When the PKI X509 CA (used for internal mTLS) expires, float will not re-generate all mTLS certificates.
This can be currently mitigated by running float with "-e force_renew_credentials=true" manually, which will forcefully regenerate all mTLS certificates (and restart the associated services/containers).
ale (e1744b6e) at 14 Mar 09:26
Provide a quick way to force renewal of all X509 PKI mTLS credentials
ale (35a305d6) at 12 Mar 09:18
Add 'float_job' dimension to target:probe_ssl_cert_expiry:days
godog (870c3a55) at 03 Mar 20:11
ale (c711fdbb) at 03 Mar 20:11
Merge branch 'load-kernel-modules' into 'master'
... and 1 more commit
Will make sysctl nf_conntrack_max available to be set at boot
godog (2db5587b) at 03 Mar 20:11
ale (bb9801c8) at 03 Mar 20:11
Merge branch 'nf-conntrack-helper' into 'master'
... and 1 more commit
Parameter was removed in 6.0 and it is not the default anymore:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b118509076b3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb398d925ec
Parameter was removed in 6.0 and it is not the default anymore:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b118509076b3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb398d925ec
godog (2db5587b) at 03 Mar 16:16
base: remove obsolete nf_conntrack_helper
Will make sysctl nf_conntrack_max available to be set at boot
godog (870c3a55) at 03 Mar 15:59
base: load nf_conntrack module at boot
ale (ff0610e3) at 11 Feb 17:48
Drop the -v argument on "litestream restore"
ale (46dfe9bd) at 02 Feb 12:20
Improve error handling of --additional-host-group options
ale (b02a3496) at 31 Jan 09:16
Improve error handling in float plugin
ale (80aa560f) at 15 Jan 16:10
Do not set crypto parameters in sshd_config
ale (c6481a54) at 14 Jan 22:00
Update docs on Debian distro upgrades
ale (c3c42c59) at 04 Jan 22:59
ale (68af02e7) at 04 Jan 22:59
Merge branch 'tinc-without-plugin' into 'master'
... and 3 more commits