From 2018-04-05 to 2018-05-04
- 18:25 Documentation #236 (In Progress): Document missing services in the users wiki
- Almost all services are documented now.
- 18:24 Bug #232 (In Progress): [STICKY] Annoying bugs in softwares used by DC
- 18:24 Enhancement #229 (In Progress): [STICKY] Features missing in softwares used by DC
- 18:17 Enhancement #336: Bring PGP support to Roundcube
- Mailvelope >= 2.0 has more features (current is 2.2.0) and support for it is in RoundCube master, so probably for 1.4.
- 17:53 Enhancement #563 (Resolved): Let's be an Openinfra!!!
- All DONE!!!
- 17:52 Documentation #63: Admin Documentation
- The infra, like list of hosts, IPs… are documented. Not everything is public but most of it. I dug into the old Admin...
- 17:41 Revision 34e414ba (duckcorp-infra): admin.duckcorp.org is no more
- 15:38 Revision 28040b7d (duckcorp-infra): update submodules
- 14:19 Revision 1fd0d8d1 (duckcorp-infra): use import_role instead of include_role when appropriate (WIP)
- Thanks Pilou.
- 14:14 Revision b83bf0ad (ansible-role-thelounge): Upgrade to The Lounge 2.7
- 13:42 Revision 5a02d4d9 (duckcorp-infra): add web alias to display Unagi's doc properly on projects.min...
- 11:57 Revision 171e8beb (duckcorp-infra): leftover stuff from the gone Korutopi
- 11:50 work
- * MySQL: removal of useless accounts and databases
* DNS: removal of useless entries
- 11:20 Revision 96f7629e (duckcorp-infra): Merge branch 'redmine'
- 11:19 Revision 3f173f92 (duckcorp-infra): add arnau/projects.mini-dweeb.org
- 10:36 Revision 0349dc1a (duckcorp-infra): add duckcorp/projects.duckcorp.org
- 10:07 Revision f87d694e (ansible-role-redmine): Ansible 2.5 breaking change on file/follow default
- 08:38 Revision d515a55b (duckcorp-infra): add duckcorp/projects.duckcorp.org
- 08:15 Revision f2c9e148 (ansible-role-redmine): allow specifying a database key
- 06:41 Revision a16b7016 (duckcorp-infra): Add MariaDB installation
- 06:31 Revision a0b1c884 (duckcorp-infra): Add MariaDB installation
- 06:31 Revision c4863cf0 (duckcorp-infra): add duckcorp/projects.duckcorp.org
- 06:22 Revision 6e195757 (ansible-role-redmine): add check mode support
- 05:56 Revision 12c68534 (ansible-role-redmine): package module: use 'present' instead of 'installed'
- 05:51 Revision c0095502 (ansible-role-redmine): install packages without loop
- 05:26 Revision 76bb8ec1 (ansible-role-redmine): allow choosing RDBMS
- 05:19 Revision c3ce6ca9 (ansible-role-redmine): move the RDBMS installation and configuration outside t...
- It was impossible to pass parameters to the underlying RDBMS role
properly and sync it with all calls to this role; b...
- 04:19 Revision a908f14f (duckcorp-infra): fix permissions in web config containing LDAP auth creadentials
- 21:54 Revision 7fcc6569 (duckcorp-infra): Merge branch 'web_status_page'
- 21:53 Revision 2e061778 (duckcorp-infra): add web status page on canonical vhost
- 03:53 Revision 54ecd5a1 (ansible-role-opendnssec): allow specifying a zone non-default policy and provi...
- 21:19 Revision 6940aff7 (duckcorp-infra): remove certs: obsolete service or replaced by Let's Encrypt
- 21:03 Enhancement #572: HTTPS for All
- On Thorfinn, `static.perso.duckcorp.org` is missing the redirect.
- 20:59 Enhancement #572: HTTPS for All
- New list after several sites where fixed:
* on Toushirou:...
- 20:52 Enhancement #599 (Resolved): Use letsencrypt for public-facing websites… maybe more
- several other websites were migrated. Only admin or internal services remains and will be handled when Ansibilized.
- 20:19 Enhancement #563: Let's be an Openinfra!!!
- The old admin wiki is almost empty now. Documentation is dispatched, based on use, on the user wiki, in the Ansible r...
- 20:14 Documentation #62: User Documentation
- Added package repository documentation.
