upd: manager fetch/push operation
Change-Id: I12666cbad482a86f2d70b36b0761907f15b54e22
Felix Dörre [Sat, 15 Apr 2017 23:36:47 +0000 (01:36 +0200)]
add: script to create base image
Change-Id: I0471d7463a6cfc5b406137146392e1fd1825f44f
Felix Dörre [Sat, 22 Apr 2017 22:06:32 +0000 (00:06 +0200)]
add: version pinning for puppet modules
Change-Id: I00150fd053d6c16de45f8d8a4209f13f468c6cd2
Felix Dörre [Sat, 15 Apr 2017 23:42:22 +0000 (01:42 +0200)]
upd: clean base-image package-lists
Change-Id: Ia51b388c0a9b1bd34f4ad2e84f7f5594fa5918bb
Felix Dörre [Tue, 28 Mar 2017 09:48:57 +0000 (11:48 +0200)]
add: systemd module for executing daemon-reload
This change adds a new resource type that manages a given
unit file and triggers a systemd daemon-reload when any of
the files have been managed (but before any of their
dependencies, i.e. services, are managed).
Change-Id: I3ec4a38cfa09c6971269a1698d38af8b3b79d7ed
Felix Dörre [Sat, 15 Apr 2017 23:34:39 +0000 (01:34 +0200)]
add: synchronous initial puppet runs
Change-Id: I675e7cbd833ab15e5fff2df6bd740257d0b67df6
Felix Dörre [Sat, 15 Apr 2017 17:43:48 +0000 (19:43 +0200)]
upd: launch apt-update at least daily
Change-Id: I2489b5b41159b962e73f0439740ce8ec7b5c213d
Felix Dörre [Tue, 28 Mar 2017 08:38:37 +0000 (10:38 +0200)]
upd: put .gitignore rules in manager directory
Change-Id: I36a13df453dfe18f7c431a92a354999770065cee
Felix Dörre [Tue, 28 Mar 2017 08:34:14 +0000 (10:34 +0200)]
upd: add minimal instructions to create nre-keys
Change-Id: I6b8eee4bd2ecb9bb1172aabf53fa3eed26beff93
Felix Dörre [Tue, 28 Mar 2017 08:33:13 +0000 (10:33 +0200)]
upd: improve error checking in bootstrap-user
Change-Id: If93b95a3e020eab4b968ad32a52e5de149208807
Lucas Werkmeister [Mon, 27 Mar 2017 20:10:41 +0000 (22:10 +0200)]
upd: run git daemon as nobody, not git
The git daemon doesn’t require any privileges (assuming the repositories
are world-readable), and the git user owns /gitweb-socket (and possibly
also the repositories). ReadOnlyDirectories=/ should prevent the git
daemon to make any modifications to those directories, but still,
there’s no harm done in locking it down even further.
Change-Id: Ib0209de31d7b556a209bbf89fad47d713ff9aaff
Lucas Werkmeister [Mon, 27 Mar 2017 20:05:12 +0000 (22:05 +0200)]
add: enable upload-archive git service
This allows users to create archives directly without having to clone
the repository first.
git archive -o gigi.tar --remote=git://code.wpia.club/gigi.git @
Change-Id: I95b9d4e7805621bfcad0eaf221880a4187c5adb6
Lucas Werkmeister [Tue, 28 Mar 2017 09:14:57 +0000 (11:14 +0200)]
add: git smart HTTP daemon
This removes the need for running `git update-server-info` on the
repositories regularly (or on update), possibly speeds up clones (at
least, git clone can now show progress information), and almost
certainly improves reliability on a pull concurrent with a push to the
same repository (the git daemon can respect lock files, nginx can’t).
(We can also probably remove /srv/git from front-nginx, but I’ll do that
in a separate change.)
Change-Id: Iaf67d8f9f7dbe3b95338d9bb548e7c18bf9f0d0a
Felix Dörre [Tue, 28 Mar 2017 08:38:26 +0000 (10:38 +0200)]
add: utility for minimal testing
The script tests a finished Gigi installation
by checking if it returns any page on /.
