Permalink
Commits on Apr 2, 2015
  1. [#91508116] Leaver: remove David Thompson

    dcarley committed Apr 2, 2015
    🐱 🐼 🐱 🐼
Commits on Dec 12, 2014
  1. Revoke session after deployment (+ update vers)

    dcarley committed Dec 12, 2014
    Use the new `vcloud-logout` utility in vcloud-core 0.16.0 to revoke the
    session token after we've deployed any changes.
    
    This requires updating vcloud-core and all things that depend on it. I don't
    have an easy way to test these locally, but I'll run each of the jobs in
    after merging.
Commits on Dec 5, 2014
  1. Simplify testing instructions in README

    dcarley committed Dec 5, 2014
    It's not always best practice to destroy the box between every change
    because you're no longer testing convergence, from the current state in
    production to the new state, which is often where unexpected bugs lie.
  2. Remove specs of Vagrant VM from README

    dcarley committed Dec 5, 2014
    Because there's a good chance these will get out of step with reality.
    The `Vagrantfile` should act as living documentation for these things,
    including what providers work.
  3. Remove list of modules from README

    dcarley committed Dec 5, 2014
    This is now out of step with reality. Give a brief summary instead.
Commits on Nov 26, 2014
  1. [#80824874 #82210296] Remove backup rotation

    dcarley committed Nov 26, 2014
    This is done for us by the sender now that all offsite backups have been
    converted to use duplicity.
    
    By still having this cronned shell script in place we risk possibly deleting
    duplicity's data underneath it and rendering a backup chain unusable.
  2. Remove ClamAV

    dcarley committed Nov 26, 2014
    I'd like to stop ClamAV scanning and remove all traces of it from our
    offsite backup machine because:
    
    - the duplicity managed files on here are compressed and (in most cases)
      encrypted which makes scanning for viruses either slow or impossible
    - it uses a lot of CPU and RAM on what is a relatively small machine
Commits on Oct 10, 2014
  1. Merge pull request #77 from alphagov/switch-sudo-mod

    dcarley committed Oct 10, 2014
    Switch from alphagov/puppet-sudo to saz/sudo
Commits on Sep 26, 2014
  1. Merge pull request #69 from alphagov/ensure-dest-dirs-exist

    dcarley committed Sep 26, 2014
    Ensure assets backup targets
  2. Merge pull request #68 from alphagov/duplicity-over-rsync

    dcarley committed Sep 26, 2014
    Allow Rsync access through rSSH
Commits on Sep 23, 2014
  1. Merge pull request #67 from alphagov/create-govuk-assets-user

    dcarley committed Sep 23, 2014
    Create govuk-assets user
Commits on Sep 18, 2014
  1. Merge pull request #66 from alphagov/change-public-ssh-key

    dcarley committed Sep 18, 2014
    Update public SSH key
Commits on Sep 8, 2014
  1. Merge pull request #61 from alphagov/add-assets-disc

    dcarley committed Sep 8, 2014
    [#68553362] Add assets disc
Commits on Aug 13, 2014
  1. [#68989754] Use vcloud-login for Jenkins

    dcarley committed Aug 13, 2014
    Cribbed from gds/govuk-provisioning@62a7923
    
    Use a shell wrapper, similar to that used by the vcloud-* integration tests,
    which creates a temporary FOG_RC (not contain the password) and fetches a
    `FOG_VCLOUD_TOKEN` using the new `vcloud-login` utility.
    
    This script is sourced rather than executed so that the trap is called when
    `jenkins.sh` exits. Rather than when `jenkins_vcloud_login.sh` completes.
    
    I tried to think of ways to make this more re-usable across projects. The
    only thing I could think of was rather horrible; a flag to vcloud-login
    which outputs a lot of shell script that can be `eval`ed. I think we'll have
    to put up with the duplication for now.
  2. Update vcloud-tools (and all deps)

    dcarley committed Aug 13, 2014
    Switch to using vcloud-tools 1.0.0, vcloud-core 0.10.0, and later versions
    of all tools. We no longer need to specify each of the tools individually.
    
