Jérémy Lecour
f0b23ffa50
dump-server-state: split backup-dir and dump-dir options parsing
2022-03-27 09:31:06 +02:00
Jérémy Lecour
54bf9c1854
evolinux-base: rename backup-server-state to dump-server-state
2022-03-27 09:18:15 +02:00
Jérémy Dubois
42782b7f3d
evolinux-base: fix show_help in backup-server-state.sh
...
* --uname and --no-uname options were not in help
* --services and --no-services were in help whereas --systemctl and --no-systemctl are used in options parsing
2022-03-24 17:57:58 +01:00
Jérémy Lecour
163d5abf7c
backup-server-state: release 22.03.4
2022-03-22 15:31:02 +01:00
Jérémy Lecour
ef832c9ab6
backup-server-state: also dump iptables rules without counters
2022-03-22 15:31:02 +01:00
Jérémy Lecour
e7594c6c86
evolinux-base: backup-server-state release 22.03.2
2022-03-21 11:32:08 +01:00
Jérémy Lecour
fb41c81e99
backup-server-state: release 22.03.2
...
update documentation for --dpkg-full vs. --dpkg-status
2022-03-17 10:45:44 +01:00
Ludovic Poujol
17f884b04a
evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
2022-03-15 11:35:20 +01:00
Brice Waegeneire
6df10be6ef
evolinux-base: Fix top config.
...
The wrong file was used as topdefaultrc. And we were using the wrong
encoding, as top use ISO-8859 instead of UTF-8.
2022-03-15 10:22:21 +01:00
Jérémy Lecour
a733e2794f
evolinux-base: backup-server-state release 22.03
2022-03-08 16:49:53 +01:00
Jérémy Lecour
b4f35af35c
backup-server-state: skip iptables if nft is installed
2022-03-08 16:48:41 +01:00
Jérémy Lecour
5153b88d01
evolinux-base: option to bypass raid-related tasks
2022-02-03 14:15:33 +01:00
Jérémy Lecour
fcb0b8c80f
backup-server-state: 22.01.3
2022-01-28 16:27:39 +01:00
Jérémy Lecour
8beb1e7460
evolinux-base: backup-server-state: fix systemctl invocation
2022-01-28 16:25:28 +01:00
Jérémy Lecour
6d5aa67045
evolinux-base: backup-server-state: add "force" mode
2022-01-28 16:25:17 +01:00
Jérémy Lecour
88cd8a0976
evolinux-base: backup-server-state: rename options and use mysqladmin instead of mysql
2022-01-27 12:21:32 +01:00
Jérémy Lecour
519228ff9f
evolinux-base: backup-server-state: add disks and uname state
2022-01-27 12:09:04 +01:00
Brice Waegeneire
6dc17658a9
evolinux-base: backup-server-state: Add options.
...
New options:
- --dmesg / --no-dmesg
- --mysql / --no-mysql
- --services / --no-services
2022-01-27 11:50:18 +01:00
Jérémy Lecour
80f8a94798
evolinux-base: many improvements for backup-server-state script
2022-01-27 10:29:08 +01:00
Jérémy Lecour
bff8fcfebb
apt: upgrade packages after all the configuration is done
2022-01-25 18:25:47 +01:00
Jérémy Lecour
52fff750df
evolinux-base: move "/sbin/deny" install to utils.yml tasks file
2022-01-25 17:44:42 +01:00
Jérémy Lecour
8f8c024163
Merge branch 'unstable' into bullseye-swap-top
2022-01-25 15:13:10 +01:00
Jérémy Lecour
266289c72e
whitespaces
2022-01-25 14:56:39 +01:00
Jérémy Lecour
c4fab71d7a
evolinux-base: add new states to backup-server-states
2022-01-15 18:51:03 +01:00
William Hirigoyen (Evolix)
14883aa95e
Ensure that /var is mounted with dev and exec options prior to LXC container creation.
