Changeset - 3ec086a76011
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 5 years ago 2020-10-02 22:44:17
branko@majic.rs
MAR-159: Updated role reference documentation and release notes.
2 files changed with 13 insertions and 15 deletions:
docs/releasenotes.rst
6
docs/rolereference.rst
7
15
0 comments (0 inline, 0 general)
docs/releasenotes.rst
Show inline comments
 
@@ -67,12 +67,18 @@ Breaking changes:
 

			




	
	
	
		
 
  * Updated default set of TLS ciphers used by the server

			




	
	
	
		
 
    (``web_server_tls_ciphers`` parameter). All CBC ciphers have been

			




	
	
	
		
 
    dropped. This could introduce incompatibility with older clients

			




	
	
	
		
 
    trying to connect to the server.

			




	
	
	
		
 

			




	
	
	
		
 
* ``wsgi_website`` role

			




	
	
	
		
 

			




	
	
	
		
 
  * Parameters ``gunicorn_version`` and ``futures_version`` have been

			




	
	
	
		
 
    deprecated and removed. Existing roles should be updated to

			




	
	
	
		
 
    utilise the ``wsgi_requirements`` parameter instead.

			




	
	
	
		
 

			




	
	
	
		
 
* ``xmpp_server`` role

			




	
	
	
		
 

			




	
	
	
		
 
  * Use 2048-bit Diffie-Hellman parameters for relevant TLS

			




	
	
	
		
 
    ciphers. This could introduce incompatibility with older

			




	
	
	
		
 
    clients/servers trying to connect to the XMPP server.

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    docs/rolereference.rst
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -1809,20 +1809,12 @@ Parameters

			




	
	
	
		
 

			




	
	
	
		
 
**fqdn** (string, mandatory)

			




	
	
	
		
 
  Fully-qualified domain name where the website is reachable. This value is used

			




	
	
	
		
 
  for calculating the user/group name for dedicated website user, as well as

			




	
	
	
		
 
  home directory of the website user (where data/code should be stored at).

			




	
	
	
		
 

			




	
	
	
		
 
**futures_version** (string, optional, ``3.2.0``)

			




	
	
	
		
 
  Version of ``futures`` package to deploy in virtual environment. Required by

			




	
	
	
		
 
  Gunicorn when using Python 2.7. Default version is tested with the test site.

			




	
	
	
		
 

			




	
	
	
		
 
**gunicorn_version** (string, optional, ``19.9.0``)

			




	
	
	
		
 
  Version of Gunicorn to deploy in virtual environment for running the WSGI

			




	
	
	
		
 
  application. Default version is tested with the test site.

			




	
	
	
		
 

			




	
	
	
		
 
**https_tls_certificate** (string, mandatory)

			




	
	
	
		
 
  X.509 certificate used for TLS for HTTPS service. The file will be stored in

			




	
	
	
		
 
  directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.

			




	
	
	
		
 

			




	
	
	
		
 
**https_tls_key** (string, mandatory)

			




	
	
	
		
 
  Private key used for TLS for HTTPS service. The file will be stored in

			




	
	
		
 
@@ -1877,17 +1869,19 @@ Parameters

			




	
	
	
		
 
  conformant to what the ``gunicorn`` command-line tool accepts. If the

			




	
	
	
		
 
  ``use_paste`` option is enabled, the value should be equal to filename of the

			




	
	
	
		
 
  Python Paste ini file, located in the ``code`` sub-directory. It should be

			




	
	
	
		
 
  noted that in either case the value should be specsified relative to the

			




	
	
	
		
 
  ``code`` sub-directory. I.e. don't use full paths.

			




	
	
	
		
 

			




	
	
	
		
 
**wsgi_requirements** (list, optional, ``[]``)

			




	
	
	
		
 
  Complete list of pip requirements used for deploying Gunicorn. If specified,

			




	
	
	
		
 
  this list will be used to create requirements file and install Gunicorn and

			




	
	
	
		
 
  its dependencies from that one. This allows to have pinned packages for both

			




	
	
	
		
 
  Gunicorn, futures, and their dependencies.

			




	
	
	
		
 
**wsgi_requirements** (list, optional, ``[ futures==3.3.0, gunicorn==19.10.0 ]``)

			




	
	
	
		
 
  Complete list of pip requirements used for deploying Gunicorn. If

			




	
	
	
		
 
  specified, this list will be used to create requirements file and

			




	
	
	
		
 
  install Gunicorn and its dependencies from that one. This allows to

			




	
	
	
		
 
  have pinned packages for both Gunicorn, futures, and their

			




	
	
	
		
 
  dependencies. The ``futures`` package is required by Gunicorn when

			




	
	
	
		
 
  using Python 2.7.

			




	
	
	
		
 

			




	
	
	
		
 
  It should be noted that this installation method is meant primarily in case of

			




	
	
	
		
 
  roles that want to take advantage of upgrade checks for pip requirements

			




	
	
	
		
 
  files, and that employ `pip-tools <https://github.com/jazzband/pip-tools>`_.

			




	
	
	
		
 

			




	
	
	
		
 
  In addition to change of installation method, when this parameter is specified

			




	
	
		
 
@@ -1934,14 +1928,12 @@ running a bare Django project):

			




	
	
	
		
 
        - django

			




	
	
	
		
 
      wsgi_application: django_example_com.wsgi:application

			




	
	
	
		
 
      environment_variables:

			




	
	
	
		
 
        DJANGO_SETTINGS_MODULE: "django_example_com.settings.production"

			




	
	
	
		
 
      https_tls_key: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.key') }}"

			




	
	
	
		
 
      https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.pem') }}"

			




	
	
	
		
 
      futures_version: 3.0.5

			




	
	
	
		
 
      gunicorn_version: 19.6.0

			




	
	
	
		
 
      additional_nginx_config:

			




	
	
	
		
 
        - comment: Use custom page for forbidden files.

			




	
	
	
		
 
          value: error_page 403 /static/403.html;

			




	
	
	
		
 
        - comment: Use custom page for non-existing locations/files.

			




	
	
	
		
 
          value: error_page 404 /static/404.html;

			




	
	
	
		
 
      website_mail_recipients: "root john.doe@example.com"

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.