Majic Projects
Majic Ansible Roles Timeline
December 24, 2018
task_tiny.png 11:49  Task MAR-144 - Release version 3.1.1
branko (branko):
Issue closed
icon_milestone.png 11:49 3.1.1
A new milestone has been reached
task_tiny.png 11:45  Task MAR-144 - Release version 3.1.1
branko (branko):
Issue created
Version 3.1.1 needs to be released. Release should be done according to release procedures in documentation.
December 16, 2018
task_tiny.png 10:28  Task MAR-143 - Release version 3.1.0
branko (branko):
Issue closed
icon_milestone.png 10:28 3.1.0
A new milestone has been reached
December 15, 2018
task_tiny.png 15:31  Task MAR-143 - Release version 3.1.0
branko (branko):
Issue created
Version 3.1.0 needs to be released. Release should be done according to release procedures in documentation.
bug_report_tiny.png 13:45  Bug report MAR-142 - Python virtual environment for Python 3 pip requirements check uses wrong interpreter (Python 2)
branko (branko):
Issue closed
December 13, 2018
feature_request_tiny.png 23:02  Feature request MAR-141 - Improve handling of pip requirements check virtual environment
branko (branko):
Issue closed
December 07, 2018
bug_report_tiny.png 07:07  Bug report MAR-142 - Python virtual environment for Python 3 pip requirements check uses wrong interpreter (Python 2)
branko (branko):
Issue created
The `common` role deploys a mechanism for checking for available updates through the Python virtual environment requirements files.

Functionality depends on having two dedicated Python 2 and Python 3 Python virtual environments for performing the check. During the deployment of common role, however, the Python 3 Python virtual environment is set-up to use the Python 2 interpreter instead of Python 3 interpreter.
December 05, 2018
feature_request_tiny.png 17:59  Feature request MAR-141 - Improve handling of pip requirements check virtual environment
branko (branko):
Issue created
The current handling of Python virtual environment used for pip requirements checks in the `common` role is not optimal. There is a number of issues that cause intermittent failures. For example:

- Outdated `setuptools` or `pip` will prevent the tool from working.
- There is no guarantee around what version of `setuptools` or `pip` is installed at any time.
- Updating `pip`/`setuptools` is not possible.
- Initial syncing of environment is carried out by installing up-to-date version of pip-tools, and this could end up in failure due to incompatibilities listed above.

To make this functionality work more reliably, it would be necessary to change the way all the relevant packages are installed.

The following should be done:

- Update the `common` role.
- Include all packages, including `pip` and `setuptools` in requirements.in and requirements.txt.
- Install the necessary packages with the `pip install -r requirements.txt` initially, and then simply resort to invoking `pip-sync` as well to clean-up stale unused packages.
- Update the `pip_check_requirements_upgrades.sh` script to use to invoke `pip-compile` with `--allow-unsafe` option.
- Update role documentation with new parameter values, and notify of change in the use of `--allow-unsafe` option.
- Update role documentation.
November 25, 2018
task_tiny.png 19:49  Task MAR-136 - Release version 3.0.0
branko (branko):
Issue closed
icon_milestone.png 19:49 3.0.0
A new milestone has been reached
task_tiny.png 14:10  Task MAR-140 - Release version 2.0.1
branko (branko):
Issue closed
November 24, 2018
feature_request_tiny.png 14:25  Feature request MAR-139 - Switch to using stable branch nightly builds for Prosody in XMPP server role (backport to 2.0)
branko (branko):
Issue closed
task_tiny.png 14:17  Task MAR-140 - Release version 2.0.1
branko (branko):
Issue created
Version 2.0.1 needs to be released. Release should be done according to release procedures in documentation.
feature_request_tiny.png 14:04  Feature request MAR-138 - Switch to using stable branch nightly builds for Prosody in XMPP server role
branko (branko):
Issue closed
feature_request_tiny.png 13:00  Feature request MAR-139 - Switch to using stable branch nightly builds for Prosody in XMPP server role (backport to 2.0)
branko (branko):
Issue created
Current implementation of the XMPP server role is using latest stable Prosody releases through Prosody project's own repository.

This is problematic because the version will get bumped from one minor release to next one, causing compatibility issues (see issue MAR-137 for a good example).

