DuckCorp Projects: Issues
https://projects.duckcorp.org/
https://projects.duckcorp.org/favicon.ico?1669909042
2021-07-08T22:43:06Z
DuckCorp Projects
Redmine
DuckCorp Infrastructure - Bug #726 (Resolved): /etc/stunnel/certs/duckcorp_stunnel_redis_Orfeo.pe...
https://projects.duckcorp.org/issues/726
2021-07-08T22:43:06Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>On Orfeo: <code>/etc/stunnel/certs/duckcorp_stunnel_redis_Orfeo.pem</code> certificate is expired.</p>
DuckCorp Infrastructure - Review #707 (Resolved): ansible-role-zabbix: ignore debian bugs #909750
https://projects.duckcorp.org/issues/707
2020-07-09T00:45:21Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-zabbix" class="external"><code>ansible-role-zabbix/ignore_debian_bugs_#909750</code></a></p>
<p>Ignore debian bugs #909750, workaround this issue:</p>
<pre>
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
libjpeg62-turbo libtiff5 libwebp6 libxpm4 php php-bcmath php-gd
php-ldap php-mbstring php-pgsql php-xml php7.3 php7.3-bcmath php7.3-gd
php7.3-ldap php7.3-mbstring php7.3-pgsql php7.3-xml
Suggested packages:
libgd-tools
The following NEW packages will be installed:
fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0
libjpeg62-turbo libtiff5 libwebp6 libxpm4 php php-bcmath php-gd
php-ldap php-mbstring php-pgsql php-xml php7.3 php7.3-bcmath php7.3-gd
php7.3-ldap php7.3-mbstring php7.3-pgsql php7.3-xml zabbix-frontend-php
0 upgraded, 24 newly installed, 0 to remove and 40 not upgraded.
[...]
serious bugs of libfontconfig1 (-> 2.13.1-2) <Forwarded>
b1 - #909750 - applications tries to write to /usr/* directories via
libfontconfig1
Summary:
libfontconfig1(1 bug)
libfontconfig1 pinned by adding Pin preferences in
/etc/apt/preferences.d/apt-listbugs. Restart APT session to enable
**********************************************************************
****** Exiting with an error in order to stop the installation. ******
**********************************************************************
</pre>
DuckCorp Infrastructure - Review #706 (Resolved): ansible-role-httpd_php_fpm: dont_check_potentia...
https://projects.duckcorp.org/issues/706
2020-07-08T19:59:48Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-httpd_php_fpm" class="external"><code>ansible-role-httpd_php_fpm/dont_check_potentially_non_existent_path</code></a></p>
<p>Don't check existence of potentially nonexistent paths.</p>
<p>Some paths might be created later, for example: <code>/etc/zabbix/zabbix.conf.php</code>. This file can not be rendered before since owner is created in the following task.<br />Nonexistent path mentioned in <code>open_basedir</code> php configuration seems to be without any consequence.</p>
DuckCorp Infrastructure - Review #705 (Rejected): ansible-role-httpd_php_fpm: create Unix group u...
https://projects.duckcorp.org/issues/705
2020-07-08T19:49:29Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-httpd_php_fpm" class="external"><code>ansible-role-httpd_php_fpm/create_unix_group_for_pool_workers</code></a></p>
<p>Create Unix group used for pool workers.</p>
<p>Fix this error:</p>
<pre>
TASK [zabbix : Generate Zabbix UI configuration]
task path: duckcorp-infra/ansible/roles/zabbix/tasks/webui.yml:30
fatal: [Orthos]: FAILED! => {
"changed": false,
"owner": "root",
"group": "root",
"mode": "0644",
"msg": "chgrp failed: failed to look up group php_sup.duckcorp.org",
"path": "/etc/zabbix/zabbix.conf.php",
"state": "file",
}
</pre>
DuckCorp Infrastructure - Review #704 (Resolved): duckcorp-infra: move supervision server
https://projects.duckcorp.org/issues/704
2020-07-08T03:04:18Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/duckcorp-infra.git" class="external"><code>duckcorp-infra/move_sup_server</code></a></p>
<p>Supervision server: use Orthos instead of Nicecity</p>
<p>Tested with check mode enabled only using the following command:<br /><pre>
ansible-playbook --check -vv --diff playbooks/dc.yml -l Orthos -e_pg_version=11 -ehttpd_version=2.4.38 -ephp_minor_version=7.3
</pre></p>
DuckCorp Infrastructure - Review #703 (Resolved): dc-web: improve check mode support
https://projects.duckcorp.org/issues/703
2020-07-08T02:52:52Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/duckcorp-infra.git" class="external"><code>duckcorp-infra/dc-web_check_mode</code></a></p>
Improve check mode support:
<ul>
<li>don't fail when <code>rsync</code> binary isn't installed</li>
<li>allow apache2_module to fail when check mode is enabled and apache2ctl isn't installed yet</li>
</ul>
DuckCorp Infrastructure - Review #702 (Resolved): ansible-role-httpd_php_fpm: improve check mode ...
