v2.4.0 (2019-03-06)
Closed issues:
- Tag v2.4.0 release #262
v2.4.0 (2019-02-23)
Closed issues:
- Tag v2.3.1 release #259
Merged pull requests:
- Update CHANGELOG for v2.4.0 release [skip ci] #264 (nubis-automation)
- Update CHANGELOG for v2.4.0 release [skip ci] #263 (nubis-automation)
v2.3.1 (2018-08-21)
Closed issues:
Merged pull requests:
- Update CHANGELOG for v2.3.1 release [skip ci] #258 (nubis-automation)
- Update CHANGELOG for v2.3.1 release [skip ci] #257 (nubis-automation)
- Update LDAP port #255 (tinnightcap)
v2.3.0 (2018-08-01)
Closed issues:
- Tag v2.2.0 release #229
- [squid] Consider adding tcp/8443 to safe https ports #228
- Tag v2.3.0 release #249
- Tag v2.3.0 release #246
- Tag v2.3.0 release #242
- Tag v2.3.0 release #239
- Tag v2.3.0 release #236
- Tag v2.3.0 release #233
Merged pull requests:
- Update CHANGELOG for v2.3.0 release [skip ci] #251 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #250 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #248 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #247 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #244 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #243 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #241 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #240 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #238 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #237 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #235 (nubis-automation)
- Update CHANGELOG for v2.3.0 release [skip ci] #234 (nubis-automation)
- Allow outbound SSL connections on tcp/8443 #232 (gozer)
v2.2.0 (2018-04-06)
Closed issues:
Merged pull requests:
- Update CHANGELOG for v2.2.0 release [skip ci] #231 (nubis-automation)
- Update CHANGELOG for v2.2.0 release [skip ci] #230 (nubis-automation)
- Tag project as platform #227 (limed)
- Linting #226 (limed)
- Update nubis-travis #223 (tinnightcap)
v2.1.0 (2018-02-07)
Implemented enhancements:
- Updating nubis-proxy puppet module #12
Closed issues:
- Tag v2.1.0 release #220
- Tag v2.1.0 release #217
- [squid-exporter] Use squid exporter instead of snmp #197
Merged pull requests:
- Update CHANGELOG for v2.1.0 release [skip ci] #222 (nubis-automation)
- Update CHANGELOG for v2.1.0 release [skip ci] #221 (nubis-automation)
- Update CHANGELOG for v2.1.0 release [skip ci] #219 (nubis-automation)
- Update CHANGELOG for v2.1.0 release [skip ci] #218 (nubis-automation)
v2.0.4 (2017-12-08)
Closed issues:
Merged pull requests:
v2.0.3 (2017-11-02)
Closed issues:
- Tag v2.0.3 release #210
Merged pull requests:
- Merge v2.0.3 release into develop. [skip ci] #212 (tinnightcap)
- Update CHANGELOG for v2.0.3 release [skip ci] #211 (tinnightcap)
v2.0.2 (2017-10-24)
Closed issues:
- Tag v2.0.2 release #207
Merged pull requests:
- Merge v2.0.2 release into develop. [skip ci] #209 (tinnightcap)
- Update CHANGELOG for v2.0.2 release [skip ci] #208 (tinnightcap)
- Use a proper squid exporter #205 (limed)
v2.0.1 (2017-10-13)
Implemented enhancements:
- Generalize nsm_mailto parameter #18
Fixed bugs:
- Ensure bro user doesn't get killed with by user management #152
Closed issues:
Merged pull requests:
- Merge v2.0.1 release into develop. [skip ci] #204 (tinnightcap)
- Update CHANGELOG for v2.0.1 release [skip ci] #203 (tinnightcap)
v2.0.0 (2017-10-05)
Closed issues:
- Tag v2.0.0 release #199
Merged pull requests:
- Merge v2.0.0 release into develop. [skip ci] #201 (tinnightcap)
- Update CHANGELOG for v2.0.0 release [skip ci] #200 (tinnightcap)
