opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles
History
Jeremy Stanley 8500dcf394 Patch acme.sh/4659 for arbitrary command execution 
Temporarily cherry-pick the commits which fix "acme.sh runs
arbitrary commands from a remote server"
https://github.com/acmesh-official/acme.sh/issues/4659 as trivial
backports on top of their 3.0.5 release until such time as we can
upgrade. This addresses a remote code execution vulnerability (no
CVE assigned yet) which could be exploited by the ACME protocol
operator, in our case the admins of the Let's Encrypt certificate
authority.

Change-Id: Ib052901a7aa08a9fdbd01d623f4b5d3eee938401
2023-06-11 20:41:11 +00:00
..
accessbot
Revert "Move system-config irc bots into quay.io"
2023-05-24 13:17:54 -07:00
add-inventory-known-hosts
bridge: Disable writing known_hosts files
2022-11-21 15:29:56 +11:00
afs-release
afs-release: better info when can not get lockfile
2022-10-11 10:53:02 +11:00
afsmon
afsmon: install python3-pip
2020-02-12 16:39:11 +11:00
apache-ua-filter
Update user agent filter list
2023-05-02 10:18:41 -07:00
base
Merge "Don't install phased package updates with apt"
2022-11-03 00:12:28 +00:00
borg-backup
Borg ignore ansible tmp files
2022-05-05 08:36:20 -07:00
borg-backup-server
borg-backup-server: build borg users betterer
2022-11-23 08:26:28 +11:00
codesearch
codesearch: Add robots.txt
2020-11-20 19:13:32 +11:00
configure-kubectl
Configure .kube/config on bridge
2019-02-06 15:43:19 -08:00
configure-openstacksdk
Farewell limestone
2023-02-13 23:54:59 +00:00
create-venv
pip: use latest instead of upgrade
2022-12-06 17:28:09 +11:00
disable-puppet-agent
Stop running mcollective
2020-05-05 15:00:04 -05:00
dstat-logger
dstat-logger: redirect stdout to /dev/null
2021-03-24 22:23:13 +00:00
edit-secrets-script
edit-secrets: configure gpg-agent/emacs
2022-11-03 10:07:20 +11:00
etherpad
etherpad: redirect container logs
2022-11-09 07:46:15 +11:00
gerrit
Fix gerrit upgrade config diff checking
2023-04-07 13:57:51 -07:00
gerritbot
Revert "Move pull external IRC bot images from quay.io"
2023-05-24 13:42:47 -07:00
gitea
Update gitea to 1.19.3
2023-05-03 14:42:08 -07:00
gitea-git-repos
gitea-git-repos: remove #!/usr/bin/env python
2022-11-23 08:26:28 +11:00
gitea-lb
gitea-haproxy: issue liveness check to HEAD /
2022-03-08 09:46:59 +11:00
gitea-set-org-logos
Update gitea to 1.19.3
2023-05-03 14:42:08 -07:00
grafana
Revert "Pull grafyaml from quay.io"
2023-05-24 13:52:43 -07:00
graphite
graphite: fix xFilesFactor
2022-06-28 18:41:17 +10:00
haproxy
Revert "Migrate statsd sidecar container images to quay.io"
2023-05-24 11:39:46 -07:00
import-gpg-key
reprepro: convert to Ansible
2020-10-19 14:06:57 +11:00
install-ansible
dns: abstract names
2023-04-19 09:53:10 +10:00
install-ansible-roles
puppet: don't run module install steps multiple times
2020-09-03 09:23:05 +10:00
install-apt-repo
Vendor the apt repo gpg keys used for Zuul
2020-05-20 13:17:09 -07:00
install-borg
install-borg: update to borg 1.1.18
2022-08-10 10:14:56 +10:00
install-certcheck
Generate ssl check list directly from letsencrypt variables
2020-05-20 14:27:14 +10:00
install-docker
Add more docker-compose installation comments
2023-05-03 14:12:55 -07:00
install-kubectl
Remove snap cleanup tasks
2020-04-16 12:45:36 -05:00
install-launch-node
install-launch-node: upgrade all packages
2023-04-06 09:20:15 +10:00
install-podman
Run a gerrit container on review-dev01
2019-10-29 08:29:17 +09:00
iptables
iptables: handle hosts in allowed groups not having an ipv6 address
2023-01-12 21:48:22 +11:00
jaeger
Fix jaeger badger config and uid
2022-09-28 14:22:58 -07:00
jitsi-meet
Fix jitsi meet jvb connection info and cert CN
2022-09-16 15:43:48 -07:00
kerberos-kdc
Merge "kerberos-kdc: quote some integers to avoid string/int confusion"
2021-03-22 22:56:26 +00:00
keycloak
Pull keycloak from quay.io
2022-05-04 13:08:28 -07:00
letsencrypt-acme-sh-install
Patch acme.sh/4659 for arbitrary command execution
2023-06-11 20:41:11 +00:00
letsencrypt-config-certcheck
letsencrypt-request-certs: refactor certcheck list
2022-11-23 08:26:28 +11:00