Unfortunately, it would be better to switch to using nightly builds on the relevant stable branch instead. These are not official releases, however, but at the moment this seems to be the best way to go about solving future breakages. The nightly stable branch releases should still be good enough since they are supposed to receive only bug-fixes.

The following should be done:

- Update the XMPP server role.
- Switch to using the `prosody-0.10` package as default (the nightly builds).
- Make the package name configurable.
- Update role reference documentation
- Update release notes.

This is essentially a bug-fix because the current deployment of Prosody is broken in terms of LDAP integration.
feature_request_tiny.png 12:57  Feature request MAR-138 - Switch to using stable branch nightly builds for Prosody in XMPP server role
branko (branko):
Issue created
Current implementation of the XMPP server role is using latest stable Prosody releases through Prosody project's own repository.

This is problematic because the version will get bumped from one minor release to next one, causing compatibility issues (see issue MAR-137 for a good example).

Unfortunately, it would be better to switch to using nightly builds on the relevant stable branch instead. These are not official releases, however, but at the moment this seems to be the best way to go about solving future breakages. The nightly stable branch releases should still be good enough since they are supposed to receive only bug-fixes.

The following should be done:

- Update the XMPP server role.
- Switch to using the `prosody-0.10` package as default (the nightly builds).
- Make the package name configurable.
- Update role reference documentation
- Update release notes.
bug_report_tiny.png 12:43  Bug report MAR-137 - XMPP server LDAP integration not working for Prosody 0.11.x
branko (branko):
Issue closed
November 22, 2018
task_tiny.png 14:21  Task MAR-134 - Switch to Ansible 2.7.x
branko (branko):
Issue closed
bug_report_tiny.png 12:50  Bug report MAR-137 - XMPP server LDAP integration not working for Prosody 0.11.x
branko (branko):
Issue created
The XMPP server Ansible role takes care of deploying the Prosody XMPP server implementation. After the last version of Prosody (0.11.0) has been deployed, the LDAP integration between the XMPP server and LDAP directory stopped working.

The problem stems from Prosody 0.11.x depending on Lua 5.2, while the Lua bindings towards the LDAP directory work only with Lua 5.1, and no bindings are deployed for Lua 5.2.

Unfortunately, the Lua LDAP bindings seem to be pretty much abandoned, and it not clear where one should get the latest sources for building it against Lua 5.2. See [Debian bug #814218](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814218) for details.

Instead of trying to get the LDAP bindings working, it might be easier to switch over to using the [Cyrus SASL](https://prosody.im/doc/cyrus_sasl) authentication combined with the [saslauthd](https://cyrusimap.org/sasl/sasl/pwcheck.html#saslauthd) daemon.

The following should be done:

- Update the `xmpp_server` role.
- Deploy and configure `saslauthd` for use with Prosody.
- Drop deployment of the LDAP authentication module (removing it altogether).
- Update Prosody configuration to use the Cyrus SASL implementation.
November 19, 2018
task_tiny.png 14:52  Task MAR-136 - Release version 3.0.0
branko (branko):
Issue created
Version 3.0.0 needs to be released. Release should be done according to release procedures in documentation.
November 04, 2018
enhancement_tiny.png 20:26  Enhancement MAR-135 - Use non-reserved name for running handlers
branko (branko):
Issue closed
enhancement_tiny.png 10:40  Enhancement MAR-135 - Use non-reserved name for running handlers
branko (branko):
Issue created
At the moment it is possible to tell the roles to explicitly run the handlers like regular tasks. This can be done by using the `handlers` variable, usually passed-in as environment variable.

This is a convenient method to ensure the system is using up-to-date configuration files etc in case of failures.

However, Ansible at the moment produces the following warning when doing so:

[WARNING]: Found variable using reserved name: handlers

This means that the functionality could stop working in some future Ansible release.

Instead, it would be better to have a different environment variable.

