- 14 Dec, 2015 1 commit
-
-
Alain Takoudjou authored
If restrict mode is set to true, nat interface (eth0) will be isolated, no network access, only host and guest forward rules will work throught that interface. This option is true by default for kvm-cluster, and false for single and resilient kvm.
-
- 09 Dec, 2015 5 commits
-
-
Rafael Monnerat authored
-
Kirill Smelkov authored
In case there are errors when creating cluster / setting up its configuration files, currently we leave pgsql database left half-installed and next time instantiation runs do not do anything, because os.path.exists(pgdata) is already true. I've personally hit this situation via providing ipv4 and ipv6 parameters as strings and the recipe wanted to do `ipv4.join(ipv6)` but this works only for sets and raises for strings. What is worse is that the above error becomes hidden in our default setup, because webrunner tries to do instantiation _several_ times, and on the second run instantiation succeeds, because pgdata directory already exists and recipe thinks there is nothing to do _and_ webrunner already removed instance.log from previous run. So do not hide errors, and if we see there are problems, remove the wholly created pgsql database directory. /cc @kazuhiko, @jerome /proposed-for-review on nexedi/slapos!29
-
Cédric Le Ninivin authored
-
Cédric Le Ninivin authored
-
Julien Muchembled authored
If the list of families does not change, their ports must not change, and it's wrong to get this by relying on CPython implementation details. Even if we automated the update of frontends with new urls, this couldn't be done atomically and we'd get random failures. Currently, frontends are only updated manually so we also want to minimize changes when families are added/renamed/removed. By sorting alphabetically, we have something predictable. Of course, this does not cover cases like the following one: - before: A, B, C - after: A, C Even if we added a 'port-base' parameter for the balancer, the port would change for one of the 2 families. We have no need for the moment, but we could go further with an optional list parameter to choose the order, and a special value to skip ports. Another option is to use publish-early but it's more complicated to implement and we lose everything when we reinstanciate. The sort in haproxy.cfg.in is for the stats page.
-
- 08 Dec, 2015 1 commit
-
-
Alain Takoudjou authored
-
- 07 Dec, 2015 10 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
that is a long-deprecated syntax and removed in haproxy 1.6.
-
Kazuhiko Shiozaki authored
-
- 04 Dec, 2015 4 commits
-
-
Alain Takoudjou authored
-
Alain Takoudjou authored
-
Kazuhiko Shiozaki authored
version up : OpenSSL 1.0.2e, including CVE-2015-3193, CVE-2015-3194, CVE-2015-3195 and CVE-2015-3196. https://www.openssl.org/news/secadv/20151203.txt
-
Kirill Smelkov authored
From https://golang.org/doc/devel/release.html#go1.5.minor: go1.5.2 (released 2015/12/02) includes bug fixes to the compiler, linker, and the mime/multipart, net, and runtime packages /reviewed-by: TrustMe
-
- 03 Dec, 2015 3 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
- 02 Dec, 2015 1 commit
-
-
Alain Takoudjou authored
-
- 01 Dec, 2015 1 commit
-
-
Vincent Pelletier authored
-
- 30 Nov, 2015 1 commit
-
-
Alain Takoudjou authored
-
- 27 Nov, 2015 5 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
- 26 Nov, 2015 2 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
- 25 Nov, 2015 4 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Kirill Smelkov authored
If one wants to check URLs on UNIX-sockets, there is no full URL schema in curl for this, but the following has to be used instead: curl --unix-socket /path/to/socket http:/<url-path> For this to work, one can do e.g. the following trick: [promise-unicorn] recipe = slapos.cookbook:check_url_available url = --unix-socket ${unicorn:socket} http:/ but then generated promise scripts fails this way: ./etc/promise/unicorn: line 7: [: too many arguments via quoting $URL in emptiness check we can support both usual URLs and urls with --unix-socket prepended trick. /reviewed-by @cedric.leninivin (on nexedi/slapos!31)
-
Kirill Smelkov authored
In gitlab SR a service I need to check - gitlab-workhorse, returns 200 only when request comes to some repository and authentication backend allows it. Requiring access to repositories is not very good just to check if the service is alive, and also auth backend can be not alive, and initially there are no repositories at all. So gitlab-workhorse is checked to be alive by pinging it with non-existing URL and expecting 403. For this to work we need to allow clients to specify expected HTTP code instead of previously hardcoded 200 (which still remains the default). /reviewed-by @cedric.leninivin (on nexedi/slapos!31)
-
- 24 Nov, 2015 2 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-