Jérémy Lecour
c17bb03535
minifirewall: tail template follows symlinks
continuous-integration/drone Build is passing
2022-03-25 18:16:36 +01:00
Jérémy Lecour
d7d58bf158
Merge branch 'unstable' into stable
2022-03-02 09:42:28 +01:00
Jérémy Lecour
e5dc503cfd
Release 22.03
2022-03-02 09:42:12 +01:00
Jérémy Lecour
270d03b6a6
evolinx-users: optimize sudo configuration
2022-03-02 09:40:52 +01:00
Jérémy Lecour
1dc4d0e133
redis: always install check_redis_instances
2022-03-01 14:04:05 +01:00
Jérémy Lecour
c8ef7e9b75
redis: check_redis_instances tolerates absence of instances
2022-03-01 14:02:22 +01:00
Gregory Colpart
53af37e055
We use now TCP/8891, cf HowtoOpenDKIM
2022-02-24 15:31:34 +01:00
Jérémy Lecour
d9e95218ce
apt_hold_packages: broadcast message with wall, if present
2022-02-24 11:49:12 +01:00
Eric Morino
6321f32e81
Add zzz-evolinux-custom.conf to dovecot role
2022-02-24 10:42:48 +01:00
Ludovic Poujol
69a9cb9591
elasticsearch: Use /etc/elasticsearch/jvm.options.d/evolinux.options
instead of default /etc/elasticsearch/jvm.options
...
Note : Files in that folder require the ".options" prefix
Fixes a2f73bb7df
2022-02-23 10:14:43 +01:00
Ludovic Poujol
39949ea921
generate-ldif: Add support for php-fpm in containers
2022-02-21 11:31:00 +01:00
Ludovic Poujol
e79141d2d2
lxc: Fail if /var is nosuid
2022-02-17 16:25:20 +01:00
Jérémy Lecour
799466788f
lxc-php: preliminary support for PHP 8.1 container
2022-02-17 14:50:21 +01:00
Jérémy Dubois
03c97f2d0f
openvpn: fix last_openvpn_restart_date variable
2022-02-15 18:06:45 +01:00
William Hirigoyen (Evolix)
1fdc0f2566
Fix missing evolinux_server_custom file copy in Nginx role.
2022-02-15 17:46:14 +01:00
Jérémy Dubois
f3c443d076
openvpn: now check that openvpn has been restarted since last certificates renewal
2022-02-15 15:52:21 +01:00
Brice Waegeneire
ebfa8df6bc
nrpe: Add check_mount_rw
2022-02-14 12:00:09 +01:00
William Hirigoyen (Evolix)
68b4b0803e
#60953 Désactivation AppArmor par défaut dans LXC
2022-02-10 18:03:32 +01:00
Ludovic Poujol
9995fca35d
varnish: update munin plugin to work with recent varnish versions
2022-02-08 16:16:24 +01:00
William Hirigoyen (Evolix)
e080b37be2
Add Includes in PHPVersion search.
2022-02-08 11:11:09 +01:00
Ludovic Poujol
a2f73bb7df
elasticsearch: Use /etc/elasticsearch/jvm.options.d/evolinux
instead of default /etc/elasticsearch/jvm.options
2022-02-07 15:18:46 +01:00
Jérémy Dubois
981128dc17
openvpn: make it compatible with OpenBSD and add some improvements
2022-02-03 18:35:16 +01:00
Jérémy Lecour
0cbdda840d
Explicit permissions for systemd overrides
2022-02-03 14:18:20 +01:00
Jérémy Lecour
9e27d9707b
kvm-host: add missing default value
2022-02-03 14:16:45 +01:00
Jérémy Lecour
5153b88d01
evolinux-base: option to bypass raid-related tasks
2022-02-03 14:15:33 +01:00
Jérémy Lecour
25563ee0f0
Merge pull request 'Release 22.01.3' ( #146 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#146
2022-01-31 11:58:23 +01:00
Jérémy Lecour
3dd78fbf7e
Release 22.01.3
2022-01-31 11:57:21 +01:00
Jérémy Lecour
cd4822488c
Merge branch 'stable' into unstable
2022-01-31 11:56:10 +01:00
Jérémy Lecour
fcb0b8c80f
backup-server-state: 22.01.3
2022-01-28 16:27:39 +01:00
Jérémy Lecour
cd26081add
rbenv: install Ruby 3.1.0 by default
2022-01-28 16:27:20 +01:00
Jérémy Lecour
8beb1e7460
evolinux-base: backup-server-state: fix systemctl invocation
2022-01-28 16:25:28 +01:00
Jérémy Lecour
6d5aa67045
evolinux-base: backup-server-state: add "force" mode
2022-01-28 16:25:17 +01:00
Jérémy Lecour
359719d0d0
Merge pull request 'Release 22.01.2' ( #144 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#144
2022-01-27 14:13:53 +01:00
Jérémy Lecour
bb30402df3
Release 22.01.2
2022-01-27 14:12:40 +01:00
Jérémy Lecour
6ccd0ea440
Release 22.01.1
2022-01-27 14:04:41 +01:00
Jérémy Lecour
88cd8a0976
evolinux-base: backup-server-state: rename options and use mysqladmin instead of mysql
2022-01-27 12:21:32 +01:00
Jérémy Lecour
519228ff9f
evolinux-base: backup-server-state: add disks and uname state
2022-01-27 12:09:04 +01:00
Brice Waegeneire
6dc17658a9
evolinux-base: backup-server-state: Add options.
...
New options:
- --dmesg / --no-dmesg
- --mysql / --no-mysql
- --services / --no-services
2022-01-27 11:50:18 +01:00
Jérémy Lecour
2849039fad
remount-usr: use findmnt to find if usr is a readonly partition
2022-01-27 11:21:19 +01:00
Jérémy Lecour
80f8a94798
evolinux-base: many improvements for backup-server-state script
2022-01-27 10:29:08 +01:00
Eric Morino
0a244894eb
Add fix repository in source.list for bullseye
2022-01-26 11:07:10 +01:00
Jérémy Lecour
2c6a3601de
Merge pull request 'Release 22.01' ( #142 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#142
2022-01-25 18:30:07 +01:00
Jérémy Lecour
bff8fcfebb
apt: upgrade packages after all the configuration is done
2022-01-25 18:25:47 +01:00
Jérémy Lecour
93929864be
lxc-php: use bullseye-php80 for php80 container
2022-01-25 17:45:17 +01:00
Jérémy Lecour
52fff750df
evolinux-base: move "/sbin/deny" install to utils.yml tasks file
2022-01-25 17:44:42 +01:00
Jérémy Lecour
0e34d4cd4b
Merge remote-tracking branch 'origin/bullseye-swap-top' into unstable
2022-01-25 15:15:05 +01:00
Jérémy Lecour
8f8c024163
Merge branch 'unstable' into bullseye-swap-top
2022-01-25 15:13:10 +01:00
Jérémy Lecour
1f4ee2de79
Prepare CHANGELOG for 22.01 release
2022-01-25 15:00:03 +01:00
Jérémy Lecour
0fce412cf5
add WIP warning to check_async
2022-01-25 14:56:39 +01:00
Jérémy Lecour
544b213529
evomaintenance: Upstream release 22.01
2022-01-25 14:56:39 +01:00
Jérémy Lecour
266289c72e
whitespaces
2022-01-25 14:56:39 +01:00
Jérémy Lecour
51bc48623b
dovecot: switch to TLS 1.2+ and external DH params
2022-01-25 14:56:39 +01:00
Mathieu Trossevin
7a969a0be2
Merge pull request 'lxc-php: Fix config for opensmtpd on bullseye' ( #137 ) from mtrossevin/ansible-roles:opensmtpd-bullseye into unstable
...
Reviewed-on: evolix/ansible-roles#137
2022-01-25 12:00:01 +01:00
Mathieu Trossevin
1902c40c3c
lxc-php: Fix config for opensmtpd on bullseye
2022-01-25 11:57:41 +01:00
Mathieu Trossevin
fec9e49c18
Repair munin role
2022-01-25 11:01:45 +01:00
Jérémy Dubois
3822696db6
Update CHANGELOG for new openvpn role
2022-01-24 19:23:26 +01:00
Jérémy Dubois
4effe91b9f
Write an openvpn role
2022-01-24 19:12:48 +01:00
Brice Waegeneire
168b0fa9b7
nginx: Add snippet for custom server block config.
2022-01-20 10:44:02 +01:00
Jérémy Lecour
c4fab71d7a
evolinux-base: add new states to backup-server-states
2022-01-15 18:51:03 +01:00
Ludovic Poujol
c8a862c5e7
nagios-nrpe: Amélioration du check phpfpm_status et phpfpm_multi
...
Pour phpfpm_status > Ajout de la possibilité d'avoir un seuil de max procs actifs
Pour phpfpm_multi > Utilisation des seuils max (calculé sur le pm.max_children) + timeout
2022-01-14 17:06:48 +01:00
Jérémy Lecour
ea382a1686
varnish: add additional options
2022-01-12 13:04:22 +01:00
Jérémy Lecour
ca1f465aaa
nodejs: default to version 16 LTS
2022-01-12 13:04:22 +01:00
William Hirigoyen (Evolix)
bd39adaf68
Fail if /var has nodev or noexec option enabled.
2022-01-11 11:48:57 +01:00
William Hirigoyen (Evolix)
14883aa95e
Ensure that /var is mounted with dev and exec options prior to LXC container creation.
2022-01-11 11:02:09 +01:00
Brice Waegeneire
4c6d30a52c
apache: block access to .git* and .env* files
2021-12-28 16:27:05 +01:00
Jérémy Lecour
1893b6dea5
don't enable alert5 service in check mode
2021-12-23 16:56:43 +01:00
Jérémy Lecour
ec346a42a5
munin: systemd override to unprotect home directory
2021-12-23 16:56:23 +01:00
William Hirigoyen (Evolix)
1c754f7eb0
Fix Filebeat role for --check mode.
2021-12-21 15:27:46 +01:00
Eric Morino
7bb7b22d1f
Add redirectMath 404 on http request /.git by default
2021-12-20 09:59:25 +01:00
Ludovic Poujol
7c7ccf07eb
generate-ldif: fix typo in var name (cap)
2021-12-13 17:01:59 +01:00
Ludovic Poujol
64b632c000
evolinux-base: Donner le choix (ou non) de virer apt-listchanges
2021-12-10 11:37:56 +01:00
Ludovic Poujol
8b701e615f
evolinux-base: Donner le choix de changer (ou non) le motd
2021-12-10 11:37:33 +01:00
Ludovic Poujol
d27d6b69cd
evolinux-base: Add missing dependency dmidecode
2021-12-08 18:35:55 +01:00
Ludovic Poujol
bd429275d1
generate-ldif: properly flag virtual machines on vmware as virtual machines
2021-12-08 18:07:53 +01:00
Eric Morino
cd7c488713
Add rule .well-know to allow letsencrypt challenge
2021-11-26 16:37:00 +01:00
Eric Morino
7e36d03804
Add new location by default for /.well-know, fix some warning in Nextcloud check setup
2021-11-26 15:42:39 +01:00
Eric Morino
2ec026c2b3
Change variable item by kvm_pair and disable loop on all 'hypervisor' group
2021-11-26 11:08:43 +01:00
Mathieu Trossevin
53cd3ba342
Merge pull request 'nagios-nrpe: Fix check_nfsserver for buster and bullseye' ( #138 ) from mtrossevin/ansible-roles:check_nfsserver-buster into unstable
...
Reviewed-on: evolix/ansible-roles#138
2021-11-24 11:12:11 +01:00
Mathieu Trossevin
d3eef71127
nagios-nrpe: Fix check_nfsserver for buster and bullseye
...
From buster onward the nfs server doesn't run NFSv4 over UDP (it is out
of spec, see RFC 7530). As such the check broke as it attempt to check
the availability of NFSv4 over UDP.
Right now the check doesn't check for NFSv2 over UDP as it would need to
check if it exist first, as on bullseye it isn't supported by default
anymore.
2021-11-24 11:11:39 +01:00
Ludovic Poujol
82694ef5e9
generate-ldif: Don't miss detect deb11 as VM
2021-11-22 17:40:49 +01:00
Ludovic Poujol
a35139fcee
Add missing sudoers line (for old debian 9)
2021-11-22 16:28:30 +01:00
Eric Morino
8dca949564
Add *xml to crontab for sync libvirt xml file
2021-11-22 11:44:07 +01:00
Eric Morino
c9af7db827
re-activation task ssh.yml + modify crontab for sync list of running vm + add tags
2021-11-22 11:38:10 +01:00
Eric Morino
21bd4021d3
add virsh list --all on kvm host and this neighbor
2021-11-22 10:42:46 +01:00
Eric Morino
4fb885a33b
Fix right for redis log dir and log file
2021-11-15 11:33:34 +01:00
Jérémy Lecour
e4bb0c6f55
filebeat/metricbeat: version 7.x y default
2021-11-12 10:07:43 +01:00
Jérémy Lecour
039c740ef3
mysql: add evomariabackup 21.11
2021-11-01 10:16:55 +01:00
William Hirigoyen (Evolix)
51aaac0cbc
Fix evocheck_force_install VARIABLE IS NOT DEFINED (validé par jlecour)
2021-10-29 14:54:44 +02:00
Jérémy Lecour
6cf8195744
evolinux-base: fix alert5.service dependency syntax
2021-10-29 07:52:38 +02:00
Alexis Ben Miloud--Josselin
0247216429
[kvmstats] Sort domain list
2021-10-28 10:27:44 +02:00
Eric Morino
2ea8d279d5
Add replication graph for mysql
2021-10-27 10:43:17 +02:00
William Hirigoyen (Evolix)
b9c1e9eafe
Fix missing quote, option createhome -> create_home in Ansible 3.10, no mode option in user module (fix error introduced in e75eeb8c3f
)
2021-10-26 15:34:13 +02:00
Jérémy Lecour
dcfea674a4
listupgrade: old-kernel-removal version 21.10
2021-10-25 14:23:52 +02:00
Jérémy Lecour
646a7b1813
evocheck: package install is not supported anymore
2021-10-25 10:08:40 +02:00
Jérémy Lecour
dd53c01027
evocheck: upstream release 21.10.4
2021-10-25 10:02:12 +02:00
Jérémy Lecour
0e2b43a1e9
backup-server-state: add virsh and lxc lists
2021-10-22 15:33:58 +02:00
Jérémy Dubois
90acb99c2a
nagios-nrpe: new check influxdb
2021-10-22 14:51:57 +02:00
Jérémy Lecour
ca28df1b75
evocheck: upstream release 21.10.3
2021-10-22 13:57:56 +02:00
Jérémy Lecour
1706361e8d
evocheck: upstream release 21.10.2
2021-10-22 13:43:43 +02:00
Jérémy Lecour
72e8200d5b
kvm-host: reorganize code for kvmstats
...
* add -V|--version flag
* add -h|--help flag
* normalize options parsing
2021-10-22 13:30:34 +02:00
Ludovic Poujol
03f846b94b
remount before the task
2021-10-22 11:56:43 +02:00
Jérémy Lecour
7cb6dffd6f
add internal VERSION variable to kvmstats and add-vm
2021-10-21 17:32:37 +02:00
Jérémy Lecour
dcdde5f7f6
evocheck: upstream release 21.10.1
2021-10-21 17:32:11 +02:00
Ludovic Poujol
9b3bb39bd0
mysql : Create a default ~root/.my.cnf for compatibility reasons
2021-10-20 16:31:05 +02:00
Ludovic Poujol
b120a92203
evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
2021-10-20 15:59:20 +02:00
Eric Morino
be5bb73675
Include role remount-usr to backup-state-server
2021-10-20 15:57:58 +02:00
Ludovic Poujol
a9d0d0958d
packweb-apache : Support php 8.0
2021-10-18 18:30:47 +02:00
Jérémy Dubois
d38119eb0f
nginx : fix variable name and debug
...
nginx_minimal defined the nginx_package_name_default variable which was not
used instead of the nginx_default_package_name variable
also fixed debug which was reversed, and add another one to be sure which mode
is used
2021-10-18 15:01:59 +02:00
Jérémy Lecour
7586881f4d
fix module name
2021-10-15 10:54:39 +02:00
Jérémy Lecour
bbd16dc5b4
evolinux-base: add script backup-server-state
2021-10-15 10:50:42 +02:00
Jérémy Lecour
33cb1dd8ef
certbot: detect domains for SAN certificates
2021-10-14 17:38:42 +02:00
Jérémy Lecour
6a4b250b5d
etc-git: better output detection
2021-10-12 18:23:50 +02:00
Jérémy Lecour
520cba9c5b
etc-git: evocommit has an Ansible mode to report changes
2021-10-12 11:15:33 +02:00
Jérémy Lecour
9aff38c0a7
squid: add ZeroSSL to default whitelist
2021-10-12 11:15:33 +02:00
Eric Morino
2dfd0c0706
Add squid logrotate
2021-10-11 11:03:34 +02:00
Jérémy Lecour
3e80c98a05
etc-git: evocommit should be present
2021-10-08 15:46:45 +02:00
Jérémy Lecour
2d11580a6e
forgotten file
2021-10-06 16:54:52 +02:00
Jérémy Lecour
dfd6aa0315
evocheck: minifirewall is not ready yet
2021-10-06 16:54:11 +02:00
Jérémy Lecour
679875d00b
mysql: install python dependencies earlier
2021-10-06 14:43:43 +02:00
Ludovic Poujol
73d6979e72
Various changes on mongodb (support 5.0) + fixes & compatibility
...
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Add missing remount-usr for munin plugins
2021-10-05 15:49:47 +02:00
Brice Waegeneire
616ead41d5
lxc-php: Add php 8.0 support
2021-10-05 14:38:40 +02:00
Jérémy Lecour
a6fe0397a6
etc-git: back to 2 tasks for each commit
...
"test X && git commit" generates a failure and a lot of noise.
2021-10-05 14:31:53 +02:00
Jérémy Lecour
7d63f20336
evoacme: exclude renewal-hooks directory from cron
2021-10-05 08:28:47 +02:00
Jérémy Lecour
86e5df9c16
etc-git: simplify commit tasks
2021-10-05 07:48:37 +02:00
Jérémy Lecour
7b14296503
etc-git: optimize maintenance tasks
...
* manage commits with an optimized shell script instead of many slow Ansible tasks
* centralize cron jobs in dedicated crontab
2021-10-02 12:50:01 +02:00
Jérémy Lecour
37cb18f676
nginx: improve tasks naiming
2021-10-02 09:35:17 +02:00
Jérémy Lecour
e089ddf091
evocheck: upstream release 21.10
2021-10-01 18:27:44 +02:00
Jérémy Lecour
de843cb91f
mysql: fix task settings temporary mistake
2021-10-01 18:26:22 +02:00
Jérémy Lecour
6cb2c66924
mysql: fix task settings temporary mistake
2021-09-30 17:52:49 +02:00
Jérémy Lecour
b293cf2cf9
Install python 2 or 3 libraries according to running python version
2021-09-30 17:05:10 +02:00
Jérémy Lecour
dc1a01ce37
lxc: fix dependencies
2021-09-30 12:10:55 +02:00
Jérémy Lecour
5cbfda8f52
docker-host: install additional dependencies
2021-09-30 12:09:11 +02:00
Jérémy Lecour
b2f8095d14
mysql: fix task settings temporary mistake
2021-09-30 12:07:39 +02:00
Jérémy Lecour
9b479f9c05
evolinux-base: logs are rotated with dateext by default
2021-09-30 12:07:02 +02:00
Jérémy Lecour
4a035d248d
evocheck: upstream release 21.09
2021-09-30 10:45:07 +02:00
Jérémy Lecour
3de5de5304
mysql: improve Bullseye compatibility
2021-09-30 10:13:11 +02:00
Jérémy Lecour
4c52719561
php: fix assert condition
2021-09-29 18:39:42 +02:00
Jérémy Lecour
437d2986ae
better python3 modules management
2021-09-29 18:39:29 +02:00
Jérémy Lecour
0eb7332a34
php: enforce Debian version with assert instead of fail
2021-09-29 16:43:55 +02:00
Jérémy Lecour
febc76b26c
php: fix tasks names
2021-09-29 16:40:25 +02:00
Ludovic Poujol
e130728034
evolix-users: Add missing sudo auth for check_raid for HP hardware
2021-09-24 14:33:56 +02:00
Jérémy Lecour
73efee9caa
etc-git: purge old .git/index.lock (default: True)
2021-09-23 14:45:24 +02:00
Eric Morino
3fcb79a3a3
Fix path to dhparam certificate
2021-09-21 15:55:25 +02:00
Eric Morino
ae2be6a009
Fix indent for generate dh_param
2021-09-21 14:47:41 +02:00
Jérémy Lecour
1d55965527
logstash: no more dependency on Java
2021-09-21 14:43:58 +02:00
Jérémy Lecour
8233264d2a
logstash: logging to syslog is configurable (default: True)
2021-09-21 14:43:58 +02:00
Jérémy Lecour
ef1472cbba
logstash: elastic_stack_version = 7.x
2021-09-21 14:43:58 +02:00
Ludovic Poujol
f75354bb84
generate-ldif: detect mdadm
2021-09-16 17:26:58 +02:00
Ludovic Poujol
de4d814d74
generate-ldif: detect hardware raid card
2021-09-16 17:17:32 +02:00
Ludovic Poujol
6a2cd59e6d
nagios-nrpe + evolinux-users: new check ipmi
2021-09-16 16:48:03 +02:00
Ludovic Poujol
51fd2337f0
nagios-nrpe + evolinux-users: new check raid (soft + hard)
2021-09-16 16:40:57 +02:00
Ludovic Poujol
fa0c668cec
evolinux-base: install freeipmi by default on dedicated hw
2021-09-16 15:58:10 +02:00
Brice Waegeneire
45b7ce3486
lxc-php: Use Debian bullseye package for php74
2021-09-14 14:42:31 +02:00
Jérémy Lecour
2b549af7d9
evolinux-base: split dpkg logrotate configuration
2021-09-09 10:23:53 +02:00
Jérémy Lecour
e429f7aecb
squid: add *.o.lencr.org to default whitelist
2021-09-07 14:01:52 +02:00
Jérémy Lecour
0cab062431
kill/list all queries at once
2021-09-01 17:41:27 +02:00
Jérémy Lecour
e76f2fe448
mysql-queries-killer: use a config file
2021-08-31 11:58:52 +02:00
Jérémy Lecour
b908fc6cee
certbot: don't install legacy Certbot on Debian 9
2021-08-30 14:07:46 +02:00
Jérémy Lecour
51e414df31
certbot: syntax for "no-self-upgrade" variable
2021-08-30 14:07:11 +02:00
Jérémy Lecour
887c1552cb
certbot: sync_remote.sh uses quotes for variable export
2021-08-30 14:06:32 +02:00
Jérémy Lecour
e45ee59801
mysql: script "mysql-queries-killer.sh" to kill MySQL queries
2021-08-30 14:05:15 +02:00
Jérémy Lecour
73f55a42fa
forgotten file
2021-08-30 09:26:04 +02:00
Jérémy Lecour
65750d2aa6
evomaintenance: extract a config.yyml tasks file
2021-08-30 09:24:57 +02:00
Jérémy Lecour
74ab96d67f
loop syntax and whitespaces
2021-08-27 11:01:28 +02:00
Eric Morino
d2ef3fe27f
Fix syntax on task "plugins are installed for"
2021-08-27 10:50:34 +02:00
Gregory Colpart
5e794cd2b6
commit whitespace
2021-08-26 12:24:00 +02:00
Eric Morino
6c21c3b505
Add configuration for listener stats write and read with correct right
2021-08-26 09:51:53 +02:00
Jérémy Lecour
ecba57ad75
evolinux-base: install molly-guard by default
2021-08-25 17:57:38 +02:00
Jérémy Lecour
2c7380240c
nagios-nrpe + evolinux-users: new checks for bkctld
2021-08-25 11:56:26 +02:00
Eric Morino
999efb3983
Add "may take several minutes" for task generate dhparam
2021-08-25 11:52:10 +02:00
Eric Morino
916138575a
Add generate dhparam and update variables for dovecot 2.3
2021-08-25 11:49:08 +02:00
Jérémy Lecour
5a83a30a4c
whitespace
2021-08-24 18:16:11 +02:00
Eric Morino
bd92ff95c8
use absolute path in evacme cron
2021-08-20 11:33:30 +02:00
Brice Waegeneire
2448168008
evolinux-base: Add swap column to htop and top
2021-08-17 18:03:00 +02:00
Ludovic Poujol
42189ba613
Configure php7.4 for evoadmin-web on bullseye
2021-08-17 16:38:21 +02:00
Jérémy Lecour
066baf3538
Revert "bullseye-detect: this role is obsolete, Debian 11 has been fully released"
...
This reverts commit c9f25f4638
.
2021-08-17 15:33:06 +02:00
Eric Morino
ca7d8e9739
Add variable mysql_performance_schema and configuration in evolinux_custom template
2021-08-17 15:11:10 +02:00
Jérémy Lecour
ad457dd7ba
apt: use the new security repository for Bullseye
2021-08-16 14:12:31 +02:00
Jérémy Lecour
969a5bce7d
apt: remove workaround for Evolix public repositories with Debian 11
2021-08-16 13:50:53 +02:00
Jérémy Lecour
d186e21239
evoadmin-web: simpler PHP packages lists
2021-08-16 13:49:13 +02:00
Jérémy Lecour
c9f25f4638
bullseye-detect: this role is obsolete, Debian 11 has been fully released
2021-08-16 13:47:33 +02:00
Jérémy Lecour
139b342fbd
certbot: silence letsencrypt deprecation warnings
2021-07-20 17:19:57 +02:00
Gregory Colpart
491407953c
We want LDAP listen on ldapi:/// by default
2021-07-08 19:22:00 +02:00
Jérémy Lecour
bf49ec8df5
mysql: script "mysql_connections" to display a compact list of connections
2021-07-08 15:10:35 +02:00
Jérémy Lecour
32b5efa30e
evocheck: upstream release 21.07
2021-07-07 15:20:24 +02:00
Jérémy Lecour
73352f55d7
evolinux-base: add tags to hardawre tasks
2021-07-07 14:32:38 +02:00
Ludovic Poujol
b362fadc80
typo (again) + not using trusted.gpg isn't restricted to debian 9+
2021-07-06 16:22:45 +02:00
Ludovic Poujol
8e6c08b81b
evolinux-base: Change the pattern of MegaRAID detect
...
Seems the card names may somethings between 'MegaRAID' and 'SAS'
I'll take the short and easy path as I think MegaRAID is enough in most cases
2021-07-06 16:12:14 +02:00
Ludovic Poujol
7a089f88af
Correct typo in var name
...
trusted_gpg_keyring.stat.present instead of _trusted_gpg_keyring.stat.present
2021-07-06 16:09:54 +02:00
Ludovic Poujol
49cb5adf92
evolinux-base: Fix hw card detect
...
Run the shell command as bash instead of sh; otherwise it will fail because of the set -o pipefail
2021-07-06 16:09:17 +02:00
Jérémy Lecour
c77e0d73f8
Merge branch 'bullseye' into unstable
2021-07-04 22:09:14 +02:00
Jérémy Lecour
29ec7bdcf2
Remove embedded GPG keys only if legacy keyring is present
2021-07-04 22:08:47 +02:00
Jérémy Lecour
ffd7d0e504
evolinux-base: alert5 comes after the network
2021-07-04 22:07:51 +02:00
Jérémy Lecour
6f66ab8e93
Merge branch 'unstable' into bullseye
2021-07-03 09:56:12 +02:00
Jérémy Lecour
ba3ed5e903
Merge branch 'bullseye' into unstable
2021-07-03 09:50:49 +02:00
Jérémy Lecour
d1829e7000
metricbeat: fix indentation
2021-07-03 09:16:12 +02:00
Jérémy Lecour
4167b6d2a9
fix CHANGELOG
2021-07-03 09:10:22 +02:00
Jérémy Lecour
3721c2ab38
squid: improve default whitelist
2021-07-03 08:56:23 +02:00
Jérémy Lecour
04e41b5dc9
squid: improve default whitelist
2021-07-03 08:54:05 +02:00
Jérémy Lecour
5905751a82
squid: must be started in foreground mode for systemd
2021-07-02 23:45:42 +02:00
Jérémy Lecour
b5bcd666c6
fix apt gpg keys after rebase from unstable
2021-07-02 21:23:14 +02:00
Jérémy Lecour
58cd1fedfa
fix path for first_found lookup
2021-07-02 21:19:07 +02:00
Jérémy Lecour
a5658b7f26
packweb-apache: install phpMyAdmin from buster-backports
2021-07-02 21:18:06 +02:00
Jérémy Lecour
5c1ae6ed0c
spamassassin: change dependency on evomaintenance
...
