Commits · 56f1ffb715d96b003bc795d8063c6021e04b8593 · Arch Linux / infrastructure

02 Jan, 2018 1 commit

roles/archweb: Changes to the way archweb version is used · 56f1ffb7

Giancarlo Razzolini authored Jan 02, 2018

The archweb_version was on apollo's host_vars. This was removed in
favour of it being on the defaults for the role. Also, a new var
was introduced to configure the repository used for archweb.

56f1ffb7

07 Dec, 2017 1 commit
- archweb: install python2-setuptools · 09506ee6
  Bartłomiej Piotrowski authored Dec 07, 2017
  
  09506ee6
01 Dec, 2017 1 commit
- archweb: allow to specify ref to checkout · 725cb2d0
  Bartłomiej Piotrowski authored Dec 01, 2017
  
  725cb2d0
06 Sep, 2017 2 commits

archweb: Limit database updates to machines with services/site · 645c665c

Florian Pritz authored Sep 06, 2017



Seems unnecessary to run these on machines that only deploy mirrorcheck

Signed-off-by: Florian Pritz <bluewind@xinu.at>

645c665c

archweb: Add gcc dependency · d99788e3

Florian Pritz authored Sep 06, 2017



gcc is required by virtualenv to compile some third party modules.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

d99788e3

30 May, 2017 1 commit
- Reverted back to using requirements_prod. It now includes requirements. · fde781ad
  Giancarlo Razzolini authored May 29, 2017
  
  fde781ad
22 May, 2017 1 commit
- Changed requirements to use the main one and not the requirements_prod anymore. · 68e502db
  Giancarlo Razzolini authored May 22, 2017
  
  68e502db
10 Feb, 2017 1 commit

roles/*: Fix nginx log dir permissions · ff27e416

Giancarlo Razzolini authored Feb 10, 2017

To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.

ff27e416

05 Feb, 2017 1 commit

Fix permissions of nginx log dirs, CVE-2016-1247 · 57d62ca8

Florian Pritz authored Feb 05, 2017

CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as nginx
instead of root. logrotate creates the proper log files already so
nginx doesn't need write permissions to those directories.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

57d62ca8

17 Jan, 2017 1 commit
- roles/archweb: Change the git clone url to https. · 53f94e44
  Giancarlo Razzolini authored Jan 17, 2017
  
  53f94e44
02 Jan, 2017 7 commits
- roles/archweb: Added missing defaults and also added a rsync service to sync the isos from orion. · 29682789
  Giancarlo Razzolini authored Jan 02, 2017
  
  29682789
- roles/archweb: Added the populate_signoffs service running once every 20 minutes. · 51101cd1
  Giancarlo Razzolini authored Jan 02, 2017
  
  51101cd1
- roles/archweb: Enable the mirrorresolv timer. · 0db17398
  Giancarlo Razzolini authored Jan 02, 2017
  
  0db17398
- roles/archweb: Add mirrorresolv service and timer running twice a day. · 1cddad7a
  Giancarlo Razzolini authored Jan 02, 2017
  
  1cddad7a
- roles/archweb: Added a task to restart reporead when there are changes to the code. · 8b192edc
  Giancarlo Razzolini authored Jan 02, 2017
  
  8b192edc
- roles/nginx: Add a handler for reloading nginx and change all the roles to use... · 319ed050
  Giancarlo Razzolini authored Jan 02, 2017
```
roles/nginx: Add a handler for reloading nginx and change all the roles to use it, instead of restarting nginx.
```
  319ed050
- roles/archweb: Added python2-psycopg2 to archweb package list because orion does not have postgres. · 3eaa00af
  Giancarlo Razzolini authored Jan 01, 2017
  
  3eaa00af
01 Jan, 2017 2 commits

roles/archweb: Add a forced_deploy variable to trigger a deploy even when... · 6f4dc82c

Giancarlo Razzolini authored Jan 01, 2017

roles/archweb: Add a forced_deploy variable to trigger a deploy even when nothing seems to have changed. Also restart memcached on deploys.

