Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pull in changes from 24.05 (to enable globbing) #1156

Merged
merged 23 commits into from
Nov 8, 2024
Merged

Pull in changes from 24.05 (to enable globbing) #1156

merged 23 commits into from
Nov 8, 2024

Conversation

osnyx
Copy link
Member

@osnyx osnyx commented Nov 6, 2024
edited
Loading

@flyingcircusio/release-managers

Release process

  • Created changelog entry using ./changelog.sh
    • not necessary, this is an unreleased dev branch

PR release workflow (internal)

  • PR has internal ticket
  • internal issue ID (PL-…) part of branch name
  • internal issue ID mentioned in PR description text
  • ticket is on Platform agile board
  • ticket state set to Pull request ready
  • if ticket is more urgent than within the next few days, directly contact a member of the Platform team

Design notes

  • Provide a feature toggle if the change might need to be adjusted/reverted quickly depending on context. Consider whether the default should be on or off. Example: rate limiting.
  • All customer-facing features and (NixOS) options need to be discoverable from documentation. Add or update relevant documentation such that hosted and guided customers can understand it as well.

Security implications

ctheune and others added 19 commits October 30, 2024 20:31
@ctheune @osnyx
role/nfs/client: improve reliability in upgrade/restart situations
10c808e 
Using `hard` mode causes existing mounts to persist infinitely,
avoiding clients getting stuck with a broken mount that doesn't recover
automatically.

Using the `automount` unit causes clients to be more persistent when
mounts fail (during boot) and causes applications to not accidentally
access the mount directory without the mount.

Unify the used host names on clients and servers and make sure they
match what our /etc/hosts file says so that missing DNS during boot
or bootstrap doesn't become a problem.

Automatically reboot when the `mnt-nfs-shared.mount` unit changes as
it is not reliable that NFS-related changes can be applied online.

Remove our separate reload unit that didn't work properly in too many
cases.

Fixes PL-133062
@osnyx
Merge pull request #1133 from flyingcircusio/PL-133062-nfs-hard-remou…
3825447 
…nt-v2

nfs: hard mount and fixed remount (v2)
@leona-ya
Activate fail2ban sshd ddos jail for non production machines
ebaf151 
PL-132477
@ctheune
Merge pull request #1143 from flyingcircusio/PL-132477-dheat-ssh
16a5e04 
Activate fail2ban sshd ddos jail for non production machines
@ctheune
doc: Improve documentation for devhost with channel metadata file
f49992b 
FC-41061
@ctheune
Merge pull request #1134 from flyingcircusio/FC-41601-devhost-channel…
c2827f3 
…-metadata

doc: Improve documentation for devhost with channel metadata file
@PhilTaken @ctheune
[FC-41403] detect and report syntax errors in the varnish config duri…
9f10ecc 
…ng reload
@ctheune
changelog: fix template script to handle branches with slashes
6fc6606
@ctheune
add changelog
c2d5983
@ctheune
Merge pull request #1144 from flyingcircusio/phil/FC-41403_varnish-se…
a1a48cc 
…rvice-reload-breakage

[FC-41403] fail during unit reload with syntax errors in the varnish config
@osnyx
linuxKernelStable: unpin, follow the 5.15 branch again
06f80ff
@osnyx
Update nixpkgs (2024-11-05)
3813fd4 
Pull upstream NixOS changes, security fixes and package updates:

- chromium: 129.0.6668.100 -> 130.0.6723.69 (CVE-2024-10229, CVE-2024-10230, CVE-2024-10231)
- discourse: 3.2.5 -> 3.3.2
- docker: 27.3.0 -> 27.3.1
- element-web: 1.11.81 -> 1.11.82
- firefox: 131.0.3 -> 132.0
- github-runner: 2.319.1 -> 2.320.0
- gitlab: 17.2.8 -> 17.3.6
- grafana: 10.4.10 -> 10.4.11
- linux: 5.15.164 -> 5.15.169
- nss_latest: 3.105 -> 3.106
- unifi8: 8.4.62 -> 8.5.6
@osnyx
changelog for PL-133141
b2ded20
@Ma27
release: use globs for constituents
e6d3b6b 
PL-133119
@ctheune
Merge pull request #1148 from flyingcircusio/PL-133141-update-nixpkgs…
f0c1680 
…-2405-update-nixpkgs-2024-11-04