2022-01-11 11:02:09 +01:00
Jérémy Lecour
1893b6dea5
don't enable alert5 service in check mode
2021-12-23 16:56:43 +01:00
Ludovic Poujol
64b632c000
evolinux-base: Donner le choix (ou non) de virer apt-listchanges
2021-12-10 11:37:56 +01:00
Ludovic Poujol
8b701e615f
evolinux-base: Donner le choix de changer (ou non) le motd
2021-12-10 11:37:33 +01:00
Ludovic Poujol
d27d6b69cd
evolinux-base: Add missing dependency dmidecode
2021-12-08 18:35:55 +01:00
Jérémy Lecour
6cf8195744
evolinux-base: fix alert5.service dependency syntax
2021-10-29 07:52:38 +02:00
Jérémy Lecour
646a7b1813
evocheck: package install is not supported anymore
2021-10-25 10:08:40 +02:00
Jérémy Lecour
0e2b43a1e9
backup-server-state: add virsh and lxc lists
2021-10-22 15:33:58 +02:00
Ludovic Poujol
03f846b94b
remount before the task
2021-10-22 11:56:43 +02:00
Eric Morino
be5bb73675
Include role remount-usr to backup-state-server
2021-10-20 15:57:58 +02:00
Jérémy Lecour
7586881f4d
fix module name
2021-10-15 10:54:39 +02:00
Jérémy Lecour
bbd16dc5b4
evolinux-base: add script backup-server-state
2021-10-15 10:50:42 +02:00
Jérémy Lecour
9b479f9c05
evolinux-base: logs are rotated with dateext by default
2021-09-30 12:07:02 +02:00
Ludovic Poujol
fa0c668cec
evolinux-base: install freeipmi by default on dedicated hw
2021-09-16 15:58:10 +02:00
Jérémy Lecour
2b549af7d9
evolinux-base: split dpkg logrotate configuration
2021-09-09 10:23:53 +02:00
Jérémy Lecour
74ab96d67f
loop syntax and whitespaces
2021-08-27 11:01:28 +02:00
Gregory Colpart
5e794cd2b6
commit whitespace
2021-08-26 12:24:00 +02:00
Jérémy Lecour
ecba57ad75
evolinux-base: install molly-guard by default
2021-08-25 17:57:38 +02:00
Jérémy Lecour
5a83a30a4c
whitespace
2021-08-24 18:16:11 +02:00
Brice Waegeneire
2448168008
evolinux-base: Add swap column to htop and top
2021-08-17 18:03:00 +02:00
Jérémy Lecour
73352f55d7
evolinux-base: add tags to hardawre tasks
2021-07-07 14:32:38 +02:00
Ludovic Poujol
b362fadc80
typo (again) + not using trusted.gpg isn't restricted to debian 9+
2021-07-06 16:22:45 +02:00
Ludovic Poujol
8e6c08b81b
evolinux-base: Change the pattern of MegaRAID detect
...
Seems the card names may somethings between 'MegaRAID' and 'SAS'
I'll take the short and easy path as I think MegaRAID is enough in most cases
2021-07-06 16:12:14 +02:00
Ludovic Poujol
7a089f88af
Correct typo in var name
...
trusted_gpg_keyring.stat.present instead of _trusted_gpg_keyring.stat.present
2021-07-06 16:09:54 +02:00
Ludovic Poujol
49cb5adf92
evolinux-base: Fix hw card detect
...