Fail with an error if evomaintenance config is missing
instead of trying to install a package that doesn't exist anymore.
2021-07-02 21:16:43 +02:00
Jérémy Lecour
8a784c39ab
mongodb: create munin plugins directory if missing
2021-07-02 21:16:40 +02:00
Jérémy Lecour
9c8dd743c8
Use python3 packages on Debian 11 and later
2021-07-02 21:16:15 +02:00
Jérémy Lecour
6b87ead5b4
update changelog
2021-07-02 21:16:12 +02:00
Jérémy Lecour
d40fad662f
kibana: 7.x by default
2021-07-02 21:15:40 +02:00
Jérémy Lecour
613a11d119
elasticsearch: 7.x by default
2021-07-02 21:15:00 +02:00
Jérémy Lecour
a60189eb3e
better bullseye compatibility workaround
2021-07-02 21:14:04 +02:00
Jérémy Lecour
c80c354d65
fix keyrings permissions
2021-07-02 21:14:01 +02:00
Jérémy Lecour
e8a8e85819
redis: instance service for Debian 11
2021-07-02 21:13:42 +02:00
Jérémy Lecour
c5ab0c0ff9
squid: remove obsolete variable on Squid 4
2021-07-02 21:13:05 +02:00
Jérémy Lecour
f673ea85d1
Force Debian version to buster for Evolix repository
2021-07-02 21:12:33 +02:00
Jérémy Lecour
2c441f176a
mysql: mariadb-client-10.5 on Debian 11
2021-07-02 21:11:27 +02:00
Jérémy Lecour
c5bb8f06ae
mysql: use python3 with Debian 11 and later
2021-07-02 21:10:52 +02:00
Jérémy Lecour
51d4ec1bb2
php: remove php-gettext for 7.4
2021-07-02 21:10:04 +02:00
Jérémy Lecour
5e09906c8f
fixup! temporary bulseye-detect role
2021-07-02 21:09:28 +02:00
Jérémy Lecour
380c50b999
evolinux-base: increase minimum Ansible version to 2.9
2021-07-02 21:09:26 +02:00
Jérémy Lecour
008cb6a3c9
quote numeric values
2021-07-02 21:08:59 +02:00
Jérémy Lecour
52d06a3987
temporary bulseye-detect role
...
Overrides some facts to add compatibility with unreleased Debian version
2021-07-02 21:08:07 +02:00
Jérémy Lecour
4a158ac819
Reduce verbosity
2021-07-02 21:08:07 +02:00
Jérémy Lecour
2f68ae5339
Preliminary support for Bullseye
2021-07-02 20:58:09 +02:00
Jérémy Lecour
6bfef35729
Add bullseye APT repositories
2021-07-02 20:54:38 +02:00
Jérémy Lecour
b8ac36e673
Fake « testing » as Deban 11 « Bullseye »
2021-07-02 20:53:42 +02:00
Jérémy Lecour
83e8a3d75a
listupgrade: add repository URL
2021-07-02 14:52:23 +02:00
Jérémy Lecour
27a09ce682
listupgrade: update old-kernel-removal.sh from upstream
2021-07-02 14:37:22 +02:00
Jérémy Lecour
90cbd17f9b
listupgrade: crontab is configurable
2021-07-02 14:01:46 +02:00
Jérémy Lecour
b0b24744d6
listupgrade: upstream release 21.06.3
2021-07-02 13:59:42 +02:00
Jérémy Lecour
11813c31a4
certbot: add script for manual deploy hooks execution
2021-06-30 14:29:03 +02:00
Jérémy Lecour
51462c724c
certbot: sync_remote excludes itself
2021-06-30 07:39:57 +02:00
Jérémy Lecour
1b8de7c524
Merge branch 'unstable' into stable
2021-06-28 16:01:47 +02:00
Jérémy Lecour
2ed1dac16b
Release 10.6.0
2021-06-28 15:56:19 +02:00
Jérémy Lecour
f082cb652a
postgresql: rename GPG key
2021-06-28 15:56:19 +02:00
Jérémy Lecour
f473e99d6d
php: use sury.gpg locally
2021-06-28 15:56:19 +02:00
Jérémy Lecour
b8c5ac3097
remove whitespace for stream redirection
2021-06-28 15:56:19 +02:00
Jérémy Lecour
6d757f971e
typo
2021-06-28 15:56:19 +02:00
Jérémy Lecour
55ad6882b5
evolinux-base: forgotten case for first-found lookup
2021-06-28 15:26:54 +02:00
Jérémy Lecour
0fe0244116
Update Galaxy metadata (company, platforms and galaxy_tags)
2021-06-28 15:26:28 +02:00
Jérémy Lecour
1890a79702
elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
2021-06-23 22:38:24 +02:00
Jérémy Lecour
4c1ef1bd56
elasticsearch: recent versiond don't depend on external JRE
2021-06-23 22:38:24 +02:00
Jérémy Lecour
22145a29b2
whitespaces
2021-06-23 22:38:24 +02:00
Eric Morino
af9b1a4766
Fix main.yml for postgresql role
2021-06-21 11:35:17 +02:00
Eric Morino
cb257ef927
Add support debian 13 for postgresql rôle and PG13
2021-06-21 11:31:50 +02:00
Jérémy Lecour
6190c66445
listupgrade: upstream release 21.06.2
2021-06-20 12:06:49 +02:00
Jérémy Lecour
dd32ab5688
listupgrade: upstream release 21.06.1
2021-06-20 10:32:16 +02:00
Jérémy Lecour
dbc853a815
listupgrade: upstream release 21.06
2021-06-17 18:23:13 +02:00
Jérémy Lecour
81730de78b
kvm-host: fix typo in add-vm
2021-06-17 18:20:32 +02:00
Jérémy Lecour
4c7fed77c4
squid: add Yarn apt repository in default whitelist
2021-06-17 18:19:20 +02:00
Jérémy Lecour
fe9b7ee5f7
evomaintenance: upstream release 0.6.4
2021-06-17 10:57:07 +02:00
Jérémy Lecour
53eaf085f5
kvm-host: manage dependencies
2021-06-10 22:30:00 +02:00
Jérémy Lecour
9d0bfec87e
kvm-host: add-vm: shellcheck (quotes, braces…)
2021-06-10 21:22:38 +02:00
Jérémy Lecour
edfcbbad0a
kvm-host: add-vm: split assignment
2021-06-10 18:03:32 +02:00
Jérémy Lecour
5d7d62b284
whitespaces
2021-06-10 16:30:22 +02:00
Jérémy Lecour
4e8c622cc0
kvm-host: force link for munin plugins
2021-06-10 16:30:17 +02:00
Jérémy Lecour
7f3eebcfc6
kvm-host: move cron template into templates directory
2021-06-10 16:18:12 +02:00
Jérémy Lecour
4d7e6fd271
kvm-host: update kvmstats and add-vm
2021-06-10 11:24:16 +02:00
Jérémy Lecour
3d715bae35
kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
2021-06-10 11:09:48 +02:00
Eric Morino
e75eeb8c3f
Changement version nexcloud par defaut + modif droit home utilisateur
2021-06-08 15:54:56 +02:00
Jérémy Lecour
ca40fad186
nodejs: change GPG key name
2021-06-08 11:19:26 +02:00
Jérémy Lecour
f6dcce239b
certbot move hooks
2021-06-07 13:04:12 +02:00
Jérémy Lecour
856d11aced
nodejs: update apt cache before installing the package
2021-06-07 13:03:18 +02:00
Alexis Ben Miloud--Josselin
965dc2d20b
Update rbenv-installer version
...
See e017714f3e
2021-06-07 11:06:42 +02:00
Alexis Ben Miloud--Josselin
dbc06c1c59
Update rbenv-installer version
...
See e017714f3e
2021-06-07 10:51:03 +02:00
Jérémy Lecour
454d4c6d30
explicit permissions for APT GPG keys
2021-05-26 13:47:34 +02:00
Jérémy Lecour
2c47871fa7
Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
2021-05-25 15:10:04 +02:00
Jérémy Dubois
89b0bd5a2b
Fix duplicate dict key : check_mode
2021-05-19 18:19:30 +02:00
Jérémy Lecour
dd42c3673c
whitespaces
2021-05-19 17:02:20 +02:00
Jérémy Lecour
06b8314211
evolinux-base: fix motd lookup path
2021-05-19 17:02:20 +02:00
Ludovic Poujol
56c064d86b
Update 'packweb-apache/meta/main.yml'
...
Quick hot-fix : Add dependency for php 7.4 to packweb-apache
2021-05-19 16:33:51 +02:00
Eric Morino
547272eefd
Add create diretory for munin plugins
2021-05-19 16:17:08 +02:00
Jérémy Lecour
02451f1e67
add default (useless) value for file lookup
2021-05-19 14:35:08 +02:00
Jérémy Lecour
4d83f25ae6
fix pipefail option for shell invocations
2021-05-18 14:04:54 +02:00
Jérémy Lecour
cae0de17df
listupgrade: fix wget error + shellcheck cleanup
2021-05-17 23:05:18 +02:00
Jérémy Lecour
56af68e5b3
listupgrade: print error if wget fails
2021-05-17 12:19:57 +02:00
Jérémy Dubois
60f2f19402
Delete OpenBSD support
...
The EvoBSD repository must be used for OpenBSD
2021-05-17 10:44:07 +02:00
Jérémy Lecour
e65340cb56
Add pipefail option to shell invocations
2021-05-13 15:34:27 +02:00
Jérémy Lecour
7dc6f0b849
remove trailing whitespaces
2021-05-13 15:23:39 +02:00
Jérémy Lecour
9ca68a16dd
evolinux-base: quote values
2021-05-10 09:07:18 +02:00
Jérémy Lecour
9b2a3a6db2
evolinux-users: convert uid to string
2021-05-10 07:42:19 +02:00
Jérémy Lecour
d823c8116a
update CHANGELOG
2021-05-09 23:21:21 +02:00
Jérémy Lecour
3c9be8d913
fix more Ansible syntax
2021-05-09 23:20:15 +02:00
Jérémy Lecour
2ed77c60f0
Improve Ansible syntax
...
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour
3dde4ee6d3
Rename Sury GPG key
2021-05-06 13:44:22 +02:00
Jérémy Lecour
58bf79218f
remove apt keys specifically from embedded database
2021-05-06 13:43:59 +02:00
Jérémy Lecour
403ea45eeb
Add forgotten tag
2021-05-06 13:03:28 +02:00
Jérémy Lecour
7d08b0a30a
rename the tasks for embedded GPG keys
2021-05-06 11:33:19 +02:00
Jérémy Lecour
b41a2fd04f
fix indentation
2021-05-06 11:31:42 +02:00
Jérémy Lecour
b049ad79d6
fix indentation
2021-05-06 10:50:57 +02:00
Jérémy Lecour
83705a48b8
remove key from trusted.gpg only if file is present
2021-05-06 10:42:12 +02:00
Jérémy Lecour
9f2125e287
packweb-apache: fix backports for phpmyadmin
2021-05-04 16:43:48 +02:00
Jérémy Lecour
e5e4dc95fa
packweb-apache: install phpMyAdmin from buster-backports
2021-05-04 14:57:18 +02:00
Jérémy Lecour
e7ddf9d46c
Use 'loop' syntax instead of 'with_list'
2021-05-04 14:31:22 +02:00
Jérémy Lecour
485ec39674
Use 'loop' syntax instead of 'with_nested'
2021-05-04 14:29:50 +02:00
Jérémy Lecour
07fd6451e1
Use 'loop' syntax instead of 'with_dict'
2021-05-04 14:20:53 +02:00
Jérémy Lecour
5138065059
Use 'loop' syntax instead of 'with_items'
2021-05-04 14:19:18 +02:00
Jérémy Lecour
debc4a82ca
Use 'loop' syntax instead of 'with_first_found'
2021-05-04 13:39:47 +02:00
Jérémy Lecour
b3a62aa9d8
haproxy: use loop syntax instead of with_first_found
2021-05-03 18:02:57 +02:00
Jérémy Lecour
eacdd2c7f2
cerbot: fix regexp syntax for sync_remote
2021-05-03 18:02:35 +02:00
Jérémy Lecour
9cdddd50a8
Move all trusted GPG keys to file repository
2021-05-03 14:23:13 +02:00
Jérémy Lecour
a7971abb04
apt: store keys in /etc/apt/trusted.gpg.d in ascii format
2021-05-03 12:02:31 +02:00
Jérémy Lecour
92f28d85fe
certbot: configure remote servers
2021-05-03 11:44:59 +02:00
Jérémy Lecour
1caae2437a
certbot: fix remote directory initialization
2021-05-03 11:44:44 +02:00
Jérémy Lecour
cc6acdbf34
certbot: sync_remote.sh is configurable
2021-05-03 11:25:24 +02:00
Jérémy Lecour
6eaeb90f6e
ldap: fix edge cases where passwords were not set/get properly
2021-05-02 23:28:09 +02:00
Jérémy Lecour
43c726e86a
spamassassin: change dependency on evomaintenance
...
Fail with an error if evomaintenance config is missing
instead of trying to install a package that doesn't exist anymore.
2021-05-02 01:24:03 +02:00
Jérémy Lecour
8716ffbb1e
apt: fix keyring permissions
2021-05-02 00:34:19 +02:00
Jérémy Lecour
047605a2a2
evolinux-base: use a dearmored signature, stored in the correct location
2021-05-01 17:20:06 +02:00
Jérémy Lecour
920cb7eaeb
update changelog
2021-05-01 16:51:20 +02:00
Jérémy Lecour
66ea07ec29
evolinux-base: copy GPG key instead of using apt-key
2021-05-01 16:50:38 +02:00
Jérémy Lecour
2386733231
bash syntax : `` → $()
2021-04-29 10:22:21 +02:00
Jérémy Lecour
5b9d2a2776
migrate-vm: do not display drbd error
2021-04-29 09:56:39 +02:00
Jérémy Lecour
5d79c31dc3
kvm-host: add migrate-vm script
2021-04-28 15:53:38 +02:00
Gregory Colpart
f260fedbae
fix GPG key install for APT
2021-04-26 22:36:03 +02:00
Gregory Colpart
75675a96b1
add info for NFS and Apache-ITK
2021-04-23 16:24:52 +02:00
Jérémy Lecour
94a5d7daa2
mysql: variable to disable myadd script overwrite (default: True)
2021-04-23 14:59:29 +02:00
Jérémy Lecour
eab68545fe
evolinux-base: add default motd template
2021-04-23 11:41:27 +02:00
Ludovic Poujol
3457b14fed
ntpd: Add leapfile configuration setting to ntpd on debian 10+
2021-04-21 17:22:45 +02:00
Ludovic Poujol
d56c545183
apache: new variable for mpm mode (+ updated default config accordingly)
...
Also, itk package will only be installed if required
2021-04-19 17:35:49 +02:00
Jérémy Lecour
2f4b5b9448
Merge pull request '10.5.1' ( #125 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#125
2021-04-13 15:57:16 +02:00
Jérémy Lecour
5e0ca0e3ff
Release 10.5.1
2021-04-13 15:56:09 +02:00
Ludovic Poujol
0f8804a8ab
etc-git: commit in /usr/share/scripts when there's an active repository
2021-04-08 16:07:49 +02:00
Jérémy Lecour
a5a2c6e335
haproxy: dedicated internal address/binding (without SSL)
2021-04-06 14:41:03 +02:00
Jérémy Lecour
c85864a6a5
Merge pull request 'Release 10.5.0' ( #124 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#124
2021-04-01 15:40:50 +02:00
Jérémy Lecour
2686eea2b1
Release 10.5.0
2021-04-01 15:38:10 +02:00
Jérémy Lecour
7041a70eeb
elasticsearch: log rotation is more readable/maintainable
2021-04-01 15:36:34 +02:00
Bruno TATU
33837844ee
Compress logs about garbage collector for elasticsearch
...
Whitout this improvement, this logs cannot be compressed:
/var/log/elasticsearch/gc.log.02
/var/log/elasticsearch/gc.log.29
/var/log/elasticsearch/gc.log.12
/var/log/elasticsearch/gc.log.18
2021-04-01 15:36:34 +02:00
Ludovic Poujol
32f2a29161
lxc-php: No need of apt-key for php7.4
2021-03-31 11:51:26 +02:00
Ludovic Poujol
f2ebe2d878
lxc-php: Add php 7.4 support
2021-03-31 10:57:29 +02:00
Jérémy Lecour
d7d057e435
filebeat: fix Ansible syntax error
2021-03-23 16:29:03 +01:00
Jérémy Lecour
2593784ab0
metricbeat: new variables to configure SSL mode
2021-03-23 16:28:14 +01:00
Jérémy Lecour
3a3cf1395e
listupgrade: update script from upstream
2021-03-23 16:27:15 +01:00
Jérémy Lecour
5a4bd28eaf
nagios-nrpe: libfcgi-client-perl is not available before Debian 10
2021-03-18 15:16:23 +01:00
Jérémy Lecour
5582d6e724
redis: socket/pid directories have the correct permissions
2021-03-18 15:15:39 +01:00
Ludovic Poujol
c7c75d3206
Nodejs : Update yarn gpg repo key
2021-03-11 10:07:05 +01:00
Patrick Marchand
e5511eafc6
Revert changes to bind log path from apparmor fix
...
I realised it wasnt the best idea to change the path we are used to using just for this, so I overwrite the apparmor configuration instead.
2021-03-09 16:58:14 -05:00
Patrick Marchand
ffd3ff97f1
Fix conflict in changelog
2021-03-09 12:28:01 -05:00
Patrick Marchand
7da22e243e
Changed log directory for bind9
...
It is now /var/log/named, this is what debian 10 and apparmor expect by default. This fixes the bind9 service crashing at start.
2021-03-09 12:25:15 -05:00
Jérémy Lecour
3103af67a7
redis: escape password in Munin configuration
2021-03-09 18:24:15 +01:00
Ludovic Poujol
3cb18faf28
evolinux-users: Add sudo rights for nagios for multi-php lxc
2021-03-04 16:48:55 +01:00
Jérémy Lecour
1f4079b1b3
haproxy: possible admin access with login/pass
2021-02-27 18:43:59 +01:00
Jérémy Lecour
92b7ce0acd
postfix: always enable sasl authentified for relay
2021-02-23 10:05:08 +01:00
Ludovic Poujol
df9db31725
deny requests to ^/evolinux_fpm_status-.*
2021-02-22 16:06:57 +01:00
Jérémy Lecour
3709808fdc
redis: use /run instead or /var/run
2021-02-18 16:42:54 +01:00
Ludovic Poujol
ddd3e1aa06
nagios-nrpe: new script check_phpfpm_multi
2021-02-17 17:23:11 +01:00
Jérémy Lecour
f862ffc42e
beats packages can be upgraded to latest (default: False)
2021-02-16 16:35:25 +01:00
Tristan PILAT
22a19519b3
Add NRPE related configuration tasks
2021-02-16 11:41:05 +01:00
Tristan PILAT
41e3fb0982
Add check_keepalived NRPE script
2021-02-16 11:40:20 +01:00
Tristan PILAT
3e11b1d31f
Add notify parameter for NRPE check
2021-02-16 11:39:52 +01:00
Tristan PILAT
2889720902
Add restart nagios-nrpe-server handler
2021-02-16 11:37:33 +01:00
Jérémy Lecour
0e3ecccb7f
postfix: restore permit_sasl_authenticated on packmail
2021-02-12 18:29:22 +01:00
Jérémy Lecour
622bbca4c2
apache: rotate logs daily instead of weekly
2021-02-12 18:05:47 +01:00
Ludovic Poujol
b0cb14eb5b
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
2021-02-12 15:22:57 +01:00
Jérémy Lecour
2b328dc764
postfix: add smtpd_relay_restrictions in configuration
2021-02-12 14:10:04 +01:00
Tristan PILAT
58f82046cc
Add first version of Keepalived role
2021-02-11 17:32:23 +01:00
Jérémy Lecour
17f1a1a55e
update changelog
2021-02-11 12:09:32 +01:00
Jérémy Lecour
f940bc3866
cerbot: use the legacy script on Debian 8 and 9
2021-02-04 16:34:24 +01:00
Jérémy Lecour
dde2672715
nginx: no more "minimal" mode, but the package remains customizable.
2021-02-04 11:31:36 +01:00
Jérémy Lecour
cff309ff41
nginx: add access to server status on default VHost
2021-02-04 11:30:32 +01:00
Jérémy Lecour
e1458e6a35
Mention the CHANGELOG in the README
2021-02-04 11:13:05 +01:00
Jérémy Lecour
5588ed6009
minifirewall: change some defaults
...
Only SSH (22) is open on privilegied IPs
Remove volatile.debian.org domain
2021-02-04 10:55:31 +01:00
Jérémy Lecour
6c84ada361
redis: s/content/block/ to workaround the blockinfile bug
2021-02-04 10:55:31 +01:00
Brice Waegeneire
1785e6a500
nginx: fix server-status
2021-02-03 16:25:08 +01:00
Jérémy Dubois
02ba81884d
MàJ IPs Evolix minifirewall + spamassassin
2021-01-20 15:45:04 +01:00
Mathieu Trossevin
633d5644cb
Merge pull request 'lxc-php: Do not bind the mysql socket by default' ( #122 ) from mtrossevin/ansible-roles:packweb-multi-php2_patch into unstable
...
Reviewed-on: evolix/ansible-roles#122
2021-01-11 15:27:33 +01:00
Mathieu Trossevin
2e29dc2440
lxc-php: Do not bind the mysql socket by default
...
The lxc-php role can be run on a server without mysql. Attempting to
bindmount the mysql socket in such a case cause the lxc container to
fail to start.
This commit add a variable, lxc_php_create_mysql_link defaulting to
false telling ansible if it should bindmount the MySQL socket to the
container.
2021-01-11 15:20:25 +01:00
Brice Waegeneire
1576375417
postgresql: Fix postgresql@.service customization
2021-01-08 14:46:38 +01:00
Jérémy Lecour
024d30ea43
evoacme: upstream release 21.01
2021-01-07 19:16:06 +01:00
Jérémy Lecour
0e32e0d2aa
certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
2021-01-07 18:55:44 +01:00
Jérémy Lecour
8c54fd8c16
apache: new variables for logrotate + server-status
2021-01-05 17:47:56 +01:00
Jérémy Lecour
6e7acd1abd
Merge pull request 'Release 10.4.0' ( #121 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#121
2020-12-24 14:02:32 +01:00
Jérémy Lecour
19da5ea1f7
Release 10.4.0
2020-12-24 14:00:37 +01:00
Jérémy Lecour
7ec0748383
certbot: detect domains if missing
2020-12-24 13:56:43 +01:00
Jérémy Lecour
442e9bcda8
cerbot: hook to sync certificates to remote servers
2020-12-24 13:56:43 +01:00
Jérémy Lecour
4dbd1b0bee
certbot: disable auth for Let's Encrypt challenge
2020-12-24 10:33:48 +01:00
Eric Morino
feda9a63d8
Add directive auth_basic off for nginx configuration
2020-12-24 10:03:43 +01:00
Eric Morino
dd8b989bbe
Add directive auth_basic off for nginx configuration
2020-12-24 10:02:27 +01:00
Jérémy Lecour
1d56e002b4
nginx: change from "nginx_status-XXX" to "server-status-XXX"
2020-12-23 15:53:36 +01:00
Jérémy Lecour
51cec4bce1
whitespaces
2020-12-23 15:51:59 +01:00
Jérémy Lecour
6ee66d0a74
varnish: add tags
2020-12-23 15:43:05 +01:00
Jérémy Lecour
74ac4c7570
haproxy: add tags
2020-12-23 15:42:57 +01:00
Jérémy Lecour
66a6e67de2
varnish: variable for jail configuration
2020-12-21 23:33:14 +01:00
Jérémy Lecour
03b91177b1
Merge pull request 'Release 10.3.0' ( #120 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#120
2020-12-21 16:12:22 +01:00
Jérémy Lecour
1922b51fbe
Release 10.3.0
2020-12-21 16:03:49 +01:00
Jérémy Lecour
67ce8de85e
varnish: custom reload script is now useless
2020-12-20 23:25:34 +01:00
Jérémy Lecour
0f5ce44186
varnish: change template name for better readability
2020-12-20 23:04:17 +01:00
Jérémy Lecour
d430dea043
whitespaces
2020-12-20 23:03:51 +01:00
Jérémy Lecour
3e72d6961c
varnish: no threadpool delay by default
2020-12-20 23:03:37 +01:00
Jérémy Lecour
8861169a04
varnish: config file name is configurable
2020-12-20 23:03:10 +01:00
Jérémy Lecour
81fbd98a5f
evolinux-users: improve uid/login checks
2020-12-17 15:25:48 +01:00
Jérémy Lecour
0b528f15da
tomcat-instance: fail if uid already exists
2020-12-17 08:06:44 +01:00
Jérémy Lecour
5b2d3b09d0
Create system users for vmail (dovecot) and evoadmin
2020-12-17 08:05:16 +01:00
Jérémy Lecour
3c4986275c
evocheck: upstream release 20.12
2020-12-08 11:07:42 +01:00
Jérémy Lecour
772bce8c0b
dovecot: vmail uid/gid are configurable
2020-12-07 17:26:45 +01:00
Jérémy Lecour
4d6f88f0f4
minifirewall: add variables to force upgrade the script and the config (default: False)
2020-12-07 17:23:37 +01:00
Eric Morino
c324866cd2
Add set variables for debian stretch and jessie
2020-12-07 16:45:32 +01:00
Ludovic Poujol
1160a5e809
postgresql: correct confitinal on set_fact
2020-12-07 16:43:59 +01:00
Eric Morino
0f7dcb57b1
add postgresql_version to empty
2020-12-07 16:24:11 +01:00
Eric Morino
2a94a3bdf1
fix packages_buster
2020-12-07 16:21:57 +01:00
Eric Morino
5522f822f7
add set facts for buster
2020-12-07 16:18:56 +01:00
Jérémy Lecour
98f798b9fb
cerbot: parse HAProxy config file only if HAProxy is found
2020-12-03 17:26:16 +01:00
Jérémy Lecour
84bd3372d5
blockinfile: change from "content" to "block"
...
It solves the diff bug :
https://github.com/ansible/ansible/issues/62315
2020-12-02 15:22:35 +01:00
Jérémy Lecour
fc71bb5945
minifirewall: upstream release 20.12
2020-12-01 22:57:13 +01:00
Jérémy Lecour
9aa24f4cde
minifirewall: Docker support
2020-12-01 22:47:38 +01:00
Jérémy Lecour
b6817cb62c
evoacme: upstream release 20.12
2020-12-01 22:27:05 +01:00
Jérémy Lecour
18ac1e7279
redis: check maxmemory in NRPE check
...
If "maxmemory" is set and "maxmemory-policy" is missing or set to
"noeviction" then we enforce the "maxmemory" limit
2020-12-01 19:02:42 +01:00
Eric Morino
ae07d508cf
Fix key and update just after add pgdg repo key
2020-11-30 10:51:34 +01:00
Eric Morino
aa62555e9e
Fix name file preference for PGDG repository
2020-11-27 11:07:18 +01:00
Jérémy Lecour
86d59cbb5f
mysql: install save_mysql_processlist script
2020-11-24 13:59:04 +01:00
Ludovic Poujol
1d8b7c3bea
apt: disable APT Periodic
...
