Release 3.5.0

• Facilitate dynamic inventory and custom environments

Release 3.4.0

• Redirect site HTTP requests to HTTPS if default_http_scheme is https.

Release 3.3.0

• Improve NGINX cache configuration
• Make exhbitions main menu link protocol relative

Release 3.2.0

• Configure pss for memcache caching

Release 3.1.1

• Add default for pss_api_url variable (fixes potential undefined variable problem)
• Fix RAILS_ENV and rsync in frontend deployment

Release 3.1.0

• Update copyright year in LICENSE file
• Add API url to Primary Source Sets
• Add apt-show-versions utility to common role
• Add ImageMagick policy.xml file
• Fix column names in munin postgres plugins
• Change thumbp role to support Node.js
• Fix ES port in init script
• Add logrotate configuration for thumbp
• Fix siteproxy wait_for_host port number
• Redirect /wiki to Wayback Machine

Because of the change to thumbp (the frontend's thumbnail proxy), you may
optionally run the thumbp role with the clean_thumbp variable defined, as
follows:

ansible-playbook -u <you> -i development dev_all.yml -t thumbp \
    -e 'clean_thumbp=true'
# ... OR ...
ansible-playbook -u <you> -i ingestion dev_ingestion_all.yml -t thumbp \
    -e 'clean_thumbp=true'

Or, if you like,

ansible-playbook -u <you> -i <whichever> playbooks/thumbp_development.yml \
    -e 'do_deployment=true clean_thumbp=true'

This release contains a security update to fix the ImageMagick exploit
documented at https://imagetragick.com/.

Release 3.0.0

This release adds SSL support to the development VMs.

• Add development support for SSL
• Clean up redundancy in dev_ingestion_all.yml

Upgrading

See https://github.com/dpla/automation/blob/v3.0.0/README-upgrade-3.0.md for upgrade instructions.

Also note that this is coming close on the heels of Release 2.11.0, which may also require some upgrade effort. See below.

Development with HTTPS

If you are using HTTPS, you may find it helpful to add the self-signed certificate for local.dp.la to your operating system's keychain, to get rid of warnings from your browser about the certificate's invalidity or untrustworthiness.

The following post from the blog of the Postman utility may help you: http://blog.getpostman.com/2014/01/28/using-self-signed-certificates-with-postman/ This applies to Chrome, but the procedure for other browsers should be similar.

If you recreate the loadbal VM or you regenerate the SSL certificate, you'll have to redo the steps in that blog post to replace the trusted local.dp.la certificate in your chain. If you switch back and forth between our development and ingestion inventories, you will have to put up with one of those generating an invalid-certificate warning, because each will present a different certificate for local.dp.la.

Release 2.11.1

• Add thumbp group to ingestion inventory

Release 2.11.0

• Add SSL capability and thumbnail proxy
• Replace the deprecated sudo / sudo_user directive with become / become_user
• Fix Marmotta installation (stop using apt package repository).
• Various other minor changes (see commit history)

Upgrading

After updating automation, it would be advisable to run the marmotta role itself with one of the dedicated playbooks. This should clear out the old sources list for the defunct apt repository and update the apt cache on the server that runs Marmotta. For example:

ansible-playbook -u <you> -i ingestion playbooks/marmotta_development.yml

Release 2.10.0

• Fix script in exporter role that generates "bulk download" files. Records with a similar provider aliases were being included in a single output file.
• Block bad bot using Pcore-HTTP/v0.18.1, which ignores robots.txt