- Feb 12, 2020
-
-
McConahy, Renee Margaret authored
Ordinary firewall filtering rules, placed in iptables's "INPUT" chain in the "filter" table, aren't applied to Docker's ingress traffic, which is redirected ("NATted") to Docker's interface by the "PREROUTING" chain in the "nat" table. Hence, the rules pretending to allow LOCKSS management traffic from trusted hosts are superfluous and misleading: traffic to those ports is instead restricted by LOCKSS according to its "LOCKSS_ACCESS_SUBNET" variable. I could write rules to filter Docker's ingress traffic, but I would rather not take the time--I would need to take care that they were always given priority over Docker's rules, even when Docker were restarted--and LOCKSS's own handling of matters ought to be sufficient for now. With that, the base firewall rules (enabling a default-deny ingress policy with an exception for ssh) seem out of scope for this role.
-
McConahy, Renee Margaret authored
- Vagrantfile: Correct the path to the parsed YAML file. (This caused 'vagrant global-status' to fail when called from outside the project's directory.) - Vagrantfile: As we do not use it, disable the default sharing of the project's directory with the VMs. - lockss: Use /tmp as temporary directory. - Other trivialities.
-
- Feb 11, 2020
-
-
McConahy, Renee Margaret authored
-
McConahy, Renee Margaret authored
-
McConahy, Renee Margaret authored
-
- Jan 28, 2020
-
-
McConahy, Renee Margaret authored
-
- Jan 24, 2020
-
-
McConahy, Renee Margaret authored
-
McConahy, Renee Margaret authored
-
McConahy, Renee Margaret authored
When it already exists, the swap file managed by the role must be excluded from the sum of memory and swap used to calculate the size of said file. The size of the swap file's header ought to be included in the calculation; otherwise, the file will be slightly undersized, and the role will re-create it at every invocation.
-
McConahy, Renee Margaret authored
-
- Jan 17, 2020
-
-
McConahy, Renee Margaret authored
-