platform issueshttps://0xacab.org/leap/platform/-/issues2018-10-11T11:47:33Zhttps://0xacab.org/leap/platform/-/issues/8851Unite provider_base/test and tests2018-10-11T11:47:33ZkwadronautUnite provider_base/test and testsI think it's confusing to both have:
leap_platform/provider_base/test
leap_platform/tests
Is there any reason to have both/can we move the provider_base/test (only ovpn) to the 'tests' directory?I think it's confusing to both have:
leap_platform/provider_base/test
leap_platform/tests
Is there any reason to have both/can we move the provider_base/test (only ovpn) to the 'tests' directory?Next major releasehttps://0xacab.org/leap/platform/-/issues/8846Deploy on dual stack node fails because of our firewall rules2017-07-12T21:30:11ZkwadronautDeploy on dual stack node fails because of our firewall rulesleap node init worked fine on a dual stack node, apt-get update would fail:
```
root@idefix:~# ip6tables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target ...leap node init worked fine on a dual stack node, apt-get update would fail:
```
root@idefix:~# ip6tables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
REJECT all anywhere anywhere reject-with icmp6-port-unreachable
```
I ran `apt-get -o Acquire::ForceIPv4=true update` which works fine.
root@idefix:~# cat /etc/apt/apt.conf.d/99force-ipv4
Acquire::ForceIPv4 "true";
I think this issue is a good moment to raise the problem again: tackling IPv6 issues in the platform.https://0xacab.org/leap/platform/-/issues/8838Configure soledad to use new soledad-create-userdb script2017-06-26T21:44:52ZVaracConfigure soledad to use new soledad-create-userdb scriptThe old soledad-server `create-user-db` script was renamed to `soledad-create-userdb` and the platform needs to make sure this is used when configuring soledad. For a transition period, soledad-server provides a symlink so both cmds work.The old soledad-server `create-user-db` script was renamed to `soledad-create-userdb` and the platform needs to make sure this is used when configuring soledad. For a transition period, soledad-server provides a symlink so both cmds work.Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8834Upload pnp4nagios packages to stretch deb repo2017-06-24T15:46:17ZVaracUpload pnp4nagios packages to stretch deb repohese packages are needed by the platform and need to get uploaded to the stretch deb repo once we target stretch:
`pnp4nagios pnp4nagios-bin pnp4nagios-web pnp4nagios-web-config-icinga pnp4nagios-web-config-nagios3`
see #8808hese packages are needed by the platform and need to get uploaded to the stretch deb repo once we target stretch:
`pnp4nagios pnp4nagios-bin pnp4nagios-web pnp4nagios-web-config-icinga pnp4nagios-web-config-nagios3`
see #8808Next major releasehttps://0xacab.org/leap/platform/-/issues/8833Remove old dependencies from debian repo once leap-mx is independent of leap-...2017-06-24T15:44:12ZVaracRemove old dependencies from debian repo once leap-mx is independent of leap-keymangerOnce leap_mx#8558 is fixed we can remove these packages
- [ ] leap-keymanager
- [ ] python-gnupg-ng python-gnupg-ng-doc python3-gnupg-ng
see https://0xacab.org/leap/platform/issues/8808Once leap_mx#8558 is fixed we can remove these packages
- [ ] leap-keymanager
- [ ] python-gnupg-ng python-gnupg-ng-doc python3-gnupg-ng
see https://0xacab.org/leap/platform/issues/8808Next major releasehttps://0xacab.org/leap/platform/-/issues/8832Run platform tests locally2018-12-01T22:53:58ZVaracRun platform tests locallyfrom `tests/platform-ci/README.md`:
```
Continuous integration tests for the leap_platform code. ...from `tests/platform-ci/README.md`:
```
Continuous integration tests for the leap_platform code.
