Ludovic Poujol
15154169cf
kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-10-30 11:56:24 +01:00
Mathieu Trossevin
71f85a5863
Merge branch 'unstable' into packweb-multi-php2
2020-10-20 17:41:36 +02:00
Mathieu Trossevin
2ea4745f93
lxc-php: Update changelog
2020-10-20 17:27:34 +02:00
Ludovic Poujol
c8d4da532f
evoacme: Don't ignore hooks with . in the name (ignore when it's ".disable")
2020-10-20 10:58:51 +02:00
Ludovic Poujol
9e5d041210
dovecot: Update munin plugin & configure it
2020-10-20 10:56:41 +02:00
Jérémy Lecour
d80461e39a
redis: variable to force use of port 6379 in instances mode
2020-10-19 16:03:58 +02:00
Ludovic Poujol
929f258bf8
nextcloud: New role
2020-10-02 16:51:05 +02:00
Jérémy Lecour
8b48552e36
Release 10.2.0
2020-09-17 14:06:46 +02:00
Jérémy Lecour
3e67d92fd3
certbot: an empty change shouldn't raise an exception
2020-09-16 12:07:27 +02:00
Jérémy Lecour
48174ad618
evoacme: remount /usr if necessary
2020-09-14 11:31:47 +02:00
Jérémy Lecour
b818c348c2
evoacme: remove Debian 9 support
2020-09-11 11:09:45 +02:00
Ludovic Poujol
f9d6fe0ad4
evolinux-base: install wget
2020-09-10 14:59:19 +02:00
Jérémy Lecour
c7151a8de8
certbot: fix "no-self-upgrade" option
2020-09-08 10:02:15 +02:00
Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
2020-09-01 14:08:39 +02:00
Jérémy Lecour
afa0fd35c8
Change default public SSH/SFTP port from 2222 to 22222
2020-08-28 18:32:47 +02:00
Jérémy Lecour
d0622c6b20
tomcat: root directory owner/group are configurable
2020-08-27 17:12:34 +02:00
Jérémy Lecour
7413a242a8
Release 10.1.0
2020-08-21 14:50:17 +02:00
Jérémy Lecour
1e6d6cdd13
sort lines in CHANGELOG
2020-08-21 14:03:41 +02:00
Jérémy Lecour
a60deb276b
evoacme: upstream release 20.08
2020-08-21 14:01:06 +02:00
Jérémy Lecour
8ea1bac000
evoacme: update for new certbot role
...
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
2020-08-21 13:36:24 +02:00
Benoît S.
a8095b1c36
Updated CHANGELOG.md with recent merges
2020-08-20 15:49:22 +09:00
Jérémy Lecour
57ac4e467c
metricbeat: allow using a template
2020-08-18 14:01:09 +02:00
Jérémy Lecour
ce35f7292f
filebeat: allow using a template
2020-08-18 14:00:46 +02:00
Jérémy Lecour
d3e69eeeb5
certbot: fix haproxy hook (ssl cert directory detection)
...
It was matching additional parameters.
Now it matches on the first argument after "crt"
2020-07-21 10:46:01 +02:00
Jérémy Lecour
21b8104654
elasticsearch: configure cluster with seed hosts and initial masters
2020-07-19 11:40:59 +02:00
Jérémy Lecour
9270852349
elasticsearch: set tmpdir before datadir
2020-07-19 11:30:00 +02:00
Jérémy Lecour
8aa7f6cf33
mongodb: install custom munin plugins
2020-07-17 13:48:18 +02:00
Jérémy Lecour
9bdd5ad9e7
haproxy: rotate logs with date extension and immediate compression
2020-06-22 19:02:29 +02:00
Jérémy Lecour
977c28c720
varnish: fix start command when multiple addresses are present
2020-06-16 13:51:07 +02:00
Jérémy Lecour
ce7468816f
haproxy: deport SSL tuning to Mozilla SSL generator
...
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good
configuration.