Run the shell command as bash instead of sh; otherwise it will fail because of the set -o pipefail
2021-07-06 16:09:17 +02:00
Jérémy Lecour
29ec7bdcf2
Remove embedded GPG keys only if legacy keyring is present
2021-07-04 22:08:47 +02:00
Jérémy Lecour
ffd7d0e504
evolinux-base: alert5 comes after the network
2021-07-04 22:07:51 +02:00
Jérémy Lecour
5e09906c8f
fixup! temporary bulseye-detect role
2021-07-02 21:09:28 +02:00
Jérémy Lecour
380c50b999
evolinux-base: increase minimum Ansible version to 2.9
2021-07-02 21:09:26 +02:00
Jérémy Lecour
008cb6a3c9
quote numeric values
2021-07-02 21:08:59 +02:00
Jérémy Lecour
2f68ae5339
Preliminary support for Bullseye
2021-07-02 20:58:09 +02:00
Jérémy Lecour
b8ac36e673
Fake « testing » as Deban 11 « Bullseye »
2021-07-02 20:53:42 +02:00
Jérémy Lecour
b8c5ac3097
remove whitespace for stream redirection
2021-06-28 15:56:19 +02:00
Jérémy Lecour
6d757f971e
typo
2021-06-28 15:56:19 +02:00
Jérémy Lecour
55ad6882b5
evolinux-base: forgotten case for first-found lookup
2021-06-28 15:26:54 +02:00
Jérémy Lecour
0fe0244116
Update Galaxy metadata (company, platforms and galaxy_tags)
2021-06-28 15:26:28 +02:00
Jérémy Lecour
454d4c6d30
explicit permissions for APT GPG keys
2021-05-26 13:47:34 +02:00
Jérémy Dubois
89b0bd5a2b
Fix duplicate dict key : check_mode
2021-05-19 18:19:30 +02:00
Jérémy Lecour
06b8314211
evolinux-base: fix motd lookup path
2021-05-19 17:02:20 +02:00
Jérémy Lecour
02451f1e67
add default (useless) value for file lookup
2021-05-19 14:35:08 +02:00
Jérémy Lecour
4d83f25ae6
fix pipefail option for shell invocations
2021-05-18 14:04:54 +02:00
Jérémy Lecour
e65340cb56
Add pipefail option to shell invocations
2021-05-13 15:34:27 +02:00
Jérémy Lecour
7dc6f0b849
remove trailing whitespaces
2021-05-13 15:23:39 +02:00
Jérémy Lecour
9ca68a16dd
evolinux-base: quote values
2021-05-10 09:07:18 +02:00
Jérémy Lecour
3c9be8d913
fix more Ansible syntax
2021-05-09 23:20:15 +02:00
Jérémy Lecour
2ed77c60f0
Improve Ansible syntax
...
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour
58bf79218f
remove apt keys specifically from embedded database
2021-05-06 13:43:59 +02:00
Jérémy Lecour
7d08b0a30a
rename the tasks for embedded GPG keys
2021-05-06 11:33:19 +02:00
Jérémy Lecour
83705a48b8
remove key from trusted.gpg only if file is present
2021-05-06 10:42:12 +02:00
Jérémy Lecour
5138065059
Use 'loop' syntax instead of 'with_items'
2021-05-04 14:19:18 +02:00
Jérémy Lecour
debc4a82ca
Use 'loop' syntax instead of 'with_first_found'
2021-05-04 13:39:47 +02:00
Jérémy Lecour
9cdddd50a8
Move all trusted GPG keys to file repository
2021-05-03 14:23:13 +02:00
Jérémy Lecour
eab68545fe
evolinux-base: add default motd template
2021-04-23 11:41:27 +02:00
Ludovic Poujol
f9d6fe0ad4
evolinux-base: install wget
2020-09-10 14:59:19 +02:00
Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
2020-09-01 14:08:39 +02:00
Jérémy Lecour
221e9edc10
Merge branch 'nagios-nrpe-check-hpraid' into unstable
2020-08-19 14:49:22 +02:00
Benoît S.
1c050b481a
evolinux-base: check_hpraid.cron.sh: Fixed wrong <<<
usage
2020-07-01 10:18:30 +09:00
Benoît S.
9a8f1979bc
evolinux-base: check_hpraid.cron.sh: Fixed wrong else
...
The logic was wrong, an else part was not necessary.
2020-06-26 17:57:50 +09:00
Benoît S.
a28b9558cb
evolinux-base: check_hpraid.cron.sh: Better logic and use mail
...
First step is to detect errors
Second step is to detect different state
Added mail comand to replace cron output
2020-06-24 18:57:08 +09:00
Benoît S.
766b4dfa82
evolinux-base: check_hpraid cron: Add -p
2020-06-16 13:20:43 +09:00
Benoît S.
a74f4e1890
evolinux-base/tasks/hardware.yml: Removed trailing whitespace
2020-06-16 12:42:33 +09:00
Benoît S.
4bec21a9f3
evolinux-base: harware: Support HP gen >=10 RAID controller
2020-06-16 12:35:56 +09:00
Jérémy Dubois
1a0872c507
nagios-nrpe / evolinux-base : new ntp server variable
...
