Bonjour,
I’ll upgrade securedrop.club production by running
rm molecule/preprod/.molecule/state.yml molecule create -s preprod ansible-playbook --private-key infrastructure_key --user debian -i inventory securedrop-club-playbook.yml
on ansible.securedrop.club
. The molecule create is required to create the inventory/group_vars/all/domain.yml
file to set domain: securedrop.club. This will include changes from ece578106e885ced4c75c8c43105fc2f05f66014 to 3042122593ee35858d974ddcfc8fb62f5c4a22d9
New indirect reference to the private key in /srv/checkout/private-key.yml
ssh_private_keyfile: “{{ lookup(‘pipe’, ‘git rev-parse --show-toplevel’) }}/infrastructure_key”
New production variables for gitlab mirroring:
- srv/checkout/inventory/host_vars/gitlab-host.yml
- mirror_from_securedrop: https://github.com/freedomofpress/securedrop
- mirror_bot_password: XXXXXXX
New production variables for gitlab CI:
- srv/checkout/inventory/host_vars/gitlab-host.yml
- gitlab_os_auth_url: https://auth.cloud.ovh.net/v2.0/
- gitlab_os_tenant_name: ABCDEF
- gitlab_os_username: ABCDEF
- gitlab_os_password: ABCDEF
- gitlab_os_region_name: DE1
The with_https and with_fake_LE variables are now global and unset by default:
-
inventory/group_vars/all/https.yml
is removed - the new file
inventory/group_vars/all/with_https.yml
is modified to uncomment with_https: true
The inventory/host_vars/icinga-host/monitoring.yml
file does not need modification for vhost_fqdn anymore.
Manual verification checklist:
- A shared running should be registered in
lab.securedrop.club
. It can be assigned to a project, a.gitlab-ci.yml
uploaded to verify it runs ok. - gitlab is upgrade and the upgrade is hopefully not causing troubles
image: sameersbn/gitlab:8.13.2 image: sameersbn/gitlab:10.1.3
- Login ssh -p 2222 debian@lab.securedrop.club and sudo tail -f /var/log/syslog and wait 5 minutes to check if the mirror happens. Also try it manually
- Verify weblate is still able to communicate properly with lab.securedrop.club
- sudo docker-compose -f docker-compose-securedrop-club.yml exec weblate bash
- cd /app/data/vcs/securedrop/securedrop
- git fetch
- Verify weblate site (in admin) is weblate.securedrop.club and not star
Cheers