https://projects.duckcorp.org/issues/702
2020-07-07T09:36:07Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-httpd_php_fpm" class="external"><code>ansible-role-httpd_php_fpm/improve_check_mode_handling</code></a></p>
Improve check mode support:
<ul>
<li>check mode: handle <code>apache2_module</code> failure</li>
<li>don't check paths existence when check mode is enabled</li>
<li>Check mode: don't fail when <code>php</code> binary isn't installed</li>
</ul>
One unrelated change included:
<ul>
<li>Ensure <code>php_minor_version</code> var isn't empty</li>
</ul>
DuckCorp Infrastructure - Review #701 (Resolved): ansible-role-zabbix: improve check mode support
https://projects.duckcorp.org/issues/701
2020-07-01T16:44:58Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-zabbix" class="external"><code>ansible-role-zabbix/check_mode_support</code></a>.</p>
Improve check mode support:
<ul>
<li>when <code>psycopg/PostgreSQL</code> isn't installed yet</li>
<li>always execute <code>timedatectl</code> command</li>
</ul>
DuckCorp Infrastructure - Review #700 (Resolved): ansible-role-zabbix: Use 'timedatectl show'
https://projects.duckcorp.org/issues/700
2020-07-01T16:39:30Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-zabbix" class="external"><code>ansible-role-zabbix/timedatectl_show_is_available</code></a>.</p>
<p><code>timedatectl show</code> <a href="https://manpages.debian.org/buster/systemd/timedatectl.1.en.html" class="external">is now documented</a> and works well with Buster: use it.</p>
DuckCorp Infrastructure - Review #687 (Resolved): encrypt ansible vault password (locally)
https://projects.duckcorp.org/issues/687
2020-03-10T15:53:45Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<ol>
<li><code>duckcorp/admin:encrypt_vault_password</code> branch: encrypt Ansible Vault password</li>
<li><code>duckcorp/duckcorp-infra:decrypt_vault_password</code> branch: decrypt Ansible Vault password when needed</li>
</ol>
DuckCorp Infrastructure - Review #632 (Resolved): dropbear in initramfs: ansibilize
https://projects.duckcorp.org/issues/632
2018-08-26T00:03:37Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<pre>
$ apt-get install dropbear-initramfs
$ cp /root/.ssh/authorized_keys /etc/dropbear-initramfs/authorized_keys
$ update-initramfs -u -k all # when above command is changed
# Because default configuration doesn't work:
# @GRUB_CMDLINE_LINUX="ip=192.168.3.5::192.168.3.1:255.255.255.0::enp3s0f0:none cgroup_enable=memory swapaccount=1"@ in /etc/default/grub
$ update-grub # above command is changed when
<pre></pre>
DuckCorp Infrastructure - Review #546 (Resolved): Bare variable aren't supported in with_* loops
https://projects.duckcorp.org/issues/546
2017-05-16T14:50:07Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Please, could you review <code>dont_use_bare_variables</code> branch in admin repository ?</p>
mkcert - Review #542 (In Progress): mkcert: allow to specify CONFDIR
https://projects.duckcorp.org/issues/542
2017-05-14T21:57:33Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Please, could you review branches listed below ?</p>
<ul>
<li><code>Allow-to-define-CONFDIR</code></li>
<li><code>Key-size-synchronize-default-values-sample-values</code></li>
<li><code>Typo</code></li>
<li><code>improve-reliability-enable-some-checks</code></li>
<li><code>Handle-when-mkcert-isn-t-in-PATH</code></li>
<li><code>directory-might-not-exists</code></li>
</ul>
<p>These branches are available here <code>https://vcs-git.duckcorp.org/people/pilou/mkcert.git</code>.</p>
DuckCorp Infrastructure - Bug #511 (Resolved): DSA-3793-1 : update passwd and login packages
https://projects.duckcorp.org/issues/511
2017-02-25T13:55:31Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>The following command was used:<br /><pre>
ansible 'all:!Elwing' -m apt -a "name=login,passwd,uidmap state=latest update_cache=yes only_upgrade=yes"
</pre></p>
<p><code>rkhunter</code> script fails on <code>Toushirou</code>:<br /><pre>