The following should be done:

- Replace the `handlers` variable with `run_handlers`.
- Update documentation.
task_tiny.png 09:27  Task MAR-134 - Switch to Ansible 2.7.x
branko (branko):
Issue created
Roles should be updated to work with Ansible 2.7.x

The following should be done:

- Update the requirements and its input file to use Ansible 2.7.x.
- Update to latest Molecule testing framework.
- Try to get rid of any outstanding `@TODO` items from existing implementation.
- Make any other necessary changes to make sure everything is working fine.
- Ensure all tests are passing.
- Update usage instructions to use Ansible 2.7.x.
- Ensure usage instructions are still fully valid.
- Ensure test site can be deployed.
- Ensure there are no warnings logged by Ansible.
feature_request_tiny.png 08:48  Feature request MAR-132 - Full support for Debian Stretch
branko (branko):
Issue closed
July 31, 2018
feature_request_tiny.png 14:44  Feature request MAR-131 - Support for Python 3 in wsgi_website role
branko (branko):
Issue closed
July 23, 2018
enhancement_tiny.png 20:28  Enhancement MAR-133 - Improve output for certificate validity checks
branko (branko):
Issue closed
enhancement_tiny.png 10:58  Enhancement MAR-130 - Reduce Python virtual environment checks to once per day
branko (branko):
Issue closed
July 22, 2018
enhancement_tiny.png 16:38  Enhancement MAR-133 - Improve output for certificate validity checks
branko (branko):
Issue created
The `common` role deploys a helper script that can verify validity of certificates - `check_certificate.sh`. This certificate is in turn invoked via a crontab, and in case there is output, a mail will end-up being sent to the local root account (as per standard cron daemon configuration).

However, there is a couple of annoyances when the script is used:

- If certificates have been specified for validation, the script will produce warnings. This results in spurious mails being sent out for servers where no certificate checks should be performed.
- Expiration check will output just the expiration date, while it might be useful to actually produce information in a more human-readable format as well (e.g. certificate expires in 2 days).
- Even when all checks are passing, a mail will end-up being sent out, since the script reports certificates that pass the check as well. This might reduce readability and administrator has to pay attention to each mail sent.

The following should be done:

- Change message level to `INFO` when informing user that no certificates have been configured for checks.
- Show estimate of how soon the certificate expires in more human-readable format (e.g. "in 2 days") - in addition to absolute date. Granularity in days should be sufficient.
- Introduce "quiet" mode (option `-q`) that will only output warnings and errors (hiding any other messages). This should reduce number of mails being sent out, and make it clear what certificates need to be handled.
July 17, 2018
task_tiny.png 20:56  Task MAR-129 - Switch to Ansible 2.5.x
branko (branko):
Issue closed
July 09, 2018
feature_request_tiny.png 10:16  Feature request MAR-132 - Full support for Debian Stretch
branko (branko):
Issue created
Only a number of roles currently support Debian Stretch as deployment target. It would be good to bring all the roles up-to-date to support Debian Stretch in addition to Debian Jessie in order to benefit from more up-to-date packages.

The following should be done:

- Add support for Debian Stretch to the following roles:
- `ldap_client`
- `ldap_server`
- `xmpp_server`
- `mail_server`
- `web_server`
- `php_website`
- `wsgi_website`
- `database_server`
- `database`
- `backup_server`
- For each role:
- Add new distribution to test matrix.
- Ensure all tests are passing, making any of the necessary changes.
- Update role reference documentation.
- Update usage instructions to use Debian Stretch by default.
- Update test site instructions to mention that either Debian Stretch or Debian Jessie can be used for test site.
- Pay special care to roles that may hold data
- Pay special care to roles that include external apt repositories (`xmpp_server`).
feature_request_tiny.png 10:02  Feature request MAR-131 - Support for Python 3 in wsgi_website role
branko (branko):
Issue created
At the moment the `wsgi_website` role supports only Python 2. Since Python 2 is bound to reach end-of-life soon, and many applications have already moved towards Python 3 only, it would be useful to add ability to set-up a Python 3 virtual environment for WSGI applications (via the `wsgi_website` role).

This would also affect the `common` role functionality related to checking for available package updates in the Python virtual environments.

The following should be done:

- Extend the `wsgi_website` role to include support for Python 3 (making it configurable).
- Extend the `common` role to properly support package update checks for both Python 2 and Python 3 roles.
- Update role reference documentation.
- Update usage instructions to mention support for Python 3.
enhancement_tiny.png 09:52  Enhancement MAR-130 - Reduce Python virtual environment checks to once per day
branko (branko):
Issue created
The `common` role provides mechanism for performing Python virtual environment checks via the `pip-tools` suite of utilities. The current implementation suffers from a couple of drawbacks:

- The check is performed on hourly basis, resulting in a lot of mails being sent out to the administrator, since the administrator will most likely not apply update immediately (since those very often need to be verified for breakage etc).
- The script that performs the check requires that **all** of the `.in` files have a corresponding `.txt` file, and produces warnings otherwise. This becomes annoying when the `-r` inclusion options are used within input files, since it will often result in multiple files getting checked (while we only want to do so for a single file that is actually used by an application).