- Arena drop #198 (gozer)
- Update nubis-travis to v1.4.2 #196 (tinnightcap)
- Migrate to mozilla slack #195 (tinnightcap)
v1.5.1 (2017-08-18)
Closed issues:
- Tag v1.5.1 release #192
Merged pull requests:
- Merge v1.5.1 release into develop. [skip ci] #194 (tinnightcap)
- Update CHANGELOG for v1.5.1 release [skip ci] #193 (tinnightcap)
v1.5.0 (2017-06-24)
Closed issues:
- Tag v1.5.0 release #189
Merged pull requests:
- Merge v1.5.0 release into develop. [skip ci] #191 (tinnightcap)
- Update CHANGELOG for v1.5.0 release [skip ci] #190 (tinnightcap)
v1.4.2 (2017-05-05)
Closed issues:
Merged pull requests:
- Merge v1.4.2 release into develop. [skip ci] #188 (tinnightcap)
- Update CHANGELOG for v1.4.2 release [skip ci] #187 (tinnightcap)
- Add nubis/builder/artifacts/AMIs.json to .gitignore #185 (tinnightcap)
- Update CHANGELOG for v1.4.2 release [skip ci] #183 (tinnightcap)
v1.4.1 (2017-04-11)
Closed issues:
- Tag v1.4.1 release #179
Merged pull requests:
- Merge v1.4.1 release into develop. [skip ci] #181 (tinnightcap)
- Update CHANGELOG for v1.4.1 release [skip ci] #180 (tinnightcap)
- Change email address for nsm #178 (limed)
v1.4.0 (2017-03-23)
Closed issues:
- Disable detailled monitoring #174
- EC2 instance waiting for itself to come up is redundant #171
- Waiting on interface readiness always takes 5 minutes #170
- Tag v1.4.0 release #166
Merged pull requests:
- Merge v1.4.0 release into develop. [skip ci] #177 (tinnightcap)
- Update CHANGELOG for v1.4.0 release [skip ci] #176 (tinnightcap)
- ec2 wait instance-running on ourselves is completely redundant #173 (gozer)
- Typo fix to actually detect interface readiness and not just fall through #172 (gozer)
- Update builder artifacts for v1.4.0 release [skip ci] #169 (tinnightcap)
- Update artifacts got missed #167 (tinnightcap)
v1.3.0 (2017-01-12)
Fixed bugs:
- Allow outbound port 6363 #133
Closed issues:
- Return success out of cron when using consul-do #164
- Don't run vpc-blocklist every *minute* #154
- [monitoring] expose Squid telemetry #150
- Parse iptables logs for fluentd's consumption #146
- Squid log format parser for fluentd ignores the milliseconds #145
- fluentd is looking at the wrong log files path #144
- [bug] Interface wait loop will always wait for 5 minutes #142
- [squid] Parse access-logs for fluentd #140
- Cleanup old leftovers from nubis-skel #138
- Tag v1.2.3 release #130
- Pin nubis-puppet-nat to new release #123
- Tag v1.3.0 release #161
Merged pull requests:
- use consul-do || exit 0 to keep cron job succeeding #165 (gozer)
- Update CHANGELOG for v1.3.0 release #163 (tinnightcap)
- Update builder artifacts for v1.3.0 release #162 (tinnightcap)
- Update Links #160 (tinnightcap)
- Update documentation #159 (tinnightcap)
- decrease VPC blocklist interval to 15 minutes #158 (gozer)
- use nubis-cron #157 (gozer)
- update to nubis-travis v0.1.3 #156 (gozer)
- update to nubis-travis v0.1.3 #155 (gozer)
- Bump up nsm module, this is to ensure that we create bro user as a system user #153 (limed)
- Expose Squid telemetry to monitoring #151 (gozer)
- Parse (partial) of iptables's reject logs #149 (gozer)
- Include milliseconds from squid's access logs #148 (gozer)
- Use ::squid3::params::service_name to find the correct path to the log files we want to watch #147 (gozer)
- Fix variable naming bug that caused us to always wait the full timeout before determining our interface was available. #143 (gozer)
- Build a regexp to parse Squid access-logs #141 (gozer)
- Cleanup old nubis-skel cruft #139 (gozer)
