drupal issueshttps://gitlab.cern.ch/groups/drupal/-/issues2021-08-04T17:35:22+02:00https://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/68Add creator/ requester info on the drupalSite CRD2021-08-04T17:35:22+02:00Vineet Reddy RajulaAdd creator/ requester info on the drupalSite CRDFor auditing/ debugging purposes, it would be nice to have the creator/ requestor userID of the site on the drupalSite CR
CC: @fborgesa @dchatzicFor auditing/ debugging purposes, it would be nice to have the creator/ requestor userID of the site on the drupalSite CR
CC: @fborgesa @dchatzichttps://gitlab.cern.ch/drupal/paas/cern-drupal-distribution/-/issues/17Add docker-compose for local development2024-03-27T00:05:01+01:00Carina AntunesAdd docker-compose for local developmentVineet Reddy RajulaFrancisco Borges Aurindo BarrosVineet Reddy Rajulahttps://gitlab.cern.ch/drupal/paas/cern-drupal-distribution/-/issues/4Add instructions on how to initialize the composer project to the Readme2021-02-08T10:45:28+01:00Vineet Reddy RajulaAdd instructions on how to initialize the composer project to the ReadmeVineet Reddy RajulaVineet Reddy Rajulahttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/77Add tests for supporteddrupalversions controller2021-12-10T09:59:32+01:00Dimitra Chatzichrysoudimitra.chatzichrysou@cern.chAdd tests for supporteddrupalversions controllerhttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/43Assert site installation instead of checking job status2021-03-18T11:07:51+01:00Konstantinos Samaras-TsakirisAssert site installation instead of checking job status### URL [preferred]
What happens if we curl `<site-url>/core/install.php`? Probably we can assert installed status
### with a drush command
This would need the operator to run a drush command in a task, a much heavier thing to do.
``...### URL [preferred]
What happens if we curl `<site-url>/core/install.php`? Probably we can assert installed status
### with a drush command
This would need the operator to run a drush command in a task, a much heavier thing to do.
```
[ drush status --fields=bootstrap | grep -q 'Successful' ]
```Vineet Reddy RajulaVineet Reddy Rajulahttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/63Backoff reconciliation2021-09-13T11:10:31+02:00Francisco Borges Aurindo BarrosBackoff reconciliationCurrently the backoff of bad deployments is too slow(?) or non existent as operator will spend too much time on bad deployments, this was detected when multiple new websites were created and new ones would have long wait time due to oper...Currently the backoff of bad deployments is too slow(?) or non existent as operator will spend too much time on bad deployments, this was detected when multiple new websites were created and new ones would have long wait time due to operator being busy with other ones.https://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/90Backup prior to deletion2024-03-27T00:05:01+01:00Carina AntunesBackup prior to deletionAutomate long lived backup prior deletion to allow easy recoveryAutomate long lived backup prior deletion to allow easy recoveryFrancisco Borges Aurindo BarrosFrancisco Borges Aurindo Barroshttps://gitlab.cern.ch/drupal/paas/cern-drupal-distribution/-/issues/25Blacklist modules2024-03-27T00:05:01+01:00Carina AntunesBlacklist modulesGiving the most recent critical security vulnerability detected, https://www.drupal.org/sa-core-2023-006,
a question arose regarding the possibility to backlist a module, until a patch is applied.
After investigation, it appears out of...Giving the most recent critical security vulnerability detected, https://www.drupal.org/sa-core-2023-006,
a question arose regarding the possibility to backlist a module, until a patch is applied.
After investigation, it appears out of the box, this feature is not possible, however there's a module which provides said functionality.
I propose we add to our distribution https://www.drupal.org/project/module_blacklist.
The module allows site administrators to block certain module from being installed, based on a blacklist set on settings.php file.
In this case simply adding the mentioned module, results in blocking fresh installations of said module.
```
$settings['module_blacklist'] = [
'jsonapi',
];
```
![Screenshot_2023-09-21_at_11.42.45](/uploads/2d9144536f5d59403d638c100642ca66/Screenshot_2023-09-21_at_11.42.45.png)
It does not block already installed modules, which can be discussed further.
Related to this topic, the following module, can be particularly interesting for websites still in PHP 7, and to Drupal 10 beyond EOL:
- https://www.drupal.org/project/readonlymodehttps://gitlab.cern.ch/drupal/paas/drupal-operations/-/issues/11Block module/theme installation on new Drupal instances2024-03-27T15:54:00+01:00Francisco Borges Aurindo BarrosBlock module/theme installation on new Drupal instancesThe goal is to disallow any level of customization to the Drupal administrators.
To achieve this, we must block module installation.
Current possible options:
## 1. Change deployment setup
##### Description:
The deployment would have...The goal is to disallow any level of customization to the Drupal administrators.
To achieve this, we must block module installation.
Current possible options:
## 1. Change deployment setup
##### Description:
The deployment would have PVs mounted as read-only for `/drupal-data/modules` and `/drupal-data/themes` paths on `webdav` container.
##### Pros:
It is uniform to all users. New instances will have no customization, existing instances will not be able to add any new customizations, but keep current ones.
##### Cons:
Once applied, modules cannot be updated neither removed by users. It will require admin action or access to the `php-fpm` container in order to do full `CRUD` operations.
Users that have requested advanced access to containers will continue to be able to add modules. Revoking access to previously given users would be advisable.
Extra: We can have a label to make it `ready-write` mount on `webdav` for necessary exceptions for a temporary time. I would not recommend this, but can be included if we are to go with this path but multiple expecting exceptions.
