1. 14 Dec, 2015 1 commit
    • Alain Takoudjou's avatar
      kvm: Add restrict mode for nat interface · b1dcbf77
      Alain Takoudjou authored
      If restrict mode is set to true, nat interface (eth0) will be isolated, no network access, only host and guest forward rules will work throught that interface.
      This option is true by default for kvm-cluster, and false for single and resilient kvm.
      b1dcbf77
  2. 09 Dec, 2015 5 commits
    • Rafael Monnerat's avatar
    • Kirill Smelkov's avatar
      slapos/recipe/postgresql: Do not leave half-installed postgresql instance · b7f00def
      Kirill Smelkov authored
      In case there are errors when creating cluster / setting up its
      configuration files, currently we leave pgsql database left
      half-installed and next time instantiation runs do not do anything,
      because os.path.exists(pgdata) is already true.
      
      I've personally hit this situation via providing ipv4 and ipv6
      parameters as strings and the recipe wanted to do `ipv4.join(ipv6)` but this
      works only for sets and raises for strings.
      
      What is worse is that the above error becomes hidden in our default
      setup, because webrunner tries to do instantiation _several_ times, and
      on the second run instantiation succeeds, because pgdata directory
      already exists and recipe thinks there is nothing to do _and_ webrunner
      already removed instance.log from previous run.
      
      So do not hide errors, and if we see there are problems, remove the
      wholly created pgsql database directory.
      
      /cc @kazuhiko, @jerome
      /proposed-for-review on nexedi/slapos!29
      b7f00def
    • Cédric Le Ninivin's avatar
      aeade249
    • Cédric Le Ninivin's avatar
      b5b18a4e
    • Julien Muchembled's avatar
      ERP5: sort balancer families by name before assigning ports · ba9ef609
      Julien Muchembled authored
      If the list of families does not change, their ports must not change, and it's
      wrong to get this by relying on CPython implementation details. Even if we
      automated the update of frontends with new urls, this couldn't be done
      atomically and we'd get random failures.
      
      Currently, frontends are only updated manually so we also want to minimize
      changes when families are added/renamed/removed. By sorting alphabetically,
      we have something predictable. Of course, this does not cover cases like the
      following one:
      - before: A, B, C
      - after: A, C
      Even if we added a 'port-base' parameter for the balancer, the port would
      change for one of the 2 families.
      
      We have no need for the moment, but we could go further with an optional list
      parameter to choose the order, and a special value to skip ports. Another
      option is to use publish-early but it's more complicated to implement and
      we lose everything when we reinstanciate.
      
      The sort in haproxy.cfg.in is for the stats page.
      ba9ef609
  3. 08 Dec, 2015 1 commit
  4. 07 Dec, 2015 10 commits
  5. 04 Dec, 2015 4 commits
  6. 03 Dec, 2015 3 commits
  7. 02 Dec, 2015 1 commit
  8. 01 Dec, 2015 1 commit
  9. 30 Nov, 2015 1 commit
  10. 27 Nov, 2015 5 commits
  11. 26 Nov, 2015 2 commits
  12. 25 Nov, 2015 4 commits
    • Rafael Monnerat's avatar
      agent has no recipe anymore. · cfbab038
      Rafael Monnerat authored
      cfbab038
    • Rafael Monnerat's avatar
    • Kirill Smelkov's avatar
      check-url: Quote $URL in -z check · c1ecf017
      Kirill Smelkov authored
      If one wants to check URLs on UNIX-sockets, there is no full URL schema
      in curl for this, but the following has to be used instead:
      
          curl --unix-socket /path/to/socket http:/<url-path>
      
      For this to work, one can do e.g. the following trick:
      
          [promise-unicorn]
          recipe  = slapos.cookbook:check_url_available
          url     = --unix-socket ${unicorn:socket}  http:/
      
      but then generated promise scripts fails this way:
      
          ./etc/promise/unicorn: line 7: [: too many arguments
      
      via quoting $URL in emptiness check we can support both usual URLs and
      urls with --unix-socket prepended trick.
      
      /reviewed-by @cedric.leninivin  (on nexedi/slapos!31)
      c1ecf017
    • Kirill Smelkov's avatar
      check-url: Allow to specify expected HTTP code · 35024175
      Kirill Smelkov authored
      In gitlab SR a service I need to check - gitlab-workhorse, returns 200
      only when request comes to some repository and authentication backend
      allows it.
      
      Requiring access to repositories is not very good just to check if the
      service is alive, and also auth backend can be not alive, and initially
      there are no repositories at all. So gitlab-workhorse is checked to be
      alive by pinging it with non-existing URL and expecting 403.
      
      For this to work we need to allow clients to specify expected HTTP code
      instead of previously hardcoded 200 (which still remains the default).
      
      /reviewed-by @cedric.leninivin  (on nexedi/slapos!31)
      35024175
  13. 24 Nov, 2015 2 commits