2020-06-15 22:47:08 +02:00
Jérémy Lecour
30cdbae981
haproxy: split stats variables
2020-06-15 22:45:22 +02:00
Jérémy Lecour
011761eb8f
haproxy: add deny_ips file to reject connections
2020-06-14 23:28:29 +02:00
Jérémy Lecour
8465743973
haproxy: add some comments to default config
2020-06-14 23:27:50 +02:00
Jérémy Lecour
4bf5b1daa6
nginx: read server-status values before changing the config
2020-06-14 12:49:10 +02:00
Jérémy Lecour
f47af9f54f
haproxy: preconfigure SSL with defaults
2020-06-14 12:37:04 +02:00
Jérémy Lecour
7f54b8ab60
haproxy: adapt backports installed package list to distibution
2020-06-14 12:37:04 +02:00
Jérémy Lecour
e5d4ea3c18
nginx: make default vhost configurable
2020-06-14 12:37:04 +02:00
Jérémy Lecour
ce0d61bcbd
certbot: detect HAProxy cert directory
2020-06-14 12:37:04 +02:00
Jérémy Lecour
a8887aaa8e
update changelog
2020-06-09 11:45:19 +02:00
Jérémy Lecour
4c71ea2012
haproxy: enable stats frontend with access lists
2020-06-09 11:41:33 +02:00
Patrick Marchand
c9daa8ba35
evobackup-client: Fix ssh connection test in zzz_evobackup.sh
...
When I made the ssh key name a variable and defaulted it to id_ed25519,
I forgot to change the hardcoded value for the ssh test in
evobackup-client/templates/zzz_evobackup.default.sh.j2
2020-06-08 17:22:18 -04:00
Jérémy Lecour
1ade990526
mongodb: fix logrotate patterm on Debian buster
2020-06-05 11:02:54 +02:00
Jérémy Lecour
7f0931510f
evoacme: upstream release 20.06.1
2020-06-05 11:01:42 +02:00
Ludovic Poujol
ebffccae59
lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
2020-06-05 11:01:22 +02:00
Ludovic Poujol
186f3d90b9
lxc-php: Install opensmtpd as intended
2020-06-05 10:57:49 +02:00
Ludovic Poujol
0dfb92360f
php: Don't disable putenv() by default in PHP settings
2020-06-04 11:52:04 +02:00
Ludovic Poujol
90704dc712
lxc-php: Don't disable putenv() by default in PHP settings
2020-06-04 11:51:25 +02:00
Ludovic Poujol
ead0b7fd88
lxc-php: Install php-sqlite by default
2020-06-04 11:42:17 +02:00
Ludovic Poujol
8c883c44dd
php: Install php-sqlite by default
2020-06-04 11:39:51 +02:00
Ludovic Poujol
c7d456471b
packweb-apache: Install zip & unzip by default
2020-06-04 11:34:26 +02:00
Jérémy Lecour
3bd0a4ffb3
certbot: restore compatibility with old Nginx
2020-06-04 11:22:58 +02:00
Jérémy Lecour
9aed38b637
certbot: install certbot dependencies non-interactively for jessie
2020-06-04 11:22:58 +02:00
Jérémy Lecour
1d5a30b144
evoacme: upstream release 20.06
2020-06-03 12:09:58 +02:00
Patrick Marchand
c8cd119a18
Merge pull request 'Make it possible to setup mysql replication' ( #102 ) from mysql_replication into unstable
2020-06-02 17:31:13 +02:00
Jérémy Lecour
4cf438c8ff
redis: raise an error is port 6379 is used in "instance" mode
2020-06-02 11:22:56 +02:00
Jérémy Lecour
8a87fecbe4
redis: new syntax for match filter
2020-06-02 11:00:06 +02:00
Jérémy Lecour
47d11308ba
redis: create sudoers file if missing
2020-06-02 10:59:51 +02:00
Jérémy Lecour
86cab2ab94
haproxy: chroot and socket path are configurable
2020-06-02 10:58:10 +02:00
Patrick Marchand
8c1e40c1a9
Add option to make a mysql install read only
...