This interfere with our usual workflow (listupgrade)
Note : Using 0 instead of false is intentional, The value is used by the
apt-daily script that except a "0" to disable itself.
2020-11-24 11:19:18 +01:00
Jérémy Lecour
592030ee9a
evoacme: variable to disable Debian version check (default: False)
2020-11-21 09:59:10 +01:00
Jérémy Lecour
b43d0f3629
evoacme: upstream release 20.11
2020-11-19 21:21:07 +01:00
Jérémy Dubois
6c202dcf4f
Check that ansible_distribution_major_version is defined in sudo task
...
This variable does not exist when run on OpenBSD servers, making the ansible
playbook to exit in a fatal state.
2020-11-06 16:28:35 +01:00
Ludovic Poujol
15154169cf
kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-10-30 11:56:24 +01:00
Ludovic Poujol
7a37167e20
mysql: fix typo in restart handler
2020-10-29 10:42:57 +01:00
Ludovic Poujol
4de33e41b5
mysql: fix typo in restart handler
2020-10-29 10:41:33 +01:00
Ludovic Poujol
82d9abca3d
Merge pull request 'packweb-multi-php: Allow php to contact local mysql with localhost' ( #116 ) from mtrossevin/ansible-roles:packweb-multi-php2 into unstable
...
Reviewed-on: evolix/ansible-roles#116
2020-10-26 09:29:05 +01:00
Mathieu Trossevin
6b89fa18cb
mysql-oracle: Update clients' conf to match server's
...
The socket path was changed in the server configuration, update the
client configuration to match so as not to break anything.
2020-10-23 13:03:23 +02:00
Mathieu Trossevin
71f85a5863
Merge branch 'unstable' into packweb-multi-php2
2020-10-20 17:41:36 +02:00
Mathieu Trossevin
2ea4745f93
lxc-php: Update changelog
2020-10-20 17:27:34 +02:00
Ludovic Poujol
c8d4da532f
evoacme: Don't ignore hooks with . in the name (ignore when it's ".disable")
2020-10-20 10:58:51 +02:00
Ludovic Poujol
9e5d041210
dovecot: Update munin plugin & configure it
2020-10-20 10:56:41 +02:00
Mathieu Trossevin
d7aed91043
packweb-multiphp: Change default configuration for compatibility
...
/var/run is now /run (and it is what is used in the .service file)
Have a default directory configured as bind target so things works by default
2020-10-19 17:33:58 +02:00
Jérémy Lecour
d80461e39a
redis: variable to force use of port 6379 in instances mode
2020-10-19 16:03:58 +02:00
Mathieu Trossevin
d33b4baef1
Make container restart an handler
2020-10-19 14:16:53 +02:00
Mathieu Trossevin
672cb8a4ef
Merge branch 'unstable' into packweb-multi-php2
2020-10-19 14:13:06 +02:00
Ludovic Poujol
995cb6d9a2
dovecot: Update munin plugin & configure it
2020-10-16 15:33:52 +02:00
Ludovic Poujol
45835d3349
nextcloud: Install version 20 instead of 19
2020-10-16 15:25:49 +02:00
Jérémy Lecour
9bb7379e32
filebeat: add logstash output variables
2020-10-16 10:47:24 +02:00
Ludovic Poujol
929f258bf8
nextcloud: New role
2020-10-02 16:51:05 +02:00
Eric Morino
4f7c0d6e69
Add TransfertLog to sftp and ftps configuration
2020-09-22 10:08:45 +02:00
Jérémy Lecour
f717c31acc
Merge branch 'unstable' into stable
2020-09-17 14:14:13 +02:00
Jérémy Lecour
8b48552e36
Release 10.2.0
2020-09-17 14:06:46 +02:00
Jérémy Lecour
3e67d92fd3
certbot: an empty change shouldn't raise an exception
2020-09-16 12:07:27 +02:00
Jérémy Lecour
48174ad618
evoacme: remount /usr if necessary
2020-09-14 11:31:47 +02:00
Jérémy Lecour
4007b14c09
whitespaces
2020-09-14 11:17:54 +02:00
Jérémy Lecour
b818c348c2
evoacme: remove Debian 9 support
2020-09-11 11:09:45 +02:00
Ludovic Poujol
f9d6fe0ad4
evolinux-base: install wget
2020-09-10 14:59:19 +02:00
Jérémy Lecour
c7151a8de8
certbot: fix "no-self-upgrade" option
2020-09-08 10:02:15 +02:00
Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
2020-09-01 14:08:39 +02:00
Jérémy Lecour
afa0fd35c8
Change default public SSH/SFTP port from 2222 to 22222
2020-08-28 18:32:47 +02:00
Jérémy Lecour
d0622c6b20
tomcat: root directory owner/group are configurable
2020-08-27 17:12:34 +02:00
Jérémy Lecour
8460938f35
Merge pull request 'Release 10.1.0' ( #113 ) from unstable into stable
...
Reviewed-on: evolix/ansible-roles#113
2020-08-21 14:51:29 +02:00
Jérémy Lecour
fce6676eca
Release 10.1.0
2020-08-21 14:51:30 +02:00
Jérémy Lecour
24dd420aac
evoacme: disable empty task for hooks
2020-08-21 14:51:30 +02:00
Jérémy Lecour
82bd1ed49a
sort lines in CHANGELOG
2020-08-21 14:51:30 +02:00
Jérémy Lecour
ed45551a0c
evoacme: use Let's Encrypt deploy hooks instead of evoacme hooks
2020-08-21 14:51:30 +02:00
Jérémy Lecour
e5c759c7f0
evoacme: upstream release 20.08
2020-08-21 14:51:30 +02:00
Jérémy Lecour
bf0676cbf8
evoacme: update for new certbot role
...
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
2020-08-21 14:51:30 +02:00
Benoît S.
8ab79d5ece
Updated CHANGELOG.md with recent merges
2020-08-21 14:51:30 +02:00
Jérémy Lecour
23cd57e9aa
metricbeat: allow using a template
2020-08-21 14:51:30 +02:00
Jérémy Lecour
f68a79c022
filebeat: allow using a template
2020-08-21 14:51:30 +02:00
Ludovic Poujol
08cdd0cd18
mongodb: Fix issue introduced by 8aa7f6cf33
2020-08-21 14:51:30 +02:00
Jérémy Lecour
f55e5be2e5
elasticsearch: keep native values
2020-08-21 14:51:30 +02:00
Jérémy Lecour
c89d699518
certbot: fix haproxy hook (ssl cert directory detection)
...
It was matching additional parameters.
Now it matches on the first argument after "crt"
2020-08-21 14:51:30 +02:00
Jérémy Lecour
43122a5ea9
elasticsearch: configure cluster with seed hosts and initial masters
2020-08-21 14:51:30 +02:00
Jérémy Lecour
f2f63eee36
elasticsearch: set tmpdir before datadir
2020-08-21 14:51:30 +02:00
Jérémy Lecour
1063d2dc1c
elasticsearch is compatible with buster
2020-08-21 14:51:30 +02:00
Jérémy Lecour
ec95f9538f
mongodb: install custom munin plugins
2020-08-21 14:51:30 +02:00
Benoît S.
0c9b9b2628
evolinux-base: check_hpraid.cron.sh: Fixed wrong <<<
usage
2020-08-21 14:51:30 +02:00
Benoît S.
63bfef13ee
generate-ldif: Patched computerOS detection
2020-08-21 14:51:30 +02:00
Benoît S.
8b34bec22b
generate-ldif: Skip some odd ethernet devices
2020-08-21 14:51:30 +02:00
Benoît S.
5101547242
generate-ldif: Add NVMe disk support
2020-08-21 14:51:30 +02:00
Benoît S.
fd57b17980
evolinux-base: check_hpraid.cron.sh: Fixed wrong else
...
The logic was wrong, an else part was not necessary.
2020-08-21 14:51:30 +02:00
Benoît S.
fe1756d22a
evolinux-base: check_hpraid.cron.sh: Better logic and use mail
...
First step is to detect errors
Second step is to detect different state
Added mail comand to replace cron output
2020-08-21 14:51:30 +02:00
Jérémy Lecour
14d8eaac2f
haproxy: rotate logs with date extension and immediate compression
2020-08-21 14:51:30 +02:00
Benoît S.
10385ecf4d
nagios-nrpe: check_amavis: Update regex
...
I just installed a Debian Stretch with a pack mail and the check_amavis
was not checking the right regex.
Amavis is returning:
2.7.0 Ok, discarded, id=17556-09 - INFECTED: Eicar-Signature
So the regex should be:
-if ($result =~/2.7.0 Ok, discarded, id=[^,]+ - INFECTED: Eicar-Test-Signature/) {
+if ($result =~/2.7.0 Ok, discarded, id=\S+ - INFECTED: Eicar-Signature/) {
2020-08-21 14:51:30 +02:00
Benoît S.
952b0d4521
squid: Update regex for sa-update domains.
...
List of domains is like:
http://sa-update.dnswl.org/ weight=3
http://www.sa-update.pccc.com/ weight=5
http://sa-update.secnap.net/ weight=5
http://sa-update.space-pro.be/ weight=1
http://sa-update.ena.com/ weight=5
http://sa-update.razx.cloud/ weight=5
http://sa-update.fossies.org/ weight=1
http://sa-update.verein-clean.net/ weight=10
http://sa-update.bitwell.fi/ weight=5
http://sa-update.spamassassin.org/ weight=10
They all start sa-update.*, except for http://www.sa-update.pccc.com/ .
In that case, we just match sa-update on the domain name.
2020-08-21 14:51:30 +02:00
Jérémy Lecour
fa49369929
varnish: fix start command when multiple addresses are present
2020-08-21 14:51:30 +02:00
Benoît S.
8a4ae16d73
evolinux-base: check_hpraid cron: Add -p
2020-08-21 14:51:30 +02:00
Benoît S.
0dee37a7e6
evolinux-base/tasks/hardware.yml: Removed trailing whitespace
2020-08-21 14:51:30 +02:00
Benoît S.
215ecd6c2c
evolinux-base: harware: Support HP gen >=10 RAID controller
2020-08-21 14:51:30 +02:00
Benoît S.
2dc7d22c13
nagios-nrpe: check_hpraid: Update known working RAID controllers
2020-08-21 14:51:30 +02:00
Benoît S.
725b7ae77b
nagios-nrpe: Add check_hpraid in template
2020-08-21 14:51:30 +02:00
Benoît S.
4f3e809b77
nagios-nrpe: check_hpraid: Use printf for return lines
2020-08-21 14:51:30 +02:00
Benoît S.
0eecc1a4ca
nagios-nrpe: check_hpraid: Fixed wrong grep in EXCLUDE_BATTERY
2020-08-21 14:51:30 +02:00
Benoît S.
2a065abf5f
nagios-nrpe: check_hpraid: Fix wrong command name in examples
2020-08-21 14:51:30 +02:00
Benoît S.
39c8daacf4
nagios-nrpe: check_hpraid: Be sure that variables are bound
2020-08-21 14:51:30 +02:00
Jérémy Lecour
d67be3cd91
haproxy: deport SSL tuning to Mozilla SSL generator
...
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good
configuration.
2020-08-21 14:51:30 +02:00
Jérémy Lecour
2a5195078c
haproxy: split stats variables
2020-08-21 14:51:30 +02:00
Jérémy Lecour
4c4771b3ab
haproxy: add deny_ips file to reject connections
2020-08-21 14:51:30 +02:00
Jérémy Lecour
d26d501b2c
haproxy: add some comments to default config
2020-08-21 14:51:30 +02:00
Jérémy Lecour
17b49ccc3d
haproxy: simplify syntax fos stats section
2020-08-21 14:51:30 +02:00
Jérémy Lecour
d9f8c4fc89
whitespaces
2020-08-21 14:51:30 +02:00
Jérémy Lecour
c2ae3de929
nginx: read server-status values before changing the config
2020-08-21 14:51:30 +02:00
Jérémy Lecour
a381d23d1f
haproxy: preconfigure SSL with defaults
2020-08-21 14:51:30 +02:00
Jérémy Lecour
e197f5c2ba
haproxy: adapt backports installed package list to distibution
2020-08-21 14:51:30 +02:00
Jérémy Lecour
d5b29a2fe0
nginx: make default vhost configurable
2020-08-21 14:51:30 +02:00
Jérémy Lecour
39b8e9698d
certbot: detect HAProxy cert directory
2020-08-21 14:51:30 +02:00
Patrick Marchand
9bfbbf08c4
Fix variable par défaut manquante dans mysql
...
Le lower_case_table_names doit être mis à Null pour que le check marche.
2020-08-21 14:51:30 +02:00
Jérémy Lecour
7f65505f01
update changelog
2020-08-21 14:51:30 +02:00
Jérémy Lecour
45731c7755
haproxy: enable stats frontend with access lists
2020-08-21 14:51:30 +02:00
Patrick Marchand
f5d06ad0b1
evobackup-client: Fix ssh connection test in zzz_evobackup.sh
...
When I made the ssh key name a variable and defaulted it to id_ed25519,
I forgot to change the hardcoded value for the ssh test in
evobackup-client/templates/zzz_evobackup.default.sh.j2
2020-08-21 14:51:30 +02:00
Jérémy Lecour
99f0d9e178
evoacme: read values from environment before defaults file
2020-08-21 14:51:30 +02:00
Jérémy Lecour
968d19bb30
mongodb: fix logrotate patterm on Debian buster
2020-08-21 14:51:30 +02:00
Eric Morino
413597cd59
Force owner opendkim for /etc/opendkim/ folder
2020-08-21 14:51:30 +02:00
Jérémy Lecour
e380fa5085
evoacme: upstream release 20.06.1
2020-08-21 14:51:30 +02:00
Ludovic Poujol
974bc653f3
lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
2020-08-21 14:51:30 +02:00
Ludovic Poujol
5ce715d2ae
lxc-php: Install opensmtpd as intended
2020-08-21 14:51:30 +02:00
Ludovic Poujol
c521c98a11
php: Don't disable putenv() by default in PHP settings
2020-08-21 14:51:30 +02:00
Ludovic Poujol
2dcf99a117
lxc-php: Don't disable putenv() by default in PHP settings
2020-08-21 14:51:30 +02:00
Ludovic Poujol
193b640226
lxc-php: Install php-sqlite by default
2020-08-21 14:51:30 +02:00
Ludovic Poujol
72939c3e57
php: Install php-sqlite by default
2020-08-21 14:51:30 +02:00
Ludovic Poujol
0dfe97d771
packweb-apache: Install zip & unzip by default
2020-08-21 14:51:30 +02:00
Jérémy Lecour
a841e60531
haproxy: syntax and whitespaces
2020-08-21 14:51:30 +02:00
Jérémy Lecour
8d8e5f6998
certbot: restore compatibility with old Nginx
2020-08-21 14:51:30 +02:00
Jérémy Lecour
cd29ee4d33
certbot: install certbot dependencies non-interactively for jessie
2020-08-21 14:51:30 +02:00
Jérémy Dubois
877a32bbf0
nagios-nrpe / evolinux-base : new ntp server variable
...
Online hosted servers must use ntp.online.net as
ntp server, because others one are rate limited.
Default ntp server is pool.ntp.org, and a custom
one can be set with the nagios_nrpe_ntp_server
variable.
2020-08-21 14:51:30 +02:00
Benoît S.
bdb234c0cd
evolinux-base: check_hpraid.sh: Fix missing copy of RAID state
2020-08-21 14:51:30 +02:00
Benoît S.
f963eaacf6
evolinux-base: check_hpraid.sh: Fix RAID state detection
2020-08-21 14:51:30 +02:00
Benoît S.
35123f8189
evolinux-base: Add check_hpraid.sh
...
This script is meant to be executed as a cron by executing Nagios
NRPE plugin check_hpraid and notify by mail any errors
2020-08-21 14:51:30 +02:00
Jérémy Lecour
6d31568a41
evoacme: upstream release 20.06
2020-08-21 14:51:30 +02:00
Jérémy Lecour
291ad2ba40
redis: raise an error is port 6379 is used in "instance" mode
2020-08-21 14:51:30 +02:00
Jérémy Lecour
107f1f06e6
redis: new syntax for match filter
2020-08-21 14:51:30 +02:00
Jérémy Lecour
bd8a30a107
redis: create sudoers file if missing
2020-08-21 14:51:30 +02:00
Jérémy Lecour
66b62c5629
haproxy: chroot and socket path are configurable
2020-08-21 14:51:30 +02:00
Jérémy Lecour
f034e93b6e
whitespaces
2020-08-21 14:51:30 +02:00
Patrick Marchand
0a4aeea481
Add option to make a mysql install read only
...
Rebased on unstable
2020-08-21 14:51:30 +02:00
Patrick Marchand
004b48eee7
Added mysql_innodb_log_file_size option to the mysql role
...
Makes it possible to have larger binary entries when replicating.
2020-08-21 14:51:30 +02:00
Patrick Marchand
e713ad024b
Fix right problem in mysql replication
...
The configuration file was not set to 0644, which caused the file
to be ignored by mysql and it's configuration not to be set.
2020-08-21 14:51:30 +02:00
Patrick Marchand
c142af69f0
Added some mysql variables and allowed forcing config update
...
The default behaviour is kept, but this way we can manage a mysql
installation from ansible.
2020-08-21 14:51:30 +02:00
Patrick Marchand
18878d58e8
Replication should set a binlog format
...
This could possible be better served in the base config file, but
for now I'll keep it here.
2020-08-21 14:51:30 +02:00
Patrick Marchand
8778d69102
Removed redundant nagios checks
...
They are already installed by the base roles.
2020-08-21 14:51:30 +02:00
Patrick Marchand
c39f63048c
Removed useless dbadmin script from mysql replication tasks
...
It was used by a very specific client case and is not needed for a
general role.
2020-08-21 14:51:30 +02:00
Patrick Marchand
df99e9ac4f
Make it possible for mysql role to copy evolix scripts
...
Based myself off of the webapps/evoadmin-web role, but I'm not sure
we still consider this a hack or not. We use a read only /usr fs,
so we need to remount it to add scripts in /usr/local/share.
2020-08-21 14:51:30 +02:00
Patrick Marchand
6a264a3179
Added option to prepare mysql servers for replication
2020-08-21 14:51:30 +02:00
Benoît S.
d0004ebacc
nagios-nrpe: Added hpsa support to check_hpraid
...
Also handle empty slots.
2020-08-21 14:51:30 +02:00
Benoît S.
5bf7ba5c84
nagios-nrpe: shellchecked check_hp
...
Also refactored the checking part and outputing.
2020-08-21 14:51:30 +02:00
Benoît S.
d8a3bd0c01
nagios-nrpe: Adding licence GPLv2 to check_hpraid
...
Also describe what has been removed/changed from the original source.
2020-08-21 14:51:30 +02:00
Benoît S.
8d9d068a33
nqgios-nrpe: Add check_hpraid
2020-08-21 14:51:30 +02:00
Ludovic Poujol
a9fe102f30
packweb-apache: Don't turn on mod-evasive emails by default
2020-08-21 14:51:30 +02:00
Jérémy Lecour
7413a242a8
Release 10.1.0
2020-08-21 14:50:17 +02:00
Jérémy Lecour
44ddc8047d
evoacme: disable empty task for hooks
2020-08-21 14:21:28 +02:00
Jérémy Lecour
1e6d6cdd13
sort lines in CHANGELOG
2020-08-21 14:03:41 +02:00
Jérémy Lecour
f49bf5c72d
evoacme: use Let's Encrypt deploy hooks instead of evoacme hooks
2020-08-21 14:02:07 +02:00
Jérémy Lecour
a60deb276b
evoacme: upstream release 20.08
2020-08-21 14:01:06 +02:00
Jérémy Lecour
8ea1bac000
evoacme: update for new certbot role
...
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
2020-08-21 13:36:24 +02:00
Benoît S.
a8095b1c36
Updated CHANGELOG.md with recent merges
2020-08-20 15:49:22 +09:00
Jérémy Lecour
5c4daf3691
Merge remote-tracking branch 'origin/generateldif-patch' into unstable
2020-08-19 14:53:10 +02:00
Jérémy Lecour
d457b25c4b
Merge remote-tracking branch 'origin/nagios-nrpe-amavis-update' into unstable
2020-08-19 14:52:04 +02:00
Jérémy Lecour
7eed6d0255
Merge remote-tracking branch 'origin/squid-sa-update-domains' into unstable
2020-08-19 14:51:50 +02:00
Jérémy Lecour
221e9edc10
Merge branch 'nagios-nrpe-check-hpraid' into unstable
2020-08-19 14:49:22 +02:00
Jérémy Lecour
57ac4e467c
metricbeat: allow using a template
2020-08-18 14:01:09 +02:00
Jérémy Lecour
ce35f7292f
filebeat: allow using a template
2020-08-18 14:00:46 +02:00
Ludovic Poujol
edbc596511
mongodb: Fix issue introduced by 8aa7f6cf33
2020-07-30 11:31:19 +02:00
Jérémy Lecour
eeeb20771a
elasticsearch: keep native values
2020-07-21 10:46:34 +02:00
Jérémy Lecour
d3e69eeeb5
certbot: fix haproxy hook (ssl cert directory detection)
...
It was matching additional parameters.
Now it matches on the first argument after "crt"
2020-07-21 10:46:01 +02:00
Jérémy Lecour
21b8104654
elasticsearch: configure cluster with seed hosts and initial masters
2020-07-19 11:40:59 +02:00
Jérémy Lecour
9270852349
elasticsearch: set tmpdir before datadir
2020-07-19 11:30:00 +02:00
Jérémy Lecour
cea5620568
elasticsearch is compatible with buster
2020-07-17 13:49:07 +02:00
Jérémy Lecour
8aa7f6cf33
mongodb: install custom munin plugins
2020-07-17 13:48:18 +02:00
Benoît S.
1c050b481a
evolinux-base: check_hpraid.cron.sh: Fixed wrong <<<
usage
2020-07-01 10:18:30 +09:00
Benoît S.
0150e77041
generate-ldif: Patched computerOS detection
2020-06-30 05:11:05 +02:00
Benoît S.
0fd8128f94
generate-ldif: Skip some odd ethernet devices
2020-06-30 04:36:04 +02:00
Benoît S.
0cd889e4fb
generate-ldif: Add NVMe disk support
2020-06-30 04:10:03 +02:00
Benoît S.
9a8f1979bc
evolinux-base: check_hpraid.cron.sh: Fixed wrong else
...
The logic was wrong, an else part was not necessary.
2020-06-26 17:57:50 +09:00
Benoît S.
a28b9558cb
evolinux-base: check_hpraid.cron.sh: Better logic and use mail
...
First step is to detect errors
Second step is to detect different state
Added mail comand to replace cron output
2020-06-24 18:57:08 +09:00
Jérémy Lecour
9bdd5ad9e7
haproxy: rotate logs with date extension and immediate compression
2020-06-22 19:02:29 +02:00
Mathieu Trossevin
5e13f8da4e
lxc-php: Make mysql socket binding work on fresh install
...
/var/run/mysqld only exist after mysql is installed, as such the role
lxc-php need to run after the role mysql.
Also only cause a restart of the containers when their configuration has
been changed.
For now socket binding might only work for mysql and not mysql-oracle
(it's default socket seems to be /tmp/mysql.sock).
2020-06-17 16:06:54 +02:00
Mathieu Trossevin
49b20f9b12
lxc-php: Have mysqld.sock inside of a directory
...
Bind mount don't seems to work on a file so the default socket is now
always named mysqld.sock and the configurable variable is
php_conf_mysql_socket_dir that define the directory the socket will be
in.
2020-06-17 16:06:54 +02:00
Mathieu Trossevin
1d9ab0f1f3
Allows using localhost to connect to MySQL in lxc
...
Add 'php_conf_mysql_default_socket' variable to lxc-php role that
configure both the lxc containers and PHP so that a local MySQL database
may be used through localhost.
The PHP containers will automount /var/run/mysqld/mysqld.sock (the
default path to the mysql socket) to the path defined by the variable
'php_conf_mysql_default_socket' which will be the path used by php to
contact MySQL both with mysqli and PDO_MYSQL.
2020-06-17 16:06:53 +02:00
Benoît S.
de908ae5bd
nagios-nrpe: check_amavis: Update regex
...
I just installed a Debian Stretch with a pack mail and the check_amavis
was not checking the right regex.
Amavis is returning:
2.7.0 Ok, discarded, id=17556-09 - INFECTED: Eicar-Signature
So the regex should be:
-if ($result =~/2.7.0 Ok, discarded, id=[^,]+ - INFECTED: Eicar-Test-Signature/) {
+if ($result =~/2.7.0 Ok, discarded, id=\S+ - INFECTED: Eicar-Signature/) {
2020-06-17 12:20:33 +09:00
Benoît S.
1d7d2ce08d
squid: Update regex for sa-update domains.
...
List of domains is like:
http://sa-update.dnswl.org/ weight=3
http://www.sa-update.pccc.com/ weight=5
http://sa-update.secnap.net/ weight=5
http://sa-update.space-pro.be/ weight=1
http://sa-update.ena.com/ weight=5
http://sa-update.razx.cloud/ weight=5
http://sa-update.fossies.org/ weight=1
http://sa-update.verein-clean.net/ weight=10
http://sa-update.bitwell.fi/ weight=5
http://sa-update.spamassassin.org/ weight=10
They all start sa-update.*, except for http://www.sa-update.pccc.com/ .
In that case, we just match sa-update on the domain name.
2020-06-17 11:25:24 +09:00
Jérémy Lecour
977c28c720
varnish: fix start command when multiple addresses are present
2020-06-16 13:51:07 +02:00
Benoît S.
766b4dfa82
evolinux-base: check_hpraid cron: Add -p
2020-06-16 13:20:43 +09:00
Benoît S.
a74f4e1890
evolinux-base/tasks/hardware.yml: Removed trailing whitespace
2020-06-16 12:42:33 +09:00
Benoît S.
4bec21a9f3
evolinux-base: harware: Support HP gen >=10 RAID controller
2020-06-16 12:35:56 +09:00
Benoît S.
241f50d27e
nagios-nrpe: check_hpraid: Update known working RAID controllers
2020-06-16 12:34:48 +09:00
Benoît S.
74229809ff
nagios-nrpe: Add check_hpraid in template
2020-06-16 12:28:10 +09:00
Benoît S.
09e17ffe6c
nagios-nrpe: check_hpraid: Use printf for return lines
2020-06-16 11:16:44 +09:00
Benoît S.
b47d2b872c
nagios-nrpe: check_hpraid: Fixed wrong grep in EXCLUDE_BATTERY
2020-06-16 10:57:18 +09:00
Benoît S.
d49da6954a
nagios-nrpe: check_hpraid: Fix wrong command name in examples
2020-06-16 10:53:00 +09:00
Benoît S.
6126be95e3
nagios-nrpe: check_hpraid: Be sure that variables are bound
2020-06-16 10:36:24 +09:00
Jérémy Lecour
ce7468816f
haproxy: deport SSL tuning to Mozilla SSL generator
...
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good
configuration.
2020-06-15 22:47:08 +02:00
Jérémy Lecour
30cdbae981
haproxy: split stats variables
2020-06-15 22:45:22 +02:00
Jérémy Lecour
011761eb8f
haproxy: add deny_ips file to reject connections
2020-06-14 23:28:29 +02:00
Jérémy Lecour
8465743973
haproxy: add some comments to default config
2020-06-14 23:27:50 +02:00
Jérémy Lecour
01a486b20a
haproxy: simplify syntax fos stats section
2020-06-14 23:19:40 +02:00
Jérémy Lecour
ac4ef5ff96
whitespaces
2020-06-14 19:47:16 +02:00
Jérémy Lecour
4bf5b1daa6
nginx: read server-status values before changing the config
2020-06-14 12:49:10 +02:00
Jérémy Lecour
f47af9f54f
haproxy: preconfigure SSL with defaults
2020-06-14 12:37:04 +02:00
Jérémy Lecour
7f54b8ab60
haproxy: adapt backports installed package list to distibution
2020-06-14 12:37:04 +02:00
Jérémy Lecour
e5d4ea3c18
nginx: make default vhost configurable
2020-06-14 12:37:04 +02:00
Jérémy Lecour
ce0d61bcbd
certbot: detect HAProxy cert directory
2020-06-14 12:37:04 +02:00
Patrick Marchand
0fee07f47e
Fix variable par défaut manquante dans mysql
...
