Document ssh pipelining

plone · Jul 14, 2016 · d0dd27b · d0dd27b
1 parent 7cfb66c
commit d0dd27b
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 12 deletions.
diff --git a/HISTORY.txt b/HISTORY.txt
@@ -1,5 +1,8 @@
 1.2.9 (unreleased)
 
+- Document use of ansible_ssh_pipelining in plone role.
+  [smcmahon]
+
 - Set selinux varnishd_connect_any to true on RedHat. Otherwise, Varnish can only connect to 8080.
   [smcmahon]
 

diff --git a/docs/system.rst b/docs/system.rst
@@ -1,6 +1,21 @@
 Configuration options
 ---------------------
 
+Ansible options
+```````````````
+
+ansible_ssh_pipelining
+~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: yaml
+
+    ansible_ssh_pipelining: true
+
+The Plone server role uses ssh pipelining to avoid security errors from Ansible when running operations without superuser rights.
+SSH pipelining for this purpose may require the disabling of ‘requiretty’ in /etc/sudoers.
+If you get a pipelining error and cannot disable requiretty, set this variable to false and instead turn on allow_world_readable_tmpfiles in your ansible.cfg.
+See http://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user for a discussion.
+
 
 System options
 ``````````````

diff --git a/sample-medium.yml b/sample-medium.yml
@@ -36,7 +36,7 @@ muninnode_query_ips:
 
 # Plone 4.3.x and 5.0.x are currently tested and working.
 # Make sure this setting is quoted so that it's interpreted as a string.
-plone_version: '5.0.4'
+plone_version: '5.0.5'
 
 # 2 clients
 plone_client_count: 2

diff --git a/sample-multiserver.yml b/sample-multiserver.yml
@@ -34,7 +34,7 @@ muninnode_query_ips:
 
 # Plone 4.3.x and 5.0.x are currently tested and working.
 # Make sure this setting is quoted so that it's interpreted as a string.
-plone_version: '5.0.4'
+plone_version: '5.0.5'
 
 # 2 clients
 plone_client_count: 2
@@ -70,7 +70,7 @@ playbook_plones:
         certificate_file: tests/snakeoil.pem
         key_file: tests/snakeoil.pem
   - plone_instance_name: secondary
-    plone_version: '4.3.9'
+    plone_version: '4.3.10'
     plone_zeo_port: 7100
     plone_client_base_port: 7081
     loadbalancer_port: 7080

diff --git a/sample-small.yml b/sample-small.yml
@@ -33,7 +33,7 @@ muninnode_query_ips:
 
 # Plone 4.3.x and 5.0.x are currently tested and working.
 # Make sure this setting is quoted so that it's interpreted as a string.
-plone_version: '5.0.4'
+plone_version: '5.0.5'
 
 # With one core, we don't need multiple zeo clients
 plone_client_count: 1

diff --git a/sample-very-small.yml b/sample-very-small.yml
@@ -33,7 +33,7 @@ muninnode_query_ips:
 
 # Plone 4.3.x and 5.0.x are currently tested and working.
 # Make sure this setting is quoted so that it's interpreted as a string.
-plone_version: '5.0.2'
+plone_version: '5.0.5'
 
 # With one core, we don't need multiple zeo clients
 plone_client_count: 1

diff --git a/tests/multiserver.txt b/tests/multiserver.txt
@@ -64,8 +64,8 @@ Check our motd.
     Admin email: test@example.com
     Custom Services/Ports
     primary: /usr/local/plone-5.0/primary
-        /Plone: trusty [u'default']
-        /Plone: trusty [u'default']
+        /Plone: ... [u'default']
+        /Plone: ... [u'default']
         zeo server: 127.0.0.1:8100
         haproxy front end: 8080
         zeo clients: 127.0.0.1:8081 127.0.0.1:8082
@@ -80,8 +80,8 @@ Check our motd.
     munin-node: 4949
     postfix: 25 (host-only)
     nginx:
-    - trusty: *:80
-    - trusty: *:443
+    - ...: *:80
+    - ...: *:443
     - localhost: *:80
     <BLANKLINE>
 
@@ -170,7 +170,6 @@ Is everything where we expect it to be?
     -rw-------  plone_buildout  plone_group .installed.cfg
     drwxr-xr-x  plone_buildout  plone_group lib...
     drwxr-xr-x  plone_buildout  plone_group parts
-    -rw-r--r--  plone_buildout  plone_group pip-selfcheck.json
     drwxr-xr-x  plone_buildout  plone_group products
     drwxr-xr-x  root    root    scripts
     drwxr-xr-x  plone_buildout  plone_group src
@@ -293,14 +292,13 @@ Secondary instance tests
     drwxr-xr-x  plone_buildout  plone_group develop-eggs
     -rw-------  plone_buildout  plone_group .installed.cfg
     drwxr-xr-x  plone_buildout  plone_group parts
-    -rw-r--r--  plone_buildout  plone_group pip-selfcheck.json
     drwxr-xr-x  plone_buildout  plone_group products
     drwxr-xr-x  root    root    scripts
     drwxr-xr-x  plone_buildout  plone_group src
     drwxr-xr-x  plone_buildout  plone_group var
 
     >>> print joined_cut(ssh_run('sudo ls -la /var/local/plone-4.3 | tail -n +2'), [0, 2, 3, 8]).replace('.\t', '\t')
-    drwxr-xr-x  root    staff   .
+    drwxr-xr-x  root    ...   .
     ...                         ..
     drwxrws---  plone_daemon    plone_group secondary