letsencrypt-create-certs
Make etherpad configuration more generic for multiple hosts
2023-04-05 08:36:27 -07:00
letsencrypt-install-txt-record
dns: abstract names
2023-04-19 09:53:10 +10:00
letsencrypt-request-certs
letsencrypt-request-certs: refactor certcheck list
2022-11-23 08:26:28 +11:00
limnoria
Revert "Move system-config irc bots into quay.io"
2023-05-24 13:17:54 -07:00
lodgeit
Revert "Pull lodgeit from quay.io"
2023-05-24 14:01:54 -07:00
logrotate
logrotate: don't use filename to generate config file
2023-02-14 07:03:17 +11:00
mailman
mailman: add variable for matching UAs in Apache
2023-01-11 15:47:20 +11:00
mailman3
mailman: set web auto field size to "AutoField"
2023-02-10 08:31:04 +11:00
mailman-list
Use newlist's automate option
2021-12-15 17:42:58 +00:00
mailman-site
mailman: add variable for matching UAs in Apache
2023-01-11 15:47:20 +11:00
master-nameserver
bind9 : drop obsolete option for later versions
2023-03-09 16:37:32 +11:00
matrix-eavesdrop
Revert "Move system-config irc bots into quay.io"
2023-05-24 13:17:54 -07:00
matrix-gerritbot
Update gerritbot-matrix version to include wipness
2022-04-12 14:41:53 +00:00
mirror
Correct (again) how ansible-galaxy proxy is configured
2023-01-16 14:21:40 +01:00
mirror-update
Cleanup fedora mirroring
2023-05-12 10:10:50 -07:00
nameserver
nameserver: Allow master server to notify via ipv6
2020-10-28 09:26:14 +00:00
nodepool-base
nodepool-base: use ipv4 ZK addresses if we don't have an ipv6 address
2023-01-12 21:50:17 +11:00
nodepool-builder
Switch to nodepool images on quay.io
2023-04-26 10:37:08 -07:00
nodepool-launcher
Switch to nodepool images on quay.io
2023-04-26 10:37:08 -07:00
openafs-db-server
openafs-<db|file>-server: fix role name
2021-02-10 13:49:12 +11:00
openafs-file-server
openafs-<db|file>-server: fix role name
2021-02-10 13:49:12 +11:00
openafs-server-config
Retire mordred as infra-root
2022-12-06 11:04:08 -06:00
opendev-ca
Correct internal tracing server cert name
2022-09-28 10:38:41 -07:00
pip3
Use versioned get-pip.py URL for Ubuntu Bionic
2022-01-30 15:37:58 +00:00
ptgbot
Revert "Move pull external IRC bot images from quay.io"
2023-05-24 13:42:47 -07:00
puppet-run
puppet: don't run module install steps multiple times
2020-09-03 09:23:05 +10:00
puppet-setup-ansible
install-ansible: move install_modules.sh to puppet-setup-ansible
2020-09-03 09:28:16 +10:00
rax-dns-backup
rax-dns-backup: fix parsing
2022-11-21 11:44:07 +11:00
refstack
refstack: don't chown db directory
2021-11-05 09:39:29 +11:00
registry
Switch the zuul-registry image location to quay.io
2023-04-26 10:41:51 -07:00
reprepro
reprepro: mirror Ubuntu UCA Antelope for Ubuntu Jammy
2023-05-18 06:53:48 +02:00
root-keys
roles: Add README.rst and lint
2018-08-23 21:34:42 +10:00
run-selenium
run-selenium: Use latest tag on firefox image
2022-10-11 10:53:00 +11:00
static
Merge "Redirect openstack-specs to git repo on opendev"
2023-03-30 17:08:15 +00:00
statusbot
Revert "Move pull external IRC bot images from quay.io"
2023-05-24 13:42:47 -07:00
sync-project-config
Revert "Update to tip of master in periodic jobs"
2022-11-03 16:40:54 +11:00
vos-release
Add missing newline in vos_release.sudo
2019-11-21 19:08:30 +00:00
zookeeper
Revert "Migrate statsd sidecar container images to quay.io"
2023-05-24 11:39:46 -07:00
zuul
Export Zuul traces to Jaeger
2022-09-22 15:06:46 -07:00
zuul-executor
Run zuul-executor on jammy
2023-06-03 07:07:02 -07:00
zuul-lb
Do more robust checks against zuul-web with haproxy
2022-03-04 14:17:51 -08:00
zuul-merger
Switch zuul container images to quay.io
2023-04-26 10:40:30 -07:00
zuul-preview
Switch zuul container images to quay.io
2023-04-26 10:40:30 -07:00
zuul-scheduler
Switch zuul container images to quay.io
2023-04-26 10:40:30 -07:00
zuul-status-backup
Add --fail flag to zuul status backup curl
2020-04-28 08:33:05 -05:00
zuul-user
Split eavesdrop into its own playbook
2020-04-23 14:34:28 -05:00
zuul-web
Switch zuul container images to quay.io
2023-04-26 10:40:30 -07:00
set-hostname
Split eavesdrop into its own playbook
2020-04-23 14:34:28 -05:00