Rebased on unstable
2020-06-01 12:03:23 -04:00
Ludovic Poujol
09371b095f
packweb-apache: Don't turn on mod-evasive emails by default
2020-05-18 12:03:34 +02:00
Jérémy Lecour
4016387ca8
Release 10.0.0
2020-05-13 11:20:45 +02:00
Jérémy Lecour
ac7ee86a9c
minifirewall: /bin/true command doesn't report "changed" anymore
2020-05-11 15:23:52 +02:00
Jérémy Lecour
849ec405d5
evocheck: upstream version 20.04.4
2020-04-28 16:00:45 +02:00
Jérémy Lecour
57e5791728
networkd-to-ifconfig: add variables for configuration by variables
2020-04-26 18:39:25 +02:00
Jérémy Lecour
2f77100b47
evocheck: upstream version 20.04.3
2020-04-26 10:54:49 +02:00
Jérémy Lecour
d013a65cf6
Merge branch 'unstable' into lpoujol/better-multiphp
2020-04-17 12:23:56 +02:00
Jérémy Lecour
6764418e75
evocheck: upstream release 20.04.2
2020-04-15 18:01:55 +02:00
Jérémy Lecour
257a3476f1
evocheck: upstream release 20.04.1
2020-04-12 22:30:07 +02:00
Jérémy Lecour
f2613e91aa
evolinux-base: configure cciss-vol-statusd in the proper file
...
The default file should be used for configuration instead of the init
script.
2020-04-10 11:36:03 +02:00
Ludovic Poujol
93c043c8e0
(fix) lxc: Fix container existance check to be able to run in check_mode
2020-04-08 17:57:46 +02:00
Ludovic Poujol
bd63e7037f
packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
2020-04-08 17:54:43 +02:00
Ludovic Poujol
f135f67cd0
(change) php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
...
Closes #98
2020-04-01 18:22:46 +02:00
Ludovic Poujol
7fc260a17b
(fix) php: update surry_post.yml to match current latest PHP release
2020-04-01 18:08:57 +02:00
Ludovic Poujol
f442239cec
(fix) packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
2020-04-01 18:05:20 +02:00
Ludovic Poujol
135a089341
(change) lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a21fcaf663
(fix) php: Chose the debian version repo archive for packages.sury.org
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a680399608
packweb-apache: Add missing dependency to evoacme role
2020-04-01 17:23:39 +02:00
Ludovic Poujol
9b80db3772
lxc: Don't stop the container if it already exists
2020-04-01 17:17:00 +02:00
Jérémy Lecour
5b5b8944c5
java: add Java 11 as possible version to install
2020-03-21 19:07:26 +01:00
Patrick Marchand
d5731f90e0
Merge branch 'bind9_evocheck_fix' into unstable
2020-03-10 13:48:52 -04:00
Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
92dcbf1ab5
rbenv: change default Ruby version to 2.7.0
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ac6414076c
nodejs: change default version to 12 (new LTS)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
783dcb9890
evomaintenance: upstream release 0.6.3
2020-03-02 22:12:58 +01:00
Jérémy Lecour
68a1d4eb27
update changelog
2020-03-02 20:53:54 +01:00
Jérémy Lecour
af53a6b2ec
evomaintenance: upstream release 0.6.2
2020-03-02 14:45:41 +01:00
Jérémy Lecour
eb74bda22a
nagios-nrpe: check_mode per cpu dynamically
2020-02-28 12:14:20 +01:00
Jérémy Lecour
1b29f2d793
update listupgrade from upstream
2020-02-27 13:41:04 +01:00
Jérémy Lecour
d31dddc9aa
evocheck: upstream verison 20.02.1
2020-02-27 11:37:01 +01:00
Jérémy Lecour
65bc2c657d
certbot: commit hook must be executed at the end
2020-02-25 10:46:21 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
ff7f8669ef
evomaintenance: install PG dependencies only when needed
2020-02-25 10:43:23 +01:00
Ludovic Poujol
704b76e6de
minifirewall: Properly detect alert5.sh to turn on firewall at boot
2020-02-17 16:02:48 +01:00
Ludovic Poujol
02e8754d75
minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
2020-02-17 10:56:38 +01:00
Jérémy Lecour
f57af13349
minifirewall: better alert5 activation
2020-02-10 10:36:00 +01:00
Jérémy Lecour
68b7a88e63
apt: added buster backports prerferences
2020-02-10 10:35:18 +01:00
Patrick Marchand
896b8bd7e4
Merge branch 'evobackup-client' into unstable
...
Import evobackup client code into mainline.
2020-02-06 16:29:02 -05:00
Jérémy Lecour
72f5dc70f8
apt: hold packages only if package is installed
2020-02-04 18:14:57 +01:00
Jérémy Lecour
dc7358bc4c
nagios-nrpe: change default haproxy socket path
2020-01-23 15:04:25 +01:00
Jérémy Lecour
02858692bb
evomaintenance: don't configure firewall for database if not necessary
2020-01-23 14:34:03 +01:00
Jérémy Lecour
71a2a19847
apache: the default VHost doesn't redirect to https for ".well-known" paths
2020-01-23 14:34:03 +01:00
Ludovic Poujol
31df2d2fbc
php: Add a task to remove Debian's default FPM pool file (off by default)
...
