From 31990cfe807c3fbbd87b62573a1aa08916d25683 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sat, 14 Oct 2023 07:36:29 +0200 Subject: [PATCH] Linting CHANGELOG --- .markdownlint.json | 4 +++ CHANGELOG.md | 88 ++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 78 insertions(+), 14 deletions(-) create mode 100644 .markdownlint.json diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 00000000..9eb5b2db --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,4 @@ +{ + "MD013": false, + "MD024": false +} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index e8de8a36..fdcf1df6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ # Changelog + All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). @@ -8,7 +9,6 @@ The **major** part of the version is the year The **minor** part changes is the month The **patch** part changes is incremented if multiple releases happen the same month - ## [Unreleased] ### Added @@ -91,8 +91,6 @@ The **patch** part changes is incremented if multiple releases happen the same m * dovecot: remove Munin plugin dovecot (not working) -### Security - ## [23.04] 2023-04-23 ### Added @@ -179,7 +177,6 @@ The **patch** part changes is incremented if multiple releases happen the same m * evolinux-base: subversion is not installed anymore - ## [22.12] 2022-12-14 ### Added @@ -234,7 +231,6 @@ The **patch** part changes is incremented if multiple releases happen the same m * openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream - ## [22.09] 2022-09-19 ### Added @@ -248,7 +244,6 @@ The **patch** part changes is incremented if multiple releases happen the same m * proftpd: Add options to override configs (and add a warning if file was overriden) * proftpd: Allow user auth with ssh keys - ### Changed * evocheck: upstream release 22.09 @@ -256,7 +251,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * generate-ldif: Support any MariaDB version * minifirewall: use handlers to restart minifirewall * openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command -* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3) +* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3) * openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS * nagios-nrpe: Upgrade check_mongo @@ -374,7 +369,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added -* docker : Introduce new default settings + allow to change the docker data directory +* docker : Introduce new default settings + allow to change the docker data directory * docker : Introduce new variables to tweak daemon settings ### Changed @@ -407,7 +402,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * minifirewall: restore "force-restart" and fix "restart-if-needed" * minifirewall: tail template follows symlinks * minifirewall: upstream release 22.05 -* opendkim : add generate opendkim-genkey in sha256 and key 4096 +* opendkim : add generate opendkim-genkey in sha256 and key 4096 * openvpn: use a local copy of files instead of cloning an external git repository * openvpn: use a subnet topology instead of the net30 default topology * tomcat: Tomcat 9 by default with Debian 11 @@ -770,6 +765,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [10.0.0] - 2020-05-13 ### Added + * apache: the default VHost doesn't redirect to https for ".well-known" paths * apt: added buster backports prerferences * apt: check if cron is installed before adding a cron job @@ -806,6 +802,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * bind: enable bind9 munin plugin for recursive resolvers ### Changed + * replace version_compare() with version()s * removed some deprecations for Ansible 2.7 * apache: improve permissions in save_apache_status script @@ -851,6 +848,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * varnish: remove custom ExecReload= script for Debian 10+ ### Fixed + * etc-git: fix warnings ansible-lint * evoadmin-web: Put the php config at the right place for Buster * lxc: Don't stop the container if it already exists @@ -873,16 +871,19 @@ The **patch** part changes is incremented if multiple releases happen the same m * packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available ### Removed + * clamav : do not install the zoo package anymore ## [9.10.1] - 2019-06-21 ### Changed + * evocheck : update (version 19.06) from upstream ## [9.10.0] - 2019-06-21 ### Added + * apache: add server status suffix in VHost (and default site) if missing * apache: add a variable to customize