Le lower_case_table_names doit être mis à Null pour que le check marche.
2020-06-10 10:37:36 -04:00
Jérémy Lecour
a8887aaa8e
update changelog
2020-06-09 11:45:19 +02:00
Jérémy Lecour
4c71ea2012
haproxy: enable stats frontend with access lists
2020-06-09 11:41:33 +02:00
Patrick Marchand
c9daa8ba35
evobackup-client: Fix ssh connection test in zzz_evobackup.sh
...
When I made the ssh key name a variable and defaulted it to id_ed25519,
I forgot to change the hardcoded value for the ssh test in
evobackup-client/templates/zzz_evobackup.default.sh.j2
2020-06-08 17:22:18 -04:00
Jérémy Lecour
d9f9d03140
evoacme: read values from environment before defaults file
2020-06-05 11:31:42 +02:00
Jérémy Lecour
1ade990526
mongodb: fix logrotate patterm on Debian buster
2020-06-05 11:02:54 +02:00
Eric Morino
2fbf1ff9f9
Force owner opendkim for /etc/opendkim/ folder
2020-06-05 11:00:22 +02:00
Jérémy Lecour
7f0931510f
evoacme: upstream release 20.06.1
2020-06-05 11:01:42 +02:00
Ludovic Poujol
ebffccae59
lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
2020-06-05 11:01:22 +02:00
Ludovic Poujol
186f3d90b9
lxc-php: Install opensmtpd as intended
2020-06-05 10:57:49 +02:00
Ludovic Poujol
0dfb92360f
php: Don't disable putenv() by default in PHP settings
2020-06-04 11:52:04 +02:00
Ludovic Poujol
90704dc712
lxc-php: Don't disable putenv() by default in PHP settings
2020-06-04 11:51:25 +02:00
Ludovic Poujol
ead0b7fd88
lxc-php: Install php-sqlite by default
2020-06-04 11:42:17 +02:00
Ludovic Poujol
8c883c44dd
php: Install php-sqlite by default
2020-06-04 11:39:51 +02:00
Ludovic Poujol
c7d456471b
packweb-apache: Install zip & unzip by default
2020-06-04 11:34:26 +02:00
Jérémy Lecour
2ca7872eef
haproxy: syntax and whitespaces
2020-06-04 11:22:58 +02:00
Jérémy Lecour
3bd0a4ffb3
certbot: restore compatibility with old Nginx
2020-06-04 11:22:58 +02:00
Jérémy Lecour
9aed38b637
certbot: install certbot dependencies non-interactively for jessie
2020-06-04 11:22:58 +02:00
Jérémy Dubois
1a0872c507
nagios-nrpe / evolinux-base : new ntp server variable
...
Online hosted servers must use ntp.online.net as
ntp server, because others one are rate limited.
Default ntp server is pool.ntp.org, and a custom
one can be set with the nagios_nrpe_ntp_server
variable.
2020-06-04 10:55:48 +02:00
Benoît S.
342810362d
evolinux-base: check_hpraid.sh: Fix missing copy of RAID state
2020-06-04 17:32:49 +09:00
Benoît S.
91dda2e1a2
evolinux-base: check_hpraid.sh: Fix RAID state detection
2020-06-04 17:23:14 +09:00
Benoît S.
7b97702f15
evolinux-base: Add check_hpraid.sh
...
This script is meant to be executed as a cron by executing Nagios
NRPE plugin check_hpraid and notify by mail any errors
2020-06-04 16:50:35 +09:00
Jérémy Lecour
1d5a30b144
evoacme: upstream release 20.06
2020-06-03 12:09:58 +02:00
Patrick Marchand
c8cd119a18
Merge pull request 'Make it possible to setup mysql replication' ( #102 ) from mysql_replication into unstable
2020-06-02 17:31:13 +02:00
Jérémy Lecour
4cf438c8ff
redis: raise an error is port 6379 is used in "instance" mode
2020-06-02 11:22:56 +02:00
Jérémy Lecour
8a87fecbe4
redis: new syntax for match filter
2020-06-02 11:00:06 +02:00
Jérémy Lecour
47d11308ba
redis: create sudoers file if missing
2020-06-02 10:59:51 +02:00
Jérémy Lecour
86cab2ab94
haproxy: chroot and socket path are configurable
2020-06-02 10:58:10 +02:00
Jérémy Lecour
3fe1138a98
whitespaces
2020-06-02 10:57:16 +02:00
Patrick Marchand
8c1e40c1a9
Add option to make a mysql install read only
...
Rebased on unstable
2020-06-01 12:03:23 -04:00
Patrick Marchand
5b9cc3af31
Added mysql_innodb_log_file_size option to the mysql role
...
Makes it possible to have larger binary entries when replicating.
2020-06-01 12:01:01 -04:00
Patrick Marchand
1a96616f42
Fix right problem in mysql replication
...
The configuration file was not set to 0644, which caused the file
to be ignored by mysql and it's configuration not to be set.
2020-06-01 12:01:01 -04:00
Patrick Marchand
b80f3993ae
Added some mysql variables and allowed forcing config update
...
The default behaviour is kept, but this way we can manage a mysql
installation from ansible.
2020-06-01 12:01:01 -04:00
Patrick Marchand
d15819fb04
Replication should set a binlog format
...
This could possible be better served in the base config file, but
for now I'll keep it here.
2020-06-01 12:01:01 -04:00
Patrick Marchand
6289c7fe1c
Removed redundant nagios checks
...
They are already installed by the base roles.
2020-06-01 12:01:01 -04:00
Patrick Marchand
45fba1f878
Removed useless dbadmin script from mysql replication tasks
...
It was used by a very specific client case and is not needed for a
general role.
2020-06-01 12:01:01 -04:00
Patrick Marchand
c319be2542
Make it possible for mysql role to copy evolix scripts
...
Based myself off of the webapps/evoadmin-web role, but I'm not sure
we still consider this a hack or not. We use a read only /usr fs,
so we need to remount it to add scripts in /usr/local/share.
2020-06-01 12:01:01 -04:00
Patrick Marchand
31f002f9d9
Added option to prepare mysql servers for replication
2020-06-01 12:01:01 -04:00
Benoît S.
314cd2c1de
nagios-nrpe: Added hpsa support to check_hpraid
...
Also handle empty slots.
2020-05-29 09:43:15 +09:00
Benoît S.
f35cbdbe30
nagios-nrpe: shellchecked check_hp
...
Also refactored the checking part and outputing.
2020-05-28 16:35:11 +09:00
Benoît S.
0307c0b066
nagios-nrpe: Adding licence GPLv2 to check_hpraid
...
Also describe what has been removed/changed from the original source.
2020-05-28 15:33:00 +09:00
Benoît S.
073f2b5b09
nqgios-nrpe: Add check_hpraid
2020-05-28 13:01:50 +09:00
Ludovic Poujol
09371b095f
packweb-apache: Don't turn on mod-evasive emails by default
2020-05-18 12:03:34 +02:00
Jérémy Lecour
3a26f18201
Merge pull request 'Release 10.0.0' ( #100 ) from unstable into stable
2020-05-13 11:25:48 +02:00
Jérémy Lecour
4016387ca8
Release 10.0.0
2020-05-13 11:20:45 +02:00
Jérémy Lecour
ac7ee86a9c
minifirewall: /bin/true command doesn't report "changed" anymore
2020-05-11 15:23:52 +02:00
Jérémy Lecour
0da938223e
redis: remove quotes when reading variables
2020-05-09 09:56:13 +02:00
Jérémy Lecour
849ec405d5
evocheck: upstream version 20.04.4
2020-04-28 16:00:45 +02:00
Jérémy Lecour
57e5791728
networkd-to-ifconfig: add variables for configuration by variables
2020-04-26 18:39:25 +02:00
Jérémy Lecour
2f77100b47
evocheck: upstream version 20.04.3
2020-04-26 10:54:49 +02:00
Patrick Marchand
72736751ea
in evobackup_client, made rsync ssh key use the actual variable
2020-04-24 11:09:47 -04:00
Patrick Marchand
ebecda38b6
Fixed evobackup-client not updating the ssh key in the jail
...
I have no idea how this got past testing, but apparently, the task
did not even exist..
2020-04-24 10:46:10 -04:00
Patrick Marchand
53ae27b250
evobackup-client now uses the default ed25519 key of the server
...
We used to prefer creating a specific one for backups, but everybody
kept thinking the wrong key was being used and "fixing" it. The
advantages of having a specific key for backups did not outweigh
the challenge of creating a culture change.
2020-04-24 10:36:36 -04:00
Eric Morino
9e0388c865
Fix task when memcached_instance_name
2020-04-23 12:01:01 +02:00
Patrick Marchand
7173fc06ea
Quote a variable in zz_evobackup.default.sh.j2
...
This allows us to remove the shellcheck ignore warning comment and puts it in line with upstream. Apparently, the file can only contain one PID, so it's okay to quote the variable.
2020-04-20 18:16:39 +02:00
Patrick Marchand
daa97a2314
revert last change to zzz_evobackup, it broke
2020-04-20 11:30:55 -04:00
Patrick Marchand
556b6a6f89
added litteral blocks to zzz_evobackup template
...
This makes sure that nothing inside the script is parsed by jinja
unless we want it.
2020-04-20 11:27:51 -04:00
Patrick Marchand
6906c41818
Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
2020-04-20 11:27:41 -04:00
Jérémy Lecour
f3111b42e5
cerbot: add mod_jk and mod_proxy directives for the Apache challenge
2020-04-20 10:49:50 +02:00
Ludovic Poujol
b1b0072377
Merge pull request 'Enhancing our multiphp-setup' ( #97 ) from lpoujol/better-multiphp into unstable
2020-04-17 16:42:11 +02:00
Jérémy Lecour
7a3e6cf61a
lxc: install apparmor on Debian 10
2020-04-17 15:57:22 +02:00
Jérémy Lecour
968973d1f4
whitespaces and syntax
2020-04-17 15:56:54 +02:00
Jérémy Lecour
d013a65cf6
Merge branch 'unstable' into lpoujol/better-multiphp
2020-04-17 12:23:56 +02:00
Jérémy Lecour
7a9624fcc2
evoacme: remove shellcheck warnings
2020-04-16 09:44:25 +02:00
Patrick Marchand
05c3629564
Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
2020-04-15 14:21:49 -04:00
Jérémy Lecour
6764418e75
evocheck: upstream release 20.04.2
2020-04-15 18:01:55 +02:00
Jérémy Lecour
155c6a5a88
explicit "force: no" for consistency
2020-04-15 10:04:13 +02:00
Jérémy Lecour
257a3476f1
evocheck: upstream release 20.04.1
2020-04-12 22:30:07 +02:00
Jérémy Lecour
e2f5094835
trailing space
2020-04-11 12:31:41 +02:00
Jérémy Lecour
f2613e91aa
evolinux-base: configure cciss-vol-statusd in the proper file
...
The default file should be used for configuration instead of the init
script.
2020-04-10 11:36:03 +02:00
Ludovic Poujol
6cf62aec11
(fix) packweb-apache : phpContainer can be run by anyone, set the chmod accordingly to 0755
2020-04-08 18:12:50 +02:00
Ludovic Poujol
4720329084
(fix) packweb-apache: Fix a regression introduced by bd63e7037f
2020-04-08 18:10:54 +02:00
Ludovic Poujol
bd201e8791
(change) lxc-php: refactor tasks for better maintainability (again)
2020-04-08 17:58:42 +02:00
Ludovic Poujol
93c043c8e0
(fix) lxc: Fix container existance check to be able to run in check_mode
2020-04-08 17:57:46 +02:00
Ludovic Poujol
bd63e7037f
packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
2020-04-08 17:54:43 +02:00
Jérémy Lecour
35549d2dea
certbot: execute manual install for sources mode
2020-04-03 10:13:02 +02:00
Jérémy Lecour
71a9ac8424
mongodb: mention Buster support in README
2020-04-03 10:12:20 +02:00
Ludovic Poujol
f135f67cd0
(change) php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
...
Closes #98
2020-04-01 18:22:46 +02:00
Ludovic Poujol
2a1d355192
(fix) php: Correct tasks names in config_cli as they are for all versions, not only jessie
...
Signed-off-by: Ludovic Poujol <lpoujol@evolix.fr>
2020-04-01 18:15:38 +02:00
Ludovic Poujol
7fc260a17b
(fix) php: update surry_post.yml to match current latest PHP release
2020-04-01 18:08:57 +02:00
Ludovic Poujol
f442239cec
(fix) packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
2020-04-01 18:05:20 +02:00
Ludovic Poujol
135a089341
(change) lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a21fcaf663
(fix) php: Chose the debian version repo archive for packages.sury.org
2020-04-01 17:23:39 +02:00
Ludovic Poujol
a680399608
packweb-apache: Add missing dependency to evoacme role
2020-04-01 17:23:39 +02:00
Ludovic Poujol
8bc4ff4ada
lxc-php & webapps/evoadmin-web: Commit missing fixes
2020-04-01 17:17:00 +02:00
Victor LABORIE
84ec361270
evoadmin-web: fix missing bracket in web-add.conf template
2020-04-01 17:17:00 +02:00
Victor LABORIE
3601e802d6
evoadmin-web: fix typo in join filter
2020-04-01 17:17:00 +02:00
Victor LABORIE
47b263e411
lxc-php: fix php56-fpm handler name
2020-04-01 17:17:00 +02:00
Ludovic Poujol
9c420eec4f
packweb-apache: Automagically bootstrap the multiphp containers
...
Introducing a new variable `packweb_multiphp_versions: []`.
While set empty, packweb-apache will setup a regular packweb.
When filled with PHP Versions, it will handle :
- LXC Container setup and config (as a dependencie of lxc-php role)
- Ensure evoadmin-web will set the rights versions in the config files
by setting evoadmin_multiphp_versions
Exemple value : `packweb_multiphp_versions: ['php70', 'php73']`
That will call lxc-php to create both PHP 7.0 and PHP 7.3 containers.
2020-04-01 17:17:00 +02:00
Ludovic Poujol
0f41638810
webapps/evoadmin-web: Replace evoadmin_multi_php (bool) by evoadmin_multiphp_versions (list) ** breaking **
...
Instead of having evoadmin_multi_php as a boolean, and outputing all
versions possible PHP version in evoadmin, we now have
evoadmin_multiphp_versions.
It's supposed to be a
2020-04-01 17:17:00 +02:00
Ludovic Poujol
e6f2bbb331
lxc-php: An almost complete rewrite ** BREAKING **
...
This is a breaking change as lxc-php should now be called for *each* php
containers we want, with the correct lxc_php_version variable.
Current valid values are :
- php56
- php70
- php73
Other changes includes :
- LXC Containers are created by calling lxc as a dependency of the role.
- Relying on lxc_container module to do commands into the container
(instead of the command module)
- PHP 7.3 container is now a Debian Buster container
- All containers will have opensmtpd to relay emails to postfix on the
host system.
2020-04-01 17:17:00 +02:00
Ludovic Poujol
8ef94a9798
lxc: Allow this role to be called multiple times
2020-04-01 17:17:00 +02:00
Ludovic Poujol
9b80db3772
lxc: Don't stop the container if it already exists
2020-04-01 17:17:00 +02:00
Patrick Marchand
04e1b96833
Fix the test_server() function in zzz_evobackup.default.sh.j2
...
The script was using the wrong ssh key to test the connection, thus reporting a failed connection even if the rest was okay.
2020-03-26 11:18:55 -04:00
Patrick Marchand
d9517e8033
Update evobackup_client zzz_evobackup script
...
Use latest evobackup master and adds new evobackup_client__servers_fallback
variable.
2020-03-23 10:52:20 -04:00
Jérémy Lecour
5b5b8944c5
java: add Java 11 as possible version to install
2020-03-21 19:07:26 +01:00
Jérémy Lecour
288416f149
elaticsearch: Java version is not forced to 8 anymore
2020-03-21 19:07:26 +01:00
Jérémy Lecour
4718138eca
evomaintenance: install the embedded script by default
2020-03-21 19:07:26 +01:00
Jérémy Lecour
69c98bf562
[WIP] certbot: add support for install from sources on Debian 8
2020-03-21 19:07:26 +01:00
Patrick Marchand
9d7b4dd52d
hotfix jail updated task in evobackup-client
...
Found out I wasnt using the right syntax for chaining commands, will fix later.
2020-03-19 15:51:32 -04:00
Jérémy Lecour
4ad785abaf
evolinux-base: simplify sshd syntax validation
2020-03-12 17:04:08 +01:00
Patrick Marchand
a18076e878
Added handling of bkctld sync to evobackup-client
2020-03-11 09:10:01 -04:00
Patrick Marchand
d5731f90e0
Merge branch 'bind9_evocheck_fix' into unstable
2020-03-10 13:48:52 -04:00
Eric Morino
6c4f696ec5
Set handler postgresql with systemctl daemon-reload
2020-03-09 18:04:22 +01:00
Eric Morino
0bda633b0c
Override Unit systemd with OMkill less
2020-03-09 18:04:22 +01:00
Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
2020-03-09 17:02:23 +01:00
Jérémy Lecour
92dcbf1ab5
rbenv: change default Ruby version to 2.7.0
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ac6414076c
nodejs: change default version to 12 (new LTS)
2020-03-09 17:02:23 +01:00
Eric Morino
61e007d22b
Fix logrotate configuration
2020-03-09 14:40:10 +01:00
Jérémy Lecour
1e3ac40167
mysql: Munin must use the debian-sys-maint user
2020-03-08 22:15:06 +01:00
Jérémy Lecour
ddef475778
mysql: add a missing name to a task
2020-03-08 22:14:40 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
783dcb9890
evomaintenance: upstream release 0.6.3
2020-03-02 22:12:58 +01:00
Jérémy Lecour
099691614e
redis: set_facts separately to reuse them
2020-03-02 21:36:41 +01:00
Jérémy Lecour
bc1a6f347a
redis: add log2mail configuration for Redis if installed
2020-03-02 21:19:50 +01:00
Jérémy Lecour
e510c44a4a
Merge remote-tracking branch 'origin/T47076' into unstable
2020-03-02 20:54:27 +01:00
Jérémy Lecour
68a1d4eb27
update changelog
2020-03-02 20:53:54 +01:00
Jérémy Lecour
37b8d1fbc4
fix syntax
2020-03-02 20:37:35 +01:00
Jérémy Lecour
bb958b34b0
redis: quote some variables
2020-03-02 20:34:20 +01:00
Jérémy Lecour
af53a6b2ec
evomaintenance: upstream release 0.6.2
2020-03-02 14:45:41 +01:00
Jérémy Lecour
eb74bda22a
nagios-nrpe: check_mode per cpu dynamically
2020-02-28 12:14:20 +01:00
Eric Morino
3a20f5f501
Suppression du paquet zoo
2020-02-27 15:00:32 +01:00
Jérémy Lecour
1b29f2d793
update listupgrade from upstream
2020-02-27 13:41:04 +01:00
Jérémy Lecour
d31dddc9aa
evocheck: upstream verison 20.02.1
2020-02-27 11:37:01 +01:00
Jérémy Lecour
65bc2c657d
certbot: commit hook must be executed at the end
2020-02-25 10:46:21 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
ff7f8669ef
evomaintenance: install PG dependencies only when needed
2020-02-25 10:43:23 +01:00
Tristan PILAT
c06fe36796
Switch to Solr 8.4.1
2020-02-25 10:15:56 +01:00
Ludovic Poujol
7a865b0ace
minifirewall: Properly detect alert5.sh to turn on firewall at boot
2020-02-17 16:36:48 +01:00
Ludovic Poujol
704b76e6de
minifirewall: Properly detect alert5.sh to turn on firewall at boot
2020-02-17 16:02:48 +01:00
Ludovic Poujol
02e8754d75
minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
2020-02-17 10:56:38 +01:00
Patrick Marchand
fefd10ae2a
The GPG key for yarn changed
2020-02-11 10:20:12 -05:00
Jérémy Lecour
ca4c4adb59
certbot: commit all changes in /etc/.git
...
On some servers, certificates can be copied directly in final
directories over SSH.
2020-02-11 12:06:40 +01:00
Jérémy Lecour
f57af13349
minifirewall: better alert5 activation
2020-02-10 10:36:00 +01:00
Jérémy Lecour
68b7a88e63
apt: added buster backports prerferences
2020-02-10 10:35:18 +01:00
Patrick Marchand
896b8bd7e4
Merge branch 'evobackup-client' into unstable
...
Import evobackup client code into mainline.
2020-02-06 16:29:02 -05:00
Patrick Marchand
c195806918
Allow different postgres versions on buster and stretch
2020-02-06 16:06:34 -05:00
Jérémy Lecour
07fd68b6a4
apt: fix syntax
2020-02-04 18:37:00 +01:00
Jérémy Lecour
72f5dc70f8
apt: hold packages only if package is installed
2020-02-04 18:14:57 +01:00
Jérémy Lecour
dc7358bc4c
nagios-nrpe: change default haproxy socket path
2020-01-23 15:04:25 +01:00
Jérémy Lecour
02858692bb
evomaintenance: don't configure firewall for database if not necessary
2020-01-23 14:34:03 +01:00
Jérémy Lecour
71a2a19847
apache: the default VHost doesn't redirect to https for ".well-known" paths
2020-01-23 14:34:03 +01:00
Eric Morino
3740a6782b
Add packages dependencies for Postgis
2020-01-21 15:48:03 +01:00
Jérémy Lecour
adc1aad883
redis: data directory is configurable
2020-01-17 14:54:05 +01:00
Ludovic Poujol
d3dc98a778
Merge branch 'lpoujol/fpm-php' of evolix/ansible-roles into unstable
2020-01-16 15:56:29 +01:00
Ludovic Poujol
31df2d2fbc
php: Add a task to remove Debian's default FPM pool file (off by default)
...
Can be triggered by switching php_fpm_remove_default_pool to True.
2020-01-16 15:55:35 +01:00
Ludovic Poujol
ef5ed6911e
php: Change the default pool names to something more explicit (and same for the variables names)
...
Because it's more than just pure configuration, but a fpm pool
definition, I've changed the following variables in Ansible :
- php_fpm_defaults_conf_file to replaced by php_fpm_default_pool_file
- php_fpm_custom_conf_file to php_fpm_default_pool_custom_file.
On the FPM side, I've also changed the files names of the pool to make
them more explicit. No more z and zzz. It's the www pool, so let's put
www in the file name for coherence :
- z-evolinux-defaults.conf changes to www-evolinux-defaults.conf
- zzz-evolinux-custom.conf changes to www-evolinux-zcustom.conf
2020-01-16 15:55:25 +01:00
Ludovic Poujol
c9d3635cf8
php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
2020-01-16 15:55:17 +01:00
Patrick Marchand
af61b7f97d
Temp fix for regression introduced by bkctld 2.x
...
The erroneous error codes returned by bkctld will make playbooks
fail even though the commands run succesfully.
See evolix/evobackup#31
2020-01-16 12:18:51 +01:00
Jérémy Lecour
80081aa26e
evolinux-base: remove the chrony package
2020-01-16 10:57:47 +01:00
Patrick Marchand
131004136e
Fix mistake in bind logrotate template name
...
Just a minor typo, but stops it from running.
2020-01-14 15:15:58 +01:00
Eric Morino
c4ede03f3a
Add package list in board for compatibility Ansible 2.7
2020-01-09 15:40:47 +01:00
Eric Morino
12cdf35126
Add multi: "" patch
2020-01-09 15:40:46 +01:00
Jérémy Lecour
65d914098c
whitespaces
2020-01-09 15:05:44 +01:00
Alexis Ben Miloud--Josselin
3ba846cc38
redis: change log path
2020-01-08 17:24:27 +01:00
Alexis Ben Miloud--Josselin
97719d28f2
redis: add log2mail
2020-01-08 17:23:05 +01:00
Jérémy Lecour
e7952dc3c8
etc-git: fix warnings ansible-lint
2020-01-08 17:19:36 +01:00
Jérémy Lecour
bf7de332ea
minifirewall: fix warnings ansible-lint
2020-01-08 17:19:13 +01:00
Jérémy Lecour
f79b30eeb4
update changelog
2020-01-03 16:40:53 +01:00
Jérémy Lecour
6801f4e00e
Add names to many blocks
2019-12-31 16:56:03 +01:00
Jérémy Lecour
3b258cc43e
tomcat: package version derived from Debian version if missing
2019-12-31 16:43:51 +01:00
Jérémy Lecour
b8bdedaa2e
packweb-apache: update phpmyadmin package for Debian 10+
...
phpmyadmin_4.6.6-5_all.deb is no longer available, let's use 4.6.6-4
2019-12-31 16:27:05 +01:00
Jérémy Lecour
27e217467e
Change "|changed" with "is changed"
2019-12-31 16:18:56 +01:00
Jérémy Lecour
eded11f88f
Change "|search" with "is search"
2019-12-31 16:18:56 +01:00
Jérémy Lecour
e04d881988
replace "with_items" in apt modules
2019-12-31 16:18:56 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Jérémy Lecour
5b847ec91c
whitespace
2019-12-31 09:54:59 +01:00
Eric Morino
270e42ac77
Remove hooks directories if debian 10 and superior
2019-12-30 17:32:08 +01:00
Eric Morino
be2ea39158
Add buster for RabbitMQ
2019-12-30 17:27:39 +01:00
Eric Morino
1bf271a4f4
Add install PostGIS in postgresql rôle
2019-12-26 16:16:05 +01:00
Patrick Marchand
20191c8873
Fixed regression introduced by commit 276177900b
...
The default behavior for ansible template is to overwrite the
targeted file. Since we dont always want to overwrite a file when
we play this role, we set `force` to `False` by default. This means
that if the `dest` already exists, ansible will not overwrite it
with it's given template.
This is fine for most of the tasks in this role, but in the case
of `{{ evoadmin_scripts_dir }}/web-mail.tpl`,the file is created
by a task that runs prior to the template task, so setting it to
`False` by default means it never gets updated and clients dont get
notified when they create new websites.
2019-12-24 14:10:24 -05:00
Patrick Marchand
0b4095d8dd
bkctld restart works better than bkctld start
...
a simple start will fail if the jail is already started, there is potential for a race condition.
2019-12-19 10:30:58 -05:00
Victor LABORIE
2a1e0b7ef6
evolinux-base: install ssacli for HP Smart Array
2019-12-13 11:00:20 +01:00
Jérémy Lecour
ce45a39b8b
redis: manage runtime directories manually on Jessie
2019-12-13 10:44:44 +01:00
Jérémy Lecour
607ee119ec
redis: sudo nopasswd for nagios check
2019-12-13 10:44:44 +01:00
Jérémy Lecour
e557a3eaae
apache: improve permissions in save_apache_status script
2019-12-13 10:44:44 +01:00
Eric Morino
8b6c1341f9
Fix logrotate configuration
2019-12-10 14:29:57 +01:00
Victor LABORIE
1b74db194a
Add missing evolix prefix to role dependencies
2019-12-03 14:32:34 +01:00
Victor LABORIE
0873bb49e0
Add evolix prefix to role dependencies
2019-11-29 14:19:52 +01:00
Victor LABORIE
6f5e13f8b8
Add evolix prefix to include_role
2019-11-29 14:00:25 +01:00
Ludovic Poujol
6e918d166e
evolinux-base: Don't make alert5.service executable
...
Every 3 mins, systemd complain that the service file is marked as
executable, and asks the executable bit to be remove.
Nov 27 01:35:11 foo systemd[1]: Configuration file /etc/systemd/system/alert5.service is marked executable. Please remove executable permission bits. Proceeding anyway.