- Cleanup some shell construct according to ShellCheck's recommendations #137 (gozer)
- Enable nubis-travis v0.1.0 #136 (gozer)
- Allow outbound port 6363 on NAT instance #135 (limed)
- Update builder artifacts for v1.3.0-dev release #132 (gozer)
- Update builder artifacts for v1.2.3 release #131 (gozer)
v1.2.2 (2016-08-02)
Closed issues:
- Add additional testing documentation to test out nubis-nat #124
- Move to v1.3.0-dev cycle #121
- Tag v1.2.2 release #126
Merged pull requests:
- Update CHANGELOG for v1.2.2 release #129 (tinnightcap)
- Update builder artifacts for v1.2.2 release #128 (tinnightcap)
- Bump nubis-puppet-nat to v1.2.2 #127 (limed)
- Added additional documentation on how to test FORWARD rule #125 (limed)
- Bump up to v1.3.0-dev cycle #122 (limed)
v1.2.1 (2016-07-30)
Implemented enhancements:
- Consider moving route removal stuff out of eni-attach and into nubis-puppet-nat instead #72
- [puppet] Pin nubis/nsm at a specific revision #25
- [puppet] Pin nubis/nubis_nat at a specific revision #24
Closed issues:
- Tag v1.2.1 release #118
Merged pull requests:
- Update CHANGELOG for v1.2.1 release #120 (tinnightcap)
- Update builder artifacts for v1.2.1 release #119 (tinnightcap)
- Pinning puppet nsm to v1.2.0 #117 (limed)
- Pin nubis-puppet-nat to version v1.2.0 #116 (limed)
- Update builder artifacts for v1.3.0-dev release #115 (tinnightcap)
v1.2.0 (2016-07-07)
Implemented enhancements:
Fixed bugs:
- Fixing some dependency issues with supervisord #101
Closed issues:
- Tag v1.2.0 release #113
- Off by one error in VPC blocklist script #110
- [blocklist] stop adding rules when we hit MAX_RULES #103
- [blocklist] Need to DENY not ALLOW offenders #93
- Allow Squid traffic to come in from either interfaces, as long as its from #91
Merged pull requests:
- Update CHANGELOG for v1.2.0 release #114 (tinnightcap)
- Update builder artifacts for v1.2.0 release #112 (tinnightcap)
- Small cleanup and off-by-one error #111 (gozer)
- Another typo #109 (tinnightcap)
- Switch nubis-puppet-nsm org #108 (limed)
- Add missing link #106 (tinnightcap)
- Update doc with default entries. #105 (tinnightcap)
- Handle gracefully (skip them) blocklist that have more than MAX_RULES(18) entries #104 (gozer)
- Fixing dependency for supervisord by shuffling classes around #102 (limed)
- Bumping up to new dev cycle #100 (limed)
- Update README.md for NAT and IP Blocklist #98 (tinnightcap)
v1.1.0 (2016-04-25)
Implemented enhancements:
- Move to the v1.0.2-dev train #28
- Add comments for nat iptable rule #21
- Update puppetfile to point nubis puppet nat to new location #61
- Instead of waiting for the ENI to be available, just steal it #57
- Filter out iptable logs to its own file and also send it to fluent #37
- Merge nubis-proxy into nubis-nat #11
- Manage iptable rules via confd #22 (limed)
Fixed bugs:
- [bug] Not calling curl to discover vpc_cidr ip #33
- [bug] Advertise address for consul never gets set now #32
- Override proxy information #70
- [bug] Remove additional ENI routes #63
- [bug] sport and dport flipped for squid iptable rule #54
- [bug] Bind everythin back to eth0 instead #45
- Bind consul to eth1 #38
- Nat instance needs to report its interface IP #13
Closed issues:
- Bump down number of nat instance to 1 #88
- ENI detach logic is broken, it doesn't actually retry as it should #85
- Fix ENI startup issues #83
- Use Facter to find our VPC cidr range #82
- Detach our ENI if attached before attaching it #80
- Check nubis metadata for our assigned EIP before peeking at cloudformation #78