The following should be done:

- Update the `common` role to run the Python virtual environment package update checks only once per day.
- Update the `common` role script that performs Python virtual environment package update checks to ignore `.in` requirements files without corresponding `.txt` file. Lower the message to info instead of warning.
- Update role reference documentation to reference the new frequency.
- Update release notes.
November 28, 2017
task_tiny.png 22:48  Task MAR-128 - Upgrade test suite to Molecule 2.x
branko (branko):
Issue closed
icon_milestone.png 22:48 2.1.0
A new milestone has been reached
November 19, 2017
feature_request_tiny.png 19:28  Feature request MAR-127 - Time synchronisation set-up via common role
branko (branko):
Issue closed
November 18, 2017
task_tiny.png 22:26  Task MAR-129 - Switch to Ansible 2.5.x
branko (branko):
Issue created
Roles should be updated to work with Ansible 2.5.x

The following should be done:

- Update the requirements and its input file to use Ansible 2.5.x.
- Update to latest Molecule testing framework.
- Make any other necessary changes to make sure everything is working fine.
- Ensure all tests are passing.
- Update usage instructions to use Ansible 2.5.x.
- Switch to using the official `ldap_entry` module instead of the fully custom one `m_ldap_entry`.
- Ensure usage instructions are still fully valid.
- Ensure test site can be deployed.
- Ensure there are no warnings logged by Ansible.
task_tiny.png 22:19  Task MAR-128 - Upgrade test suite to Molecule 2.x
branko (branko):
Issue created
Current set of tests implemented for roles depends on now deprecated version of Molecule (1.x). In order to be able to upgrade to next release of Ansible (2.4.x), and to receive bug-fixes and new features for Molecule itself, it would be necessary to upgrade configuration and tests to work with Molecule 2.x.

This will take some amount of effort due to major changes in how Molecule 2.x behaves and is configured as compared to Molecule 1.x.

The following should be done:

- Update the project requirements and its input source to use Molecule 2.x.
- Update test configuration and tests for all roles, as necessary, in order to make them runnable with Molecule 2.x. For details on porting instructions, [refer to official Molecule configuration](http://molecule.readthedocs.io/en/latest/porting.html).
- Make sure to run the full test suite prior to resolving this issue.
- Update the script used for running tests on all roles.
- Update development documentation.
feature_request_tiny.png 22:15  Feature request MAR-127 - Time synchronisation set-up via common role
branko (branko):
Issue created
In order to ensure proper functioning of all the different servers, it is necessary to make sure that sever time does not drift. This is important for a multitude of reasons - correct log timestamps, TLS verification etc.

Easiest way to achieve this would be to deploy an NTP client. A good candidate role for this implementation is the `common` role.

The following should be done:

- Update the `common` role.
- Ensure tests are implemented prior to proceeding.
- Add new parameter for specifying a list of NTP servers to use, defaulting to empty list. Empty list indicates that NTP configuration should not be performed.
- Deploy both the ntpdate and ntp package for simplicity sake.
- Configure the NTP daemon to use provided list of NTP servers.
- Update role reference documentation. Make sure to mention that it is recommended to set the value to Debian's default pool list - `0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org`.
- Update usage instructions.
- Update `testsite` configuration.
August 22, 2017
task_tiny.png 10:34  Task MAR-126 - Release version 2.0.0
branko (branko):
Issue closed
task_tiny.png 10:02  Task MAR-126 - Release version 2.0.0
branko (branko):
Issue created
Version 2.0.0 needs to be released. Release should be done according to release procedures in documentation.
bug_report_tiny.png 10:02  Bug report MAR-116 - Changing encryption/signing keys in backup_client role results in Ansible run to fail
branko (branko):
Issue closed
task_tiny.png 07:46  Task MAR-125 - Switch to Ansible 2.3.x
branko (branko):
Issue closed