Update nixpkgs (2024-11-04)
@ctheune
Merge pull request #1152 from flyingcircusio/PL-133119-constituent-gl…
2cd50af 
…obbing-2405

[24.05][PL-133119] release: use globs for constituents
@osnyx
Revert "release: add releaseSmall and releaseUntested jobs"
265914d 
This reverts commit 0f1f870.

Let's first sync the new release logic before trying a smaller channel
again.
@osnyx
Merge branch 'fc-24.05-dev' into 2411-globbing
957fec6
@osnyx
release/default.nix: Fully adapt from 24.05
2f0ba38 
Several changes in 24.11 made the diff too complicated to adopt that
largescale revamp of release logic. Just follow what 24.05 does
for now and redo changes if necessary.
ctheune
ctheune requested changes Nov 7, 2024
View reviewed changes
Copy link
Member

@ctheune ctheune left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's two things we now need to figure out about how we merge 24.05 into 24.11 (and this is similar to how we merge 24.01 into the hardware branch)

  1. What should happen with the changelogs? (I think we should just remove them.)
  2. The version updates need to be ignored.

ctheune
ctheune reviewed Nov 7, 2024
View reviewed changes
changelog.d/20241030_191209_PL-133062-nfs-hard-remount-v2_scriv.md Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelogs should be deleted, I think.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just manually and then as an extra commit?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't care.

@ctheune
Copy link
Member

ctheune commented Nov 7, 2024

There's two things we now need to figure out about how we merge 24.05 into 24.11 (and this is similar to how we merge 24.01 into the hardware branch)

1. What should happen with the changelogs? (I _think_ we should just remove them.)

2. The version updates need to be ignored.

Apparently the version.nix didn't actually change in this PR, but I can't see where it was reverted ... ?!?

osnyx added 3 commits November 7, 2024 10:20
@osnyx
important-packages: temporarily remove postgres17
a93d909 
That package is not yet available in the nixpkgs
pinned right now.
Revert this after upgrading the nixpkgs revision.
@osnyx
unifi-controller-7: allow as insecure package
2e3abd4
@osnyx
tests: disable postgres17 tests as well
1c491ea 
version is missing here as well
@osnyx
Copy link
Member Author

osnyx commented Nov 7, 2024

Apparently the version.nix didn't actually change in this PR, but I can't see where it was reverted ... ?!?

I did a checkout --ours during merge conflict resolution. I deem this to bee an appropriate measure, as this is indeed a conflict due to changes in both branches, but feel free to correct me in case I'm wrong.

@ctheune ctheune changed the title 2411 globbing Pull in changes from 24.05 (to enable globbing) Nov 7, 2024
@ctheune
Copy link
Member

ctheune commented Nov 7, 2024

There's two things we now need to figure out about how we merge 24.05 into 24.11 (and this is similar to how we merge 24.01 into the hardware branch)

1. What should happen with the changelogs? (I _think_ we should just remove them.)

2. The version updates need to be ignored.

Apparently the version.nix didn't actually change in this PR, but I can't see where it was reverted ... ?!?

Those were all solved in the discussions above.

@osnyx osnyx mentioned this pull request Nov 7, 2024
Closed
11 tasks
@osnyx osnyx marked this pull request as ready for review November 8, 2024 17:18
@osnyx osnyx merged commit ae15d23 into fc-24.11-dev Nov 8, 2024
1 check passed
@osnyx osnyx deleted the 2411-globbing branch November 8, 2024 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctheune ctheune ctheune requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@osnyx @ctheune @leona-ya @PhilTaken @Ma27