- 16:47 Revision 7aa94dda (duckcorp-infra): update submodules
- 16:43 Revision 35c0359b (ansible-role-opendnssec): fix zones path
- 10:42 Revision 8541aa27 (duckcorp-infra): Merge branch 'dns'
- 10:37 Revision bf80adb5 (duckcorp-infra): add DNS deployment rules
- 10:37 Revision b4696955 (duckcorp-infra): add DNSSEC deployment rules
- 10:33 Revision 0c458fcb (ansible-role-opendnssec): zones directories: only add POSIX ACLs
- Leave zones directories creation to another role (bind9) and uses POSIX
ACLs to add the rights we need. This is to av...
- 09:41 Revision 732ffdd7 (duckcorp-infra): add DNS deployment rules
- 09:41 Revision 091b5ee0 (duckcorp-infra): add DNSSEC deployment rules
- 08:09 Revision 74ae30ff (duckcorp-infra): add DNS deployment rules
- 08:09 Revision 45b56cab (duckcorp-infra): add DNSSEC deployment rules
- 08:07 Revision 520ef12b (ansible-role-opendnssec): Initial release
- 06:51 Revision a8277886 (duckcorp-infra): add DNSSEC deployment rules
- 06:17 Revision cf4af483 (duckcorp-infra): add DNS deployment rules
- 11:18 Revision 6d2dd442 (duckcorp-infra): add DNSSEC deployment rules
- 10:45 Revision cad4ebb1 (duckcorp-infra): add DNS deployment rules
- 10:10 Revision 5153a851 (duckcorp-infra): add DNS deployment rules
- 04:21 Revision ccc011bb (duckcorp-infra): add DNS deployment rules
- 03:07 Revision 744a24bd (duckcorp-infra): add DNS deployment rules
- 03:23 Revision e4c2090c (duckcorp-infra): add DNS deployment rules
- 02:10 Revision 79239e03 (duckcorp-infra): add DNS deployment rules
- 01:26 Enhancement #536: (partially) Deprecate FTP services
- `bouncer_old` was no longer needed for users and removed.
- 19:26 Revision 0e7c665f (duckcorp-infra): scripts: fix LDAP init
- improve Ansible output processing and factorize in the process.
- 18:20 Enhancement #50 (Rejected): Reorganize DNS zones by entity
- This is not useful anymore. Also we're going to Ansibilize this and this would most probably just add complexity for ...
- 18:18 Enhancement #107: Reorganize MX list in master zones
- Should be easier using the script made in #567
- 18:16 Bug #604 (Resolved): website SPAM filtering: wrong DSPAM routing
- I fixed the scripts, renamed the DSPAM account, and also did some retrain to ensure StuffCloud mail are not put in qu...
- 17:20 Enhancement #140 (Rejected): Switch to slapd.d config
- phpldapadmin was removed because it's unmaintained and full of bugs. LdapShadows is going nowhere I fear. The content...
- 15:48 Bug #285 (Rejected): minbif cannot bind on both IPv4 and IPv6 without nasty net.ipv6.bindv6only=0
- This service is obsolete.
- 15:30 Revision e9b7d9a0 (duckcorp-infra): removed obsolete im_gateway service #2
- 15:18 Revision 82689b26 (duckcorp-infra): removed obsolete im_gateway service
- 20:35 Revision 20db627f (duckcorp-infra): restart_lsb_services: check mode support
- 20:33 Revision 3c0d08bf (duckcorp-infra): EANSIBLE0006 false positive
- 20:30 Revision f5bc882a (duckcorp-infra): fix EANSIBLE0012
- 19:58 Revision 18296736 (duckcorp-infra): disable im_gateway service for users not using it
- 16:55 Revision 15fce434 (duckcorp-infra): Ansible 2.5 breaking change on file/follow default
- 16:28 Revision 62f804c0 (duckcorp-infra): switch to Ansible 2.5
- 16:28 Revision 240bfdd8 (duckcorp-infra): remove redundant call to
- 16:28 Revision eb9ca5f1 (duckcorp-infra): install ldap before using it
- 16:28 Revision 18173ab4 (duckcorp-infra): update Pilou's GPG key
- 16:28 Revision 9af7cf38 (duckcorp-infra): add hidepid support
- 16:27 Revision 2cff4a6a (duckcorp-infra): use direct package list instead of loop
- 16:27 Revision 232d167e (duckcorp-infra): update submodules
- 16:27 Revision 04f83b5a (duckcorp-infra): restart_lsb_services: add blacklist
- 16:27 Revision e77c04af (duckcorp-infra): do not let role manage firewall
- 16:10 Revision 8e5668d0 (duckcorp-infra): fix shirka to use 'allowedServices' instead of 'host' for ACLs
- because of this bug all `authorized_keys` files were deleted.
- 12:34 Bug #619: LDAP servers: install slapd
- How would you suggest we do the servers' config: generating temporary LDIFs and slapadd-ing? I guess we would need to...