Can be triggered by switching php_fpm_remove_default_pool to True.
2020-01-16 15:55:35 +01:00
Ludovic Poujol
ef5ed6911e
php: Change the default pool names to something more explicit (and same for the variables names)
...
Because it's more than just pure configuration, but a fpm pool
definition, I've changed the following variables in Ansible :
- php_fpm_defaults_conf_file to replaced by php_fpm_default_pool_file
- php_fpm_custom_conf_file to php_fpm_default_pool_custom_file.
On the FPM side, I've also changed the files names of the pool to make
them more explicit. No more z and zzz. It's the www pool, so let's put
www in the file name for coherence :
- z-evolinux-defaults.conf changes to www-evolinux-defaults.conf
- zzz-evolinux-custom.conf changes to www-evolinux-zcustom.conf
2020-01-16 15:55:25 +01:00
Ludovic Poujol
c9d3635cf8
php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
2020-01-16 15:55:17 +01:00
Jérémy Lecour
80081aa26e
evolinux-base: remove the chrony package
2020-01-16 10:57:47 +01:00
Jérémy Lecour
e7952dc3c8
etc-git: fix warnings ansible-lint
2020-01-08 17:19:36 +01:00
Jérémy Lecour
bf7de332ea
minifirewall: fix warnings ansible-lint
2020-01-08 17:19:13 +01:00
Jérémy Lecour
f79b30eeb4
update changelog
2020-01-03 16:40:53 +01:00
Jérémy Lecour
3b258cc43e
tomcat: package version derived from Debian version if missing
2019-12-31 16:43:51 +01:00
Patrick Marchand
20191c8873
Fixed regression introduced by commit 276177900b
...
The default behavior for ansible template is to overwrite the
targeted file. Since we dont always want to overwrite a file when
we play this role, we set `force` to `False` by default. This means
that if the `dest` already exists, ansible will not overwrite it
with it's given template.
This is fine for most of the tasks in this role, but in the case
of `{{ evoadmin_scripts_dir }}/web-mail.tpl`,the file is created
by a task that runs prior to the template task, so setting it to
`False` by default means it never gets updated and clients dont get
notified when they create new websites.
2019-12-24 14:10:24 -05:00
Victor LABORIE
2a1e0b7ef6
evolinux-base: install ssacli for HP Smart Array
2019-12-13 11:00:20 +01:00
Jérémy Lecour
e557a3eaae
apache: improve permissions in save_apache_status script
2019-12-13 10:44:44 +01:00
Ludovic Poujol
6e918d166e
evolinux-base: Don't make alert5.service executable
...
Every 3 mins, systemd complain that the service file is marked as
executable, and asks the executable bit to be remove.
Nov 27 01:35:11 foo systemd[1]: Configuration file /etc/systemd/system/alert5.service is marked executable. Please remove executable permission bits. Proceeding anyway.
2019-11-28 10:59:29 +01:00
Ludovic Poujol
0e58f34e18
certbot: Properly evaluate when apache is installed
...
Checking the existence of /etc/apache2 is not enough as a condition to
validate the presence of apache.
Indeed, some packages (including certbot!!!), put some files in
/etc/apache2/conf-available even if apache isn't installed.
In those cases, the check is not correct, and we'll enter in the apache
block, and fail when we try to enable the configuration.
With this commit, we now validate the presence apache with the presence
of /usr/sbin/apachectl
2019-11-26 11:58:52 +01:00
Ludovic Poujol
dc1c78e08a
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
...
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.
The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :
[FAIL] Closing open files: rsyslogd failed!
Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.
Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.
Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
2019-11-22 16:48:19 +01:00
Jérémy Lecour
473bcb4cd6
apt: verify that /etc/evolinux is present
2019-11-20 11:34:47 +01:00
Jérémy Lecour
26dd244ae0
nagios-nrpe: update check_redis_instances
2019-11-13 09:47:23 +01:00
Jérémy Lecour
7f6ad406a5
evocheck: upstream version 19.11.2
2019-11-07 10:38:32 +01:00
Jérémy Lecour
767760cbe0
evocheck: upstream version 19.11.1
2019-11-06 07:50:45 +01:00
Jérémy Lecour
049d36ab8f
etc-git: add versioning for /usr/share/scripts on Debian 10+
...