2019-11-28 10:59:29 +01:00
Patrick Marchand
cf8cca745e
hardcode chrooted bind variables
...
The current chroot-bind.sh is legacy code that cannot be migrated
without a proper understanding of it's historical context. This
context might still apply and this script is still used on a variety
of new and old machines. By hardcoding the paths when the user
requests a chroot, we limit possible breakage.
2019-11-26 17:17:48 -05:00
Patrick Marchand
5008b79ef5
Remove remaining hardcoded log paths from bind role
...
We had variables for the log paths, but these were not being used
by all templates.
2019-11-26 14:04:20 -05:00
Patrick Marchand
7728f5f0c5
Made sure munin and logrotate use the proper path for bind logs
...
Not all code paths made sure that the chroot was taken into account.
2019-11-26 14:02:28 -05:00
Patrick Marchand
b7a223dbdd
use yes / no instead of True / False for certain flags in bind role
2019-11-26 11:58:42 -05:00
Patrick Marchand
3ede484242
Standardization of booleans for bind role
2019-11-26 11:53:05 -05:00
Patrick Marchand
839db42c81
Revert "yaml lint and quoting standardisation for bind role"
...
This reverts commit 6118dda7c9
.
2019-11-26 11:48:21 -05:00
Ludovic Poujol
0e58f34e18
certbot: Properly evaluate when apache is installed
...
Checking the existence of /etc/apache2 is not enough as a condition to
validate the presence of apache.
Indeed, some packages (including certbot!!!), put some files in
/etc/apache2/conf-available even if apache isn't installed.
In those cases, the check is not correct, and we'll enter in the apache
block, and fail when we try to enable the configuration.
With this commit, we now validate the presence apache with the presence
of /usr/sbin/apachectl
2019-11-26 11:58:52 +01:00
Ludovic Poujol
dc1c78e08a
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
...
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.
The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :
[FAIL] Closing open files: rsyslogd failed!
Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.
Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.
Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
2019-11-22 16:48:19 +01:00
Jérémy Lecour
473bcb4cd6
apt: verify that /etc/evolinux is present
2019-11-20 11:34:47 +01:00
Eric Morino
e20d95786a
Change config file name conf.d/evolinux.conf by conf.d/zz-evolinux.conf
2019-11-18 09:31:24 +01:00
Eric Morino
d10441fb0b
Replace ptop by pgtop for buster
2019-11-14 16:10:23 +01:00
Eric Morino
9d5a272472
Add set and reconfigure locales for postgresql
2019-11-14 15:56:41 +01:00
Eric Morino
c15f8963e4
Add compatibility for debian 9 and debian 10 in HW tool and megacli package
2019-11-14 14:29:04 +01:00
Eric Morino
eb81c69327
Add modification for buster and postgresql 11 requirements
2019-11-14 11:39:02 +01:00
Jérémy Lecour
26dd244ae0
nagios-nrpe: update check_redis_instances
2019-11-13 09:47:23 +01:00
Ludovic Poujol
174bfa5ba0
Fix a syntax error in a task name (a missplaced double quote)
2019-11-12 17:59:36 +01:00
Eric Morino
dc162ec67f
Add check_mysql_health
2019-11-08 13:47:34 +01:00
Jérémy Lecour
7f6ad406a5
evocheck: upstream version 19.11.2
2019-11-07 10:38:32 +01:00
Jérémy Lecour
767760cbe0
evocheck: upstream version 19.11.1
2019-11-06 07:50:45 +01:00
Jérémy Lecour
049d36ab8f
etc-git: add versioning for /usr/share/scripts on Debian 10+
...
The repository.yml task file is generic and can be called for vrious
repositories.
On Debian 10, /usr/share/scripts is versioned
2019-11-05 17:00:22 +01:00
Jérémy Lecour
6b77372f24
evocheck: upstream version 19.11
2019-11-05 16:20:07 +01:00
Jérémy Lecour
a55e29186f
evomaintenance: upstream version 0.6.0
2019-11-05 14:52:59 +01:00
Jérémy Lecour
ab8c6b13b8
evoacme: upstream version 19.11
2019-11-05 14:08:02 +01:00
Jérémy Lecour
7e50a460a8
minifirewall: add a variable to force the check scripts update
2019-11-05 10:52:14 +01:00
Jérémy Lecour
1c0e3af490
squid: add "checkmode: no" on a read-only task
2019-11-05 10:51:09 +01:00
Jérémy Lecour
5476538eb1
minifirewall: no http filtering by default
2019-10-30 14:37:22 +01:00
Jérémy Lecour
f2dacac139
evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+)
2019-10-30 14:32:32 +01:00
Jérémy Lecour
8679da4cb6
evolinux-base: install /sbin/deny
2019-10-30 14:32:32 +01:00
Jérémy Lecour
78ea4a61e1
typo
2019-10-30 14:32:32 +01:00
Jérémy Lecour
772c333623
apt: remove jessie/buster sources from Gandi servers
2019-10-30 14:32:32 +01:00
Jérémy Dubois
08a98e0bd5
Added a new nagios-nrpe plugin: check_vrrpd
2019-10-29 14:40:43 +01:00
Jérémy Lecour
cd9e17e8f6
certbot: reload the correct daemon
2019-10-25 18:21:23 +02:00
Jérémy Lecour
e80e4197c2
evocheck: upstream version 19.10
2019-10-25 13:17:16 +02:00
Jérémy Lecour
d5a6487315
Merge branch 'mongodb-buster' into unstable
2019-10-24 17:23:53 +02:00
Jérémy Lecour
5eff84bc07
mongodb: fix systemd service
2019-10-24 16:43:24 +02:00
Jérémy Lecour
27adad616f
squid: compatibility wit Debian 10
2019-10-24 16:23:48 +02:00
Jérémy Lecour
a9b61161e0
fix typos
2019-10-24 15:55:40 +02:00
Jérémy Lecour
85b0e36f33
CHANGELOG: sort alphabetically
2019-10-24 15:37:58 +02:00
Jérémy Lecour
76864f226e
WIP mongodb: compatibility with Debian 10
2019-10-24 15:36:51 +02:00
Gregory Colpart
7deee9b1e6
modifications variables
2019-10-24 15:12:55 +02:00
Jérémy Lecour
ee72dd07ff
rbenv: install Ruby 2.6.5 by default
2019-10-22 15:03:45 +02:00
Jérémy Lecour
2ea88dc385
mysql-oracle: backport tasks from mysql role
2019-10-21 16:32:59 +02:00
Jérémy Lecour
24edbd680a
Add crontabs only when cron package is installed (many roles)
2019-10-21 15:26:03 +02:00
Jérémy Lecour
bc5e19c002
redis: reload redis when configuration is changed
2019-10-21 15:26:03 +02:00
Jérémy Lecour
16c44ab867
lxc : add name of container in task names
2019-10-21 15:26:03 +02:00
Jérémy Lecour
12cebfa71c
lxc-php: refactor tasks for better maintainability
2019-10-21 15:26:03 +02:00
Ludovic Poujol
2d2889ac16
php: Don't set a chroot for the default fpm pool
2019-10-16 15:59:33 +02:00
Ludovic Poujol
0a7262081a
php: add missing handler for php7.3-fpm
2019-10-16 15:17:35 +02:00
Jérémy Lecour
beb39988e7
git ignore .swp files
2019-10-11 21:27:01 +02:00
Jérémy Lecour
7fe89d2419
haproxy: add another variable for configuration
2019-10-11 21:24:32 +02:00
Patrick Marchand
5178e99e7c
typo in evobackup jail file task name
2019-10-10 15:40:00 -04:00
Jérémy Lecour
edb5ace762
haproxy: add a variable to keep the existing configuration
2019-10-10 11:27:39 +02:00
Patrick Marchand
6118dda7c9
yaml lint and quoting standardisation for bind role
2019-10-09 12:15:55 -04:00
Patrick Marchand
2bbebded9e
Migrated bind role to python booleans
2019-10-09 12:07:14 -04:00
Patrick Marchand
c6804e73e7
Adapted the bind role to respect the evocheck warnings
...
The required munin plugins and the logging necessary for them to work is
now activated depending on the type of resolver and the logrotate file is
changed from bind to bind9.
2019-10-09 11:54:30 -04:00
Patrick Marchand
5a20292ec9
rename create_jail.yml to jail.yml in evobackup-client
2019-10-07 13:53:55 -04:00
Patrick Marchand
d4742b411d
Added evobackup sync when more than one host
2019-10-07 13:53:10 -04:00
Patrick Marchand
daad12fdeb
Handle backup jail creation
...
Does not handle sync step yet
2019-10-07 12:28:25 -04:00
Patrick Marchand
4851af7432
Fix minifirewall restart handler
2019-10-03 10:44:21 -04:00
Gregory Colpart
569ad4d38a
update evocheck.sh in evocheck role
2019-10-03 16:01:42 +02:00
Ludovic Poujol
4aaeb4590b
lxc: rely on lxc_container module instead of command module
2019-10-02 16:32:20 +02:00
Ludovic Poujol
e985f5778c
evoadmin-web: Put the php config at the right place for Buster
2019-10-02 15:48:03 +02:00
Jérémy Lecour
429fc39b86
redis: improve check_redis_instances
...
* a disabled instances is UNCHK (not CRITICAL)
* output is copied directly from check_redis
2019-10-02 14:13:59 +02:00
Ludovic Poujol
a5378c783e
lxc: update our default template to be compatible with Debian 10
2019-10-01 17:54:13 +02:00
Ludovic Poujol
ae97276e13
lxc: remove useless loop in apt execution
2019-10-01 17:54:13 +02:00
Tristan PILAT
f96c0b82ff
Fix condition in main task
...
The Buster task should not be triggered with Debian Stretch systems
2019-10-01 17:26:33 +02:00
Jérémy Lecour
a478c773eb
apt: check if cron is installed before adding a cron job
2019-09-30 14:12:38 +02:00
Jérémy Lecour
eec8aef129
Merge branch 'certbot' of evolix/ansible-roles into unstable
...
Let's merge this into unstable and test it on a few servers.
2019-09-27 14:06:38 +02:00
Jérémy Lecour
68e6d6cb23
improve hooks maintainability
2019-09-27 14:03:39 +02:00
Jérémy Lecour
44b2480e03
certbot: improve hooks
2019-09-27 10:15:33 +02:00
Jérémy Lecour
3521d4a765
certbot: verify generated combined certificate file for HAProxy
2019-09-27 09:47:51 +02:00
Jérémy Lecour
86108999c1
certbot: check syntax in hooks just before reload
2019-09-27 09:31:22 +02:00
Jérémy Lecour
394e28b815
WIP: new certbot role
2019-09-27 00:21:29 +02:00
Jérémy Lecour
0a8061bbd6
return items on separate lines
2019-09-26 15:33:54 +02:00
Jérémy Lecour
b6b0c7716c
apt: back to dynamic release name
2019-09-26 09:55:25 +02:00
Jérémy Lecour
e3e908dd4c
Merge branch 'redis-instances' into unstable
2019-09-25 22:25:42 +02:00
Jérémy Lecour
2cf5027df9
redis: check_redis_instances supports password
2019-09-25 22:21:32 +02:00
Gregory Colpart
6fe86a76c5
remove reload-vcl.sh (Custom Varnish ExecReload script) when Debian >= 10
2019-09-24 14:00:22 +02:00
Jérémy Lecour
f09a405d84
mongodb: still incompatible with Debian 10
2019-09-23 22:18:52 +02:00
Jérémy Lecour
9ea567ee2d
squid: install systemd unit and restart only if needed
2019-09-23 21:58:08 +02:00
Jérémy Lecour
c98be7c864
evoadmin-web: better comment
2019-09-23 21:57:52 +02:00
Jérémy Lecour
732e26275e
evoadmin-web: fix config file name
2019-09-23 21:57:35 +02:00
Jérémy Lecour
ce02a68a8d
evoadmin-web: use python/yaml native values
2019-09-23 21:57:08 +02:00
Patrick Marchand
6a89f253e9
Fix typo in evoadmin-web config template
2019-09-23 15:46:16 -04:00
Patrick Marchand
1b7f5bb46d
Adds a default htpasswd for evoadmin-web
2019-09-23 15:32:17 -04:00
Patrick Marchand
87202fa264
fixed typo in evobackup-cilent
...
Not sure how this slipped in
2019-09-23 15:26:30 -04:00
Jérémy Lecour
bea11352be
Merge branch 'buster' into unstable
2019-09-23 18:34:35 +02:00
Jérémy Lecour
45d48eedb0
changelog cleanup
2019-09-23 13:47:19 +02:00
Jérémy Lecour
3999e7d4f8
listupgrade: install old-kernel-autoremoval script
2019-09-23 13:46:29 +02:00
Jérémy Lecour
0829efc8a6
evocheck: upstream version 19.09
2019-09-23 09:22:58 +02:00
Jérémy Lecour
9f619adf68
evocheck: cron jobs execute in verbose
2019-09-23 09:22:40 +02:00
Jérémy Lecour
1a647d0546
evocheck : update (version 19.09) from upstream
2019-09-22 22:41:03 +02:00
Jérémy Lecour
b31159c9d2
evolinux-base: use "evolinux_internal_group" for SSH authentication
2019-09-22 22:26:21 +02:00
Jérémy Lecour
8f868b8612
evolinux-base: default value for "evolinux_ssh_group"
2019-09-22 22:25:30 +02:00
Jérémy Lecour
2d249f1815
squid: split systemd tasks into own file
2019-09-22 22:18:09 +02:00
Patrick Marchand
a358db065b
Merge branch 'htpasswd_evoadmin' into unstable
2019-09-20 10:06:20 -04:00
Patrick Marchand
0009272462
Allow setting a custom mysql server_id
2019-09-12 11:46:12 -04:00
Jérémy Lecour
508f725193
squid: add a warning about local mode in the README
2019-09-12 16:05:42 +02:00
Patrick Marchand
cf83732946
The mysql readme had an erroneous line removal
2019-09-12 08:59:04 -04:00
Patrick Marchand
109191ccd8
Added mysql_log_bin variable to enable binary logs
2019-09-12 08:54:18 -04:00
Patrick Marchand
b36202f8d1
minifirewall was not restarted by evobackup-client after mods.
2019-09-06 17:53:48 -04:00
Patrick Marchand
11e006201a
Revert to default zzz_evobackup from git
...
The suggested default is better, following peer review. Though some
changes will probably need to be made once we decide how to handle
system only backups.
2019-09-06 17:52:14 -04:00
Patrick Marchand
d226ce594a
Changed variables to all lower snake case for evobackup-client
...
Not just esthetic, for some reason ansible refused to run with '-'
somewhere and I just could not find where, changing variables and
tags to use '_' fixed it. It's more consistent anyway.
2019-09-06 17:49:40 -04:00
Jérémy Lecour
442353ce73
Update changelog
2019-09-06 16:04:47 +02:00
Jérémy Lecour
a57b734486
Revert "NRPE checks probably don't need sudo"
...
This reverts commit d05897fe93
.
2019-09-06 16:02:00 +02:00
Jérémy Lecour
c6cba6d9e0
sudo without password for nagios
2019-09-06 15:55:35 +02:00
Jérémy Lecour
d05897fe93
NRPE checks probably don't need sudo
2019-09-06 14:02:52 +02:00
Jérémy Lecour
961f50c1a6
Fix permissions for check_redis and check_redis_instances
2019-09-06 14:00:44 +02:00
Jérémy Lecour
3768f6553a
Rewrite NRPE checks
2019-09-06 13:55:12 +02:00
Jérémy Lecour
795d397eab
better compatibility with Debian Jessie
2019-09-06 13:54:41 +02:00
Jérémy Lecour
e0ec9e63cb
improve task names
2019-09-05 12:22:02 +02:00
Jérémy Lecour
244b2ef96b
Copy hooks example files
2019-09-05 12:21:51 +02:00
Jérémy Lecour
a3bbc6fe87
use real booleans in Ansible configuration
2019-09-05 09:46:54 +02:00
Jérémy Lecour
62e43f85d9
change variable name for log level
2019-09-05 09:44:25 +02:00
Jérémy Lecour
d972c6c794
rewrite systemd unit, separate configuration files
2019-09-05 09:41:58 +02:00
Jérémy Lecour
d0111f9a4f
WIP: separate Redis instances from default server
2019-09-05 06:50:07 +02:00
Jérémy Lecour
415aedb78a
Install Sentinel if needed
2019-09-05 05:58:59 +02:00
Patrick Marchand
f9b55c0c91
Got rid of forgotten attempt at mapping hosts in evobackup-client
2019-09-03 12:13:05 -04:00
Patrick Marchand
71bf970811
Fix extra space in zzz_evobackup template
...
Not the best solution, a mix of map, format, join would of been
better, but I could not find out how to make it work with multiple
attributes.
2019-09-03 11:14:48 -04:00
Patrick Marchand
0f7d9e9f24
Allow heterogeneous ports
...
This makes it a bit more annoying to define default hosts for
multiple machines, but it's not that bad and it's better than not
being able to define heterogeous ports.
2019-09-03 10:29:05 -04:00
Patrick Marchand
c773c901f2
Fix to evobackup-client variable names
...
Somehow, an extra _ managed to slide itself in a few places.
2019-09-03 09:51:46 -04:00
Patrick Marchand
7d6a552c09
Apply README fixes from peer review
...
Removes unecessary precision.
2019-09-03 09:50:13 -04:00
Jérémy Lecour
13b7ca204f
whitespaces
2019-09-02 10:39:49 +02:00
Jérémy Lecour
4acd61a072
generate-ldif: support MariaDB 10.3
2019-09-02 10:39:49 +02:00
Patrick Marchand
1c12827c9c
Added evobackup-client role
2019-08-30 14:43:52 -04:00
Patrick Marchand
d75846ed28
Make it possible to add an htpasswd file to evoadmin
2019-08-30 10:32:44 -04:00
Patrick Marchand
02415b7a2c
Missed a few instances of multi-php checks during merge
2019-08-30 10:19:51 -04:00
Jérémy Lecour
5925a12b3d
evocheck: upstream version 19.08
2019-08-30 14:23:35 +02:00
Jérémy Lecour
6db519c2b0
redis: max clients is configurable
2019-08-30 08:53:12 +02:00
Jérémy Lecour
2c2f13e17f
update CHANGELOG
2019-08-30 08:52:08 +02:00
Jérémy Lecour
921c0badb8
evocheck : explicit PATH
...
By default the PATH set by crontab is "/usr/bin:/bin" so all sbin
commands are out of scope.
2019-08-30 08:51:16 +02:00
Patrick Marchand
276177900b
Merge branch 'evoadmin-web-template-override' into unstable
...
I had to apply some of the yamllint fixes to the new multi-php tasks
as well. Notably it removes the need to explicitely check for the
truthy "True"
2019-08-27 10:23:04 -04:00
Patrick Marchand
67664ec0e2
Pass evoadmin-web role through yamllint and ansible-lint
...
Recommends using true or false values directly instead of the truthy
and falsie yes True and etc. This also means that we can get rid
of the cast to booleans in some of the checks.
The other fixes are mostly in the realm of indentation and whitespace.
2019-08-27 09:58:08 -04:00
Patrick Marchand
1ecc38f9c2
Modified evoadmin-web template overriding variable names
...
Made them more in line with the rest of the role.
2019-08-27 09:45:32 -04:00
Ludovic Poujol
4695c07ffa
listupgrade: listupgrade.sh and it's cron are not jinja templates, use copy instead of template
2019-08-27 14:53:42 +02:00
Benoît S.
269c66365d
listupgrade: Update README
2019-08-22 17:11:32 +02:00
Ludovic Poujol
ab00a46e19
nginx: fix munin fcgi not working (missing chmod 660 on logs)
2019-08-22 15:14:36 +02:00
Ludovic Poujol
8d71965ec9
nginx: fix munin fcgi not working (missing chmod 660 on logs)
2019-08-22 14:47:32 +02:00
Ludovic Poujol
e2fd56bdcd
php: By default, allow 128M for OpCache (instead of 64M)
2019-08-21 15:56:35 +02:00
Jérémy Lecour
f5f4a82114
evomaintenance: upstream version 0.5.1
2019-08-21 15:40:15 +02:00
Ludovic Poujol
b116c47b58
packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
2019-08-21 15:24:58 +02:00
Jérémy Lecour
c0ed2fa620
php: variable to install the mysqlnd module instead of the default mysql module
2019-08-16 10:11:23 +02:00
Ludovic Poujol
6d2db1341f
evomaintenance: Turn on API by default (instead of DB)
2019-08-07 15:42:23 +02:00
Ludovic Poujol
b7844dd804
squid: Remove wait time when we turn off squid
2019-08-06 10:26:47 +02:00
Ludovic Poujol
f630d93587
evolinux-base: On debian 10 and later, add noexec on /dev/shm
2019-07-23 18:18:29 +02:00
Victor LABORIE
cb8116fff0
tomcat: fix typo for default tomcat_version
2019-07-12 15:29:05 +02:00
Benoît S.
7a00ccfd3c
Merge branch 'munin-missing-cgi-part' of evolix/ansible-roles into unstable
2019-07-12 09:53:42 +02:00
Victor LABORIE
031c4c29b9
roundcube: fix typo for roundcube vhost
2019-07-08 15:35:05 +02:00
Benoît S.
755eaab60a
minifirewall: use systemctl is-enabled
...
Fixes #66
2019-07-04 17:41:59 +02:00
Benoît S.
a7ef7be973
evoadmin-web: download sid package for php-log
2019-07-04 17:16:43 +02:00
Benoît S.
4e02e8ee94
squid: typo for copy task
2019-07-04 17:16:34 +02:00
Tristan PILAT
87d49d8e58
We want Solr to run on an alternative port
2019-07-04 12:37:53 +02:00
Tristan PILAT
4d72c38e8a
We want the Solr home directory to be moved in /home/solr/
2019-07-04 12:37:09 +02:00
Tristan PILAT
eaa229791a
We don't need these tasks anymore since we now have an init script
2019-07-04 12:34:39 +02:00
Tristan PILAT
a9b56f3dfe
Let's use the install_solr_service.sh script to install Solr
2019-07-04 12:33:08 +02:00
Tristan PILAT
d3a15d69d9
We want Solr to be extracted in /root to let the install_solr_service.sh script install it is own way
2019-07-04 12:31:57 +02:00
Tristan PILAT
5708c701a7
Solr recommends to install the lsof program to detect in a better way if it's running
2019-07-04 12:28:41 +02:00
Tristan PILAT
a141847445
We don't want Solr to run as root!
2019-07-04 12:26:05 +02:00
Tristan PILAT
57e93eddd4
Add a task to make sure the rootfs directory of each container has 755 rights
2019-07-04 12:22:46 +02:00
Benoît S.
62cd28c1f5
apache: Add missing part for munin cgi
...
ScriptAlias /munin-cgi/munin-cgi-graph were missing.
2019-07-03 11:56:51 +02:00
Benoît S.
bb288ca991
squid: Custom systemd unit file for Debian >=10
...
Fixes #63
2019-07-03 10:07:00 +02:00
Benoît S.
d5751150af
evolinux-base: spectre-meltdown-checker need binutils
2019-07-03 09:56:17 +02:00
Benoît S.
771c75c1de
all-roles: Dot not use ansible_lsb as it is deprecated
...
We move from `ansible_lsb.codename` to `ansible_distribution_release`.
2019-07-03 09:41:35 +02:00
Benoît S.
0b8681cf59
packweb-apache: install phpmyadmin using .deb for Buster
...
Fixes #64
/!\ Warning: this is a temporary hack!
2019-07-03 09:37:57 +02:00
Tristan PILAT
8de8736dbc
Add lxc-solr role
2019-07-02 18:11:54 +02:00
Jérémy Lecour
f5ad70a2e4
Merge branch 'unstable' into buster
2019-07-01 17:19:35 +02:00
Jérémy Lecour
11a039bfac
elasticsearch: listen on local interface only by default
2019-07-01 17:17:32 +02:00
Jérémy Lecour
2e83fc00cc
whitespaces
2019-06-27 16:34:01 +02:00
Jérémy Lecour
5199a384c3
packweb-apache : create phpmyadmin directory if missing
2019-06-27 16:33:11 +02:00
Jérémy Lecour
2b9354b549
re-enable phpmyadmin
2019-06-27 16:19:17 +02:00
Jérémy Lecour
b773e17560
whitespaces
2019-06-27 16:16:19 +02:00
Eric Morino
1b972caa83
Add install package percona-toolkit by default
2019-06-26 18:12:39 +02:00
Jérémy Lecour
c147a4674d
mysql : mytop dependencies for buster
2019-06-26 17:46:36 +02:00
Jérémy Lecour
a4236a0708
php: look for PHP 7.3 with buster
2019-06-26 17:39:22 +02:00
Ludovic Poujol
e13543bf07
lxc-php: Don't remove the default pool - That's making PHP-FPM sad :(
2019-06-26 11:10:23 +02:00
Jérémy Lecour
bb6191d104
apt: the the public source list for Stretch until it's ready for Buster
2019-06-24 17:08:33 +02:00
Jérémy Lecour
fecdbb0406
evolinux-base: use the variable for the "ssh" group name
2019-06-24 17:08:01 +02:00
Jérémy Lecour
879c5c16cd
Merge branch 'unstable' into buster
2019-06-21 14:53:11 +02:00
Jérémy Lecour
77d0081cbe
Merge branch 'unstable' of evolix/ansible-roles into stable
2019-06-21 14:38:11 +02:00
Jérémy Lecour
16bdd6893d
Release 9.10.1
2019-06-21 14:36:20 +02:00
Jérémy Lecour
a5ee2771ca
evocheck : update (version 19.06) from upstream
2019-06-21 14:35:59 +02:00
Jérémy Lecour
4b84314b92
Merge branch 'unstable' of evolix/ansible-roles into stable
2019-06-21 10:51:00 +02:00
Jérémy Lecour
39d0167408
Release 9.10.0
2019-06-21 10:46:08 +02:00
Jérémy Lecour
bb0189e5a4
rbenv: install Ruby 2.6.3 by default
2019-06-21 10:43:20 +02:00
Jérémy Lecour
1e28210834
whitespaces and syntax
2019-06-21 10:36:32 +02:00
Jérémy Lecour
8420791224
fluentd: store gpg key locally
2019-06-21 10:29:18 +02:00
Jérémy Lecour
c2500827e1
tags and whitespaces
2019-06-21 10:18:54 +02:00
Jérémy Lecour
ce12e32375
evocheck : update from upstream
2019-06-21 09:42:02 +02:00
Jérémy Lecour
77246710b6
utilisation du lsb.codename
2019-06-20 17:38:37 +02:00
Jérémy Lecour
49d90fff09
apache: add a variable to customize the server-status host
2019-06-20 17:29:48 +02:00
Jérémy Lecour
a8ef97fcde
Revert "evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)"
...
This reverts commit 65414d8ae7
.
2019-06-20 17:29:48 +02:00
Tristan PILAT
93e2c81fb2
Add proxy_fcgi activation for multi php
2019-06-19 18:00:19 +02:00
Tristan PILAT
0401c01f36
Add restart apache2 handler
2019-06-19 17:59:42 +02:00
Jérémy Lecour
b83574592f
evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
2019-06-19 15:13:25 +02:00
Jérémy Lecour
b362f422df
evolinux-base: packages for Buster and later
2019-06-19 15:08:54 +02:00
Tristan PILAT
b6d53bfae9
Add lxc-php README file
2019-06-18 18:19:45 +02:00
Tristan PILAT
936ab9cbe6
Fix condition check mistakes in templates
2019-06-18 17:45:15 +02:00
Jérémy Lecour
bee57a0b3c
change distribution release codename
...
Ansible 2.2 is too old to know about buster.
Let's use LSB for that.
