summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-06-27Install python-treq from strech on jessie nodesVarac
New soledad-common depends on `python-treq`, which is only available in debian stretch. We pin all stretch packages to 1 (same as for sid), which means (from `man apt_preferences`): "causes a version to be installed only if there is no installed version of the package" - Resolves: #8836
2017-06-27Merge branch 'remove_keymanager_dep'Varac
2017-06-27Merge branch 'fix_unattended_upgrades'Varac
2017-06-27Don't depend on leap-keymanager anymoreVarac
leap-mx is now independent of leap-keymanager and we can remove this dependency now. see https://0xacab.org/leap/leap_mx/issues/8558
2017-06-26Add manual deploy test for master branchVarac
2017-06-26Lint .gitlab-ci.ymlVarac
2017-06-26Merge branch 'ci_fail_when_tests_break'Varac
2017-06-24Add configured apt component to the unattended-upgrades whitelistVarac
Resolves: #8792
2017-06-23Use stdbuf instead of unbuffer for CI timestampingVarac
There are different reasons for this: - Using `stdbuf` will correctly return and non-zero exit code so when something breaks during CI `gitlab-runner` will mark the build as failed (Resolves: #8821). - `stdbuf` is already installed by the `coreutils` package and thus saves diskspace
2017-06-23Use default apt component for CIVarac
Resolves: #8828
2017-06-22Merge branch 'delay_apt_hardstate'Varac
2017-06-22Merge branch 'disable_nagios_notifications'Varac
2017-06-22Delay hard state of the nagios APT checkVarac
Delay a hard state of the APT check for 1 day so unattended_upgrades has time to upgrade packages. Resolves: #8748
2017-06-21Use apt master component for LEAP packagesVarac
Currently, the platform configures the `snapshots` component in /etc/apt/sources.list.d/leap.list. `snapshots` contains packages uploaded by feature branches and merge requests so we change to `master` (which contains packges built from changes to the master branches. Resolves: #8828
2017-06-17Stop sending mails for nagios alertsVarac
It's just too much mail... And there are other tools like nagstamon that are better suited to get an overview what's failing. Resolves: #8772
2017-06-17Renewed commercial cert for platform CIVarac
2017-06-16[CI] Use older commit for puppet-catalog-testVarac
After `puppet-catalog-test` has been recently updated it failed in our CI with: File[/etc/apt/sources.list] has notify relationship to invalid resource Exec[apt_updated] See #8814 for more details. Resolves: #8814 https://github.com/invadersmustdie/puppet-catalog-test/commit/ac386793c2c456d2071dd0adda716224128f0bb3
2017-06-16[CI] Use master branch of leap_cliVarac
We moved from develop to master some time ago so we should use master for CI testing as well.
2017-05-31Remove .mailmap, dont leak email addressesvarac
2017-05-30static - support for renewing certs with let's encrypt for static siteselijah
2017-05-23Merge remote-tracking branch 'leap_acab/merge-requests/89'varac
2017-05-23Merge branch 'varac/platform-vagrant_private_networking'kwadronaut
2017-05-23[vagrant] Don't block eth0 if eth1 is configuredvarac
Eth0 is vagrant's main interface to access the box
2017-05-23Include site_config::vagrant on vagrant nodesvarac
2017-05-23[vagrant] Lint vagrant.ppvarac
2017-05-23[vagrant] Use private networking IP from eth1 if presentvarac
2017-05-23[vagrant] Move $OPTS to vagrant configvarac
2017-05-23Lint configure-leap.shvarac
2017-05-23[vagrant] Use private networking for direct accesvarac
Without private networking, the box cannot get directly accessed, only via port forwardings. https://www.vagrantup.com/docs/networking/private_network.html - Resolves: #7769
2017-05-23[vagrant] Use eth1 on vagrant if presentvarac
Virtualbox adds eth1 as second interface when private networking is enabled. - Related: #7769
2017-05-20generate missing ssh host keys on node init (closes #8790)kwadronaut
closes #8414 as well
2017-05-19makes sure locales packages is installed before locale-gen fixes #8649kwadronaut
2017-05-10Nickserver direct access to couchdb on same nodevarac
Depending whether couchdb is running on the same node as nickserver, couchdb is available on localhost: - When couchdb is running on a different node: Via stunnel, which is bound to 4000. - When couchdb is running on the same node: On port 5984 Resolves: #8793
2017-05-10Increase Vagrant defaut mem to 2gbvarac
2017-05-10Remove pixelated submodule from the example providerTulio Casagrande
2017-05-10fix CI image locationMicah Anderson
2017-05-10Depend soledad-server on ssl-cert packagevarac
We should include this in soledad-server package as dependency but until we sorted out this, we depend soledad-server on ssl-cert in the platform. see https://0xacab.org/leap/soledad/issues/8849 for
2017-05-06Ignore rbenv filesvarac
2017-05-06Add timestamps to all platform deploysvarac
Resolves: #8791
2017-05-06Install tor from backports (fixes #8783).Micah Anderson
The newer version is needed for the single-hop functionality.
2017-05-06Restructure site_tor to be more clear and re-usable (fixes #8784).Micah Anderson
This makes a more clear site_tor::relay class that the leap service includes, and a more generic site_tor class that other classes can depend on for setting up the initial install.
2017-05-03Merge remote-tracking branch 'origin/merge-requests/80'varac
2017-05-03Merge branch 'master' of 0xACAB.org:leap/platformvarac
2017-05-02Merge branch 'bug/fix_ci_deploy' into 'master' micah
Limit ci.leap.se deployment to leap/master (Closes #8782) Closes #8782 See merge request !83
2017-05-02Limit ci.leap.se deployment to leap/master (Closes #8782)Micah Anderson
2017-05-02Add signed-by option to sources.list (Closes: #8425)Micah Anderson
This gets us a simple apt repository privilege separation: (a) our key can't be used to forge other repos (b) other keys can't be used to forge our repo. From sources.list(5): ยท Signed-By (signed-by) is either an absolute path to a keyring file (has to be accessible and readable for the _apt user, so ensure everyone has read-permissions on the file) or one or more fingerprints of keys either in the trusted.gpg keyring or in the keyrings in the trusted.gpg.d/ directory (see apt-key fingerprint). If the option is set, only the key(s) in this keyring or only the keys with these fingerprints are used for the apt-secure(8) verification of this repository. Defaults to the value of the option with the same name if set in the previously acquired Release file. Otherwise all keys in the trusted keyrings are considered valid signers for this repository.
2017-04-27Merge remote-tracking branch 'origin/merge-requests/77'varac
2017-04-27change environment names to match ci-build.shMicah Anderson
2017-04-27Improve ci-build.sh (Closes #8771)varac
* Change environment names for clarity: . Use staging for deploying to latest . Use production environments to deploy to demo: production/vpn production/mail * Install leap_cli if not present and define default values * Remove old nodes from cached runs * Remove no longer used SEEDS variable * Debugging improvements: . Hide secrets when calling ci-build.sh with xtrace enabled . Use unbuffer to we can add debug output locally . Add debugging to build_from_scratch()
2017-04-25bugfix: ensure that nodes only have one environment specified (closes #8778)elijah