The repository.yml task file is generic and can be called for vrious
repositories.
On Debian 10, /usr/share/scripts is versioned
2019-11-05 17:00:22 +01:00
Jérémy Lecour
6b77372f24
evocheck: upstream version 19.11
2019-11-05 16:20:07 +01:00
Jérémy Lecour
a55e29186f
evomaintenance: upstream version 0.6.0
2019-11-05 14:52:59 +01:00
Jérémy Lecour
ab8c6b13b8
evoacme: upstream version 19.11
2019-11-05 14:08:02 +01:00
Jérémy Lecour
7e50a460a8
minifirewall: add a variable to force the check scripts update
2019-11-05 10:52:14 +01:00
Jérémy Lecour
5476538eb1
minifirewall: no http filtering by default
2019-10-30 14:37:22 +01:00
Jérémy Lecour
f2dacac139
evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+)
2019-10-30 14:32:32 +01:00
Jérémy Lecour
8679da4cb6
evolinux-base: install /sbin/deny
2019-10-30 14:32:32 +01:00
Jérémy Lecour
772c333623
apt: remove jessie/buster sources from Gandi servers
2019-10-30 14:32:32 +01:00
Jérémy Lecour
e80e4197c2
evocheck: upstream version 19.10
2019-10-25 13:17:16 +02:00
Jérémy Lecour
d5a6487315
Merge branch 'mongodb-buster' into unstable
2019-10-24 17:23:53 +02:00
Jérémy Lecour
27adad616f
squid: compatibility wit Debian 10
2019-10-24 16:23:48 +02:00
Jérémy Lecour
85b0e36f33
CHANGELOG: sort alphabetically
2019-10-24 15:37:58 +02:00
Jérémy Lecour
76864f226e
WIP mongodb: compatibility with Debian 10
2019-10-24 15:36:51 +02:00
Jérémy Lecour
ee72dd07ff
rbenv: install Ruby 2.6.5 by default
2019-10-22 15:03:45 +02:00
Jérémy Lecour
2ea88dc385
mysql-oracle: backport tasks from mysql role
2019-10-21 16:32:59 +02:00
Jérémy Lecour
12cebfa71c
lxc-php: refactor tasks for better maintainability
2019-10-21 15:26:03 +02:00
Ludovic Poujol
2d2889ac16
php: Don't set a chroot for the default fpm pool
2019-10-16 15:59:33 +02:00
Ludovic Poujol
0a7262081a
php: add missing handler for php7.3-fpm
2019-10-16 15:17:35 +02:00
Jérémy Lecour
edb5ace762
haproxy: add a variable to keep the existing configuration
2019-10-10 11:27:39 +02:00
Patrick Marchand
c6804e73e7
Adapted the bind role to respect the evocheck warnings
...
The required munin plugins and the logging necessary for them to work is
now activated depending on the type of resolver and the logrotate file is
changed from bind to bind9.
2019-10-09 11:54:30 -04:00
Ludovic Poujol
4aaeb4590b
lxc: rely on lxc_container module instead of command module
2019-10-02 16:32:20 +02:00
Ludovic Poujol
e985f5778c
evoadmin-web: Put the php config at the right place for Buster
2019-10-02 15:48:03 +02:00
Ludovic Poujol
a5378c783e
lxc: update our default template to be compatible with Debian 10
2019-10-01 17:54:13 +02:00
Ludovic Poujol
ae97276e13
lxc: remove useless loop in apt execution
2019-10-01 17:54:13 +02:00
Jérémy Lecour
a478c773eb
apt: check if cron is installed before adding a cron job
2019-09-30 14:12:38 +02:00
Jérémy Lecour
394e28b815
WIP: new certbot role
2019-09-27 00:21:29 +02:00
Jérémy Lecour
e3e908dd4c
Merge branch 'redis-instances' into unstable
2019-09-25 22:25:42 +02:00
Gregory Colpart
6fe86a76c5
remove reload-vcl.sh (Custom Varnish ExecReload script) when Debian >= 10
2019-09-24 14:00:22 +02:00
Jérémy Lecour
f09a405d84
mongodb: still incompatible with Debian 10
2019-09-23 22:18:52 +02:00