Online hosted servers must use ntp.online.net as
ntp server, because others one are rate limited.
Default ntp server is pool.ntp.org, and a custom
one can be set with the nagios_nrpe_ntp_server
variable.
2020-06-04 10:55:48 +02:00
Benoît S.
342810362d
evolinux-base: check_hpraid.sh: Fix missing copy of RAID state
2020-06-04 17:32:49 +09:00
Benoît S.
91dda2e1a2
evolinux-base: check_hpraid.sh: Fix RAID state detection
2020-06-04 17:23:14 +09:00
Benoît S.
7b97702f15
evolinux-base: Add check_hpraid.sh
...
This script is meant to be executed as a cron by executing Nagios
NRPE plugin check_hpraid and notify by mail any errors
2020-06-04 16:50:35 +09:00
Jérémy Lecour
f2613e91aa
evolinux-base: configure cciss-vol-statusd in the proper file
...
The default file should be used for configuration instead of the init
script.
2020-04-10 11:36:03 +02:00
Jérémy Lecour
4ad785abaf
evolinux-base: simplify sshd syntax validation
2020-03-12 17:04:08 +01:00
Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
80081aa26e
evolinux-base: remove the chrony package
2020-01-16 10:57:47 +01:00
Jérémy Lecour
6801f4e00e
Add names to many blocks
2019-12-31 16:56:03 +01:00
Jérémy Lecour
27e217467e
Change "|changed" with "is changed"
2019-12-31 16:18:56 +01:00
Jérémy Lecour
e04d881988
replace "with_items" in apt modules
2019-12-31 16:18:56 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Victor LABORIE
2a1e0b7ef6
evolinux-base: install ssacli for HP Smart Array
2019-12-13 11:00:20 +01:00
Victor LABORIE
6f5e13f8b8
Add evolix prefix to include_role
2019-11-29 14:00:25 +01:00
Ludovic Poujol
6e918d166e
evolinux-base: Don't make alert5.service executable
...
Every 3 mins, systemd complain that the service file is marked as
executable, and asks the executable bit to be remove.
Nov 27 01:35:11 foo systemd[1]: Configuration file /etc/systemd/system/alert5.service is marked executable. Please remove executable permission bits. Proceeding anyway.
2019-11-28 10:59:29 +01:00
Ludovic Poujol
dc1c78e08a
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
...
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.
The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :
[FAIL] Closing open files: rsyslogd failed!
Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.
Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.
Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
2019-11-22 16:48:19 +01:00
Eric Morino
c15f8963e4
Add compatibility for debian 9 and debian 10 in HW tool and megacli package
2019-11-14 14:29:04 +01:00
Ludovic Poujol
174bfa5ba0
Fix a syntax error in a task name (a missplaced double quote)
2019-11-12 17:59:36 +01:00
Jérémy Lecour
f2dacac139
evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+)
2019-10-30 14:32:32 +01:00
Jérémy Lecour
8679da4cb6
evolinux-base: install /sbin/deny
2019-10-30 14:32:32 +01:00
Jérémy Lecour
78ea4a61e1
typo
2019-10-30 14:32:32 +01:00
Jérémy Lecour
24edbd680a
Add crontabs only when cron package is installed (many roles)
2019-10-21 15:26:03 +02:00
Jérémy Lecour
bea11352be
Merge branch 'buster' into unstable
2019-09-23 18:34:35 +02:00
Jérémy Lecour
b31159c9d2
evolinux-base: use "evolinux_internal_group" for SSH authentication
2019-09-22 22:26:21 +02:00
Jérémy Lecour
8f868b8612
evolinux-base: default value for "evolinux_ssh_group"
2019-09-22 22:25:30 +02:00
Ludovic Poujol
f630d93587
evolinux-base: On debian 10 and later, add noexec on /dev/shm
2019-07-23 18:18:29 +02:00
Benoît S.
d5751150af
evolinux-base: spectre-meltdown-checker need binutils
2019-07-03 09:56:17 +02:00
Benoît S.
771c75c1de
all-roles: Dot not use ansible_lsb as it is deprecated
...
We move from `ansible_lsb.codename` to `ansible_distribution_release`.