- Upgrade git to 2.7.3 #66
- [blocklist] region us-west-2 hardcoded in 2 places #64
- Instead of needing confd to inject VPC information, consider using facter #56
- Interface fixup script bug #52
- Bump timeout for eni-attach script #50
- Make the blocklist configurable and default to opsec's list #47
- Fix startup ordering to cooperate nicely with the new wait-for-consul in base #43
- Create a basic masquerade rule during bootup #41
- Advertise eth1 as the Consul address, since it's effectively our *inside* address. #29
- POC: Implement an IP blocklisting service #23
- Modify ENI attach script to look at different tags #6
- Clean up cloudformation #4
- EIP attach script will not attach #1
- Move services back to eth1 now #59
- Allow only specific port to connect to NAT instance #20
- Install NSM on base image #3
Merged pull requests:
- Correctly use the action passed into create_acl() #94 (gozer)
- Allow Squid traffic inbound on any interfaces #92 (gozer)
- Update CHANGELOG for v1.1.0 release #90 (tinnightcap)
- Update versions for release #89 (tinnightcap)
- Implement FORWARDing #87 (gozer)
- Fix bug that caused ENI detaching logic not to wait for it to actually detach #86 (gozer)
- Use facter to find our VPC cidr range. #84 (gozer)
- Detach our ENI if already atached, before grabbing it. #81 (gozer)
- check metadata for assigned EIP first #79 (gozer)
- Move some NAT services back to eth1 which means tweaking firewall rules #77 (limed)
- Remove debugging code #76 (limed)
- Filter out iptable log to its own file and send it out via fluent #75 (limed)
- Steal ENI instead of waiting for it to be available #74 (limed)
- Remove redundant route #73 (limed)
- Override proxy information #71 (limed)
- Fixing return value for eni-attach script #69 (limed)
- Fixing routes when ENI gets attached #68 (limed)
- Latest git in Amazon Linux is 2.7.3-1.46.amzn1 #67 (gozer)
- Use detected region #65 (gozer)
- Puppetfile update #62 (limed)
- Destination and source port was flipped also splitting out protocols #55 (limed)
- Point mac address to the proper variable #53 (limed)
- Bump the timeout for eni-associate script #51 (limed)
- Implement a firewall on the nat instance #49 (limed)
- Change default blacklist polling location and disable GPG verification by default #48 (gozer)
- Due to vpc / routing limitation we need to make services go out eth0 #46 (limed)
- Fixing ordering for the new consul-wait in base. #44 (gozer)
- Create a simple masquerade rule during startup #42 (limed)
- Bind consul to eth1 #40 (limed)
- Fixing advertise_addr #36 (limed)
- Ignore builder build artifacts #35 (limed)
- Fixes issue #33, vpc cidr ip not being set since we're not calling curl #34 (limed)
- Pin base image to specific image, fixes issue #28 #31 (limed)
- Move Consul advertisement to eth1 #30 (gozer)
- POC: Implement a VPC blocklisting process. #26 (gozer)
- Updated readme with some NSM information #19 (limed)
- Include nsm puppet class, this installs nsm on the nat instances #17 (limed)
- Nubis proxy merge #15 (limed)
- Include advertise-addr config, we need this since NAT instances has 2 interfaces #14 (limed)
- Bump metadata #10 (limed)
- Fixing filters to be more specific #9 (limed)
- Project metadata bump #8 (limed)
- Tweak eni filters to search for a particular keyword instead #7 (limed)
- Clean cloudformation template #5 (limed)
- Nested stack output lookup support #2 (limed)
* This Change Log was automatically generated by github_changelog_generator