Project

General

Profile

Activity

From 2017-06-17 to 2017-07-16

2017-07-16

21:33 Bug #463: Replace our Ancient Gallery
Gallery is gone, we need to move the photos elsewhere where the users have access to their data in the meanwhile. Marc Dequènes
21:32 Enhancement #554: Upgrade Toushirou to Debian Strech
Due to PHP 5->7 Gallery2 is not working anymore and was removed. #463 must become a priority.
phpldapadmin is dead...
Marc Dequènes
18:05 Enhancement #554 (In Progress): Upgrade Toushirou to Debian Strech
Redmine is fine, as you can read :-). But there's much other settings to check. Marc Dequènes
21:31 Enhancement #322 (Rejected): Blogs
Marc Dequènes
21:31 Enhancement #322: Blogs
Purged, dotclear is not available anymore in Debian and has serious problems. Marc Dequènes
18:18 Enhancement #555: Upgrade Thorfinn to Debian Strech
Forgot eggdrop, installed tcl8.5 and used the old package (not much difference) and it is up again. Marc Dequènes
18:04 Enhancement #532 (Resolved): initramfs-tools suspend-to-disk changes (Stretch)
done Marc Dequènes
10:10 Review #518: Review branch backup
If i understand well, @include_vars@ in @client_specific_conf_from_file.yml@ loads the files in @playbooks/files/burp... Marc Dequènes
08:42 Review #518: Review branch backup
New review on current code.
Why are @cron_*@, @timer_*@ and @keep_@ variables not @backup_@ prefixed like other su...
Marc Dequènes
10:04 Review #519: Review burp role
So a new review based on master/406a38a.
It's not an easy role so please do not get angry by my silly questions.
...
Marc Dequènes
07:50 Enhancement #336: Bring PGP support to Roundcube
I was able to import the key on another computer, so I'll check with the former one later.
I was able to encrypt a...
Marc Dequènes
06:59 Bug #473 (Resolved): TSIG security downgraded
Hivane upgraded and we switched back to the previous higher grade keys with Titoon. Marc Dequènes
06:26 Enhancement #553: Upgrade Orfeo to Debian Strech
Did softhsm upgrade (see https://projects.duckcorp.org/issues/559#note-6).
Marc Dequènes
06:26 Enhancement #559: Upgrade Elwing to Debian Strech
So I forgot to upgrade softhsm to version 2. It worked as long as the old packages where still installed.
So there...
Marc Dequènes

2017-07-13

17:35 Enhancement #553: Upgrade Orfeo to Debian Strech
DSPAM, and its UI, work well (with the Jessie package).
Marc Dequènes
12:20 Enhancement #553: Upgrade Orfeo to Debian Strech
PHP7 migration done.
Roundcube works well with PHP7 and plugins and errors were fixed. The only missing piece is t...
Marc Dequènes
09:15 Enhancement #553: Upgrade Orfeo to Debian Strech
The PG databases were upgraded. It took a few hours but it's all fine. Marc Dequènes
12:54 Bug #473: TSIG security downgraded
Pinged Titoon about it now that Stretch is out. Marc Dequènes
12:49 Bug #498 (Resolved): IPv6 is not setup at boot time on Orfeo
It was merged, we switched to Stretch, and it worked fine, thanks :-).
Marc Dequènes
12:46 Enhancement #280 (Resolved): Remove awstats
It was done, and the news is pending. Marc Dequènes
12:37 Enhancement #522 (Resolved): Implement RFC6844
Activated for our two domains. I added in the pending news to suggest users to use it for their own zones.
Marc Dequènes
12:23 Enhancement #516: Test HTTP2 support for Apache
Upgraded Orfeo on HTTP2 successfully. Marc Dequènes
10:07 Enhancement #552: Upgrade to Debian Strech
phpsysinfo is not in Stretch: https://tracker.debian.org/news/832561
also it is really useless as we have better mea...
Marc Dequènes

