Nginx deny list pr devel #593
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Making it easier to test with provision-target and ce-dev. * Moving the provision forcing var back to plays so _init has it. * Adding defaults vars and test script extra options. * Adding a web server test to CI. * examples string needs to be in quotes. * Making sure is_local and _ce_provision_force_play are available to the _init role. * Adding SSH keys to the provision user. * Adding a --force to the test script. * Explicitly adding vars to role. * Fixing _init behaviour and adding SSH key for web role. * Setting default PHP version to 7.4. * Looking up the generated ce-dev SSH key instead of hard-coding one. * We cannot run the ssh_server role locally, so excluding for tests of webserver role. * Trying to remove user_root.yml in case it's breaking CI. * Adding a verbose mode to the test script. * Exposing the command in the test script. * Trying hard-coded keys again. * Changing location of data dir for test containers. * Putting vars back and restricting CI to the 'web' example.
* Adding backup handling to ldap_server. * Improving SSL docs and handling perms for openldap and letsencrypt. * Cron user must be specified with file. * Running as root, do not need a 'sudo' in this cron.
* Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings.
Co-authored-by: Code Enigma CI <[email protected]>
* Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description.
* Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description. * Adding a firewall config preset to open port 80 for LetsEncrypt.
* Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name.
* Attempt to create an RDS read replica. * Use new task to create Aurora RDS instances. * Try and fix linting issues. * Don't pass max_storage variable for Aurora instances. * Remove more storage related vars from Aurora RDS instance creation task. * Add profile and region to read replica creation. * Try creating the Aurora read replica another way. * Add some debug info. * Work around the silly registering of variables in Ansible. * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. * Add some Aurora info to aws_rds README file. * Use reader instead of replica for Aurora readers. * Remove db_cluster_identifier variable from non-Aurora RDS task.
* Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name. * Using a pipe to grep with 'command' cannot work, refactoring. * Making CI use the meta deploy role to test gitlab. * We mustn't assume AWS servers for deploy and controller.
* Support termination protection in EC2. * Fixing CI vars. * Fixing CI vars.
* First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name.
* First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name. * Changing subnet lookup order to check for defined subnet first.
…586) * Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force.
* Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force. * Debugging gitlab-runner directory creation issues in CI. * Fixing linting error. * Removing verbosity again but leaving 'stat' command in.
|
Kudos, SonarCloud Quality Gate passed!
|
* Pass RDS db_cluster_identifier, if present, during an ASG build. * Use correct variable name for RDS db_cluster_identifier. * Add a commented variable to ASG role for db_cluster_identifier so it's documented.
…he aws_rds role. (#605)
Co-authored-by: Code Enigma CI <[email protected]>
* Moving all region settings to _aws_region var and adding README update. * Documentation update.
* Attempt to support aws_cli versions. * Remove AWS CLI install files when refreshing the CLI. * Make awscli refresh comment a bit clearer. * Make Ansible task name for specific AWS CLI version more explicit so we can see what version is being installed. * Fix src variable for awscli when specifying a version.
* Replacing references to 'buster' with proper Ansible release version variable. * Using OS family instead of distribution.
* Fixing minor style linting issues. * Too many blank lines in jenkins role. * Updating handler names.
* Fixing minor style linting issues. * Too many blank lines in jenkins role. * Updating handler names. * More linting fixes.
…818) * Remove deprecated DefaultType directive from apache2 conf. * Add custom directives to main nginx.conf file. * Add template-instead-of-copy to ansible-lint, temporarily at least.
* First attempt at a role to create ELBs outside an ASG. * Some more ELB role tweaks. * Update ELB role defaults for route_53. * Add some more vars to aws_elb role. * Add tags var to aws_elb role. * Add state var to aws_elb role. * Fix target_group instance handling in aws_elb role. * Need to construct a list of public subnet IDs when creating an ELB, in aws_elb role. * Fix up some aws_elb variables. * Use correct variable when create target group in aws_elb role. * Add modify_targets var for aws_elb role. * comments * Attempt to provide the ability to create multiple target groups.
* Make creation of an ELB during an ASG creation optional. * Add name[template] to .ansible-lint to skip silly Jinja error about templates being in task names.
* Attempt to support IPv6 in the VPC roles. * In aws_vpc_route, use a conditional when setting the route fact with regards to IPv6 routes. * I didn't quite get the variables right. * Fix IPv6 when clauses in aws_vpc role so the correct task is run when IPv6 is in use. * Move ipv6 subnet generation into a fact so it can be debugged more easily. * Some more IPv6 debugging. * So it's vpcs and not vpc when VPC info is gathered. Right. * And it turns out vpcs is actually a list, too. * Try to consolidate subnet creation into one task.
* Fixing minor style linting issues. * Too many blank lines in jenkins role. * Updating handler names. * More linting fixes. * Adding feature to allow clusters to use a specific AMI by image ID. * Linting spacing fixes.
* Attempt to support IPv6 in the VPC roles. * In aws_vpc_route, use a conditional when setting the route fact with regards to IPv6 routes. * I didn't quite get the variables right. * Fix IPv6 when clauses in aws_vpc role so the correct task is run when IPv6 is in use. * Move ipv6 subnet generation into a fact so it can be debugged more easily. * Some more IPv6 debugging. * So it's vpcs and not vpc when VPC info is gathered. Right. * And it turns out vpcs is actually a list, too. * Try to consolidate subnet creation into one task. * See about omitting the ipv6_cidr parameter when creating a VPC, if ipv6 is not required. * Simplify ipv6_cidr variable in the VPC role. * Comment out ipv6_cidr variable in aws_vpc role, so it can be omitted if not defined.
* Allowing installation of npm packages in nodejs role. * Variable naming error. * Supporting app specific installs of npm packages.
* Supporting private keys in user_ansible. * Improved defaults and docs. * User sub roles need all variables. * Hiding private key and allowing hashing of known_hosts.
* Supporting private keys in user_ansible. * Improved defaults and docs. * User sub roles need all variables. * Hiding private key and allowing hashing of known_hosts. * Fixing private keys post-creation. * Escaping forward slash.
* Skipping EC2 instance creation if server exists. * Updating documentation> * Do not try to re-associate EIP if host isn't new or forced. * Suppressing Route 53, CloudWatch and backups if server exists. * Adding an extra clause to catch launch.yml.
* Fixing minor style linting issues. * Too many blank lines in jenkins role. * Updating handler names. * More linting fixes. * Adding feature to allow clusters to use a specific AMI by image ID. * Linting spacing fixes. * authorized_key module namespace change.
* Fixing linting and namespacing for EFS role. * Linting jinja2 spacing fix.
…rovision into nginx_deny_list-PR-devel
|
Kudos, SonarCloud Quality Gate passed!
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.