the server-status host * apt: add a script to manage packages with "hold" mark @@ -893,6 +894,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * redmine: enable gzip compression in nginx vhost ### Changed + * evocheck : update (unreleased) from upstream * evomaintenance : use the web API instead of PG Insert * fluentd: store gpg key locally @@ -905,23 +907,26 @@ The **patch** part changes is incremented if multiple releases happen the same m * apt: Add Debian Buster repositories ### Fixed + * rbenv: add check_mode for check rbenv and ruby versions * nagios-nrpe: fix redis_instances check when Redis port equal 0 * redmine: fix 500 error on logging * evolinux-base: Validate sshd config with "-t" instead of "-T" * evolinux-base: Ensure rename is present * evolinux-users: Validate sshd config with "-t" instead of "-T" -* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-* +* nagios-nrpe: Replace the dummy packages nagios-plugins-*with monitoring-plugins-* ## [9.9.0] - 2019-04-16 ### Added + * etc-git: ignore evobackup/.keep-* files * lxc: /home is mounted in the container by default * nginx : add "x-frame-options: sameorigin" for Munin ### Changed -* changed remote repository to https://gitea.evolix.org/evolix/ansible-roles + +* changed remote repository to * apt: Ensure jessie-backport from archives.debian.org is accepted * apt: Remove jessie-update suite as it's no longer exists * apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport @@ -934,8 +939,8 @@ The **patch** part changes is incremented if multiple releases happen the same m * tomcat: better tomcat version management * webapps/evoadmin-web: add dbadmin.sh to sudoers file - ### Fixed + * spamassasin: fix sa-update.sh and ensure service is started and enabled * tomcat-instance: deploy correct version of config files * tomcat-instance: deploy correct version of server.xml @@ -943,20 +948,24 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.8.0] - 2019-01-31 ### Added + * filebeat: disable cloud_metadata processor by default * metricbeat: disable cloud_metadata processor by default * percona : new role to install Percona repositories and tools * redis: add variable for configure unixsocketperm ### Changed + * redmine: refactoring of redmine role with use of rbenv ### Fixed + * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config ## [9.7.0] - 2019-01-17 ### Added + * apache: add Munin configuration for Apache server-status URL * evomaintenance: database variables must be set or the task fails * fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml @@ -969,6 +978,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * proftpd: add FTPS and SFTP support ### Changed + * redis: distinction between main and master password * evocheck: update evocheck.sh for source install * php: added php-zip in the installed package list for debian 9 (and later) @@ -976,6 +986,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * java: update Oracle java package to 8u192 ### Fixed + * fail2ban: fix "ignoreip" update * metricbeat: fix username/password replacement * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true) @@ -984,16 +995,17 @@ The **patch** part changes is incremented if multiple releases happen the same m * redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script * redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account - ## [9.6.0] - 2018-12-04 ### Added + * evolinux-base: deploy custom motd if template are present * minifirewall: all variables are configurable (untouched by default) * minifirewall: main file is configurable * squid: minifirewall main file is configurable ### Changed + * minifirewall: compare config before/after (for restart condition) * squid: better replacement in minifirewall config * evoadmin-mail: complete refactoring, use Debian Package @@ -1001,6 +1013,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.5.0] - 2018-11-14 ### Added + * apache: separate task to update IP whitelist * evolinux-base: install man package * evolinux-users: add newaliases handler @@ -1014,11 +1027,13 @@ The **patch** part changes is incremented if multiple releases happen the same m * mysql: logdir can be customized ### Changed + * evocheck: update script from upstream * evomaintenance: update script from upstream * mysql: restart service if systemd unit has been patched ### Fixed + * packweb-apache: mod-security config is already included elsewhere * redis: for permissions