Usage:
./setup.sh
bin/rake test:syntax
bin/rake catalog
```
The last step (needs to be `bin/rake catalog`) fails for me with:
```
--- tests/platform-ci ‹run_platform_tests_locally› » bin/rake catalog
bundle exec leap compile
bundler: failed to load command: leap (/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/vendor/ruby/2.1.0/bin/leap)
Gem::LoadError: Could not find 'leap_cli' (>= 0) among 59 total gem(s)
/home/varac/.rbenv/versions/2.1.10/lib/ruby/2.1.0/rubygems/dependency.rb:298:in `to_specs'
/home/varac/.rbenv/versions/2.1.10/lib/ruby/2.1.0/rubygems/dependency.rb:309:in `to_spec'
/home/varac/.rbenv/versions/2.1.10/lib/ruby/2.1.0/rubygems/core_ext/kernel_gem.rb:53:in `gem'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/vendor/ruby/2.1.0/bin/leap:22:in `<top (required)>'
rake aborted!
Command failed with status (1): [bundle exec leap compile...]
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/Rakefile:75:in `block (3 levels) in <top (required)>'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/Rakefile:74:in `chdir'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/Rakefile:74:in `block (2 levels) in <top (required)>'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/Rakefile:81:in `block in <top (required)>'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/vendor/ruby/2.1.0/bundler/gems/puppet-catalog-test-ac386793c2c4/lib/puppet-catalog-test/rake_task.rb:23:in `call'
/home/varac/dev/projects/leap/git/leap_platform/tests/platform-ci/vendor/ruby/2.1.0/bundler/gems/puppet-catalog-test-ac386793c2c4/lib/puppet-catalog-test/rake_task.rb:23:in `block in initialize'
Tasks: TOP => platform:provider_compile
(See full trace by running task with --trace)
```
This might be my rbenv setup that breaks it, not sure.Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8831Fix lintian on stretch package builds2017-06-23T07:50:49ZVaracFix lintian on stretch package buildshttps://0xacab.org/varac/pysqlcipher/-/jobs/12936
https://0xacab.org/varac/soledad/-/jobs/12934https://0xacab.org/varac/pysqlcipher/-/jobs/12936
https://0xacab.org/varac/soledad/-/jobs/12934Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8830Make Soledad Server Services API accesible from MX node2017-12-13T16:46:03ZdrebsMake Soledad Server Services API accesible from MX node*Soledad Server* will soon have a port binded to local interface providing the new *Services API*
(https://0xacab.org/leap/soledad/issues/8867). The idea is that services like MX will use this entrypoint to interact with Soledad Server, ...*Soledad Server* will soon have a port binded to local interface providing the new *Services API*
(https://0xacab.org/leap/soledad/issues/8867). The idea is that services like MX will use this entrypoint to interact with Soledad Server, instead of interacting directly with CouchDB.
This port from Soledad Server needs to be accessible from the MX node. We need:
- [ ] define a standard port for the *Soledad Server Services API*.
- [ ] add a tunnel from MX node to Soledad Server node.Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8827Automatic upload of all packages from master component to staging after succe...2017-09-14T22:55:51ZVaracAutomatic upload of all packages from master component to staging after successfull platform deploysee https://we.riseup.net/leap+infrastructure/packaging-workflow
```
Integration tests: If a platform build is successful using the "master" component, meaning all packages play nicely with each other, those packages should get automati...see https://we.riseup.net/leap+infrastructure/packaging-workflow
```
Integration tests: If a platform build is successful using the "master" component, meaning all packages play nicely with each other, those packages should get automatically copied over to "staging"
```Dogfoodinghttps://0xacab.org/leap/platform/-/issues/8824Test irker installation for platform2017-06-20T09:00:37ZVaracTest irker installation for platformhttp://bots.rhizolab.org:8080/irc.example.com/channelhttp://bots.rhizolab.org:8080/irc.example.com/channelPlatform 0.10.1https://0xacab.org/leap/platform/-/issues/8822After release of debian stretch: There is no public key available for the fol...2017-10-24T08:35:32ZVaracAfter release of debian stretch: There is no public key available for the following key IDs: EF0F382A1A7B6500```
root@donkey:~# apt update
Hit http://security.debian.org jessie/updates InRelease
Hit http://security.debian.org stretch/updates InRelease