The root certificate is downloaded from /roots?pem.
Change-Id: I91d91761b82bb2b0425cd3c2ffcc746a59db51a3
Felix Dörre [Tue, 28 Mar 2017 08:32:55 +0000 (10:32 +0200)]
fix: gigi does not permit to add oneself as org admin
Change-Id: I638d330216913b68bb09325560c903f94625473c
Felix Dörre [Mon, 27 Mar 2017 22:24:31 +0000 (00:24 +0200)]
fix: cassiopeia package name
The cassiopeia debian package was renamed, so we need to rename here.
Change-Id: I2b9b29549bdf1f90bdff2ff1c49ef5702c7d3bf8
Lucas Werkmeister [Thu, 23 Mar 2017 14:17:00 +0000 (15:17 +0100)]
fix: enable all services in systemd
This ensures that systemd starts them as soon as possible, even if the
puppet agent doesn’t run immediately.
Change-Id: Ib48cc74f1d398d10a1c95fa8802243038cca01b6
Felix Dörre [Tue, 21 Mar 2017 09:41:48 +0000 (10:41 +0100)]
add: script and instructions for automated setup
Change-Id: I0757795270b97d00dd7cf1f1f5414e0b3b796939
Felix Dörre [Wed, 22 Mar 2017 16:58:40 +0000 (12:58 -0400)]
add: exim config to send mails into the internet
Change-Id: I34f0ed386c261c043991be8ed9f2a3228c60ede2
Felix Dörre [Wed, 22 Mar 2017 08:08:03 +0000 (09:08 +0100)]
upd: fix http-challenge
Change-Id: I5d07b6f25e314444893dc3dd5c31a41c3c74a834
Felix Dörre [Tue, 14 Mar 2017 14:05:21 +0000 (15:05 +0100)]
upd: copy base image instead of creating fresh
This cuts down setup time from 60min to below 30min.
Change-Id: I2441788336d91963328549586dd9ae8b6e481e2a
Felix Dörre [Sun, 12 Mar 2017 10:51:29 +0000 (06:51 -0400)]
fix: remove getty-services
Change-Id: I36b9c1014f83010addd9ccc13b018b5eaae924af
Lucas Werkmeister [Sat, 11 Mar 2017 20:53:17 +0000 (21:53 +0100)]
add: gitweb service
Serves all repositories in /data/git on the code. subdomain with gitweb,
and allows cloning them via https:// and git://.
NOTE: For clone over HTTP(S), git update-server-info needs to be run in
the repositories; this is expected to be done via a post-update hook in
the repositories, and not configured here.
Change-Id: I8b5666fd54031447ddfdd098504aa46ad29285b3
Felix Dörre [Thu, 2 Mar 2017 15:30:02 +0000 (16:30 +0100)]
add: real testing for testserver and real pro-version for real system
Change-Id: Ib067212ac34438e364df08166af72c3103320175
Felix Dörre [Tue, 28 Feb 2017 09:29:52 +0000 (10:29 +0100)]
upd: changes according to current gigi changes
Change-Id: Ic9fd80f4047ca179fecd5074f223b1cf916ef208
Felix Dörre [Tue, 21 Feb 2017 00:16:48 +0000 (01:16 +0100)]
upd: simplify gigi.properties
Change-Id: I900257869b98d04f75e1f0ad84697413c48ccfbe
Felix [Tue, 1 Nov 2016 11:10:57 +0000 (12:10 +0100)]
initial import
Current features include:
- setup of gigi, cassiopeia-client, quiz-system, minimalist exim, nginx
- setup of gigi-database from scratch (including validation of own domain and issuing own certificates
- optional cassiopeia-signer in own container with communication via tcpserial
- hop container for administrators connecting to the system
Change-Id: Id8fe05c78c8ec0a93ed444daea0ab2399e3a5717