6f4dc82c

roles/archweb: Added a register for virtualenv changes and to deploy archweb... · 987472d1

Giancarlo Razzolini authored Jan 01, 2017

roles/archweb: Added a register for virtualenv changes and to deploy archweb in this case. Also changed nginx template to use the main domain.

987472d1

31 Dec, 2016 1 commit
- roles/archweb: Deploy archweb on config changes too. Also, add a check to add... · abf19d97
  Giancarlo Razzolini authored Dec 31, 2016
```
roles/archweb: Deploy archweb on config changes too. Also, add a check to add ssl_require mode when connecting to remote hosts.
```
  abf19d97
30 Dec, 2016 1 commit
- roles/archweb: Fix the role to allow installation when archweb_site: false · 5ba23e32
  Giancarlo Razzolini authored Dec 29, 2016
  
  5ba23e32
29 Dec, 2016 3 commits
- roles/archweb: Fix configuration step and split the privs module to use new defaults · c62d274d
  Giancarlo Razzolini authored Dec 29, 2016
  
  c62d274d
- roles/archweb: Grant the read permission for all the archweb db users on all tables and sequences · 563970bf
  Giancarlo Razzolini authored Dec 29, 2016
  
  563970bf
- roles/archweb: Initial db setup, django initialization and new releses handling · 777f21a9
  Giancarlo Razzolini authored Dec 29, 2016
  
  777f21a9
28 Dec, 2016 3 commits
- roles/archweb: Create a pgp_import service and a pacman hook to run when... · 6bd891f5
  Giancarlo Razzolini authored Dec 28, 2016
```
roles/archweb: Create a pgp_import service and a pacman hook to run when archlinux-keyring is updated
```
  6bd891f5
- roles/archweb: Make everything modular and also template the mirrorcheck locations · 29017a1b
  Giancarlo Razzolini authored Dec 28, 2016
  
  29017a1b
- roles/archweb: Changed the tasks to match the new defaults · bbe93710
  Giancarlo Razzolini authored Dec 27, 2016
  
  bbe93710
27 Dec, 2016 2 commits
- roles/archweb: Change the services to be templates and also split their installation. · c4ffbab4
  Giancarlo Razzolini authored Dec 27, 2016
```
roles/archweb: Memcached service.
roles/postgresql: Initial work on SSL support.
```
  c4ffbab4
- roles/memcached: Initial work on the memcached role. · 36212039
  Giancarlo Razzolini authored Dec 21, 2016
```
roles/archweb: Make archweb install and use it's own memcached service, running as the archweb user and using a socket.
```
  36212039
05 Dec, 2016 1 commit
- roles/archweb: MEDIA directory. · fbcde512
  Giancarlo Razzolini authored Dec 04, 2016
  
  fbcde512
02 Dec, 2016 1 commit
- group_vars: Added the archweb_db_password. · 4058d521
  Giancarlo Razzolini authored Dec 02, 2016
```
roles/archweb: Nginx deployment, domain variable and other improvements.
```
  4058d521
30 Nov, 2016 1 commit
- roles/archweb: Improve the archweb role for deploying under uwsgi · f51999ee
  Giancarlo Razzolini authored Nov 30, 2016
  
  f51999ee
22 Sep, 2016 1 commit
- roles: Ensure leading zero for octal modes · bd90028c
  Jan Alexander Steffens (heftig) authored Sep 22, 2016
```
I've had mode=755 create garbage already...
```
  bd90028c
17 Jun, 2016 3 commits
- archweb: Don't try to recreate the virtualenv · ba9a3737
  Sven-Hendrik Haase authored Jun 17, 2016
  
  ba9a3737
- archweb: Fix typos in comments · 0580a348
  Florian Pritz authored Jun 17, 2016
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  0580a348
- Add archweb service to orion · 6ec00975
  Sven-Hendrik Haase authored Jun 17, 2016
  
  6ec00975