Hit http://deb.leap.se jessie InRelease ...```
root@donkey:~# apt update
Hit http://security.debian.org jessie/updates InRelease
Hit http://security.debian.org stretch/updates InRelease
Hit http://deb.leap.se jessie InRelease
Hit http://security.debian.org jessie/updates/main amd64 Packages
Ign http://deb.debian.org jessie InRelease
Ign http://deb.debian.org stretch InRelease
Get:1 http://deb.debian.org jessie-backports InRelease [166 kB]
Hit http://security.debian.org jessie/updates/main Translation-en
Hit http://security.debian.org stretch/updates/main amd64 Packages
Hit http://security.debian.org stretch/updates/main Translation-en
Hit http://deb.debian.org jessie Release.gpg
Hit http://deb.debian.org stretch Release.gpg
Hit http://deb.leap.se jessie/snapshots amd64 Packages
Hit http://deb.debian.org jessie Release
Hit http://deb.debian.org stretch Release
Hit http://deb.debian.org jessie-backports/main amd64 Packages
Hit http://deb.debian.org jessie-backports/main Translation-en
Hit http://deb.debian.org jessie/main amd64 Packages
Hit http://deb.debian.org jessie/main Translation-en
Hit http://deb.debian.org stretch/main amd64 Packages
Ign http://deb.leap.se jessie/snapshots Translation-en_US
Hit http://deb.debian.org stretch/main Translation-en
Ign http://deb.leap.se jessie/snapshots Translation-en
Fetched 166 kB in 4s (41.5 kB/s)
Reading package lists... 99%
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: There is no public key available for the following key IDs:
EF0F382A1A7B6500
root@donkey:~# cat /etc/apt/sources.list /etc/apt/sources.list.d/*
# This file is managed by puppet
# all local modifications will be overwritten
### Debian current: jessie
# basic
deb http://deb.debian.org/debian/ jessie main
# security
deb http://security.debian.org/ jessie/updates main
### Debian next: stretch
# basic
deb http://deb.debian.org/debian/ stretch main
# security
deb http://security.debian.org/ stretch/updates main
deb http://deb.debian.org/debian/ jessie-backports main
deb [signed-by=/usr/share/keyrings/leap-archive.gpg] http://deb.leap.se/platform jessie snapshots
```
```
» gpg --search-keys EF0F382A1A7B6500
gpg: data source: https://host-37-191-226-104.lynet.no:443
(1) Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org
4096 bit RSA key 0xEF0F382A1A7B6500, created: 2017-05-20, expires: 2025-05-18
Keys 1-1 of 1 for "EF0F382A1A7B6500". Enter number(s), N)ext, or Q)uit >
```Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8820CI: Platform deploy test marked as succeessful with wrong credentials2017-07-18T18:25:34ZVaracCI: Platform deploy test marked as succeessful with wrong credentialsPlatform 0.10.1https://0xacab.org/leap/platform/-/issues/8818Fix link Vagrant help2018-10-11T11:47:42ZkwadronautFix link Vagrant helphttps://leap.se/en/docs/platform/tutorials/vagrant#limitations cotains a broken link to https://leap.se/en/docs/platform/tutorials/vagrant/known-issueshttps://leap.se/en/docs/platform/tutorials/vagrant#limitations cotains a broken link to https://leap.se/en/docs/platform/tutorials/vagrant/known-issuesNext major releasehttps://0xacab.org/leap/platform/-/issues/8817Limit ec2 permissions for CI users2017-06-16T14:00:20ZVaracLimit ec2 permissions for CI usersRight now, the "ci" AWS user has full ec2 access, we should limit the permissions.Right now, the "ci" AWS user has full ec2 access, we should limit the permissions.Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8816Put all AWS config/code into version control2017-06-19T12:14:48ZVaracPut all AWS config/code into version control- [ ] IAM: https://github.com/99designs/iamy
- [ ] Lambda
- [ ] Cloudwatch
- [ ] IAM: https://github.com/99designs/iamy
- [ ] Lambda
- [ ] Cloudwatch
Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8810support ed25519 keys with leap_cli2017-07-04T20:39:50Zkwadronautsupport ed25519 keys with leap_cliSince the release of Net::SSH in February 2017 we now have a stable implementation that supports ssh-ed25519. I can add an (extra) key for a user in provider/users/name/alice_ssh.pub, this will get deployed and works fine. A little bit o...Since the release of Net::SSH in February 2017 we now have a stable implementation that supports ssh-ed25519. I can add an (extra) key for a user in provider/users/name/alice_ssh.pub, this will get deployed and works fine. A little bit of work needs to be done on lib/leap_cli/ssh/key.rb for when people use the leap user add commands.