2017-07-12

15:09 Enhancement #553: Upgrade Orfeo to Debian Strech
imapproxy systemd service file is broken, see Debian#868150. I provided a patch and applied it manually in the time b... Marc Dequènes
09:16 Enhancement #553 (In Progress): Upgrade Orfeo to Debian Strech
Marc Dequènes
12:49 Enhancement #571 (In Progress): Secure HTTP settings
So @X-Frame-Options@ set to @DENY@ is a bit too drastic, and softwares like Roundcube cannot work with it. @SAMEORIGI... Marc Dequènes
12:47 Enhancement #336 (Blocked): Bring PGP support to Roundcube
So the feature is here, but I cannot test it fully due to this bug: https://github.com/mailvelope/mailvelope/issues/496 Marc Dequènes
12:05 Enhancement #574 (Resolved): Call /usr/share/roundcube/bin/cleandb.sh in a cron job
already DONE Marc Dequènes
10:08 Bug #466: Prosody needs a dependency on PG
Fixed in Stretch. Marc Dequènes
08:32 Enhancement #516: Test HTTP2 support for Apache
Upgraded Thorfinn on HTTP2 successfully. Weechat is working fine from the Android app.
Marc Dequènes
08:11 Enhancement #557 (Resolved): Upgrade Korutopi to Debian Strech
So Kurotopi is back online. The DB partition has been removed by mistake, so PG does not start. Also the networking i... Marc Dequènes
08:05 Enhancement #558 (Resolved): Upgrade Nicecity to Debian Strech
Pilou installed a Stretch directly. I fixed various Ansible rules and it's all working fine now.
Marc Dequènes
07:53 Enhancement #556: Upgrade Jinta to Debian Strech
rebooted fine. Marc Dequènes
07:53 Enhancement #555 (Resolved): Upgrade Thorfinn to Debian Strech
rebooted without problem except haveged not starting (see Debian#858134). Marc Dequènes
07:32 Enhancement #555: Upgrade Thorfinn to Debian Strech
At the end of a dist-upgrade:... Marc Dequènes
06:26 Enhancement #555 (In Progress): Upgrade Thorfinn to Debian Strech
Marc Dequènes

2017-07-11

20:04 Enhancement #556: Upgrade Jinta to Debian Strech
Rebooting work fine except for Debian#858134.
Marc Dequènes
19:34 Enhancement #556: Upgrade Jinta to Debian Strech
The repro config needs to be checked (/etc/repro/repro.config), but that's not production so…
Icecast2 config too,...
Marc Dequènes
11:03 Enhancement #556 (In Progress): Upgrade Jinta to Debian Strech
Marc Dequènes
10:58 Revision 91815870 (ansible-role-fail2ban): Ansible complains 'test_paths' is not defined when inc...
Marc Dequènes
10:34 Enhancement #559: Upgrade Elwing to Debian Strech
Workaround for clamav-daemon/BytecodeSecurity done.
It leaves the backlight problem which should be detected someh...
Marc Dequènes

2017-07-05

15:59 Enhancement #574 (Resolved): Call /usr/share/roundcube/bin/cleandb.sh in a cron job
@/usr/share/roundcube/bin/cleandb.sh@ - which finally remove all db records marked as deleted some time ago for 'cont... Pierre-Louis Bonicoli

2017-06-28

17:44 work
* web hosts: cleaned /etc/apache2/conf-enabled to avoid too much things added server-wide, and adapted affected vhost... Marc Dequènes

2017-06-27

20:47 Review #573 (Rejected): Please review the dc-monitoring role rework
The goal is to modernize it, add all the missing pieces, and make it more of a real role with a proper API. Then we w... Marc Dequènes
16:18 Enhancement #497: Change Backup System
Marc Dequènes wrote:
> So I'll try to *roughly* translate the retention into Burp's _keep_ parameter.:
> * class 1:...
Pierre-Louis Bonicoli
16:08 Enhancement #497: Change Backup System
As for scheduling I think that's very difficult to find nice ranges, with all the data we have it can take some time ... Marc Dequènes
15:56 Enhancement #497: Change Backup System
So I'll try to *roughly* translate the retention into Burp's _keep_ parameter.:
* class 1: 30/11
* class 2: 14/3/2
...
Marc Dequènes
15:07 Enhancement #533: Install a Jessie LXC container with systemd enabled in order to test/validate B...
Outgoing TCP port 30051 to @Korutopi@ is open now. This port is used by Zabbix. Pierre-Louis Bonicoli