- 11:45 Bug #619: LDAP servers: install slapd
- I changed the order, good catch.
I removed the redundant call.
- 10:53 Bug #619 (In Progress): LDAP servers: install slapd
- 12:26 Bug #617 (Resolved): dc-monitoring Ansible role: Group trusted-proc does not exist
- The group is now created. The fstab entry is updated (now using the group name for more readability).
- 10:53 Bug #617 (In Progress): dc-monitoring Ansible role: Group trusted-proc does not exist
- 10:26 Revision faa8686c (ansible-role-smokeping): use direct package list instead of loop
- 10:24 Revision c64b6feb (ansible-role-thelounge): use direct package list instead of loop
- 08:23 Enhancement #456 (Rejected): Reorganize data spaces
- Well, I'm not sure about this anymore. We've done some regorg along the way and working on obsolete services led to s...
- 08:19 Enhancement #537: Toushirou and Orfeo would like a brand new body
- As discussed on IRC during and after Orfeo's crash, I'm exploring moving Orfeo on a LXD on Elwing. Extra RAM is comin...
- 08:08 Enhancement #601 (Resolved): Cleanup /etc/apache2/conf.d/
- On Toushirou, I backported phppgadmin 5.1+ds-3 from unstable ; this adds a few fixes but also adapt the configuration...
- 08:07 Revision 0124bc5a (duckcorp-infra): Use new Apache config fragments path
- see #601
- 06:29 Revision 3e358f36 (duckcorp-infra): install dc-bouncer cert in new /etc/bip
- 06:26 Revision 9699cf04 (duckcorp-infra): restore APT proxy's original storage path for apparmor
- 06:25 Revision e9ea37c3 (duckcorp-infra): add ftp-ssl to common tools
- 04:54 Enhancement #482 (Resolved): Review DNSSEC key length
- Switched to type 10 with 4096/2048bits.
I had to use opendnssec from Stretch backports to get fixes around rollove...
- 04:51 Enhancement #598 (Resolved): SpamFilter spring cleanup
- That's all folks.
- 04:49 Enhancement #565 (Resolved): Mailbox spring cleanup
- mmenal did not reply to my ping but is using his mailbox.
That's all folks.
- 04:41 Revision 540bb172 (duckcorp-infra): added new mail alias for gorou
- 03:42 Revision a38d6948 (duckcorp-infra): DNS: added missing mx1.duckcorp.org SAN for duckcorp_mta_mast...
- 03:06 Enhancement #75 (Rejected): Improve Disk Space on Orfeo
- Orfeo is going to have a new body (see #537), so it's going to be solved at the same time.
- 03:04 Bug #309 (Rejected): The Tribioune is b0rken since a while :'-(
- We already quit. There is no software we can use to revive it.
- 03:02 Bug #267 (Rejected): DPB is broken with recent upgrades
- There's no way we can go on using this software.
- 02:59 Enhancement #250 (Rejected): mod_gnutls does not support mod_proxy with HTTPS destinations
- Abandonned, see #48.
- 02:59 Enhancement #48 (Rejected): test libapache2-mod-gnutls
- Six long years later #250 is not fixed and upstream does not seem to really care. We are now using the `httpd` Ansibl...
- 02:51 Enhancement #576: Experiment with webphone solutions
- The is a Talk plugin into NextCloud, which would mean better account/contacts integration. I've setup a new TURN/STUN...
- 02:44 Revision ff6a416c (duckcorp-infra): purged webphone.milkypond.org
- See #576
- 10:48 Bug #617: dc-monitoring Ansible role: Group trusted-proc does not exist
- True, good catch.
It is more of a global parameter from a DC perspective. Thus I would suggest adding the rules in...
- 10:44 Bug #619: LDAP servers: install slapd
- The two call to `service_account_info` could indeed be factorized.
The basic installation (easy) and replication s...
- 10:39 Bug #622 (Resolved): httpd package shoud be installed first
- ok, did the cleanup and added `httpd` call. The rest is outside the scope of this BR, so closing.
- 10:13 Bug #622 (In Progress): httpd package shoud be installed first
I integrated the HTTP2 support into `httpd` role, and had to refresh the TLS settings in the process because...
- 10:37 Revision dec9e148 (duckcorp-infra): duckcorp/web: ensure we install Apache before proceeding to a...
- 10:24 Revision b5ced1e3 (duckcorp-infra): dc-web: TLS config is not integrated into role
- 10:18 Revision 87e95778 (duckcorp-infra): dc-web: passenger fix move to httpd_passenger role, clean lef...
- 09:53 Review #621 (Resolved): Review use_present_instead_of_installed
- Thanks. merged.