http://net-ssh.github.io/net-ssh/:
> For ed25519 public key auth support your bundle file should contain “`rbnacl-libsodium“`, “`rbnacl“`, “`bcrypt_pbkdf“` dependencies.
Next major releaseelijahelijahhttps://0xacab.org/leap/platform/-/issues/8805Don't add deb-src to sources.list on build2017-12-04T11:51:21ZVaracDon't add deb-src to sources.list on buildPackage building, apt tries to fetch the sources repo as well but fails.
As we don't provide the package sources (yet) we should disable this.
```
W: Failed to fetch http://deb.leap.se/platform/dists/snapshots/main/source/Sources 404 ...Package building, apt tries to fetch the sources repo as well but fails.
As we don't provide the package sources (yet) we should disable this.
```
W: Failed to fetch http://deb.leap.se/platform/dists/snapshots/main/source/Sources 404 Not Found
```
see https://0xacab.org/meskio/leap_mx/builds/11584Platform 0.10.1https://0xacab.org/leap/platform/-/issues/8804Fix pip versioning for soledad2017-06-15T11:19:07ZVaracFix pip versioning for soledadRegarding python versioning, there's a mismatch between the debian package version for i.e. a newly built leap-mx package:
```
root@cat:/etc/apt/sources.list.d# apt-cache policy leap-mx
leap-mx:
Installed: 0.9.1+0~20170207164922.5631+...Regarding python versioning, there's a mismatch between the debian package version for i.e. a newly built leap-mx package:
```
root@cat:/etc/apt/sources.list.d# apt-cache policy leap-mx
leap-mx:
Installed: 0.9.1+0~20170207164922.5631+debian.platform0.10+jessie~1.g577e403
Candidate: 0.9.1+0~20170207164922.5631+debian.platform0.10+jessie~1.g577e403
Version table:
*** 0.9.1+0~20170207164922.5631+debian.platform0.10+jessie~1.g577e403 0
999 http://deb.leap.se/gitbuildpackage/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
0.9.1+0~20170118161755.55+jessie~1.gbpf8c9b9 0
999 http://deb.leap.se/experimental-platform/ jessie/main amd64 Packages
root@cat:/etc/apt/sources.list.d# pip list|grep leap.mx
leap.mx (0.8.1)
```
The initial groundwork is done, but for repos that produce multiple packages like soledad it needs to get fixed.
Related to #8437Next major releasehttps://0xacab.org/leap/platform/-/issues/8802Troubleshooting docs2018-10-11T11:47:51ZkwadronautTroubleshooting docsOn https://leap.se/en/docs/platform/troubleshooting/where-to-look#mailspool it is being said to check for
```
Any file in the leap_mx mailspool longer for a few seconds ?
ls -la /var/mail/vmail/Maildir/cur/
```
Shouldn't this be ch...On https://leap.se/en/docs/platform/troubleshooting/where-to-look#mailspool it is being said to check for
```
Any file in the leap_mx mailspool longer for a few seconds ?
ls -la /var/mail/vmail/Maildir/cur/
```
Shouldn't this be changed to:
root@pangolin:/var/lib/soledad# ls -al /var/mail/leap-mx/Maildir/cur/Next major releasehttps://0xacab.org/leap/platform/-/issues/8800GH only 1 api-key possible2017-05-30T18:06:40ZkwadronautGH only 1 api-key possible