2017-06-26

18:27 Enhancement #533 (In Progress): Install a Jessie LXC container with systemd enabled in order to t...
Pierre-Louis Bonicoli
18:27 Enhancement #533: Install a Jessie LXC container with systemd enabled in order to test/validate B...
TCP port 10050 should now be accessible from @Korutopi@. Pierre-Louis Bonicoli
16:07 Review #534 (Resolved): Review TLS support for Zabbix
merged Marc Dequènes

2017-06-25

16:43 Enhancement #280 (In Progress): Remove awstats
Passenger was not explicitly activated but the portal worked in the past. I fixed it but now the interface is broken ... Marc Dequènes
16:05 Enhancement #337 (Blocked): Keep only one webmail
Squirrelmail was purged.
Now waiting for Debian Stretch migration to be finished to evaluate Horde's future.
Marc Dequènes
15:48 Enhancement #572 (Resolved): HTTPS for All
For security reasons (some sites may have auth, like user-managed sites), and privacy reasons, all websites should ha... Marc Dequènes
14:18 Enhancement #460: SSL/TLS: check ciphers
While working on HTTP2 support I absolutely needed a more up-to-date cipher list, see #516. Still I would like a full... Marc Dequènes
14:14 Enhancement #571 (Resolved): Secure HTTP settings
Aside from TLS settings there are a few things we could improve.
I would suggest these Apache settings on all web ...
Marc Dequènes
14:03 Enhancement #540 (Resolved): Deprecate NSTX service
Purged Marc Dequènes
13:49 work
* website updater not working anymore:
** _crash.log_ could not be created
** patches were lost after upgrade
* Bi...
Marc Dequènes
12:23 Review #570 (Resolved): Please review Fail2ban role
ssh://vcs-git.duckcorp.org/srv/vcs/git/duckcorp/ansible-role-fail2ban Marc Dequènes
12:15 Enhancement #552: Upgrade to Debian Strech
As for fail2ban, the configuration changed a bit, the list of jails is different. Previously the configuration was ma... Marc Dequènes
08:35 Revision d45b93a3 (ansible-role-fail2ban): initial version
Marc Dequènes

2017-06-24

21:22 Enhancement #559: Upgrade Elwing to Debian Strech
Fixed cups TLS config. Now _/etc/cups/ssl_ has to contain symlinks named after the canonical host and the directives ... Marc Dequènes
21:13 Enhancement #516 (In Progress): Test HTTP2 support for Apache
I've been testing HTTP2 on Elwing which was recently upgraded to Debian Stretch.
Interesting reading: https://bagd...
Marc Dequènes
08:46 Enhancement #563: Let's be an Openinfra!!!
I would also suggest to open the bug tracker to the public. We could review bugs for sensitive information and either... Marc Dequènes
06:10 Enhancement #568 (Resolved): Web spring cleanup
We probably have several unused website, so we should report them.
We could start by checking for broken websites,...
Marc Dequènes
06:02 Enhancement #567 (Resolved): MX spring cleanup
We probably have hosted mail domains which are no more authoritative, so we should report them.
On difficulty is w...
Marc Dequènes
05:57 Enhancement #566 (Resolved): DNS spring cleanup
We probably have DNS zones which are no more authoritative, so we should check the whois and report them. Marc Dequènes
05:53 Enhancement #565 (Resolved): Mailbox spring cleanup
We most probably have several unused mailboxes. I think the following plugin could help track unused ones: https://wi... Marc Dequènes
05:51 Enhancement #564 (In Progress): Unused accounts spring cleanup
We probably have several unused accounts, so let's check usage, contact users, and adapt or close account as needed.
...
Marc Dequènes
05:45 Enhancement #122: improve adm_mail_stats
This could help: https://wiki2.dovecot.org/Statistics?action=show&redirect=Plugins%2FStats Marc Dequènes

