MAAS

Merge lp:~lamont/maas/create-maas-proxy.conf-packaging into lp:~maas-maintainers/maas/packaging

  1. create-maas-proxy.conf-packaging
  2. Merge into packaging
Proposed by LaMont Jones
Status: Merged
Approved by: LaMont Jones
Approved revision: no longer in the source branch.
Merged at revision: 474
Proposed branch: lp:~lamont/maas/create-maas-proxy.conf-packaging
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 163 lines (+18/-52)
9 files modified
debian/changelog (+2/-0)
debian/extras/maas-proxy-common.sh (+1/-1)
debian/extras/maas-proxy.conf (+0/-40)
debian/maas-proxy.dirs (+1/-0)
debian/maas-proxy.install (+0/-1)
debian/maas-proxy.logrotate (+1/-1)
debian/maas-proxy.maas-proxy.service (+2/-2)
debian/maas-proxy.postinst (+10/-6)
debian/maas-proxy.postrm (+1/-1)
To merge this branch: bzr merge lp:~lamont/maas/create-maas-proxy.conf-packaging
Reviewer Review Type Date Requested Status
Andres Rodriguez (community) Approve
Review via email: mp+290381@code.launchpad.net

Commit message

Packaging changes for maas-proxy lockdown.

Description of the change

Packaging changes for maas-proxy lockdown.

To post a comment you must log in.
Revision history for this message
LaMont Jones (lamont) wrote :

This requires the corresponding branch in trunk. See https://code.launchpad.net/~lamont/maas/create-maas-proxy.conf/+merge/290154

Revision history for this message
Andres Rodriguez (andreserl) wrote :

lgtm! Just one remark!

review: Approve
Revision history for this message
LaMont Jones (lamont) wrote :

Updated.

Revision history for this message
MAAS Lander (maas-lander) wrote :

Attempt to merge into lp:~maas-maintainers/maas/packaging failed due to conflicts:

text conflict in debian/changelog

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2016-04-01 13:23:48 +0000
3+++ debian/changelog 2016-04-01 20:05:40 +0000
4@@ -7,6 +7,8 @@
5 and ownership (LP: #1563799 , LP: #1563779)
6 * Improve the way how removals clean the system (LP: #1563337)
7 * Reflect new names and website for systemd units (LP: #1563807)
8+ * maas-proxy now uses a custom-built config, instead of a boilerplate.
9+ LP: #1379567
10
11 -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 28 Mar 2016 16:47:58 -0400
12
13
14=== modified file 'debian/extras/maas-proxy-common.sh'
15--- debian/extras/maas-proxy-common.sh 2015-08-13 09:01:57 +0000
16+++ debian/extras/maas-proxy-common.sh 2016-04-01 20:05:40 +0000
17@@ -16,6 +16,6 @@
18 chown -R proxy:proxy /var/log/maas/proxy
19 fi
20 if [ ! -d /var/cache/maas-proxy/00 ]; then
21- $SQUID -z -N -f /usr/share/maas/maas-proxy.conf
22+ $SQUID -z -N -f /var/lib/maas/maas-proxy.conf
23 fi
24 }
25
26=== removed file 'debian/extras/maas-proxy.conf'
27--- debian/extras/maas-proxy.conf 2015-07-15 16:14:39 +0000
28+++ debian/extras/maas-proxy.conf 1970-01-01 00:00:00 +0000
29@@ -1,40 +0,0 @@
30-# Inspired by UDS's conference proxy
31-
32-acl maas_proxy_manager proto cache_object
33-acl localhost src 127.0.0.1/32 ::1
34-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
35-acl localnet src all # TODO: We should auto-generate this with the networks MAAS manages/knows about.
36-acl SSL_ports port 443
37-acl Safe_ports port 80 # http
38-acl Safe_ports port 21 # ftp
39-acl Safe_ports port 443 # https
40-acl Safe_ports port 1025-65535 # unregistered ports
41-acl CONNECT method CONNECT
42-http_access allow maas_proxy_manager localhost
43-http_access deny maas_proxy_manager
44-http_access deny !Safe_ports
45-http_access deny CONNECT !SSL_ports
46-http_access allow localnet
47-http_access allow localhost
48-http_access deny all
49-http_port 3128 transparent
50-http_port 8000
51-coredump_dir /var/spool/maas-proxy
52-refresh_pattern ^ftp: 1440 20% 10080
53-refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
54-refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
55-refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
56-refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
57-refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
58-refresh_pattern . 0 20% 4320
59-forwarded_for delete
60-visible_hostname maas.proxy # TODO: This should be autogenerated by a template.
61-cache_mem 512 MB
62-minimum_object_size 0 MB
63-maximum_object_size 1024 MB
64-maximum_object_size_in_memory 100 MB
65-cache_dir aufs /var/spool/maas-proxy 40000 16 256
66-# use different logs
67-cache_access_log /var/log/maas/proxy/access.log
68-cache_log /var/log/maas/proxy/cache.log
69-cache_store_log /var/log/maas/proxy/store.log
70
71=== modified file 'debian/maas-proxy.dirs'
72--- debian/maas-proxy.dirs 2014-09-12 19:10:04 +0000
73+++ debian/maas-proxy.dirs 2016-04-01 20:05:40 +0000
74@@ -1,1 +1,2 @@
75 var/log/maas/proxy
76+var/lib/maas
77
78=== modified file 'debian/maas-proxy.install'
79--- debian/maas-proxy.install 2016-02-10 15:56:10 +0000
80+++ debian/maas-proxy.install 2016-04-01 20:05:40 +0000
81@@ -1,2 +1,1 @@
82-debian/extras/maas-proxy.conf usr/share/maas/
83 debian/extras/maas-proxy-common.sh usr/share/maas/
84
85=== modified file 'debian/maas-proxy.logrotate'
86--- debian/maas-proxy.logrotate 2015-08-13 09:01:57 +0000
87+++ debian/maas-proxy.logrotate 2016-04-01 20:05:40 +0000
88@@ -19,6 +19,6 @@
89 exit 1
90 fi
91
92- test ! -e /var/run/maas-proxy.pid || $SQUID -f /usr/share/maas/maas-proxy.conf -k rotate
93+ test ! -e /var/run/maas-proxy.pid || $SQUID -f /var/lib/maas/maas-proxy.conf -k rotate
94 endscript
95 }
96
97=== modified file 'debian/maas-proxy.maas-proxy.service'
98--- debian/maas-proxy.maas-proxy.service 2015-08-13 09:01:57 +0000
99+++ debian/maas-proxy.maas-proxy.service 2016-04-01 20:05:40 +0000
100@@ -2,14 +2,14 @@
101 Description=MAAS Proxy
102 Requires=network-online.target
103 After=network-online.target
104-ConditionPathExists=/usr/share/maas/maas-proxy.conf
105+ConditionPathExists=/var/lib/maas/maas-proxy.conf
106
107 [Service]
108 ExecStartPre=/bin/mkdir -p /run/maas/proxy
109 ExecStartPre=/bin/sh -ec '\
110 . /usr/share/maas/maas-proxy-common.sh; \
111 pre_start'
112-ExecStart=/usr/sbin/squid3 -N -f /usr/share/maas/maas-proxy.conf
113+ExecStart=/usr/sbin/squid3 -N -f /var/lib/maas/maas-proxy.conf
114
115 [Install]
116 WantedBy=multi-user.target
117
118=== modified file 'debian/maas-proxy.postinst'
119--- debian/maas-proxy.postinst 2015-11-25 17:34:18 +0000
120+++ debian/maas-proxy.postinst 2016-04-01 20:05:40 +0000
121@@ -4,19 +4,23 @@
122
123 if [ "$1" = "configure" ]
124 then
125- # Stop the squid3 instance that came with the isc-dhcp-server package.
126+ # Stop the squid3 instance that came with the squid3 package.
127 # We run our own squid3 instances.
128- systemctl stop squid3 >/dev/null || true
129- systemctl disable squid3 >/dev/null || true
130+ # Handle both versions of the name, for safety.
131+ for SQUID in squid squid3; do
132+ systemctl stop ${SQUID} >/dev/null 2>&1 || true
133+ systemctl disable ${SQUID} >/dev/null 2>&1 || true
134+ done
135
136 # Ensure log folder is created.
137 mkdir -p /var/log/maas/proxy
138 chown -R proxy:proxy /var/log/maas/proxy
139
140- # Move maas-proxy.conf if we are upgrading from an earlier
141- # version that used to ship maas-proxy.conf in /etc/maas.
142+ # maas-proxy.conf is now generated by MAAS itself and if we are
143+ # upgrading from an earlier version that used to ship maas-proxy.conf
144+ # in /etc/maas, it is safe to remove
145 if [ -f /etc/maas/maas-proxy.conf ]; then
146- mv /etc/maas/maas-proxy.conf /usr/share/maas/
147+ rm /etc/maas/maas-proxy.conf
148 fi
149
150 fi
151
152=== modified file 'debian/maas-proxy.postrm'
153--- debian/maas-proxy.postrm 2015-08-13 09:01:57 +0000
154+++ debian/maas-proxy.postrm 2016-04-01 20:05:40 +0000
155@@ -6,7 +6,7 @@
156 rm -rf /var/cache/maas-proxy
157 rm -rf /var/log/maas/proxy
158 rm -rf /var/spool/maas-proxy
159- rm -rf /usr/share/maas/maas-proxy.conf
160+ rm -rf /var/lib/maas/maas-proxy.conf
161 fi
162
163 #DEBHELPER#

Subscribers

People subscribed via source and target branches