summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES.md68
-rw-r--r--README.md10
2 files changed, 72 insertions, 6 deletions
diff --git a/CHANGES.md b/CHANGES.md
new file mode 100644
index 00000000..4382463b
--- /dev/null
+++ b/CHANGES.md
@@ -0,0 +1,68 @@
+Platform 0.7
+-------------------------------------
+
+CouchDB improvements: CouchDB is not designed to handle ephemeral data, like
+sessions, because documents are never really deleted (a tombstone document is
+always kept to record the deletion). To overcome this limitation, we now
+rotate the `sessions` and `tokens` databases monthly. The new database names
+are `tokens_XXX` and `sessions_XXX` where XXX is counter since the epoch that
+increments every month (not a calendar month, but a month's worth of seconds).
+
+Additionally, nagios monitor and `leap test run` now will create and destroy
+test users in the `tmp_users` database, which will get periodically deleted
+and recreated.
+
+Compatibility:
+
+* requires leap_cli version 1.7
+* requires bitmask client version >= 0.7
+
+Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.7.0
+
+Upgrading:
+
+* `gem install leap_cli --version 1.7` or run leap_cli from current master branch.
+* `cd leap_platform; git pull; git checkout 0.7.0` or checkout current master branch.
+* `leap deploy`
+* `leap db destroy --db sessions,tokens` You can ignore message about needing
+ to redeploy (since, in this case, we just want to permanently delete those
+ databases).
+
+New features:
+
+* rotating couchdb databases
+* deployment logging: information on every deploy is logged to
+ `/var/log/leap`, including the user, leap_cli version, and platform version.
+* you must now run `leap deploy --downgrade` if you want to deploy an older
+ version over a newer platform version.
+* the install source each custom daemons (e.g. tapicero, etc) is now
+ configured on `common.json`.
+* you can configure apt sources in common.json
+* many bug fixes
+
+Platform 0.6
+-------------------------------------
+
+Compatibility:
+
+* requires leap_cli version 1.6
+* requires bitmask client version >= 0.5
+
+Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.6.0
+
+New features:
+
+* single node deployment
+* include custom puppet modules and manifests
+* couch flexibility
+* stunnel rework
+* new debian repository structure
+* dependency pinning
+* leap_cli modularization
+* improved cert generation
+* monitoring improvements such as per-environment tooling and notifications
+* tor hidden service support
+* switch away from NIST curve and ensure TLSv1 is used
+* tests made significantly more robust
+* add support for webapp deployment to a subdomain
+* many, many bugfixes and stability improvements
diff --git a/README.md b/README.md
index a64962ca..9b33e9e8 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ You can't deploy new couchdb nodes after one or more have been deployed. Make *s
User setup and ssh
------------------
-. if you aren't using a single ssh key, but have different ones, you will need to define the following at the top of your ~/.ssh/config:
+. if you aren't using a single ssh key, but have different ones, you will need to define the following at the top of your ~/.ssh/config:
HostName <ip address>
IdentityFile <path to identity file>
@@ -52,7 +52,7 @@ User setup and ssh
. At the moment, only ECDSA ssh host keys are supported. If you get the following error: `= FAILED ssh-keyscan: no hostkey alg (must be missing an ecdsa public host key)` then you should confirm that you have the following line defined in your server's **/etc/ssh/sshd_config**: `HostKey /etc/ssh/ssh_host_ecdsa_key`. If that file doesn't exist, run `ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""` in order to create it. If you made a change to your sshd_config, then you need to run `/etc/init.d/ssh restart` (see: https://leap.se/code/issues/2373)
-. To remove an admin's access to your servers, please remove the directory for that user under the `users/` subdirectory in your provider directory and then remove that user's ssh keys from files/ssh/authorized_keys. When finished you *must* run a `leap deploy` to update that information on the servers.
+. To remove an admin's access to your servers, please remove the directory for that user under the `users/` subdirectory in your provider directory and then remove that user's ssh keys from files/ssh/authorized_keys. When finished you *must* run a `leap deploy` to update that information on the servers.
. At the moment, it is only possible to add an admin who will have access to all LEAP servers (see: https://leap.se/code/issues/2280)
@@ -85,12 +85,10 @@ In order to validate the syntax and style guide compliance
before you commit, see https://github.com/pixelated-project/puppet-git-hooks#installation
-Changelog
+Changes
=========
-For a changelog of the current branch:
-
- git log
+Read CHANGES.md or run `git log`.
Authors and Credits
===================