2019-07-03 09:41:35 +02:00
Jérémy Lecour
fecdbb0406
evolinux-base: use the variable for the "ssh" group name
2019-06-24 17:08:01 +02:00
Jérémy Lecour
a8ef97fcde
Revert "evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)"
...
This reverts commit 65414d8ae7
.
2019-06-20 17:29:48 +02:00
Jérémy Lecour
b362f422df
evolinux-base: packages for Buster and later
2019-06-19 15:08:54 +02:00
Jérémy Lecour
bee57a0b3c
change distribution release codename
...
Ansible 2.2 is too old to know about buster.
Let's use LSB for that.
2019-06-18 17:35:28 +02:00
Jérémy Lecour
65414d8ae7
evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)
2019-06-17 14:22:00 +02:00
Ludovic Poujol
75a8c90258
evolinux-base: Ensure rename is present
2019-06-17 09:58:10 +02:00
Ludovic Poujol
334b8a3f0d
evolinux-base: Validate sshd config with "sshd -t"
...
See #52 - It seems the behaviour changed with the recent releases, -T
that does an extended test now fails on "Match" blocks when no context
is given through -C
2019-06-17 09:47:22 +02:00
Jérémy Lecour
aa28e9c1b8
change repositories URL
2019-03-21 15:31:58 +01:00
Jérémy Lecour
3e37800994
evolinux-base: remove apt-listchanges on Stretch and later
2019-03-05 11:10:12 +01:00
Jérémy Lecour
a94c94018c
normalize some arguments positions
2019-01-01 20:02:50 +01:00
Benoît S.
776839fe61
Typo: rcpbind and not rcpbin
2018-12-19 15:58:47 +01:00
Victor LABORIE
74f25e8183
evolinux-base: deploy custom motd if template are present
2018-11-30 15:14:39 +01:00
Patrick Marchand
9198c1e2c0
ansible-lint does not like trailing whitespace
2018-11-13 16:56:31 -05:00
Victor LABORIE
83e9f12669
evolinux-base: install man package
2018-10-23 11:38:52 +02:00
Jérémy Lecour
81e9b3d33c
don't reload history on each prompt
2018-09-13 16:54:07 +02:00
Jérémy Lecour
2a89b8ff22
evolinux-base: better shell history
...
* remove duplicates from history
* reload/save history at prompt time
2018-09-11 14:13:29 +02:00
Jérémy Lecour
fe064c16d1
update CHANGELOG for evolinux-todo
2018-08-24 14:43:14 +02:00
Jérémy Lecour
b6fa349394
evolinux-base: compact multiple systctl tasks into one
2018-08-21 13:34:03 +02:00
Gregory Colpart
51f41ff14a
Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack)
2018-08-17 21:28:14 +02:00
Jérémy Lecour
4461281945
evolinux-base: add internal FQDN/hostname in /etc/hosts if needed
2018-08-17 10:07:36 +02:00
Jérémy Lecour
bc8858fc0a
evolinux-base: improve hostname configuration
...
We can have a "real" hostname and domain, but also an "internal" hostnae
and domain, used mostly for internal tools.
2018-08-16 16:17:34 +02:00
Tristan PILAT
99747e72b5
500px is too narrow, let's switch to 768px
2018-07-24 12:17:07 +02:00
Victor LABORIE
f56f8f7615
evolinux-base: add mail related aliases
2018-06-25 11:20:37 +02:00
Jérémy Lecour
ec535b036c
apt module: Use "state: present" instead of "state: installed"
...
"state: installed" is deprecated in Ansible 2.5
2018-05-18 09:33:25 +02:00
Gregory Colpart
20f6371980
typo
2018-05-01 19:38:55 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b866b6fa0a
evolinux-base: fail2ban is not enabled by default
2018-04-18 12:15:43 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
ad3383a510
Install ncurses-term for additional terminal types
...
When connecting to a server from urxvt, the session behaves like one
with xterm.
2018-03-29 16:42:33 +02:00
Ludovic Poujol
3c2443181b
evolinux-base: Exec the firewall tasks sooner to avoid dependency issues
2018-03-15 12:04:35 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00