Changeset - b990e0d82f39
[Not reviewed]
0 3 0
Branko Majic (branko) - 4 years ago 2021-01-12 05:00:43
branko@majic.rs
MAR-160: Update release notes, usage instructions, and role reference documentation:

- Describe the maintenance and maintenance_allowed_hosts parameters
for the common role.
3 files changed with 26 insertions and 0 deletions:
0 comments (0 inline, 0 general)
docs/releasenotes.rst
Show inline comments
 
@@ -5,6 +5,14 @@ Release notes
 
NEXT RELEASE
 
------------
 

	
 
**New features/improvements:**
 

	
 
* ``common`` role
 

	
 
  * Added parameters ``maintenance`` and ``maintenance_allowed_hosts``
 
    for enabling maintenance mode. In maintenance mode only the listed
 
    hosts are allowed to connect to the server.
 

	
 
**Bug fixes:**
 

	
 
* ``wsgi_website_`` role
docs/rolereference.rst
Show inline comments
 
@@ -391,6 +391,18 @@ Parameters
 
  higher than ``incoming_connection_limit``), even if it would go above the
 
  specified connection limit.
 

	
 
**maintenance** (boolean, optional, ``False``)
 
  Specifies if maintenance mode should be enabled or not. In
 
  maintenance mode incoming TCP connections are allowed only from
 
  explicitly listed hosts (see ``maintenance_allowed_hosts``
 
  parameter). All ports are covered by this rule, with sole exception
 
  being the TCP port 22 (SSH). The SSH port is never blocked via
 
  maintenance mode.
 

	
 
**maintenance_allowed_hosts** (list, optional,  ``[]``)
 
  List of hosts that should be allowed to connect to the server when
 
  in maintenance mode.
 

	
 
**ntp_servers** (list, optional, ``[]``)
 
  List of NTP servers to use for synchronising the time on managed
 
  machine using NTP. If no time synchronisation should be set-up, set
docs/usage.rst
Show inline comments
 
@@ -511,6 +511,12 @@ Each server needs to share some common configuration in order to be functioning
 
properly. This includes set-up of some shared accounts, perhaps some hardening
 
etc.
 

	
 
.. note::
 
   Should you ever need to limit what hosts can connect to a server
 
   for some kind of maintenance or upgrade purposes, the ``common``
 
   role comes with ``maintenance`` and ``maintenance_allowed_hosts``
 
   parameters. See :ref:`rolereference` for more information.
 

	
 
Let's take care of this common configuration right away:
 

	
 
1. Create playbook for the communications server:
0 comments (0 inline, 0 general)