    This is a big jump; the previous version of vcloud-tools wasn't published to
    rubygems and predates vcloud-launcher and vcloud-net_launcher being split
    out.
Commits on May 16, 2014
  1. Merge pull request #51 from alphagov/change-archive-cmd

    dcarley committed May 16, 2014
    Switch from `-delete` to a `-exec`
Commits on May 15, 2014
  1. Merge pull request #49 from alphagov/fix-nrpe-command

    dcarley committed May 15, 2014
    Fix NRPE command
  2. Merge pull request #32 from alphagov/68674340-fabric-fix

    dcarley committed May 15, 2014
    Create `firstrun()` function
  3. Merge pull request #39 from alphagov/70439274-archive-old-data

    dcarley committed May 15, 2014
    Archive back-ups older than thirty days old
Commits on May 9, 2014
  1. [#68280556] Add DNAT rule for NRPE

    dcarley committed May 9, 2014
    To support the firewall rule in ed146e9. Needs to be forwarded from the
    external IP on the VSE to the machine's internal IP.
  2. Stringify NRPE port in VSE rule

    dcarley committed May 9, 2014
    To fix schema validation error:
    
        E, [2014-05-09T09:54:01.995771 #6275] ERROR -- : Supplied configuration does not match supplied schema
        F, [2014-05-09T09:54:01.995619 #6275] FATAL -- : destination_port_range: 5666 is not a string
  3. Simplify vcloud README

    dcarley committed May 9, 2014
    We shouldn't need to know about the guys now that we definitely have a
    Jenkins job which handles both "net" and "box".
  4. Remove vcloud-net-spinner config and script

    dcarley committed May 9, 2014
    This wasn't used; we're using vcloud-edge_gateway instead.
  5. Refactor jenkins.sh for Carrenza

    dcarley committed May 9, 2014
    To make it clearer that it does both "box" and "net". I've also moved
    `fog_credentials` and refactored some of the Carrenza specific information
    out of it so that we can re-use it.
  6. Use fog_credentials.rb for VSE

    dcarley committed May 9, 2014
    I missed this in 1b88aa3.
  7. Unwrap logger line in box/../jenkins.sh

    dcarley committed May 9, 2014
    Looks like a vim-typo.
  8. Merge pull request #44 from alphagov/allow_ci_org_access

    dcarley committed May 9, 2014
    Allow ssh from ci-new
Commits on May 8, 2014
  1. [#70929368] Set resolv.conf to Carrenza's NSs

    dcarley committed May 8, 2014
    The `resolvconf` package is currently installed on the machine in Carrenza
    but no nameservers are specified so it can't resolve anything.
    
    Fix this by managing resolvconf with a module that we've used elsewhere and
    point it at Carrenza's recursive nameservers (obtained by support ticket).
    
    This won't have any effect within Vagrant because it doesn't set nameservers
    if it detects that DHCP is being used:
    
    https://github.com/gds-operations/puppet-resolvconf/blob/988f4075fae6e3bcb15e73f4f63aa6a8d3c1ba8c/manifests/init.pp#L30-33
Commits on May 6, 2014
  1. Merge pull request #41 from alphagov/revert-ecac72c

    dcarley committed May 6, 2014
    Revert `ecac72c`
  2. Merge pull request #35 from alphagov/add-nrpe

    dcarley committed May 6, 2014
    Configure NRPE to check /dev/mapper/backup-data
Commits on Apr 8, 2014
  1. Don't write Fog credentials to disk

    dcarley committed Apr 8, 2014
    Read fog credentials directly from environment variables rather than writing
    them to disk. This is generally more secure, but also addresses a race
    condition (of sorts) whereby the credential file will be left if
    `vcloud-launch` were to exit with a non-zero status.
    
    All existing environment variable names have been preserved so that no
    changes to the existing Jenkins job is necessary.
    
    Borrowed from gds/pp-pilotis - should be replaced with an authentication
    token when [#68989754] provides a generic tool to do so.
Commits on Apr 2, 2014
  1. Pin to Puppet 3.4 and Facter 1.7

    dcarley committed Apr 2, 2014
    So that we are consistently using the same version (which is at the time of
    writing latest stable and what we use on GOV.UK) instead of picking the
    latest from the PuppetLabs repo at provisioning time.
    
    This doesn't address managing the version of Puppet for existing machines.
    We probably want to use alphagov/puppet-puppet
  2. Remove PPA from bootstrap

    dcarley committed Apr 2, 2014
    I don't think this project uses any packages from this repo and we're not
    subsequently managing it in Puppet.