2017-06-22

20:09 Enhancement #557: Upgrade Korutopi to Debian Strech
I forgot to migrate the PG databases, it is done now. More free space would be nice; I had to remove bacula and do a ... Marc Dequènes
15:53 Enhancement #251 (Rejected): IRCd remote REHASH
IRCd Ratbox is being abandoned
Marc Dequènes
15:52 Enhancement #230 (Blocked): Redmine does not allow non-member or anonymous rights per project
Coming with Stretch migration. Marc Dequènes
15:33 Ducklings Volunteer Activities Enhancement #237 (Rejected): FFSync adaptations for DC
FFsync has been retired and replaced by a system you cannot, on purpose, deploy easily at home. Fuck You Mozilla! Marc Dequènes
15:32 Bug #247 (Rejected): Bacula Synthetic Backup is stuck
Bacula is being abandoned
Marc Dequènes
15:28 Enhancement #497: Change Backup System
So this this a retranscription of the Bacula settings, but with some adaptations (obsolete paths, new paths, forgotte... Marc Dequènes
09:01 Enhancement #563 (Resolved): Let's be an Openinfra!!!
So here is a list of files containing secrets:
* ansible/group_vars/shell_servers/vars.yml
* pki/keys/*/*.key
* ...
Marc Dequènes
07:17 Enhancement #552: Upgrade to Debian Strech
_apt-file --non-interactive update_ does not work anymore as this option was removed, using _apt update_ instead.
(s...
Marc Dequènes
06:47 work
* removed TOR bans Marc Dequènes

2017-06-21

21:19 Enhancement #557 (Blocked): Upgrade Korutopi to Debian Strech
Korutopi is ready for reboot. Arnau is notified. Marc Dequènes
20:57 Enhancement #557: Upgrade Korutopi to Debian Strech
purged `monit`, obsolete Marc Dequènes
14:28 Enhancement #557 (In Progress): Upgrade Korutopi to Debian Strech
Marc Dequènes
20:58 Enhancement #552: Upgrade to Debian Strech
Postfix changes would be needed but we can do that afterwards:... Marc Dequènes
20:31 Enhancement #552: Upgrade to Debian Strech
The SSH config should be managed by Ansible completely. Here are the warnings:... Marc Dequènes
14:27 Enhancement #552 (In Progress): Upgrade to Debian Strech
Even if we upgraded quite regularly, one last upgrade on Jessie is needed to catch the new _debian-archive-keyring_ p... Marc Dequènes

2017-06-20

15:55 Enhancement #559: Upgrade Elwing to Debian Strech
fail2ban config split so the main file is now the package default. Plan to add this in Ansible.
As for opendnssec ...
Marc Dequènes
14:29 Enhancement #559: Upgrade Elwing to Debian Strech
TODO:
* migrate opendnssec
* update _/etc/fail2ban/jail.conf_
Marc Dequènes
13:51 Enhancement #559 (In Progress): Upgrade Elwing to Debian Strech
WIP, one of the major change, also preparing for the future upgrade of Orfeo, is opendnssec.
Marc Dequènes
14:29 Enhancement #552: Upgrade to Debian Strech
_/etc/fail2ban/jail.conf_ should be managed more completely, It is possible to split it. Work underway around Elwing. Marc Dequènes
14:17 Enhancement #552: Upgrade to Debian Strech
We should consider switching to _UsePrivilegeSeparation sandbox_ for SSH; it does not seem to be Ansibilized yet. Marc Dequènes

