Changeset - b990e0d82f39
Parent rev.
Child rev.
[Not reviewed]
0 3 0
Branko Majic (branko) - 3 years ago 2021-01-12 05:00:43
branko@majic.rs
MAR-160: Update release notes, usage instructions, and role reference documentation:

- Describe the maintenance and maintenance_allowed_hosts parameters
for the common role.
3 files changed with 26 insertions and 0 deletions:
docs/releasenotes.rst
8
docs/rolereference.rst
12
docs/usage.rst
6
0 comments (0 inline, 0 general)
docs/releasenotes.rst
Show inline comments
 
@@ -5,6 +5,14 @@ Release notes
 
NEXT RELEASE
 
------------
 

			




	
	
	
		
 
**New features/improvements:**

			




	
	
	
		
 

			




	
	
	
		
 
* ``common`` role

			




	
	
	
		
 

			




	
	
	
		
 
  * Added parameters ``maintenance`` and ``maintenance_allowed_hosts``

			




	
	
	
		
 
    for enabling maintenance mode. In maintenance mode only the listed

			




	
	
	
		
 
    hosts are allowed to connect to the server.

			




	
	
	
		
 

			




	
	
	
		
 
**Bug fixes:**

			




	
	
	
		
 

			




	
	
	
		
 
* ``wsgi_website_`` role

			




        

    


    
    

    

        

                

                    docs/rolereference.rst
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -391,6 +391,18 @@ Parameters

			




	
	
	
		
 
  higher than ``incoming_connection_limit``), even if it would go above the

			




	
	
	
		
 
  specified connection limit.

			




	
	
	
		
 

			




	
	
	
		
 
**maintenance** (boolean, optional, ``False``)

			




	
	
	
		
 
  Specifies if maintenance mode should be enabled or not. In

			




	
	
	
		
 
  maintenance mode incoming TCP connections are allowed only from

			




	
	
	
		
 
  explicitly listed hosts (see ``maintenance_allowed_hosts``

			




	
	
	
		
 
  parameter). All ports are covered by this rule, with sole exception

			




	
	
	
		
 
  being the TCP port 22 (SSH). The SSH port is never blocked via

			




	
	
	
		
 
  maintenance mode.

			




	
	
	
		
 

			




	
	
	
		
 
**maintenance_allowed_hosts** (list, optional,  ``[]``)

			




	
	
	
		
 
  List of hosts that should be allowed to connect to the server when

			




	
	
	
		
 
  in maintenance mode.

			




	
	
	
		
 

			




	
	
	
		
 
**ntp_servers** (list, optional, ``[]``)

			




	
	
	
		
 
  List of NTP servers to use for synchronising the time on managed

			




	
	
	
		
 
  machine using NTP. If no time synchronisation should be set-up, set

			




        

    


    
    

    

        

                

                    docs/usage.rst
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -511,6 +511,12 @@ Each server needs to share some common configuration in order to be functioning

			




	
	
	
		
 
properly. This includes set-up of some shared accounts, perhaps some hardening

			




	
	
	
		
 
etc.

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   Should you ever need to limit what hosts can connect to a server

			




	
	
	
		
 
   for some kind of maintenance or upgrade purposes, the ``common``

			




	
	
	
		
 
   role comes with ``maintenance`` and ``maintenance_allowed_hosts``

			




	
	
	
		
 
   parameters. See :ref:`rolereference` for more information.

			




	
	
	
		
 

			




	
	
	
		
 
Let's take care of this common configuration right away:

			




	
	
	
		
 

			




	
	
	
		
 
1. Create playbook for the communications server:

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.