## 2. Separate new image
##### Description:
We can have a default image, and the only available for new instances, that does not do any linkage of `/drupal-data/modules` to be actually used as modules. This linkage is embedded in the image, and if removed, would make the customization impossible to users.
##### Pros:
Clear distinction between websites with and without customization available. Fully working for the first, zero for the latter.
##### Cons:
Maintain two `RELEASE` images for the time being, and have to update both.https://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/13CERN profile throwing errors2020-12-03T13:21:44+01:00Vineet Reddy RajulaCERN profile throwing errorsWhen using the profiles from the [drupal/profiles](https://gitlab.cern.ch/drupal/profiles) gitlab repo, and when selecting 'CERN' profile during site installation, running into the following error
```
Missing modules: Cern_indico_events...When using the profiles from the [drupal/profiles](https://gitlab.cern.ch/drupal/profiles) gitlab repo, and when selecting 'CERN' profile during site installation, running into the following error
```
Missing modules: Cern_indico_eventsCern_integrationExternalauthMatomoMemcacheModule_filterSimplesamlphp_auth
```
![image](/uploads/016e40fdb99d433d4b6b30f13a99ecec/image.png)https://gitlab.cern.ch/drupal/paas/dbod-operator/-/issues/9[chart] Helm upgrade fails: error with json merge strategy for the CRD2019-11-20T15:46:14+01:00Konstantinos Samaras-Tsakiris[chart] Helm upgrade fails: error with json merge strategy for the CRDIt's this bug: https://github.com/helm/helm/issues/5853
It likely happens because of k8s v1.11 in OpenShift. I should stop developing on OpenShift.It's this bug: https://github.com/helm/helm/issues/5853
It likely happens because of k8s v1.11 in OpenShift. I should stop developing on OpenShift.https://gitlab.cern.ch/drupal/paas/drupal-operations/-/issues/7Cleanup clones 20242024-03-28T09:29:36+01:00Carina AntunesCleanup clones 2024Vasvi SharmaVasvi Sharmahttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/95Clone behind SSO2024-02-14T15:25:02+01:00Carina AntunesClone behind SSOhttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/59Declare status conditions in the API pkg2021-04-27T20:38:50+02:00Konstantinos Samaras-TsakirisDeclare status conditions in the API pkgLike in the ProjectLifecyclePolicy CRD: https://gitlab.cern.ch/paas-tools/operators/authz-operator/-/blob/master/api/v1alpha1/projectlifecyclepolicy_types.go#L33Like in the ProjectLifecyclePolicy CRD: https://gitlab.cern.ch/paas-tools/operators/authz-operator/-/blob/master/api/v1alpha1/projectlifecyclepolicy_types.go#L33Carina AntunesCarina Antuneshttps://gitlab.cern.ch/drupal/paas/renovate-bot/-/issues/2Dependency Dashboard2023-10-16T08:04:43+02:00Cern Drupal Distribution UserDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detect...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detected dependencies
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
</details>
</blockquote>
</details>https://gitlab.cern.ch/drupal/paas/renovate-bot/-/issues/1Dependency Dashboard2023-07-17T16:50:59+02:00Monica Jaqueline Iniguez MoncadaDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detect...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detected dependencies
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
</details>
</blockquote>
</details>https://gitlab.cern.ch/drupal/paas/infrastructure-stress-test/-/issues/4Dockerize the code to generate graphs2021-06-08T17:26:46+02:00Vineet Reddy RajulaDockerize the code to generate graphsIt would be nice to dockerize the whole code with ports exposed, to make it easy to run.It would be nice to dockerize the whole code with ports exposed, to make it easy to run.https://gitlab.cern.ch/drupal/paas/drupal-operations/-/issues/10Draft: Forbid adding custom modules to new Drupal websites2024-03-19T09:29:23+01:00Francisco Borges Aurindo BarrosDraft: Forbid adding custom modules to new Drupal websitesAfter the ED meeting, we can now start by blocking Drupal websites from installing modules that are not in the cern-drupal-distribution.
There are many considerations to take into account:
- Can only affect new instances
- Drupal does ...After the ED meeting, we can now start by blocking Drupal websites from installing modules that are not in the cern-drupal-distribution.
There are many considerations to take into account:
- Can only affect new instances
- Drupal does not seem to have any easy locking/disabling of the installation button (maybe a custom development might be required and added to the installation page)
- Filesystem lock on the image might affect existing websiteshttps://gitlab.cern.ch/drupal/paas/cern-drupal-distribution/-/issues/10Drupal cron failing rarely but undetected2024-03-27T00:05:01+01:00Carina AntunesDrupal cron failing rarely but undetectedDrupal cron failing rarely but undetected - check how to add alert
Sites:
- theory department
- cnpdfsDrupal cron failing rarely but undetected - check how to add alert
Sites:
- theory department
- cnpdfsFrancisco Borges Aurindo BarrosFrancisco Borges Aurindo Barroshttps://gitlab.cern.ch/drupal/paas/drupalsite-operator/-/issues/11Drush site-install 'config' dir warning2020-12-03T12:12:30+01:00Vineet Reddy RajulaDrush site-install 'config' dir warning```
[error] Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your ../config/sync directory which contains the following lines: <pre><code># Deny all requests
from Apache 2.4+. ...```
[error] Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your ../config/sync directory which contains the following lines: <pre><code># Deny all requests
from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
# Turn off all options we don't need.
Options -Indexes -ExecCGI -Includes -MultiViews
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
# If we know how to do it safely, disable the PHP engine entirely.
<IfModule mod_php7.c>
php_flag engine off
</IfModule></code></pre> [1.27 sec, 32.41 MB]
```
Debug and figure out the warning and check if it relevant to nginx as well