Background I’ve been working on introducing a Content Security Policy (CSP) for some time and today is the day where a first, minimal version of our policy will start to be enforced. So, what’s a Content Security Policy? Mozilla explains it like this: Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the things that the code comprising the site is allowed to do.

Rapid Release and Continuous Delivery Rapid release in the name of a project to make releases more frequent and deploy bugfixes more rapidly. This is a project which will require company-wide changes over many years but here I’ll focus on some upcoming changes to continuous delivery (CD) which will get us just a bit closer to making releases “rapid”. The Changes Operations is in the process of changing how CD works with the goal to make it possible to deploy production systems automatically.

tco - Copy Only What’s Needed tco has recently been updated to allow skipping tables rarely used during development. Another change will be rolled out shortly which will make skipping various tables the default when copying to localhost. This will help safe space and time. In an initial release, the following tables will be skipped: nice_email_archive nice_email_archive_to_address nice_email_archive_to_email_attachment nice_email_archive_to_recipient nice_entity_history nice_log_entry nice_log_entry_var nice_notification nice_progress_var nice_system_activity nice_task_execution nice_task_progress tco will clearly indicate when tables are skipped:

There is a set of new additions to tco I’d like to introduce. Most notably, copying a DB via tco is now available. As always, feedback including feature requests and complaints are welcome. Expect tco db-copy to still have some rough edges, though. Installation and update instructions can be found in the first blog post. Copying a DB with tco db-copy tco db-copy can be used to easily copy databases.

I’ve added some more features to tco. Some of you might find them interesting. Here is a quick summary. tco deploy-status tco deploy-status shows on which installations a change / commit has been deployed: $ tco deploy-status ae0995b93d6122db034419f66ccfa7f856c59a74 [2023-04-03T07:04:42Z ERROR tco::subcommand::deploy_status] Failed to process installation abc: reqwest: HTTP status server error (503 Service Unavailable) for url (https://abc.tocco.ch/status-tocco?db-check=false) unknown v1000.0 abc … deployed v3.1 test301 deployed v3.2 test302 deployed v3.3 test303 deployed v3.

I’ve been working on on streamlining my script collection. To this end, I rewrote much of the code and put it into a new repository. Until now, with my old collection of scripts, a lot of code was duplicated, non-portable and depended on local, manual setup. With the new code and repository, this deficiencies no longer exist. Shared functionality, like connecting to a remote Postgres server, working with the Ansible repository or extracting settings from Ansible is now implemented in an easily reusable way.

As all of you know, we are in the process of migrating to OpenShift 4. Here is an update on the progress and some details about the changes you have to expect. Note that most documentation changes will be delayed until the end of the migration. Meanwhile, refer to this document to inform yourself about the differences. Migration plan and Schedule Schedule With support of OpenShift 3 expiring, we are on a tight schedule.

For What is the Domain? The domain may be used as sender domain of mails for any installation. There are two use cases: The domain can be used while the customer is in the process of configuring DKIM and SPF for their own domains. This avoids any delays waiting for the domains to be ready. For customers that do not wish to use their own domain, it can be used permanently as sender domain.

New copy_db Script There is a new script for copying databases. It’s a bit simpler than the Ansible playbook currently in use. The basic idea is that you do this: copy_db <source_host> <source_db> <target_host> <target_db> If you want the target to be created, add a --create: copy_db --create <source_host> <source_db> <target_host> <target_db> Details can be found in the documentation. Important note: The script is in the tocco-dotfiles Git repository which I moved to GitLab.