on log and lib directories * redis: fix shell for instance users @@ -1027,13 +1042,16 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.4.2] - 2018-10-12 ### Added + * evomaintenance: install dependencies manually when installing vendored version * nagios-nrpe: add an option to ignore servers in NOLB status ### Changed + * haproxy: move check_haproxy_stats to nagios-nrpe role ### Fixed + * evoacme: better error when apache2ctl fails * evomaintenance: fix role compatibility with OpenBSD * spamassassin: add missing right for amavis @@ -1042,16 +1060,19 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.4.1] - 2018-09-28 ### Added + * redis: set masterauth when redis_password is defined * evomaintenance: variable to install a vendored version * evomaintenance: tasks/variables to handle minifirewall restarts ### Changed + * mysql-oracle: better handle packages and users ## [9.4.0] - 2018-09-20 ### Added + * etc-git: manage a cron job to monitor uncommited changes in /etc/.git (default: `True`) * evolinux-base: better shell history * evolinux-users: add user to /etc/aliases @@ -1066,9 +1087,11 @@ The **patch** part changes is incremented if multiple releases happen the same m * nagios-nrpe: add check_redis_instances ### Changed + * dovecot: stronger TLS configuration ### Fixed + * apache: cleaner way to overwrite the server status suffix * packweb-apache: don't regenerate phpMyAdmin suffix each time * nginx: cleaner way to overwrite the server status suffix @@ -1077,11 +1100,13 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.3.2] - 2018-09-06 ### Added + * minifirewall: add a variable to disable the restart handler * minifirewall: add a variable to force a restart of the firewall (even with no change) * minifirewall: improve variables values and documentation ### Changed + * dovecot: enable SSL/TLS by default with snakeoil certificate ### Fixed @@ -1091,11 +1116,13 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.3.1] - 2018-08-30 ### Added + * metricbeat: new variables to configure elasticsearch hosts and auth ## [9.3.0] - 2018-08-24 ### Added + * elasticsearch: tmpdir configuration compatible with 5.x also * elasticsearch: add http.publish_host variable * evoacme: disable old certbot cron also in cron.daily @@ -1116,6 +1143,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * nagios-nrpe: add check_postgrey ### Changed + * etc-git: some entries of .gitignore are mandatory * evocheck: update upstream script * evolinux-base: improve hostname configuration (real vs. internal) @@ -1134,6 +1162,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * kvm-host: install kvm-tools package instead of copying add-vm.sh ### Fixed + * apache: logrotate replacement is more subtle/precise. It replaces only the proper directive and not every occurence of the word. * bind: chroot-bind.sh must not be executed in check mode * evoacme: fix module detection in apache config @@ -1145,12 +1174,14 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.2.0] - 2018-05-16 ### Changed + * filebeat: install version 6.x by default * filebeat: cleanup unused code * squid: add some domaine and fix broken restrictions * elasticsearch: defaults to version 6.x ### Fixed + * evolinux-users: secondary groups are comma-separated * ntpd: fix configuration (server and ACL) * varnish: don't fork the process on startup with systemd @@ -1160,6 +1191,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added ### Changed + * apache: customize logrotate (52 weeks) * evolinux: groups for SSH configuration are used with Debian 10 and later * evolinux-base: fail2ban is not enabled by default @@ -1171,9 +1203,11 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.1.8] - 2018-04-16 ### Changed + * packweb-apache: use dependencies instead of include_role for apache and php roles ### Fixed + * mysql: use check_mode for apg command (Fix --check) * mysql/mysql-oracle: properly reload systemd * packweb-apache: use check_mode for apg command (Fix --check) @@ -1181,6 +1215,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.1.7] - 2018-04-06 ### Added + * added a few become attributes where missing * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package @@ -1198,6 +1233,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * redmine: added missing tags ### Changed + * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) @@ -1213,6 +1249,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined ### Fixed + * dovecot: fix support of plus sign * mysql/mysql-oracle: mysqltuner cron task is executable * nginx: fix basic auth for default vhost @@ -1221,21 +1258,25 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.1.6] - 2018-02-02 ### Added + * mongodb: install python-pymongo for monitoring * nagios-nrpe: allowed_hosts can be updated ### Changed + * Changelog: explain the versioning scheme * Changelog: add a release date for 9.1.5 * evoacme: exclude typical certbot directories ### Fixed + * fail2ban: fix horrible typo, Python is not Ruby * nginx: fix servers status dirname ## [9.1.5] - 2018-01-18 ### Added + * There is a changelog! * redis: configuration variable for protected mode (v3.2+) * evolinux-users: users are in "adm" group for Debian 9 or later @@ -1247,41 +1288,49 @@ The **patch** part changes is incremented if multiple releases happen the same m * redmine: ability to install themes and plugins ### Changed + * rbenv: Ruby 2.5 becomes the default version * evocheck: update upstream version embedded in role (c993244) * bind: keep 52 weeks of logs ### Fixed + * squid: different logrotate file for Jessie or Stretch+ * evoacme: don't invoke evoacme if no vhost is found * evomaintenance: explicit quotes in config file * redmine: force xpath gem < 3.0.0 ### Security + * evomaintenance: fix permissions for config file ## [9.1.4] - 2017-12-20 ### Added + * php: install php5-intl (for Jessie) and php-intl (for Debian 9 or later) * mysql: add a check_mysql_slave in nrpe configuration * ldap: slapd tcp port is configurable * elasticsearch: broader patterns for log rotation ### Changed + * split IP lists in 2 – default and additional – for easier customization. ### Fixed + * minifirewall: allow outgoing SSH connections over IPv6 * nodejs: rename source.list file ### Security + * evoadmin-web: change config.local.php file permissions * evolinux-base: change default_www file permissions ## [9.1.3] 2017-12-08 ### Added + * evolinux-base: install traceroute package * evolinux-base/ntpd: purge openntpd * tomcat: add Tomcat 8 cmpatibility @@ -1293,6 +1342,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * elastic: option for stack main version ### Changed + * nginx: rename Let's Encrypt snippet * nginx: simpler apt preferences for backports * generate-ldif: add clamd service instead of clamav_db @@ -1304,10 +1354,12 @@ The **patch** part changes is incremented if multiple releases happen the same m * mongodb: comatible with Stretch ### Removed + * mongodb: logfile/pidfile are not configurable on Jessie * minifirewall: remove zidane.evolix.net from HTTPSITES ### Fixed + * nginx: fix munin CGI graphs * ntpd: fix default configuration (localhost only) * logstash: fix permissions on pipeline configuration @@ -1318,14 +1370,17 @@ The **patch** part changes is incremented if multiple releases happen the same m ## [9.1.2] 2017-12-05 ### Fixed + * listupgrade: remount /usr as rw ## [9.1.1] 2017-11-21 ### Added + * amazon-ec2: add egress rules ### Fixed + * evoacme: fix multiple bugs ## [9.1.0] 2017-11-19 @@ -1333,6 +1388,7 @@ The **patch** part changes is incremented if multiple releases happen the same m _Warning: huge release, many entries are missing below._ ### Added + * amazon-ec2: new role, for EC2 instances creation * Move /usr rw remount into remount-usr role * kibana: host and basepath configuration @@ -1343,6 +1399,7 @@ _Warning: huge release, many entries are missing below._ * nagios-nrpe: add opendkim check ### Changed + * Combine evolix and additional trusted IP addresses * amazon-ec2: split tasks * apt: don't upgrade by default @@ -1353,6 +1410,7 @@ _Warning: huge release, many entries are missing below._ * ldap: better variables ### Fixed + * fail2ban: create config hierarchy beforehand * elasticsearch: fix datadir/tmpdir conditions * elastic: remove double ".list" suffix @@ -1363,10 +1421,10 @@ _Warning: huge release, many entries are missing below._ ### Security - ## [9.0.1] 2017-10-02 ### Added + * haproxy: add a Nagios check * php: add "sury" mode for PHP 7.1 on Stretch * minifirewall: explicit dependency on iptables @@ -1374,9 +1432,11 @@ _Warning: huge release, many entries are missing below._ * docker-host: new variable for docker home ### Changed + * php: install php5/php package after fpm/libapache2-mod-php ### Fixed + * mysql: add "REPLICATION CLIENT" privilege for nrpe * evoadmin-web: revert from variables to keywords in the templates * evoacme: many fixes