2019-06-18 17:35:28 +02:00
Tristan PILAT
6d3eaf891c
Fix condition check mistakes in templates
2019-06-17 15:55:56 +02:00
Jérémy Lecour
8cb604aa93
etc-git: gitignore /etc/letsencrypt/.certbot.lock
2019-06-17 15:02:17 +02:00
Victor LABORIE
189fa87efb
Change Dockerfile Workdir to /data
2019-06-17 14:31:01 +02:00
Ludovic Poujol
7b9cc7c2b1
apt: Add Debian Buster repositories
2019-06-17 14:24:09 +02:00
Jérémy Lecour
65414d8ae7
evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)
2019-06-17 14:22:00 +02:00
Jérémy Lecour
9b2372720b
make sure that /usr/share/scripts exists
2019-06-17 14:19:01 +02:00
Jérémy Lecour
a643c96cca
evomaintenance: make hooks configurable
2019-06-17 14:17:30 +02:00
Victor LABORIE
8314053506
Add DroneCI config for build Docker image
2019-06-17 14:06:13 +02:00
Tristan PILAT
317aac735f
Add lxc-php role - Install 3 containers with all required PHP packages
2019-06-17 12:17:46 +02:00
Tristan PILAT
b2e079101e
Add xz-utils and debootstrap to lxc task
2019-06-17 12:17:46 +02:00
Tristan PILAT
b6e6839419
Update lxc-create command in create-container.yml
2019-06-17 12:17:46 +02:00
Tristan PILAT
c1b88d1eca
Fix mistake file → copy
2019-06-17 12:17:46 +02:00
Ludovic Poujol
8413fa137c
nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
2019-06-17 10:25:46 +02:00
Ludovic Poujol
890055753e
evolinux-users: Validate sshd config with "-t" instead of "-T"
...
See #52
2019-06-17 10:23:56 +02:00
Ludovic Poujol
75a8c90258
evolinux-base: Ensure rename is present
2019-06-17 09:58:10 +02:00
Ludovic Poujol
334b8a3f0d
evolinux-base: Validate sshd config with "sshd -t"
...
See #52 - It seems the behaviour changed with the recent releases, -T
that does an extended test now fails on "Match" blocks when no context
is given through -C
2019-06-17 09:47:22 +02:00
Ludovic Poujol
20a4c082d7
php: Stop enforcing /var/www/html as chroot while we use /var/www.....
2019-06-06 13:45:53 +02:00
Tristan PILAT
3e03358370
Add vlan package
2019-06-05 17:58:11 +02:00
Victor LABORIE
e2ae37fa3d
nagios-nrpe: check_load is now based on ansible_processor_vcpus
2019-06-05 11:09:52 +02:00
Tristan PILAT
edad3a7ce7
Add configuration for multi PHP setup
2019-06-04 15:48:21 +02:00
Victor LABORIE
08ae9d73c4
redmine: fix 500 error on logging
2019-05-29 11:49:10 +02:00
Victor LABORIE
490708c76d
redmine: use custom errors-pages in Nginx vhost
2019-05-22 12:07:51 +02:00
Victor LABORIE
360150d57b
nagios-nrpe: fix redis_instances check when Redis port equal 0
2019-05-20 14:28:52 +02:00
Jérémy Lecour
ed5fc03305
apt: fix check_hel_packages script
2019-05-17 14:29:29 +02:00
Jérémy Lecour
66ab052ac7
haproxy: validate is a module attribute
2019-05-15 17:35:20 +02:00
Jérémy Lecour
e614fe4d85
haproxy: verify → validate
2019-05-15 17:34:26 +02:00
Jérémy Lecour
303dbf9653
haproxy: verify configuration before enabling
2019-05-15 17:30:40 +02:00
Victor LABORIE
6c1991196a
nagios-nrpe: change required status code for http and https check
2019-05-14 14:29:50 +02:00
Jérémy Lecour
bd8644ae60
whitespaces
2019-05-14 14:03:03 +02:00
Jérémy Lecour
7cc1777cf5
apt: add a script to manage packages with "hold" mark
2019-05-13 17:48:55 +02:00
Victor LABORIE
e40aefb4e0
redmine: enable gzip compression in nginx vhost
2019-05-13 12:06:22 +02:00
Victor LABORIE
0dd7b26ade
redmine: update default version to 4.0.3
2019-05-13 11:21:32 +02:00
Victor LABORIE
c2ed7faeb7
rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.5.5
2019-05-13 11:21:32 +02:00
Victor LABORIE
4a703978a8
rbenv: add check_mode for versions checking
2019-05-13 11:21:32 +02:00
Tristan PILAT
d8d4924b5c
Add mailevomaintenance.sh along with a cron (disabled by default) in the OpenBSD task to send a mail everyday if something's not commited in /etc
2019-05-11 21:37:00 +02:00
Tristan PILAT
38a905dd8d
No need for two tasks to copy evomaintenance script and template, let's use with_items instead
2019-05-11 21:34:10 +02:00
Gregory Colpart
c1e727d161
Add deb.nodesource.com in default Squid whitelist
2019-05-07 12:36:34 +02:00
Patrick Marchand
1fc8b2b9f9
Fixed errors in filenames
2019-05-06 23:41:36 +02:00
Patrick Marchand
d8385bff84
Make it possible to overwrite the default evoadmin-web templates
...
The templates can also be forced to update if so desired.
2019-05-06 22:00:45 +02:00
Victor LABORIE
079f1e982b
redmine: add nginx tag to nginx task
2019-05-03 16:49:22 +02:00
Tristan PILAT
d9581d3696
Merge branch 'fix-weird-git-issue' into unstable
...
Had a rebase go wrong, and the commit showed with git show but not in git log and could not be pushed.
A git checkout of the commit hash put us in detached state and allowed to create a new branch which
could then be merged into this one.
2019-05-02 15:28:26 +02:00
Tristan PILAT
6a5093f8ce
This task has to be move after /etc/apache2/sites-available/000-evolinux-default.conf is created otherwise it's complaining about 000-evolinux-default.conf being missing
2019-05-02 15:14:47 +02:00
Jérémy Lecour
9a489ccf29
apache/nginx: fix server-status replacement
2019-05-02 12:16:47 +02:00
Tristan PILAT
992f279064
Add dependencies for OpenBSD
2019-05-01 23:22:43 +02:00
Tristan PILAT
e1e013052c
No need to include minifirewall task if the OS is not Debian
2019-05-01 23:21:03 +02:00
Jérémy Lecour
7f1efbfc86
Merge branch 'evomaintenance-api' of evolix/ansible-roles into unstable
2019-04-26 11:13:37 +02:00
Jérémy Lecour
4394d795e0
update changelog
2019-04-26 11:09:36 +02:00
Jérémy Lecour
f7057a6787
evomaintenance: set default API variable to Null by default
2019-04-26 11:08:10 +02:00
Nicolas Roman
46033ec8ce
remove assert for database and add assert for api
2019-04-26 11:06:42 +02:00
Nicolas Roman
b0e9dfd109
add git as dependency for debian
2019-04-26 11:06:42 +02:00
Nicolas Roman
f7df73d586
api hook for evomaintenance.sh
2019-04-26 11:06:42 +02:00
Nicolas Roman
385a4f44fa
added variables for the API
2019-04-26 11:06:42 +02:00
Jérémy Lecour
b6499671fa
apache/nginx: add server status suffix in default site if missing
2019-04-26 11:02:02 +02:00
Jérémy Lecour
8e618ce70a
apache/nginx: add server status suffix in VHost if missing
2019-04-25 17:12:19 +02:00
Jérémy Lecour
5dc84d42f3
whitespaces
2019-04-25 13:36:25 +02:00
Jérémy Lecour
4e6cbf514d
ssl: strengthen SSL private key permissions
2019-04-25 13:36:17 +02:00
Jérémy Lecour
afea232858
evocheck : version 19.04 from upstream
2019-04-25 13:34:28 +02:00
Tristan PILAT
e851b8cbfe
Add fluentd installation role
2019-04-23 17:15:28 +02:00
Jérémy Lecour
2c11f02554
Merge branch 'unstable' of evolix/ansible-roles into stable
2019-04-16 16:45:20 +02:00
Jérémy Lecour
daae099aef
Release 9.9.0
2019-04-16 16:41:28 +02:00
Jérémy Lecour
69e45dab84
update CHANGELOG for lxc changes
2019-04-16 16:36:27 +02:00
Jérémy Lecour
1c5505b36b
typo
2019-04-16 16:30:05 +02:00
Jérémy Lecour
c61e40bdf8
clean CHANGELOG
2019-04-16 16:27:10 +02:00
Jérémy Lecour
7bb15e7b70
evocheck : add "x-frame-options: sameorigin" for Munin
2019-04-16 10:47:26 +02:00
Jérémy Lecour
6b52f89ad3
evocheck : update script from upstream
2019-04-16 10:46:44 +02:00
Jérémy Lecour
c86c53146d
Merge branch '29-add-sury-preferences' of evolix/ansible-roles into unstable
2019-04-15 17:29:49 +02:00
Benoît S.
c019c4230c
PHP: For sury add packages to preferences
...
Closes #39
2019-04-15 16:55:45 +02:00
Tristan PILAT
cd82c2609e
PHP sury is now 7.3
2019-04-10 15:27:15 +02:00
Tristan PILAT
531dc80207
We want /home mounted inside the container by default
2019-04-09 19:53:26 +02:00
Ludovic Poujol
b5cc808635
apt: Ensure jessie-backport from archives.debian.org is accepted
...
(typo in the when condition)
2019-04-08 17:51:26 +02:00
Ludovic Poujol
48226ff7b6
apt: Ensure jessie-backport from archives.debian.org is accepted
2019-04-08 16:11:10 +02:00
Ludovic Poujol
b185012469
apt: Remove jessie-update suite as it's no longer exists
2019-04-08 15:40:03 +02:00
Benoît S.
19800c071c
Merge branch 'fail2ban-sshd-use-port-2222-too' into unstable
2019-04-04 16:20:27 +02:00
Benoît S.
c91186c4f9
Merge branch 'fail2ban-increase-ban-limit' of evolix/ansible-roles into unstable
2019-04-04 16:15:56 +02:00
Eric Morino
48becaecf4
Replace mirror.evolix.org by archives.debian.org for jessie-backport
2019-04-03 15:08:06 +02:00
Eric Morino
951309e4a3
Remplace mirror.evolix.org by archives.debian.org for jessie-backport
2019-04-03 15:05:14 +02:00
Eric Morino
eb0bbe4661
Set correct permissions on folder /etc/opendkim and add package dns-root-data in dependencies
2019-03-27 14:49:19 +01:00
Eric Morino
36515c9c89
aligning roles with our conventions, major changes in opendkim-add.sh
2019-03-27 11:01:11 +01:00
Jérémy Lecour
66381ae454
evomaintenance: embed version 0.5.0
2019-03-26 15:06:20 +01:00
Benoît S.
1a7349ee3d
fail2ban: For sshd jail, protect 2222 port too
...
2222 port is heavily attacked by bots like 22.
2019-03-22 11:39:20 +01:00
Benoît S.
3ab6ecbf0e
fail2ban: Add local sshd jail with maxretry at 10
...
Default of 3 maxretry is too low!
2019-03-22 11:35:23 +01:00
Jérémy Lecour
de0a4c2ca8
update README
2019-03-21 15:38:36 +01:00
Jérémy Lecour
aa28e9c1b8
change repositories URL
2019-03-21 15:31:58 +01:00
Eric Morino
db71907155
Remove chown root: /etc/ssl/private in make-csr.sh
2019-03-19 16:13:17 +01:00
Ludovic Poujol
6e36b54adb
webapps/evoadmin-web: add dbadmin.sh to sudoers file
2019-03-18 11:50:46 +01:00
Jérémy Lecour
f3b54188d3
redis: higher limit of open files
2019-03-08 13:44:12 +01:00
Jérémy Lecour
02723ba0f3
redis: set variables on nclusion, not with set_facts
2019-03-08 13:44:12 +01:00
Jérémy Lecour
8279092037
evoacme: add a renewal hook to commit changes in /etc/.git
2019-03-07 00:19:43 +01:00
Victor LABORIE
aebd46e4d7
tomcat-instance: deploy correct version of config files
2019-03-06 15:52:56 +01:00
Jérémy Lecour
3e37800994
evolinux-base: remove apt-listchanges on Stretch and later
2019-03-05 11:10:12 +01:00
Jérémy Lecour
54f44f0443
elasticsearch: install a script to help plugins upgrades
2019-02-22 10:25:27 +01:00
Jérémy Lecour
70f5504382
etc-git: ignore evobackup/.keep-* files
2019-02-22 10:25:27 +01:00
Victor LABORIE
346e556049
tomcat-instance: deploy correct version of server.xml
2019-02-20 11:29:11 +01:00
Victor LABORIE
49dc437880
tomcat: better tomcat version management
2019-02-20 11:28:59 +01:00
Benoît S.
6eb88cf43d
squid: Add mirrors used by Jenkins
2019-02-06 17:10:15 +01:00
Victor LABORIE
c1d727bb5d
spamassasin: fix sa-update.sh and ensure service is started and enabled
2019-01-31 14:37:41 +01:00
Jérémy Lecour
271746494c
Merge branch 'unstable' into stable
2019-01-31 10:23:03 +01:00
Jérémy Lecour
c296dd94c2
Release 9.8.0
2019-01-31 10:22:50 +01:00
Jérémy Lecour
eb0879f3c2
New "percona" role to install Percona repositories and tools
2019-01-31 10:22:13 +01:00
Jérémy Lecour
c8e7675a49
metricbeat: disable cloud_metadata processor by default
2019-01-31 10:15:02 +01:00
Jérémy Lecour
ff275efd95
filebeat: disable cloud_metadata processor by default
2019-01-31 10:14:13 +01:00
Victor LABORIE
0794e6f620
redmine: refactoring of redmine role with use of rbenv
2019-01-28 14:29:01 +01:00
Victor LABORIE
fabac07210
redis: add variable for configure unixsocketperm
2019-01-28 14:26:13 +01:00
Victor LABORIE
2c874afb3c
proftpd: add FTPS and SFTP support
2019-01-24 11:47:03 +01:00
Ludovic Poujol
af896fe1fc
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
...
- Ensure the client won't respond to anybody but accept the timeserver
answers
- Should work on both Jessie and Stretch
2019-01-18 15:32:45 +01:00
Jérémy Lecour
b883d63cc5
Merge branch 'unstable' into stable
2019-01-17 18:13:16 +01:00
Jérémy Lecour
87860d5b7f
Release 9.7.0
2019-01-17 18:11:46 +01:00
Jérémy Lecour
fc0b1d6968
update changelog
2019-01-17 17:42:18 +01:00
Patrick Marchand
59c479582e
Adds ips tag to fail2ban/tasks/ip_whitelist.yml
...
You can already skip nginx and apache ip_whitelist tasks with this
tags, it makes sense for fail2ban to follow suite.
2019-01-10 17:03:14 -05:00
Ludovic Poujol
40b2654141
php: added php-zip in the installed package list for debian 9 (and later)
2019-01-10 19:12:53 +01:00
Ludovic Poujol
c4c091b362
squid: added packagist.org in the whitelist
2019-01-10 18:12:03 +01:00
Victor LABORIE
f6ca2279bf
java: update Oracle java package to 8u192
2019-01-10 16:16:35 +01:00
Jérémy Lecour
df308b0396
fail2ban: fix "ignoreip" update
2019-01-09 16:44:16 +01:00
Jérémy Lecour
42ec5d62c8
whitespaces
2019-01-09 16:43:35 +01:00
Ludovic Poujol
67d7458ba6
nodejs: Update yarn repo GPG key (current key expired)
...
Ref: https://github.com/yarnpkg/yarn/issues/6865
2019-01-09 10:49:20 +01:00
Jérémy Lecour
7c2feea561
metricbeat: add a variable for the protocol to use with Elasticsearch
2019-01-08 11:05:27 +01:00
Victor LABORIE
719e9b35b2
evocheck: update evocheck.sh for source install
2019-01-08 10:25:10 +01:00
Jérémy Lecour
921c92fd5b
redis: add a variable for renamed/disabled commands
2019-01-08 10:04:27 +01:00
Jérémy Lecour
ebd65b2395
metricbeat: fix username/password replacement
2019-01-08 10:02:04 +01:00
Jérémy Lecour
1118486993
rbenv: add pkg-config to the list of packages to install
...
Some Ruby gems (Nokogiri…) need this to detect system libraries.
2019-01-03 10:16:46 +01:00
Jérémy Lecour
41c1ed5a70
apache: add Munin configuration for Apache server-status URL
2019-01-01 21:08:51 +01:00
Jérémy Lecour
6fadd4edb1
munin: better marker for blockinfile
2019-01-01 20:06:05 +01:00
Jérémy Lecour
1d2a648241
whitespaces
2019-01-01 20:04:56 +01:00
Jérémy Lecour
a94c94018c
normalize some arguments positions
2019-01-01 20:02:50 +01:00
Jérémy Lecour
42d1cb7906
redis: indentation typo
2018-12-21 11:13:40 +01:00
Jérémy Lecour
92a25a9502
redis: add variables to prevent or force restart
2018-12-21 11:11:15 +01:00
Jérémy Lecour
3b63172532
redis: distinction between main and master password
2018-12-21 11:08:18 +01:00
Benoît S.
776839fe61
Typo: rcpbind and not rcpbin
2018-12-19 15:58:47 +01:00
Ludovic Poujol
effdb4c7eb
redis: Configure munin when working in instance mode
2018-12-17 14:47:07 +01:00
Ludovic Poujol
fa49f249e7
redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
2018-12-17 14:43:42 +01:00
Ludovic Poujol
f46f5ccbde
nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
2018-12-12 14:58:12 +01:00
Jérémy Lecour
d0b3b6d6b8
evomaintenance: database variables must be set or the task fails
2018-12-11 12:08:04 +01:00
Victor LABORIE
2a6cb3b381
evoadmin-mail: complete refactoring, use Debian Package
2018-12-07 15:26:08 +01:00
Ludovic Poujol
f2f595af13
redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
2018-12-05 16:37:52 +01:00
Ludovic Poujol
c9ba37614c
nginx: Munin url config is now a template to insert the server-status prefix
2018-12-05 16:25:48 +01:00
Jérémy Lecour
a84bc70b79
Merge branch 'unstable' into stable
2018-12-04 14:51:33 +01:00
Jérémy Lecour
69d9b949e2
Release 9.6.0
2018-12-04 14:51:17 +01:00
Jérémy Lecour
2bcc1133c0
minifirewall: all variables are configurable
...
By default, a Null value keeps the variable current value as-is.
Set an Array (can be empty) to replace the value.
2018-12-04 14:49:50 +01:00
Jérémy Lecour
50e16e0dee
minifirewall: compare config before/after (for restart condition)
2018-12-04 14:46:32 +01:00
Jérémy Lecour
59dd03c91e
squid: better replacement in minifirewall config
2018-12-04 14:46:32 +01:00
Jérémy Lecour
33e29657a7
update changelog
2018-12-04 14:46:32 +01:00
Jérémy Lecour
c96e8130ff
squid: minifirewall main file is configurable
2018-12-04 14:45:48 +01:00
Jérémy Lecour
c3e4a78442
minifirewall: main file is configurable
2018-12-04 14:45:48 +01:00
Victor LABORIE
74f25e8183
evolinux-base: deploy custom motd if template are present
2018-11-30 15:14:39 +01:00
Victor LABORIE
6469733d2f
evoacme: fix error handling in sed_cert_path_for_(apache|nginx)
2018-11-22 15:06:23 +01:00
Jérémy Lecour
5cbad9911f
Merge branch 'unstable' into stable
2018-11-14 17:15:38 +01:00
Jérémy Lecour
d5e34a58d2
Release 9.5.0
2018-11-14 17:15:25 +01:00
Jérémy Lecour
b3f9932c4d
evolinux-users: add newaliases handler
2018-11-14 17:04:51 +01:00
Jérémy Lecour
2f8cad3c7c
packweb-apache: mod-security config is already included elsewhere
2018-11-14 17:04:03 +01:00
Jérémy Lecour
5056f93283
mysql: logdir can be customized
2018-11-14 16:13:06 +01:00
Jérémy Lecour
bd1b1a7775
update CHANGELOG
2018-11-14 16:13:06 +01:00
Jérémy Lecour
6b769f5d77
mysql: restart MySQL if systemd unit has changed
2018-11-14 16:13:06 +01:00
Victor LABORIE
f5f1e885f7
ssl: add handler for haproxy reload
2018-11-14 15:39:45 +01:00
Jérémy Lecour
3425711ecf
redis: update CHANGELOG
2018-11-14 15:35:11 +01:00
Jérémy Lecour
e89da9146b
redis: fix shell for redis users
2018-11-14 15:34:03 +01:00
Jérémy Lecour
c60f30b106
redis: fix permissions for multiples instances
2018-11-14 15:33:43 +01:00
Victor LABORIE
a4fde27546
ssl: add missing state parameter
2018-11-14 15:20:53 +01:00
Patrick Marchand
3eadd7d544
Rajout d'un cron a packweb pour ftpd
...
The cronjob that maintains file size caches for ftpadmin
is not present in the packweb, which leads to things like
spinon-www0 listing all directories as being 0 octets big.
2018-11-13 16:58:29 -05:00
Patrick Marchand
9198c1e2c0
ansible-lint does not like trailing whitespace
2018-11-13 16:56:31 -05:00
Patrick Marchand
a1973ebbb3
We misunsderstood how modsecurity used the init rules
...
They do not modify files and are necessary for the core rules to function.
2018-11-13 09:59:34 -05:00
Patrick Marchand
9f2727f55f
Removes modsecurity audit log and rules 910* and 901*
2018-11-13 09:59:34 -05:00
Victor LABORIE
cfb87a7b65
haproxy: add vars for tls configuration
...
Permit simply include of TLS configuration, eg. in [global] :
{{ haproxy_ssl_intermediate | indent(width=4) }}
2018-11-13 11:07:06 +01:00
Jérémy Lecour
df48a60684
evocheck: update script from upstream
2018-11-08 09:46:57 +01:00
Victor LABORIE
9ee245942d
ssl: haproxy package check must no fail
2018-11-06 16:21:16 +01:00
Victor LABORIE
c6a504c6c5
Add an SSL role for certificates deployment
2018-11-06 16:15:48 +01:00
Jérémy Lecour
4a411685ff
evomaintenance: FROM domain is configurable
2018-11-06 10:39:30 +01:00
Jérémy Lecour
06a0f0d9b7
apache/nginx/fail2ban: mention ip_whitelist.yml in README.md
2018-11-02 18:18:22 +01:00
Jérémy Lecour
2f9348e3d1
update CHANGELOG
2018-11-02 18:16:29 +01:00
Jérémy Lecour
24ddc78a23
apache/nginx: IP adresses can also be removed
2018-11-02 18:15:17 +01:00
Patrick Marchand
b776fc3da2
Make ip whitelist tasks more flexible
...
Now the list of whitelisted ip addresses can be updated simply by
including the specific tasks in an external playbook without polluting
our role list.
This change takes effect for nginx, apache and fail2ban.
2018-11-02 18:08:23 +01:00
Jérémy Lecour
3d76454984
update CHANGELOG for postfix
2018-11-02 10:14:49 +01:00
Jérémy Lecour
c03be65ed9
evomaintenance: update script from upstream
2018-11-02 10:13:40 +01:00
Gregory Colpart
1871352fe8
enable SSL/TLS client, cf https://wiki.evolix.org/HowtoPostfix#ssltls
2018-10-31 02:20:54 +01:00
Victor LABORIE
83e9f12669
evolinux-base: install man package
2018-10-23 11:38:52 +02:00
Victor LABORIE
6e6820805d
nginx: add tag for ips management
2018-10-19 10:31:45 +02:00
Jérémy Lecour
48c2496deb
Merge branch 'unstable' into stable
2018-10-12 10:16:50 +02:00
Jérémy Lecour
79aceac380
Release 9.4.2
2018-10-12 10:16:40 +02:00
Jérémy Lecour
85c779164a
evomaintenance: fix role compatibility with OpenBSD
2018-10-12 10:13:27 +02:00
Victor LABORIE
357914b44e
amavis: fix output result checking
2018-10-11 17:18:03 +02:00
Jérémy Lecour
1d06721b96
update CHANGELOG
2018-10-08 09:43:09 +02:00
Jérémy Lecour
20e8d9f432
evomaintenance: install dependencies when installing vendored version
2018-10-08 09:37:18 +02:00
Benoît S.
88b66dca24
Evoacme: Better usage of apache2ctl -t
...
By default apache2ctl is using stderr, even for displaying "Syntax OK".
So, we redirect it in stdout and remove "Syntax OK". Then we check the exit code.
2018-10-03 15:16:28 +02:00
Victor LABORIE
f2469dbdd9
* spamassassin: add missing right for amavis
2018-10-03 14:41:41 +02:00
Victor LABORIE
8dd2fcac55
Update CHANGELOG for haproxy/nagios-nrpe
2018-09-28 15:33:56 +02:00
Victor LABORIE
8cd689f9b4
haproxy: move check_haproxy_stats to nagios-nrpe role
2018-09-28 15:21:42 +02:00
Victor LABORIE
c4f29c5b37
haproxy: add an option for ignore NOLB check status
2018-09-28 15:15:32 +02:00
Jérémy Lecour
588efc941e
Merge branch 'unstable' into stable
2018-09-28 10:46:07 +02:00
Jérémy Lecour
d442473370
Release 9.4.1
2018-09-28 10:45:50 +02:00
Jérémy Lecour
847a9d4c00
mysql-oracle: remove mysql-apt-config 0.8.10
...
This package is MySQL 8 only, so we stay with 0.8.9.
2018-09-28 10:45:50 +02:00
Jérémy Lecour
40ac98cb79
mysql-oracle: better handle packages and users
2018-09-27 15:05:02 +02:00
Jérémy Lecour
f5c07860bc
mysql-oracle: upgrade to mysql-apt-config 0.8.10
2018-09-27 12:11:50 +02:00
Jérémy Lecour
829da4bb40
update CHANGELOG for evomaintenance
2018-09-25 12:15:51 +02:00
Jérémy Lecour
9f3a70926d
evomaintenance: tasks/variables to handle minifirewall restarts
2018-09-25 12:14:33 +02:00
Jérémy Lecour
647eda6d9b
evomaintenance: variable to force the configuration (default: True)
2018-09-25 12:07:41 +02:00
Jérémy Lecour
0b6956db46
evomaintenance vendor version 0.4.1
2018-09-25 12:06:04 +02:00
Jérémy Lecour
c2d8cadf26
evomaintenance vendor version 0.4.0
2018-09-25 09:53:15 +02:00
Jérémy Lecour
9f9ddf5c2e
evomaintenance: some variables are mandatory
2018-09-24 18:46:34 +02:00
Jérémy Lecour
7d786d7b5f
evomaintenance: update vendored script
2018-09-24 18:41:06 +02:00
Jérémy Lecour
2b5e83fa34
evomaintenance: a vendored version is available to install
2018-09-20 17:08:36 +02:00
Victor LABORIE
c7cc63444d
redis: set masterauth when redis_password is defined
2018-09-20 16:42:35 +02:00
Jérémy Lecour
f2cfb85926
Merge branch 'unstable' into stable
2018-09-20 12:31:11 +02:00
Jérémy Lecour
9ddb297961
Release 9.4.0
2018-09-20 12:30:52 +02:00
Jérémy Lecour
517d7c0d9a
Update CHANGELOG with generate-ldif changes
2018-09-20 12:28:48 +02:00
Jérémy Lecour
21e24df8c8
Update CHANGELOG with logstash recent changes.
2018-09-20 12:24:19 +02:00
Jérémy Lecour
e0a4ae6b66
redis: improve a few tasks names
2018-09-20 12:23:51 +02:00
Jérémy Lecour
56af209fb2
elasticsearch: fix condition for tmpdir
...
when a task has "failed_when: False" the "success" filter doesn't always
return the correct value (depending on the version of Ansible).