2017-06-19

16:21 Review #561 (Resolved): hostname and inventory name could differ
Pierre-Louis Bonicoli
16:21 Review #561: hostname and inventory name could differ
oups, commit applied on a copy of master and merged, thanks for the review. Pierre-Louis Bonicoli
15:58 Review #561 (In Progress): hostname and inventory name could differ
So the changes are fine except it is applied on top of some older version of the _backup_ branch, so I'll let you che... Marc Dequènes
13:50 Review #561 (Resolved): hostname and inventory name could differ
Branch @use_inventory_hostname_with_hostvars@ fix an @AnsibleUndefinedVariable@ error which occurs when hostname diff... Pierre-Louis Bonicoli
16:08 Review #562: Fix "Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/l...
I encountered this error while using Stretch. Pierre-Louis Bonicoli
16:03 Review #562 (Rejected): Fix "Invalid SCRIPTWHITELIST configuration option: Non-existent pathname:...
This is Debian#773974 which is fixed in 1.4.2-1 and an even newer version is in stable, so this is not necessary.
Marc Dequènes
14:27 Review #562 (Rejected): Fix "Invalid SCRIPTWHITELIST configuration option: Non-existent pathname:...
Could you review @rkhunter_lwp_request_isnt_a_dependency@ branch ?
@lwp-request@ belongs to @libwww-perl@ but @lib...
Pierre-Louis Bonicoli
15:51 Review #560 (Resolved): Use deb.debian.org in sources.list
I think we already agreed on this, this is simple, there's not much code path to test, so for such a trivial change y... Marc Dequènes
13:49 Review #560 (Resolved): Use deb.debian.org in sources.list
Branch @use_deb.debian.org@ allows to use @deb.debian.org@ in sources.list. Pierre-Louis Bonicoli
11:56 Enhancement #559 (Resolved): Upgrade Elwing to Debian Strech
Marc Dequènes
11:56 Enhancement #558 (Resolved): Upgrade Nicecity to Debian Strech
Marc Dequènes
11:56 Enhancement #557 (Resolved): Upgrade Korutopi to Debian Strech
Marc Dequènes
11:56 Enhancement #556 (Resolved): Upgrade Jinta to Debian Strech
Marc Dequènes
11:55 Enhancement #555 (Resolved): Upgrade Thorfinn to Debian Strech
Marc Dequènes
11:55 Enhancement #554 (Resolved): Upgrade Toushirou to Debian Strech
Marc Dequènes
11:55 Enhancement #553 (Resolved): Upgrade Orfeo to Debian Strech
Marc Dequènes
11:55 Enhancement #552 (Resolved): Upgrade to Debian Strech
h1. !dialog-warning.png! Please use the migration branch for all hosts being migrated to Stretch and _master_ for Jes... Marc Dequènes
10:56 Bug #548 (Resolved): Toushirou: /etc/logrotate.d/ddns is ignored by logrotate
File was moved using:... Pierre-Louis Bonicoli
10:52 Bug #525 (Resolved): Toushirou: /var/log/apache2/* remove delaycompress
Done.
Ansible not used (there isn't yet an apache2 role).
Pierre-Louis Bonicoli
10:49 Bug #524 (Resolved): Toushirou: /var/log/proftpd/tls.log not rotated
@/var/log/proftpd/tls.log@ was missing in @/etc/logrotate.d/proftpd-basic@.
I removed lines older than 2016 (Size ...
Pierre-Louis Bonicoli
10:42 Bug #523 (Resolved): Toushirou: log aren't rotated
The previous deletion of empty @.gz@ files solved this problem:... Pierre-Louis Bonicoli
10:31 Review #551 (Resolved): Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_writ...
Merged. Pierre-Louis Bonicoli
10:25 Review #551 (In Progress): Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_w...
Marc Dequènes wrote:
> _Check applied configuration_ should set _check_mode_ to _no_ IIUC. I'm not used to this feat...
Pierre-Louis Bonicoli
03:08 Review #551: Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_write_same
I have no idea why I can't change the status of this ticket. First time I'm not allowed to modify part of a ticket li... Marc Dequènes
03:06 Review #551: Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_write_same
_Check applied configuration_ should set _check_mode_ to _no_ IIUC. I'm not used to this feature so maybe I'm mistake... Marc Dequènes

2017-06-18

00:27 Review #551: Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_write_same
Configuration has been updated on @Orfeo@.
Please, could you review _disable_write_same_ branch ?
Pierre-Louis Bonicoli
23:20 Review #544 (Resolved): Install and configure ca-certificates
Merged, thanks for the reviews. Pierre-Louis Bonicoli

2017-06-17

05:39 Review #544: Install and configure ca-certificates
Ok, I understand the logic. Nevertheless I think inside the role we should take advantage of types. Which means we sh... Marc Dequènes
04:57 Review #551: Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_write_same
GOGOGO for the workaround. Marc Dequènes

2017-06-16

00:24 Review #551 (Resolved): Orfeo: "sdb1: WRITE SAME failed. Manually zeroing.", branch: disable_writ...
Orfeo, in @/var/log/syslog@:... Pierre-Louis Bonicoli
00:05 Bug #523: Toushirou: log aren't rotated
Nothing change, I just removed two empty files. According to #734688, they could prevent rotation of logs.... Pierre-Louis Bonicoli
 

Also available in: Atom