Toushirou | FAILED! => {
"cache_update_time": 1488027681,
"cache_updated": true,
"changed": false,
"failed": true,
"msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" --only-upgrade install 'passwd'' failed: E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/rkhunter ] && grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi'\nE: Sub-process returned an error code\n",
"stderr": "E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/rkhunter ] && grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi'\nE: Sub-process returned an error code\n",
"stderr_lines": [
"E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/rkhunter ] && grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi'",
"E: Sub-process returned an error code"
],
"stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following packages will be upgraded:\n passwd\n1 upgraded, 0 newly installed, 0 to remove and 27 not upgraded.\nNeed to get 970 kB of archives.\nAfter this operation, 325 kB disk space will be freed.\nGet:1 http://security.debian.org/ jessie/updates/main passwd amd64 1:4.2-3+deb8u3 [970 kB]\nFetched 970 kB in 0s (2593 kB/s)\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 269474 files and directories currently installed.)\r\nPreparing to unpack .../passwd_1%3a4.2-3+deb8u3_amd64.deb ...\r\nUnpacking passwd (1:4.2-3+deb8u3) over (1:4.2-3+deb8u1) ...\r\nProcessing triggers for man-db (2.7.0.2-5) ...\r\nSetting up passwd (1:4.2-3+deb8u3) ...\r\nWaiting for lock file..10..20..30..40..50..60..70..80..90..100..110..120..130..140..150..160..170..180..190..200..210..220..230..240..250..260..270..280..290..300\nUnable to get the lock file: rkhunter has not run!\n",
"stdout_lines": [
"Reading package lists...",
"Building dependency tree...",
"Reading state information...",
"The following packages will be upgraded:",
" passwd",
"1 upgraded, 0 newly installed, 0 to remove and 27 not upgraded.",
"Need to get 970 kB of archives.",
"After this operation, 325 kB disk space will be freed.",
"Get:1 http://security.debian.org/ jessie/updates/main passwd amd64 1:4.2-3+deb8u3 [970 kB]",
"Fetched 970 kB in 0s (2593 kB/s)",
"(Reading database ... ",
"(Reading database ... 5%",
"(Reading database ... 10%",
"(Reading database ... 15%",
"(Reading database ... 20%",
"(Reading database ... 25%",
"(Reading database ... 30%",
"(Reading database ... 35%",
"(Reading database ... 40%",
"(Reading database ... 45%",
"(Reading database ... 50%",
"(Reading database ... 55%",
"(Reading database ... 60%",
"(Reading database ... 65%",
"(Reading database ... 70%",
"(Reading database ... 75%",
"(Reading database ... 80%",
"(Reading database ... 85%",
"(Reading database ... 90%",
"(Reading database ... 95%",
"(Reading database ... 100%",
"(Reading database ... 269474 files and directories currently installed.)",
"Preparing to unpack .../passwd_1%3a4.2-3+deb8u3_amd64.deb ...",
"Unpacking passwd (1:4.2-3+deb8u3) over (1:4.2-3+deb8u1) ...",
"Processing triggers for man-db (2.7.0.2-5) ...",
"Setting up passwd (1:4.2-3+deb8u3) ...",
"Waiting for lock file..10..20..30..40..50..60..70..80..90..100..110..120..130..140..150..160..170..180..190..200..210..220..230..240..250..260..270..280..290..300",
"Unable to get the lock file: rkhunter has not run!"
]
</pre></p>
<p>After upgrade, the following checks were performed:</p>
<ul>
<li><pre>
ansible 'all:!Elwing' -i hosts -m shell -a 'test "$(dpkg-query -W -f\${Version} passwd)" = "1:4.2-3+deb8u3"'
</pre></li>
<li><pre>
ansible 'all:!Elwing' -i hosts -m shell -a 'test "$(dpkg-query -W -f\${Version} login)" = "1:4.2-3+deb8u3"'
</pre></li>
</ul>
DuckCorp Infrastructure - Bug #488 (Resolved): Apply debian security updates
https://projects.duckcorp.org/issues/488
2016-02-25T23:40:01Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
Apply debian security updates on the following hosts:
<ul>
<li>toushirou</li>
<li>thorfinn</li>
<li>jinta</li>
<li>orfeo</li>
</ul>
<p>Jinta is currently unavailable.</p>