2018-09-20 12:13:21 +02:00
Jérémy Lecour
fc12a5dfbb
logstash: limit to 512M by default
2018-09-20 12:13:21 +02:00
Jérémy Lecour
0f1400dd9f
logstash: install 6.x by default
2018-09-20 12:13:21 +02:00
Jérémy Lecour
6c74d3a5e3
logstash: tmp directory can be customized
2018-09-20 12:13:21 +02:00
Victor LABORIE
5f4601f611
nagios-nrpe: add check_redis_instances
2018-09-20 10:21:49 +02:00
Victor LABORIE
8546f0f34f
redis: add support for multi instances
2018-09-19 17:24:26 +02:00
Victor LABORIE
09e48516c6
redis: add missing tags
2018-09-19 16:25:47 +02:00
Jérémy Lecour
d6e71353dd
Add a role to switch from networkd to ifconfig
2018-09-14 14:53:38 +02:00
Jérémy Lecour
98a0893f43
mysql: update README
2018-09-14 11:45:57 +02:00
Jérémy Lecour
b2596aad2a
mysql: add a variable to prevent mysql from restarting
2018-09-13 18:32:23 +02:00
Benoît S.
8ec4ac02b3
Add postgresql service to generateldif script
2018-09-13 17:30:30 +02:00
Jérémy Lecour
81e9b3d33c
don't reload history on each prompt
2018-09-13 16:54:07 +02:00
Tristan PILAT
6363e84d37
Add Nginx support to roundcube role
2018-09-12 15:32:18 +02:00
Tristan PILAT
00170127d9
Add Nginx support to evoadmin-mail role
2018-09-12 15:31:52 +02:00
Jérémy Lecour
2a4a993f09
update CHANGELOG
2018-09-11 14:20:13 +02:00
Jérémy Lecour
2a89b8ff22
evolinux-base: better shell history
...
* remove duplicates from history
* reload/save history at prompt time
2018-09-11 14:13:29 +02:00
Victor LABORIE
47bf0ed2d2
dovecot: stronger TLS configuration
2018-09-11 11:13:02 +02:00
Jérémy Lecour
d900a70faf
etc-git: status cron job is run by root
2018-09-10 10:04:21 +02:00
Jérémy Lecour
c76cbd1887
evolinux-users: add user to /etc/aliases
2018-09-09 23:42:38 +02:00
Jérémy Lecour
8c9c5782e1
webapps/evoadmin-web: add users to /etc/aliases
2018-09-09 23:42:15 +02:00
Jérémy Lecour
f4887c3289
typo
2018-09-09 23:25:53 +02:00
Jérémy Lecour
ac1a3e5f09
nginx: cleaner way to overwrite the server status suffix
2018-09-09 23:02:02 +02:00
Jérémy Lecour
bfb591dc74
apache: cleaner way to overwrite the server status suffix
2018-09-09 23:01:43 +02:00
Jérémy Lecour
efcd2ed391
packweb-apache: don't regenerate phpMyAdmin suffix each time
2018-09-09 23:00:41 +02:00
Jérémy Lecour
46a9b4f43e
etc-git: remove cron file if needed
2018-09-08 01:05:58 +02:00
Jérémy Lecour
d5984fae76
etc-git: use a dedicated cron file for etc-git-status
2018-09-08 00:53:09 +02:00
Jérémy Lecour
825352ca0a
etc-git: fix quotes
2018-09-08 00:36:43 +02:00
Jérémy Lecour
92f14a496f
etc-git: conditional for cron job
2018-09-08 00:27:03 +02:00
Jérémy Lecour
37c4898eed
etc-git: cron jobs to monitor uncommited changes
2018-09-07 21:53:13 +02:00
Jérémy Lecour
d997431518
Merge branch 'unstable' into stable
2018-09-06 15:16:12 +02:00
Jérémy Lecour
37ea8d292e
Release 9.3.2
2018-09-06 15:14:34 +02:00
Jérémy Lecour
59614fc476
evomaintenance: update meta-data to support Debian Stretch
2018-09-05 18:52:29 +02:00
Victor LABORIE
bf3e5b4cb6
dovecot: enable SSL/TLS by default with snakeoil certificate
2018-09-04 14:50:22 +02:00
Jérémy Lecour
9869a1f269
typo
2018-08-31 19:28:06 +02:00
Jérémy Lecour
c25c3c6a31
minifirewall: improve variables values and documentation
2018-08-30 17:06:21 +02:00
Jérémy Lecour
9787328a0b
minifirewall: add a variable to force a restart of the firewall
2018-08-30 17:05:30 +02:00
Jérémy Lecour
96cd04ae40
minifirewall: add a variable to disable the restart handler
2018-08-30 17:04:14 +02:00
Jérémy Lecour
d1efb10484
Merge branch 'unstable' into stable
2018-08-30 14:06:19 +02:00
Jérémy Lecour
944006e63c
Release 9.3.1
2018-08-30 14:06:06 +02:00
Jérémy Lecour
cfd5e3d7f2
metricbeat: new variables to configure elasticsearch hosts and auth
2018-08-30 13:47:48 +02:00
Jérémy Lecour
3e9f18ad54
Merge branch 'unstable' into stable
2018-08-24 18:38:28 +02:00
Jérémy Lecour
cb9e48b41d
update the CHANGELOG with a forgotten line for mysql
2018-08-24 18:38:12 +02:00
Jérémy Lecour
e2d51e0e25
Merge branch 'unstable' into stable
2018-08-24 18:29:03 +02:00
Jérémy Lecour
191a49784d
Release 9.3.0
2018-08-24 18:27:03 +02:00
Jérémy Lecour
3f67398371
evolinux-todo: don't echo "nothing…" when verbosity=0
2018-08-24 18:27:03 +02:00
Jérémy Lecour
673d5a68c5
squid: change a task name
2018-08-24 18:11:19 +02:00
Jérémy Lecour
d138c00db8
etc-git: some entries of .gitignore are mandatory
2018-08-24 14:44:51 +02:00
Jérémy Lecour
fe064c16d1
update CHANGELOG for evolinux-todo
2018-08-24 14:43:14 +02:00
Jérémy Lecour
c1afb68d19
Add an "evolinux-todo" role
...
It makes sure there is a /etc/evolinux/todo.txt where we can append
tasks to be done manually.
It has a task to output the content of the file, for exemple at the end
of a playbook run.
2018-08-24 14:31:11 +02:00
Jérémy Lecour
3e3c6437e8
etc-git: install a script to optimize the repository each month
2018-08-24 00:28:15 +02:00
Jérémy Lecour
6077986204
fail2ban: fix typo in variable name
2018-08-23 16:48:50 +02:00
Jérémy Lecour
bb956fb5e7
apache: logrotate replacement is more subtle/precise
...
It replaces only the proper directive and not every occurence of the
word.
2018-08-23 13:02:25 +02:00
Jérémy Lecour
d09fd169b3
mysql: default values should stay in the proper file
...
Default values are set in z-evolinux-defaults.cnf and should be added in
zzz-evolinux-custom.cnf only if the value differs from the default.
2018-08-23 12:17:13 +02:00
Jérémy Lecour
12c49ed93b
fail2ban: add a variable to update the list of ignored IP addresses
2018-08-23 11:43:34 +02:00
Tristan PILAT
01ae7b0e31
Add some new customisable configuration parameters
2018-08-23 09:31:04 +02:00
Jérémy Lecour
e939198159
fail2ban: add a variable to disable the ssh filter (default: False)
2018-08-23 09:16:33 +02:00
Jérémy Lecour
0869fb539a
fail2ban: fix typo in jinja filters
2018-08-21 23:21:30 +02:00
Jérémy Lecour
012dabf657
fail2ban: fix fail2ban_ignore_ips definition
...
If the final variable is combined in the defaults file, it's component
can be overridden, but the final variable can't be overriden.
2018-08-21 23:14:31 +02:00
Jérémy Lecour
77aeb60544
bind: chroot-bind.sh must not be executed in check mode
2018-08-21 18:46:16 +02:00
Jérémy Lecour
b6fa349394
evolinux-base: compact multiple systctl tasks into one
2018-08-21 13:34:03 +02:00
Gregory Colpart
5721282a9f
Hot fix: remove .conf suffix because Amavis don't read it!
2018-08-20 22:25:06 +02:00
Jérémy Lecour
47d5146642
evocheck: the crontab is overwritten
2018-08-18 09:59:26 +02:00
Jérémy Lecour
26c46bfb96
evocheck: the crontab is updated by the role
2018-08-18 09:41:59 +02:00
Gregory Colpart
51f41ff14a
Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack)
2018-08-17 21:28:14 +02:00
Jérémy Lecour
dbb72ef2a0
evocheck: fix quotes on grep regular expressions
2018-08-17 15:52:42 +02:00
Jérémy Lecour
4d7e9b1c3f
evocheck: detect installed packages even if "held" by APT (manual fix)
2018-08-17 14:59:22 +02:00
Jérémy Lecour
40160e0c6e
generate-ldif: detect installed packages even if "held" by APT
2018-08-17 11:56:41 +02:00
Jérémy Lecour
4461281945
evolinux-base: add internal FQDN/hostname in /etc/hosts if needed
2018-08-17 10:07:36 +02:00
Jérémy Lecour
46fed05fa2
evocheck: update upstream script
2018-08-17 10:04:07 +02:00
Jérémy Lecour
bc8858fc0a
evolinux-base: improve hostname configuration
...
We can have a "real" hostname and domain, but also an "internal" hostnae
and domain, used mostly for internal tools.
2018-08-16 16:17:34 +02:00
Tristan PILAT
d07af3ca55
Fix forgotten spaces in configuration directives
2018-08-14 11:09:48 +02:00
Tristan PILAT
1d021e0954
Fix mistaken task
2018-08-14 10:21:12 +02:00
Tristan PILAT
d321814254
Add cluster members configuration
2018-08-13 17:49:24 +02:00
Jérémy Lecour
ccd8c00e3a
CHANGELOG : add missing entries
2018-08-09 18:24:48 +02:00
Jérémy Lecour
3f74cbaf47
uvrrpd role is not ready for stable yet
2018-08-09 18:21:07 +02:00
Jérémy Lecour
2752650ea3
The openvpn role is not ready for stable yet
2018-08-09 18:04:02 +02:00
Jérémy Lecour
f2bd125cfc
memcached: improve systemd units management
2018-08-09 17:46:31 +02:00
Jérémy Lecour
adb0033722
memcached: add a TODO comment for multi-instances NRPE checks
2018-08-09 17:25:50 +02:00
Jérémy Lecour
17b8b4c3d5
nginx: add a backward compatible variable for backports
2018-08-09 17:13:04 +02:00
Jérémy Lecour
fbc9bf3288
haproxy: add a backward compatible variable for backports
2018-08-09 17:11:47 +02:00
Jérémy Lecour
b9b0183ec5
remount-usr: mount doesn't report a change
...
It is arguable that this is a real change or not,
but in practice we have playbooks that report changes only for this and
it's very fun to scroll back each time to see if it's remount-usr or
a "real" change.
2018-08-06 15:01:52 +02:00
Daniel Jakots
e817dffc0f
Ignore /sys/kernel/debug/tracing in check_disk1
2018-08-01 11:08:11 +02:00
Tristan PILAT
b095f87f85
Nginx role now handle Nginx installation from backports for either Debian Jessie or Stretch
2018-07-31 16:06:05 +02:00
Victor LABORIE
57cf0a29ab
kvm-host: install kvm-tools package instead of copying add-vm.sh
2018-07-27 11:27:50 +02:00
Eric Morino
14e270b688
Ajout verification minifirewall + /usr en ro + port management pour check_openvpn + certificat dhparam
2018-07-26 11:48:14 +02:00
Tristan PILAT
8ad8c2c798
Add the first version of OpenVPN role
2018-07-24 17:16:30 +02:00
Tristan PILAT
db683ea9c3
Fix role - shift haproxy_apt_preferences file to the templates directory
2018-07-24 15:43:45 +02:00
Tristan PILAT
e83ca81776
Haproxy role now handle haproxy installation from backports for Debian Stretch
2018-07-24 12:29:42 +02:00
Tristan PILAT
99747e72b5
500px is too narrow, let's switch to 768px
2018-07-24 12:17:07 +02:00
Benoît S.
758a537a8d
For SANs certificates, also add a CN for the first domain
2018-07-12 11:12:29 +02:00
Jérémy Lecour
5e9d4906ad
add quotes for shell command
2018-07-12 11:04:14 +02:00
Benoît S.
de63c0747f
Support for SAN in self-signed certificates
2018-07-10 17:46:41 +02:00
Benoît S.
17159676d9
Add exit 0 after the command -v commands.
...
Otherwise it would exit 1 on nginx if you have not nginx installed.
2018-07-10 17:09:20 +02:00
Jérémy Lecour
c57b069bf5
Reorder lines in CHANGELOG
2018-07-10 16:28:56 +02:00
Jérémy Lecour
d387ed660a
munin: properly rename Munin cache directory
2018-07-10 16:27:10 +02:00
Jérémy Lecour
ec12948398
mysql: add quotes in a few tasks
2018-07-10 16:27:10 +02:00
Jérémy Lecour
1439fdab8f
metricbeat: add a role (copied from filebeat)
2018-07-10 16:27:10 +02:00
Benoît S.
961d9da5e5
Backport fix from Daniel Jakots
...
Original commit:
The code was taken from check_http_many which apparently deals only with return
codes 0, 1 and 2. Here, we uses check_nrpe which iff it can't connect, it
returns 255
(40717e320c
).
So I decided that if the return code is greater or equal to 2, then we consider
it's critical. I can't see any return code greater than 2 which may not be
critical.
2018-07-10 11:32:18 +02:00
Tristan PILAT
55d05cd4f0
Don't install uvrrpd if already present
2018-07-04 11:36:39 +02:00
Tristan PILAT
17e31604af
We need some packages installed beforehand
2018-07-04 11:15:02 +02:00
Victor LABORIE
f3ab0b361b
tomcat: better nrpe check output
2018-07-03 12:24:11 +02:00
Tristan PILAT
db84e63940
Add role to install uvrrpd - https://forge.evolix.org/projects/uvrrpd
2018-06-28 14:18:31 +02:00
Jérémy Lecour
4eea7362e3
php: fix php-fpm service name for Stretch
2018-06-26 16:04:14 +02:00
Victor LABORIE
b18b3d3404
roundcube: add missing slash to https redirection
2018-06-25 16:58:03 +02:00
Bruno TATU
2e2745290e
squid: whitelist egain somes domains
2018-06-25 14:07:40 +02:00
Victor LABORIE
f56f8f7615
evolinux-base: add mail related aliases
2018-06-25 11:20:37 +02:00
Victor LABORIE
f32eee4b68
Update CHANGELOG
2018-06-25 11:12:33 +02:00
Victor LABORIE
d2c37fe67b
redmine: use .my.cnf for mysql password
2018-06-22 10:49:24 +02:00
Jérémy Lecour
77b5f84567
evoacme: disable old certbot cron also in cron.daily
2018-06-21 17:22:40 +02:00
Victor LABORIE
9f34db8f9a
evoacme: fix module detection in apache config
2018-06-20 11:07:23 +02:00
Jérémy Lecour
045492be85
Update changelog
2018-06-19 16:51:27 +02:00
Tristan PILAT
af6fcb8a57
Fix typing mistake
2018-06-18 10:34:20 +02:00
Tristan PILAT
469d9e6984
Fix bug when installing php-fpm. Absolute path is required.
...
ERROR: Unable to create or open slowlog(/usr/log/www.log.slow): No such file or directory (2)
2018-06-18 10:21:22 +02:00
Jérémy Lecour
fb4a254b9c
mysql-oracle: fix configuration directory variable
2018-06-15 14:41:24 +02:00
Jérémy Lecour
1593773937
php: enforce permissions on /etc directories
2018-06-15 11:17:41 +02:00
Jérémy Lecour
82295b6f8c
php: fix php-fpm service name for Stretch
2018-06-15 11:17:41 +02:00
Tristan PILAT
c1a14871d7
Add documentation
2018-06-14 17:27:41 +02:00
Tristan PILAT
001c8581c4
Add systemd template
2018-06-14 17:27:41 +02:00
Tristan PILAT
879b67d32e
Add memcached_instance_name default variable
2018-06-14 17:27:41 +02:00
Tristan PILAT
a465744013
set port number by default to allow multiple checks
2018-06-14 17:27:41 +02:00
Tristan PILAT
aace200270
Use multi memcached script when needed
2018-06-14 17:27:41 +02:00
Tristan PILAT
ba4db7acf8
Let's handle multi memcached instances
2018-06-14 17:27:41 +02:00
Victor LABORIE
9f1487ac58
evoadmin-mail: add php-twig to dependencies
2018-06-14 15:13:11 +02:00
Tristan PILAT
5f09eac22e
Include remount-usr in haproxy nagios task
2018-06-14 14:28:19 +02:00
Victor LABORIE
6d9fbe8689
nagios-nrpe: add check_postgrey
2018-06-14 13:50:06 +02:00
Jérémy Lecour
767ce95b5c
php: variable service name for jessie and stretch
2018-06-13 09:37:55 +02:00
Jérémy Lecour
17d0c9c6bf
php: clarify configuration
...
* Variables for config file names are normalized* With Sury, Evolix configs are linked to regular 7.0 paths
2018-06-11 17:35:20 +02:00
Jérémy Lecour
b50ea62572
whitespaces
2018-06-11 17:35:20 +02:00
Victor LABORIE
fbd97a5f08
java: support for Oracle JRE
2018-06-11 10:39:52 +02:00
Jérémy Lecour
03431fc116
mysql: add an option to install the dev client libraries
2018-06-09 13:15:08 +02:00
Jérémy Lecour
d917d867bb
changelog: minor rewording
2018-06-07 10:39:29 +02:00
Jérémy Lecour
d67abef13d
minifirewall: the tail file can be overwritten, or not
2018-06-04 16:31:36 +02:00
Victor LABORIE
17c8093711
nagios-nrpe: use bkctld check subcommand for NRPE check
2018-05-30 17:13:39 +02:00
Bruno TATU
108cd0f597
squid: whiteliste some news sites
2018-05-29 10:56:24 +02:00
Jérémy Lecour
d3eb8b870c
php: fix permissions on custom php.ini file
...
fixes #2433
2018-05-23 21:55:34 +02:00
Jérémy Lecour
7738de6f41
rbenv: switch from copy to lineinfile for default gems
2018-05-23 16:20:46 +02:00
Jérémy Lecour
26791286d0
whitespaces, quotes and tags
2018-05-23 16:19:53 +02:00
Jérémy Lecour
3e5ea015c4
rbenv: install Ruby 2.5.1 by default
2018-05-23 16:18:23 +02:00
Jérémy Lecour
b4122be2b3
kibana: log messages go to /var/log/kibana/kibana.log
2018-05-22 15:17:16 +02:00
Jérémy Lecour
0054e4fdea
elasticsearch: add http.publish_host variable
2018-05-22 15:16:27 +02:00
Bruno TATU
b60a9d0ffa
squid: whitelist egain somes domains
2018-05-18 16:01:51 +02:00
Jérémy Lecour
50a1003f15
don't use jinja2 templating delimiters with "when" statements
2018-05-18 09:44:25 +02:00
Jérémy Lecour
ec535b036c
apt module: Use "state: present" instead of "state: installed"
...
"state: installed" is deprecated in Ansible 2.5
2018-05-18 09:33:25 +02:00
Jérémy Lecour
f8babfd532
elasticsearch: tmpdir configuration compatible with 5.x also
2018-05-16 12:15:04 +02:00
Jérémy Lecour
b0ef42db11
Merge branch 'unstable' into stable
2018-05-16 11:11:00 +02:00
Jérémy Lecour
4f4b7cd8dc
Release 9.2.0
2018-05-16 11:10:31 +02:00
Jérémy Lecour
4d148579c4
Changelog for elasticsearch changes
2018-05-16 11:08:18 +02:00
Jérémy Lecour
3dd1df8236
Changelog for varnish changes
2018-05-16 11:07:12 +02:00
Jérémy Lecour
2451e4d3fa
Changelog for NTP changes
2018-05-16 11:06:06 +02:00
Jérémy Lecour
5091157b18
Elasticsearch: defaults to version 6.x
2018-05-16 11:03:24 +02:00
Bruno TATU
a47a787a81
squid: add some domains and fix broken restrictions
2018-05-11 15:37:05 +02:00
Jérémy Lecour
93642b4afa
filebeat: cleanup unused code
2018-05-09 20:57:32 +02:00
Jérémy Lecour
10af35bf41
filebeat: install version 6.x by default
2018-05-09 20:56:48 +02:00
Bruno TATU
b14d15302d
Revert "Whiteliste de domaines par defaut pour squid"
...
This reverts commit e9afd49373
.
2018-05-09 15:52:26 +02:00
Bruno TATU
e9afd49373
Whiteliste de domaines par defaut pour squid
2018-05-09 15:44:16 +02:00
Ludovic Poujol
7fda501eae
varnish: Add -F to the sustemd unit to not fork at start
2018-05-04 11:38:11 +02:00
Ludovic Poujol
52c728b524
ntpd: Follow the example config given on https://wiki.evolix.org/HowtoNTP
2018-05-02 19:25:51 +02:00
Jérémy Lecour
08d5ca5696
evolinux-users: fix secondary groups
...
With ANsible 2.2 the list of groups must be comma-separated
2018-05-02 17:16:36 +02:00
Jérémy Lecour
c87e3ee576
evolinux-users: add user to internal group if defined and Debian >= 9
2018-05-02 17:12:27 +02:00
Jérémy Lecour
74ca43fe05
evolinux-users: add documentation for variables
2018-05-02 17:12:27 +02:00
Gregory Colpart
20f6371980
typo
2018-05-01 19:38:55 +02:00
Ludovic Poujol
732087235c
evolinux-users: Fix check_minifirewall path in sudoers file
2018-04-25 17:36:11 +02:00
Jérémy Lecour
c7d291c830
Merge branch 'unstable' into stable
2018-04-24 16:46:34 +02:00
Jérémy Lecour
170bd6c2c1
Release 9.1.9
2018-04-24 16:45:05 +02:00
Jérémy Lecour
5c5361dbb5
apache: customize logrotate (52 weeks)
2018-04-22 18:10:47 +02:00
Jérémy Lecour
15ebb84bb6
mysql/mysql-oracle: mysqltuner cron scripts is 0755
2018-04-22 17:32:23 +02:00
Jérémy Lecour
5bf82d117b
Don't copy empty files
2018-04-22 17:23:31 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Benoît S.
cb941bfe61
webapps/evoadmin-web: Add example of logins vars
...
Examples are present in config.php but not config.local.php and can be
disturbing.
2018-04-20 14:18:49 +02:00
Jérémy Lecour
bc3b1182ea
evolinux-users: default to AllowGroups (for SSH) in Debian 10
2018-04-20 10:25:14 +02:00
Jérémy Lecour
792e319694
packweb-apache: install evoadmin as a dependency
...
A bug in Ansible 2.2 disables some included roles when dependencies have
a conditional evaluated to false.
2018-04-20 10:23:35 +02:00
Jérémy Lecour
d9767aeb86
whitespaces
2018-04-20 10:22:11 +02:00
Ludovic Poujol
da13a478c6
webapps/evoadmin-web : Name the fail task
2018-04-19 16:04:21 +02:00
Ludovic Poujol
e37b3f569a
generate-ldif: add a minifirewall service when /etc/default/minifirewall exists
2018-04-19 16:04:21 +02:00
Jérémy Lecour
92bb60495d
mysql: add a name attribute for systemd daemon-reload module
2018-04-19 15:44:05 +02:00
Jérémy Lecour
6daf6877c1
Merge branch 'ssh-groups' into unstable
2018-04-18 18:21:39 +02:00
Jérémy Lecour
43d86f5541
evolinux-users: cover more cases for AllowUsers/Groups in sshd config
2018-04-18 18:21:09 +02:00
Jérémy Lecour
2f631f1ae7
update Changelog
2018-04-18 12:16:57 +02:00
Jérémy Lecour
b0b4e13130
evolinux-users: Add users to group for SSH on Debian 9+
2018-04-18 12:16:04 +02:00
Jérémy Lecour
32c289d915
evolinux: improve case switching
...
A case was missing : no AllowUsers/AllowGroups, on Debian 9
2018-04-18 12:16:04 +02:00
Jérémy Lecour
5bcd7e44cf
evolinux-users: really look for evomaintenance
...
The file was missing in the grep command :/
2018-04-18 12:16:04 +02:00
Jérémy Lecour
a782ef3180
evolinux-users: better names for a fewtasks
2018-04-18 12:16:04 +02:00
Jérémy Lecour
dba26fbbaf
evolinux-users: sudoers file should be 0440 also in Stretch
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f065310ca6
evolinux-users: use command instead of shell when possible
2018-04-18 12:16:04 +02:00
Jérémy Lecour
2027420877
whitespaces
2018-04-18 12:16:04 +02:00
Jérémy Lecour
13abc44992
evolinux-users: use assert instead of fail
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f152ba66cd
evolinux-users: regroup tasks
...
1. create all accounts
2. configure sudo for everyone
3. configure ssh for everyone
2018-04-18 12:16:04 +02:00
Jérémy Lecour
e0ac7760f0
Use AllowGroups mode also if no AllowUsers is present at all
2018-04-18 12:16:04 +02:00
Jérémy Lecour
4fc58e4b1e
evolinux-users: rename included files
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b866b6fa0a
evolinux-base: fail2ban is not enabled by default
2018-04-18 12:15:43 +02:00
Jérémy Lecour
423acc79fd
mysql-oracle: copy evolinux config files in mysql.cond.d
2018-04-18 12:06:15 +02:00
Jérémy Lecour
cdbce0ae24
mysql-oracle: use systemd module to reload daemon
2018-04-18 12:05:09 +02:00
Jérémy Lecour
b843a528be
mysql: abort if MariaDB on Debian 8
...
We can't create other users with 'debian-sys-maint' on Debian 8 with
MariaDB.
We must give it the GRANT privilege before continuing.
2018-04-17 10:24:47 +02:00
Jérémy Lecour
602836a6e7
mysql: whitespaces
2018-04-17 10:24:12 +02:00
Jérémy Lecour
87d865508f
Merge branch 'unstable' into stable
2018-04-16 00:06:52 +02:00
Jérémy Lecour
4749667f58
Release 9.1.8
2018-04-16 00:00:13 +02:00
Jérémy Lecour
ae6e376048
mysql: properly reload systemd
2018-04-15 23:58:31 +02:00
Jérémy Lecour
48dad83c4f
evomaintenance: remove double-quotes where not necessary
2018-04-15 22:25:44 +02:00
Victor LABORIE
4612c5ec89
packweb-apache: use check_mode for apg command
...
* Fix usage of packweb-apache role with --check
2018-04-13 12:13:43 +02:00
Victor LABORIE
81861bad80
mysql: use check_mode for apg command
...
