diff options
| -rw-r--r-- | CHANGES.md | 68 | ||||
| -rw-r--r-- | README.md | 10 |
2 files changed, 72 insertions, 6 deletions
diff --git a/CHANGES.md b/CHANGES.md new file mode 100644 index 00000000..4382463b --- /dev/null +++ b/CHANGES.md @@ -0,0 +1,68 @@ +Platform 0.7 +------------------------------------- + +CouchDB improvements: CouchDB is not designed to handle ephemeral data, like +sessions, because documents are never really deleted (a tombstone document is +always kept to record the deletion). To overcome this limitation, we now +rotate the `sessions` and `tokens` databases monthly. The new database names +are `tokens_XXX` and `sessions_XXX` where XXX is counter since the epoch that +increments every month (not a calendar month, but a month's worth of seconds). + +Additionally, nagios monitor and `leap test run` now will create and destroy +test users in the `tmp_users` database, which will get periodically deleted +and recreated. + +Compatibility: + +* requires leap_cli version 1.7 +* requires bitmask client version >= 0.7 + +Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.7.0 + +Upgrading: + +* `gem install leap_cli --version 1.7` or run leap_cli from current master branch. +* `cd leap_platform; git pull; git checkout 0.7.0` or checkout current master branch. +* `leap deploy` +* `leap db destroy --db sessions,tokens` You can ignore message about needing + to redeploy (since, in this case, we just want to permanently delete those + databases). + +New features: + +* rotating couchdb databases +* deployment logging: information on every deploy is logged to + `/var/log/leap`, including the user, leap_cli version, and platform version. +* you must now run `leap deploy --downgrade` if you want to deploy an older + version over a newer platform version. +* the install source each custom daemons (e.g. tapicero, etc) is now + configured on `common.json`. +* you can configure apt sources in common.json +* many bug fixes + +Platform 0.6 +------------------------------------- + +Compatibility: + +* requires leap_cli version 1.6 +* requires bitmask client version >= 0.5 + +Commits: https://leap.se/git/leap_platform.git/shortlog/refs/tags/0.6.0 + +New features: + +* single node deployment +* include custom puppet modules and manifests +* couch flexibility +* stunnel rework +* new debian repository structure +* dependency pinning +* leap_cli modularization +* improved cert generation +* monitoring improvements such as per-environment tooling and notifications +* tor hidden service support +* switch away from NIST curve and ensure TLSv1 is used +* tests made significantly more robust +* add support for webapp deployment to a subdomain +* many, many bugfixes and stability improvements @@ -42,7 +42,7 @@ You can't deploy new couchdb nodes after one or more have been deployed. Make *s User setup and ssh ------------------ -. if you aren't using a single ssh key, but have different ones, you will need to define the following at the top of your ~/.ssh/config: +. if you aren't using a single ssh key, but have different ones, you will need to define the following at the top of your ~/.ssh/config: HostName <ip address> IdentityFile <path to identity file> @@ -52,7 +52,7 @@ User setup and ssh . At the moment, only ECDSA ssh host keys are supported. If you get the following error: `= FAILED ssh-keyscan: no hostkey alg (must be missing an ecdsa public host key)` then you should confirm that you have the following line defined in your server's **/etc/ssh/sshd_config**: `HostKey /etc/ssh/ssh_host_ecdsa_key`. If that file doesn't exist, run `ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""` in order to create it. If you made a change to your sshd_config, then you need to run `/etc/init.d/ssh restart` (see: https://leap.se/code/issues/2373) -. To remove an admin's access to your servers, please remove the directory for that user under the `users/` subdirectory in your provider directory and then remove that user's ssh keys from files/ssh/authorized_keys. When finished you *must* run a `leap deploy` to update that information on the servers. +. To remove an admin's access to your servers, please remove the directory for that user under the `users/` subdirectory in your provider directory and then remove that user's ssh keys from files/ssh/authorized_keys. When finished you *must* run a `leap deploy` to update that information on the servers. . At the moment, it is only possible to add an admin who will have access to all LEAP servers (see: https://leap.se/code/issues/2280) @@ -85,12 +85,10 @@ In order to validate the syntax and style guide compliance before you commit, see https://github.com/pixelated-project/puppet-git-hooks#installation -Changelog +Changes ========= -For a changelog of the current branch: - - git log +Read CHANGES.md or run `git log`. Authors and Credits =================== |