- 09:52 Review #620 (Resolved): review: fix_py3_compat_use_items
- Thanks. merged.
- 09:52 Revision 28dc5291 (duckcorp-infra): Merge branch 'fix_py3_compat_use_items'
- 09:51 Revision be439607 (duckcorp-infra): Fix Python 3 compat: use items instead of iteritems
- 09:51 Revision c2075333 (duckcorp-infra): Merge branch 'use_present_instead_of_installed'
- 09:50 Revision 0bd43cd6 (duckcorp-infra): package module: use 'present' instead of 'installed'
[DEPRECATION WARNING]: State 'installed' is deprecated. Using state 'present' instead.
This feature will be remo...
- 16:23 Revision f400b60d (duckcorp-infra): DuckLand: add bridge for DuckCorp zone
- also add missing 'down' rules to be able to up/down properly.
- 11:36 Revision 15388980 (duckcorp-infra): pki: TLS certificates renewal #2
- 07:41 Revision 7140e4c2 (duckcorp-infra): Pond changed IPv6 prefix, what a hell!
- 07:41 Revision 804afc08 (duckcorp-infra): add certificate for TURN server
- 02:40 Revision 60d25a21 (duckcorp-infra): Use static imports when possible
- - static imports allow to use --list-tags, --list-tasks, --start-at-tasks
- since 2.5, tags applied to dyna...
- 02:37 Bug #622 (Resolved): httpd package shoud be installed first
- 1. @httpd_package@ is installed in @roles/httpd/tasks/common.yml@
2. but tasks in this playbook aren't called first
- 02:19 Bug #619: LDAP servers: install slapd
- bq. l'installation initiale du LDAP est pas gérée encore car installer le package c'est trivial mais le setup des bac...
- 19:11 Review #621 (Resolved): Review use_present_instead_of_installed
- Fix deprecation warning about @installed@ state
- 19:10 Review #620 (Resolved): review: fix_py3_compat_use_items
- Fix Python 3 compatibility
- 19:01 Bug #619: LDAP servers: install slapd
- Isn't @/etc/ldap/ldap.conf@ configuration missing ?
- 18:51 Bug #619: LDAP servers: install slapd
- Not related: not sure why @Fetch auth service account info@ is used twice with same parameters:
- 18:39 Bug #619 (Resolved): LDAP servers: install slapd
- 18:26 Enhancement #614: new Toushirou: Install system disks
- * @hdparm -Tt /dev/sdf@:...
- 17:16 Bug #617 (Resolved): dc-monitoring Ansible role: Group trusted-proc does not exist
- @trusted-proc@ group is required but group creation isn't handled by Ansible:...
- 16:42 Enhancement #616 (New): Configure /etc/udev/rules.d/70-persistent-net.rules
- 16:41 Enhancement #615 (Rejected): new Toushirou: configuration migration
- This issue regroups tasks related to Toushirou setup.
- 16:15 Revision 8bd8d94d (duckcorp-infra): Fix Python 3 compat: use items instead of iteritems
- 16:10 Revision ec05d6b8 (duckcorp-infra): package module: use 'present' instead of 'installed'
[DEPRECATION WARNING]: State 'installed' is deprecated. Using state 'present' instead.
This feature will be remo...
- 04:37 Revision 54d9c7de (duckcorp-infra): pki: TLS certificates renewal #1
- Orfeo is down, will do the rest when back online
- 17:10 Revision bacb6381 (duckcorp-infra): Merge branch 'smokeping'
- 17:09 Revision a9ffabd2 (duckcorp-infra): factorize admins contact info
- 17:09 Revision cd889686 (duckcorp-infra): added Smokeping for DuckCorp and DuckLand
- 17:06 Revision ddd94151 (ansible-role-smokeping): initial version
- 01:26 Enhancement #614: new Toushirou: Install system disks
- Firmware of both SSD have been checked using Samsung tools. Firmware of both disks is up to date (@EMT02B6Q@).
- 01:21 Enhancement #614 (Resolved): new Toushirou: Install system disks
- SSD 550Go system disks:
* 1 partition without LVM/encryption/RAID: @/boot@ (250Mo).
* LVM (LVM ~193GB unallocated s...
- 01:13 Enhancement #612: new Toushirou: check disks
- @/dev/sdb@ has been discarded. Two other disks (one 146Go and one 300Go) were flagged faulty by HP ProLiant P410/P410...
- 14:41 Bug #595: Create missing systemd configuration for SYSV compatibility services
- Added `playbooks/restart_lsb_services.yml` as a workaround to restart these services.
- 14:40 Revision 5d33b60b (duckcorp-infra): added playbook to restart LSB services
- workaround for #595
Also available in: Atom