* Fix usage of mysql role with --check
2018-04-13 12:08:58 +02:00
Victor LABORIE
f5a914bf63
Fix CHANGELOG
2018-04-13 12:05:48 +02:00
Victor LABORIE
ef127d89dc
packweb-apache: use dependencies instead of include_role for apache and php roles
2018-04-13 11:54:42 +02:00
Jérémy Lecour
c53403570a
Merge branch 'unstable' into stable
2018-04-06 10:49:54 +02:00
Jérémy Lecour
619a0a8c72
Release 9.1.7
2018-04-06 10:49:23 +02:00
Jérémy Lecour
1194f75510
Merge branch 'lpoujol-listupgrade' into unstable
2018-04-06 10:44:07 +02:00
Jérémy Lecour
2e375b9506
update CHANGELOG
2018-04-06 10:43:38 +02:00
Ludovic Poujol
602c9fbf3b
listupgrade: Add service restart notification for squid
2018-04-06 10:42:46 +02:00
Ludovic Poujol
5650b79c81
listupgrade: Add service restart notification for libstdc++6
2018-04-06 10:42:46 +02:00
Jérémy Lecour
46a6a35486
evolinux-users: add check_minifirewall in sudoers commands
2018-04-06 10:36:48 +02:00
Jérémy Lecour
831b733dfe
minifirewall: nrpe/sudo config only if possible
2018-04-06 10:35:43 +02:00
Jérémy Lecour
baf6ddd66c
Merge branch 'check_minifirewall' into unstable
2018-04-06 09:54:21 +02:00
Jérémy Lecour
654c0a261f
update CHANGELOG
2018-04-06 09:53:37 +02:00
Jérémy Lecour
61c268b395
nagios-nrpe: add check_minifirewall by default
2018-04-06 09:52:18 +02:00
Jérémy Lecour
e984e46b83
minifirewall: nagios plugins directory is configurable
2018-04-06 09:52:18 +02:00
Jérémy Lecour
03c53433d6
Add minifirewal_status and check_minifirewall
...
minifirewall_status returns "started" on stdout and exit code 0,
or "stopped" on stdout and exit code 1. The state of minifirewall
is determined by looking for common iptables rules applied by
minifirewall.
check_minifirewall is an NRPE plugin for minifirewall. It returns:
* 0 (OK) if the firewall state is consistent with its configuration
(from the alert5 script)
* 1 (WARNING) if the firewall is started but alert5 is not configured
properly
* 2 (CRITICAL) if the firewall is not running but it should be.
2018-04-06 09:52:18 +02:00
Jérémy Lecour
c2ed10e2e4
CHANGELOG cleanup
2018-04-06 09:26:51 +02:00
Jérémy Lecour
8b9c8288c9
Merge branch 'lpoujol-node-yarn' into unstable
2018-04-06 09:23:42 +02:00
Jérémy Lecour
b68d0765ed
update CHANGELOG
2018-04-06 09:22:05 +02:00
Jérémy Lecour
2c9acfb12d
nodejs: extract yarn tasks in a file
2018-04-06 09:19:36 +02:00
Jérémy Lecour
beeb7de0af
mongodb: rename logrotate script
2018-04-05 18:43:29 +02:00
Jérémy Lecour
3b8c57faee
mongodb: allow unauthenticated packages for Jessie
2018-04-05 15:23:12 +02:00
Jérémy Lecour
786f25731e
Update CHANGELOG
2018-04-04 23:46:50 +02:00
Jérémy Lecour
7195742af9
remine: add tags
2018-04-04 23:36:00 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
4382ce24f6
add "become" when missing
2018-04-04 23:22:17 +02:00
Jérémy Lecour
3cbb65ea8d
whitespaces
2018-04-04 23:21:31 +02:00
Bruno TATU
20d3afb74a
verify if opendkim-tools and opendkim is installed
2018-04-04 16:16:54 +02:00
Ludovic Poujol
6a14904227
nodejs: install yarn optionaly with var (default: )
2018-04-04 10:15:51 +02:00
Jérémy Lecour
3af7d2d679
php: fix condition statement position
2018-04-04 10:01:17 +02:00
Jérémy Lecour
3038ad8fdc
webapps: fix task indentation
2018-04-04 10:01:10 +02:00
Jérémy Lecour
ce11c39ce4
evoacme: add a symlink for vhosts with old path
2018-03-30 18:45:26 +02:00
Jérémy Lecour
7385e2894e
evoacme: fix version comparison for evoacme
2018-03-30 18:43:03 +02:00
Ludovic Poujol
e27c96fd2f
rbenv: Correct the changes done in 24aeff2e
about become user issues
2018-03-30 15:34:45 +02:00
Jérémy Lecour
ad3383a510
Install ncurses-term for additional terminal types
...
When connecting to a server from urxvt, the session behaves like one
with xterm.
2018-03-29 16:42:33 +02:00
Jérémy Lecour
f5339568ed
nginx: don't debug variables in verbosity 0
2018-03-28 21:12:24 +02:00
Daniel Jakots
3d35f7f763
Remove unused files since 4a81d12
2018-03-28 09:52:38 -04:00
Daniel Jakots
44de2b84ec
Add script to exclude a time slot from monitoring
2018-03-28 09:50:41 -04:00
Jérémy Lecour
d9bf95e7b3
Merge branch 'improve-php' into unstable
2018-03-26 21:53:51 +02:00
Jérémy Lecour
690318e435
Update CHANGELOG for php changes
2018-03-26 21:53:32 +02:00
Jérémy Lecour
3d4733fc13
php: fix fpm custom file permissions
2018-03-26 21:52:46 +02:00
Jérémy Lecour
d4da36ffa7
php: restart fpm if needed
2018-03-26 21:52:38 +02:00
Jérémy Lecour
1b4ea6e859
whitespaces
2018-03-26 21:52:22 +02:00
Ludovic Poujol
24aeff2e72
rbenv: fix become user issue with copy tasks
2018-03-26 09:53:54 +02:00
Romain Dessort
521b196ba3
memcached: add Nagios check for memcached (evoqa #3498 )
2018-03-22 15:15:24 -04:00
Victor LABORIE
d2207b60e1
Add an evolix symlink for prefixed roles
...
* permit to use evolix/role_name with working include_role
2018-03-20 13:32:38 +01:00
Ludovic Poujol
4c36fd075c
webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined
2018-03-19 16:48:12 +01:00
Jérémy Lecour
98486fd771
etc-git: add tags for Ansible
2018-03-16 14:21:01 +01:00
Romain Dessort
b92d697db1
Make commit tasks work on squeeze
...
On squeeze machines, the task fetching the user.email variable fails and
therefore git_config_user_email.config_value ansible variable is
undefined in the next task. I added a condition to handle this case.
2018-03-15 11:23:38 -04:00
Romain Dessort
236b65f54a
Exclude postfix/spamd.cidr from git
...
This commit refer to evoqa #2748 .
2018-03-15 11:23:38 -04:00
Ludovic Poujol
3c2443181b
evolinux-base: Exec the firewall tasks sooner to avoid dependency issues
2018-03-15 12:04:35 +01:00
Romain Dessort
8c0fadb8fe
Ensure munin plugins for Postfix are enabled
...
munin plugins for Postfix could be absent on some servers. This commit
fixes evoqa issue #2584 .
2018-03-14 10:46:54 -04:00
Jérémy Lecour
a12dca0b70
mysql/mysql-oracle: mysqltuner cron task is executable
2018-03-14 09:35:26 +01:00
Jérémy Lecour
b81ef36f92
mysql: remount /usr (if needed) before creating scripts directory
2018-03-14 09:33:14 +01:00
Victor LABORIE
61ee8052e5
dovecot: update CHANGELOG
2018-03-13 10:25:45 +01:00
Victor LABORIE
5e3c33eb7a
proftpd: update README and CHANGELOG
2018-03-13 10:25:26 +01:00
Jérémy Lecour
ad4714856b
mongodb: don't overwrite config by default
2018-03-13 09:40:37 +01:00
Jérémy Lecour
84924c38f4
evolinux-users: create .profile for evomaintenance if missing
2018-03-13 09:37:27 +01:00
Ludovic Poujol
94118b2536
Apache: Don't turn on modsec if it's available on default vhost
2018-03-12 11:00:57 +01:00
Victor LABORIE
389d1c7395
Merge branch 'postfix-dovecot-handle-plus-sign' into unstable
2018-03-09 17:38:07 +01:00
Benoît S.
1558bfe8c3
Patch dovecot deliver to handle + sign in address.
...
This is mandatory to handle the plus sign in email address like
foo+bar@example.com
2018-03-08 14:59:37 +01:00
Benoît S.
a4a3569630
Show the certificate path when exiting with an error
2018-03-06 10:34:55 +01:00
Benoît S.
cdaad871b3
Be sure to check the exit code of certbot
...
If we use set -e but no -o pipefail with a pipe, the last command exit code is
used by set -e.
certbot | grep -v something
If the grep exit with a non-zero exit code, set -e stop the execution of the
script. We don't care about that grep, so we now use the PIPESTATUS.
2018-03-05 14:46:49 +01:00
Ludovic Poujol
77cc1cce7d
mysql-oracle: Add repo.mysql.com to minifw if needed
2018-03-02 15:49:47 +01:00
Ludovic Poujol
3488ec758d
mysql-oracle: Add missing remount-usr
2018-03-02 15:22:36 +01:00
Ludovic Poujol
09674fa489
Squid: Add repo.mysql.com to default whitelist
2018-03-02 15:18:49 +01:00
Jérémy Lecour
23ae74d422
update changelog
2018-02-28 17:42:02 +01:00
Victor LABORIE
9d349133f2
proftpd: fix when password was predefined
2018-02-28 17:37:24 +01:00
Jérémy Lecour
5f6ae3c344
Merge branch 'mysql-oracle' into unstable
2018-02-28 17:26:11 +01:00
Jérémy Lecour
ace68db4b4
packweb-apache can use MySQL from Oracle.
2018-02-28 17:25:47 +01:00
Jérémy Lecour
738d56db68
Add mysql-oracle role
...
Install and configure MySQL 5.7 with packages from Oracle
2018-02-28 17:12:25 +01:00
Victor LABORIE
ef3287f7a2
proftpd: missing tab
2018-02-27 17:24:21 +01:00
Victor LABORIE
d0fcd1c2d1
proftpd: use proftpd_accounts list for create ftp accounts
...
* need documentation
* faster, easier, more robust and reliable than loop on
include_role with account.yml task
* account.yml task will be removed in future release
2018-02-27 17:14:57 +01:00
Gregory Colpart
01379f5a29
follow https://wiki.evolix.org/HowtoNodeJS and default to node_8.x version
2018-02-27 00:12:50 +01:00
Jérémy Lecour
54159f8e87
mongodb: configuration is forced by default but it's configurable
2018-02-23 18:44:26 +01:00
Jérémy Lecour
1ac3300ade
nginx: package name can be specified (default: nginx-full)
2018-02-22 00:10:14 +01:00
Jérémy Lecour
40939dd6bd
fixup! elasticsearch: RESTART_ON_UPGRADE is configurable
2018-02-20 15:21:18 +01:00
Jérémy Lecour
41f7b029b2
Update changelog for commits on nagios-nrpe
2018-02-20 15:08:40 +01:00
Jérémy Lecour
62a85ef72a
elasticsearch: RESTART_ON_UPGRADE is configurable
2018-02-20 15:06:07 +01:00
Benoît S.
9bf70a57f4
Set +x on theses executables plugins
2018-02-19 14:18:58 +01:00
Benoît S.
90a517af2d
Added a new nagios-nrpe plugin: check_open_files
2018-02-19 14:17:53 +01:00
Victor LABORIE
df891f6aee
haproxy: fix Munin plugin dependencies
2018-02-14 14:10:00 +01:00
Victor LABORIE
cbf64417bf
haproxy: Munin plugin need a Debian Package
2018-02-13 16:49:24 +01:00
Victor LABORIE
2727a6dfa1
haproxy: add Munin graphes
2018-02-13 16:37:40 +01:00
Jérémy Lecour
097f732922
evolinux-users: evomaintenance trap detection also with check_mode
2018-02-08 15:33:28 +01:00
Jérémy Lecour
c18b83d974
evolinux-users: deal with AllowGroups and AllowUsers differently
2018-02-08 15:29:53 +01:00
Jérémy Lecour
6cb1a5765a
whitespaces
2018-02-08 11:11:47 +01:00
Jérémy Lecour
c6d3b804d9
nginx: fix basic auth for default vhost
2018-02-08 11:11:47 +01:00
Jérémy Lecour
23062e7b18
elasticsearch: ES_TMPDIR variable for custom tmpdir
2018-02-07 17:36:04 +01:00
Jérémy Lecour
f9c06f3e47
etc-git: add postfix db files in default gitignore
2018-02-04 16:42:10 +01:00
Jérémy Lecour
8a498bb3a3
postfix: add lines in /etc/.gitignore
2018-02-04 11:49:14 +01:00
Jérémy Lecour
02fdbb9126
postgresql: use ".j2" extension for jinja templates
2018-02-04 11:39:59 +01:00
Jérémy Lecour
9102e35fe8
Merge branch 'unstable' into stable
2018-02-02 21:21:24 +01:00
Jérémy Lecour
afe2446d54
Release 9.1.6
2018-02-02 20:10:20 +01:00
Jérémy Lecour
24a5f0df7e
nginx: fix servers status dirname
2018-02-01 12:27:18 +01:00
Bruno TATU
26f3814254
Revert "nodejs: add 3 tasks + install procedure"
...
This reverts commit cff9900d94
.
2018-02-01 12:00:41 +01:00
Bruno TATU
b1cd390fb3
remove playbook exemple
2018-02-01 12:00:36 +01:00
Bruno TATU
cc557f14c1
nodejs: add playbook example
2018-02-01 10:50:44 +01:00
Bruno TATU
cff9900d94
nodejs: add 3 tasks + install procedure
2018-02-01 10:49:17 +01:00
Victor LABORIE
ed81597b06
evoadmin-mail: allow Expires rules in .htaccess
2018-01-30 15:55:06 +01:00
Romain Dessort
0f12501760
Add security-cdn.debian.org to HTTPSITES whitelist
...
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
2018-01-29 11:15:11 -05:00
Gregory Colpart
fb6cb79b41
Keep read right on group for software with non-root access like OpenLDAP
2018-01-28 17:13:23 +01:00
Victor LABORIE
4fd4e0d96d
ldap|nagios-nrpe: use external file for NRPE credentials
2018-01-24 16:49:07 +01:00
Jérémy Lecour
3bbc1be977
nagios-nrpe: document new variable
2018-01-23 18:34:04 +01:00
Jérémy Lecour
8bd94a7c44
fail2ban: fix horrible typo, Python is not Ruby
2018-01-23 18:31:31 +01:00
Jérémy Lecour
6ed1f04c85
nagios-nrpe: allowed_hosts can be updated
2018-01-23 17:41:58 +01:00
Jérémy Lecour
19b2da5b92
evoacme: exclude typical certbot directories
2018-01-22 18:27:37 +01:00
Jérémy Lecour
88bdf270d7
Added emphasis on version number significance
2018-01-22 18:27:37 +01:00
Benoît S.
3ef353761f
nagios-nrpe: Add --sni to check_https
...
Why? Because we want to use the right server name when checking.
And if you have a strict-sni enabled server you will have an error.
CRITICAL - Cannot
make SSL connection. 139749570156288:error:14094458:SSL
routines:ssl3_read_bytes:tlsv1 unrecognized
name:../ssl/record/rec_layer_s3.c:1399:SSL alert number 112
2018-01-22 12:14:27 +01:00
Jérémy Lecour
1f007c1ff0
update changelog
2018-01-20 19:57:58 +01:00
Jérémy Lecour
b4ffe48282
Changelog: backfill of a few releases
2018-01-20 19:55:41 +01:00
Jérémy Lecour
ad80bc9ff7
mongodb: install python-pymongo for monitoring
...
Backport from commit 0858f53b2a70718d8b1f4567a4348c3e9b5c4faf
2018-01-20 19:33:18 +01:00
Jérémy Lecour
141da62b9f
Changelog: backfill previous release notes (9.1.4 and 9.1.3)
2018-01-18 23:37:56 +01:00
Jérémy Lecour
25a5ffd6ef
fail2ban: Install munin plugin if available
2018-01-18 23:17:20 +01:00
Jérémy Lecour
72695db53b
Merge branch 'unstable' into stable
2018-01-18 18:42:18 +01:00
Jérémy Lecour
cf8b110abb
Add a changelog
2018-01-18 18:41:15 +01:00
Jérémy Lecour
25a47173b8
create server status parent directory if missing
2018-01-18 17:17:34 +01:00
Jérémy Lecour
86c2bcb398
apache: /usr/share/scripts exists
2018-01-18 17:08:29 +01:00
Jérémy Lecour
1b5cb850fb
evocheck: add tags
2018-01-18 17:05:51 +01:00
Victor LABORIE
a8f7a7748e
unbound: retrieve list of root DNS servers
2018-01-11 12:41:40 +01:00
Victor LABORIE
d9756702f6
redmine: force xpath < 3.0.0 (for ruby 2.1 support)
2018-01-08 14:44:22 +01:00
Jérémy Lecour
ca738edcfa
evomaintenance: explicit quotes
2018-01-05 10:43:04 +01:00
Jérémy Lecour
8f88a48e15
evoacme cron task : improve readability
...
* use long form options
* break line before pipe
2018-01-03 10:12:14 +01:00
Jérémy Lecour
316fabeabe
Merge branch 'server-status-suffix' into unstable
2018-01-03 10:06:47 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00
Jérémy Lecour
28954e634c
whitespaces
2018-01-03 10:05:20 +01:00
Benoît S.
5c3b375b25
Merge branch 'evoacme-fix-empty-certs-cron-daily' into unstable
2018-01-03 10:01:47 +01:00
Benoît S.
edf7bceee6
Add -r to xargs arguments
...
Why? Because if there is no certificates in /etc/letsencrypt it will call
evoacme with no args, resulting in an error.
2018-01-03 10:00:22 +01:00
Jérémy Lecour
e8c0e43cf0
evomaintenance: add some tags on tasks
2018-01-02 16:45:45 +01:00
Victor LABORIE
f09d93aadb
evolinux-base: purge locate/mlocate by default
2018-01-02 15:11:27 +01:00
Jérémy Lecour
a59b0d8914
squid: fix template path
2017-12-29 15:14:24 +01:00
Jérémy Lecour
d8e88b1958
Redis: fix typo in shell command
2017-12-29 11:18:27 +01:00
Jérémy Lecour
298f3ddcf0
Redis: proetcted-mode is supported in Redis 3.2+
2017-12-28 17:28:31 +01:00
Jérémy Lecour
0884063a69
evocheck: add the commit
...
It helps detecting it's from the sources not the package.
2017-12-28 15:05:27 +01:00
Jérémy Lecour
215d83f0b4
bind: keep 52 weeks of logs
2017-12-28 11:27:36 +01:00
Jérémy Lecour
c1169f86f1
Squid: replace logrotate file if default
2017-12-28 11:16:06 +01:00
Jérémy Lecour
432a89fe40
evomaintenance: force permissions on config file
2017-12-28 11:01:52 +01:00
Jérémy Lecour
290dfd300a
evolinux-users: add users to adm group for Stretch
2017-12-28 11:01:31 +01:00
Jérémy Lecour
03c0f0c536
evocheck: update embedded script
2017-12-27 16:44:54 +01:00
Jérémy Lecour
ec1252f4ba
whitespaces
2017-12-27 15:36:45 +01:00
Jérémy Lecour
3a9d8805de
Rbenv: use Ruby 2.5 by default
2017-12-27 15:36:25 +01:00
Jérémy Lecour
55d31f7288
Redis: configuration for "protected-mode" + tags
2017-12-27 15:10:59 +01:00
Bruno TATU
516aafbaa4
evoacme: more explicit -> readme.md
2017-12-26 14:27:00 +01:00
Jérémy Lecour
8a027f9521
Merge branch 'unstable' into stable
2017-12-20 18:08:03 +01:00
Jérémy Lecour
aeba94bcba
default/additional variables
...
List of hosts/ip are a combination of 2 lists allowing overrides
2017-12-20 18:04:54 +01:00
Jérémy Lecour
223bfbdc5a
Elasticsearch logs can have multiple patterns
2017-12-19 18:08:29 +01:00
Victor LABORIE
b3ec1f09b6
slapd: listen on 127.0.0.1:389 by default
2017-12-18 18:05:37 +01:00
Ludovic Poujol
b90260ae28
minifirewall: Make outgoing SSH in IPv6 works
2017-12-15 14:49:21 +01:00
Ludovic Poujol
bfb8a6cee8
evoadmin-web: No need to have config.local.php world readable
2017-12-15 14:48:32 +01:00
Ludovic Poujol
a2acd250a6
evolinux-base: have default_www files chmoded as 644
2017-12-13 15:44:16 +01:00
Ludovic Poujol
806df7d77a
nodejs: remove useless .list so we don't have nodesource.list.list
2017-12-13 15:41:45 +01:00
Benoît S.
9328618d6d
Add check_mysql_slave for nagios nrpe default config
2017-12-13 14:53:21 +01:00
Ludovic Poujol
18dfb69679
PHP: Install php-intl module (useful for modern frameworks)
2017-12-11 11:57:55 +01:00
Jérémy Lecour
e4daf04110
Merge branch 'unstable' into stable
2017-12-08 10:34:07 +01:00
Jérémy Lecour
02719d93fd
tomcat: compatible with Tomcat7 and Tomcat8
2017-12-08 10:33:33 +01:00
Jérémy Lecour
37f701eb54
evoacme: typos
2017-12-08 10:22:32 +01:00
Jérémy Lecour
5980593470
evoacme: move nginx acme challenge conf
2017-12-08 09:46:16 +01:00
Jérémy Lecour
762d2d7152
mongodb: fix log/lock files paths for Jessie
2017-12-07 15:58:43 +01:00
Gregory Colpart
49fff767a9
Fix #2345 : apply fix for v4 *and* v6 for syntax bug in conf file
2017-12-06 20:38:25 +01:00
Victor LABORIE
0da21a5ac6
ntpd: fix default configuration
2017-12-06 16:06:18 +01:00
Jérémy Lecour
ce837d5cfd
Remove openntpd before installing ntp
2017-12-06 00:09:31 +01:00
Jérémy Lecour
1faf0faa6b
Remove openntpd before installing serveur-base
2017-12-06 00:09:08 +01:00
Jérémy Lecour
3a3708e9a6
Nginx: really fix munin-cgi log files permission
...
with_fileglob is executed locally, not remotely. It is useless here.
Instead, let's explicitely chown all files with a shell command.
2017-12-05 23:46:14 +01:00
Jérémy Lecour
f0bc63e02e
Nginx: fix permissions for munin-cgi log files
2017-12-05 23:30:51 +01:00
Jérémy Lecour
b3ad23fcc6
Nginx: fix fcgi Munin graphs
...
fixes https://forge.evolix.org/issues/2371
2017-12-05 23:07:13 +01:00
Jérémy Lecour
5e1268ad65
Install traceroute
2017-12-05 14:42:07 +01:00
Jérémy Lecour
eefde217b1
Cherry-picked fcdb92dc
. listupgrade: remount /usr as rw
...
Pretty important issue fixed, need to be in stable!!
2017-12-05 10:37:45 +01:00
Jérémy Lecour
70a1dfa4dc
logstash: fix permissions on pipeline configuration
2017-12-04 16:01:33 +01:00
Jérémy Lecour
12808feeff
varnish: add a restart handler
2017-12-04 14:59:34 +01:00
Jérémy Lecour
d34ade4493
whitespaces
2017-12-04 13:50:26 +01:00
Benoît S.
7a6b8451a9
Added "The total blob data length" pattern
...
This will detect this error:
[ERROR] InnoDB: The total blob data length (10066388) is greater than 10% of
the total redo log size (100663296). Please increase total redo log size.
2017-12-04 11:22:03 +01:00
Victor LABORIE
23325df316
nagios-nrpe: add bkctld check in evolix.cfg
2017-12-04 11:08:41 +01:00
Victor LABORIE
1c4aa08421
packmail (postfix + spamassassin): fix cron.d spam and sa-update
2017-12-01 12:07:55 +01:00
Jérémy Lecour
419416b531
Varnish : reload or restart if needed
2017-11-30 23:51:18 +01:00
Victor LABORIE
a1898f7705
Revert "nagios-nrpe: use check_procs for clamd check"
...
This reverts commit 6588ee937f
.
2017-11-30 18:11:03 +01:00
Victor LABORIE
a8cd567731
generate-ldif: add clamd service instead of clamav_db
...
Because clamd and clamav_db services was merged.
2017-11-30 16:54:33 +01:00
Victor LABORIE
6588ee937f
nagios-nrpe: use check_procs for clamd check
2017-11-30 16:02:41 +01:00
Jérémy Lecour
b7d4f92ad2
rabbitmq: add a munin plugin
2017-11-29 14:17:38 +01:00
Jérémy Lecour
3d5c004d8a
mysql: parameterize evolinux config files
...
The tmpdir task was not using the right file.
We use a variable for those files, to hemp with maintenance ans
customization.
2017-11-29 10:02:02 +01:00
Jérémy Lecour
635aa5f8a1
php.ini custom file permissions
...
Thanks to root's umask, the copied file doesn't ave the proper
permissions :
0600 (actual) instead of 0644 (expected)
2017-11-28 15:17:36 +01:00
Jérémy Lecour
33c4d54edc
rabbitmq: remount /usr before installing the check
2017-11-28 10:43:19 +01:00
Jérémy Lecour
fcdb92dc56
listupgrade: remount /usr as rw
2017-11-28 10:43:19 +01:00
Victor LABORIE
98029388d9
remount-usr: Add README
2017-11-27 14:21:36 +01:00
Jérémy Lecour
4c0fe3577f
rbenv: Rbenv v1.1.1 and Ruby v2.4.2
2017-11-27 11:14:10 +01:00
Jérémy Lecour
0dfc66683a
remove zidane.evolix.net from minifirewall
2017-11-27 10:19:04 +01:00
Jérémy Lecour
f1063cce94
rabbitmq: NRPE check and config
2017-11-26 19:30:24 +01:00
Jérémy Lecour
f21ce97903
jenkins: remember squid whitelist
2017-11-26 19:29:56 +01:00
Jérémy Lecour
690e44ac5d
mysql: check_mode for nrpe password
2017-11-26 18:58:39 +01:00
Jérémy Lecour
19b6773b18
nginx: adjust apt preferences for backports
...
All variants of nginx and libssl are used from backports
2017-11-26 12:44:41 +01:00
Jérémy Lecour
cc12f15b23
elasticsearch: update curator debian repository
2017-11-26 12:38:59 +01:00
Jérémy Lecour
bcd3553cbb
minifirewall: add debug for variables
2017-11-26 12:32:33 +01:00
Jérémy Lecour
cf47d40b79
elastic: option for stack main version
2017-11-26 12:32:12 +01:00
Jérémy Lecour
2ac7b60a39
evoacme: better documentation
2017-11-25 14:17:36 +01:00
Jérémy Lecour
708428d088
evoacme: store Nginx letsencrypt config file in snippets
2017-11-25 14:17:36 +01:00
Jérémy Lecour
375c3e6760
evoacme: crontab management
...
* simply rename certbot script to disable it
* use "evoacme" as file name for our custom cron script
2017-11-25 14:17:36 +01:00
Jérémy Lecour
ab0b867a8c
Merge branch 'mongodb-stretch' into unstable
2017-11-24 12:14:15 +01:00
Jérémy Lecour
b3f4e4683e
hostname customization needs the dbus package
2017-11-22 14:08:54 +01:00
Jérémy Lecour
fbd4e741a0
Merge branch 'unstable' into stable
2017-11-21 16:58:49 +01:00
Jérémy Lecour
0c8389baf9
Adapt mongodb role for Stretch
...
Everything changes :
* package source
* service name
* version
2017-11-21 16:51:19 +01:00
Jérémy Lecour
7fee69ca22
evoacme: remove $()
2017-11-21 16:17:21 +01:00
Jérémy Lecour
86a9c9fc84
amazon-ec2: whitespaces
2017-11-21 15:04:05 +01:00
Jérémy Lecour
4601dae563
split amazon-ec2 tasks (cherry-pick)
2017-11-21 14:57:40 +01:00
Bruno TATU
ad9a15827f
evoacme: invert conditions in sed_cert_path_XXX()
2017-11-21 14:45:50 +01:00
Bruno TATU
9519e226e9
evoacme: remove double caret in sed pattern
2017-11-21 14:44:36 +01:00
Jérémy Lecour
04c61407ed
Amazon-ec2: add egress rules
2017-11-21 10:29:42 +01:00
Jérémy Lecour
b15b06d458
add name for some fail modules
2017-11-21 10:17:46 +01:00
Jérémy Lecour
9038beefd1
Merge branch 'unstable' into stable
2017-11-19 23:43:11 +01:00
Jérémy Lecour
28b3243e5d
split amazon-ec2 tasks
2017-11-19 22:58:09 +01:00
Jérémy Lecour
8cd754fd55
kibana: use the right argument :/
2017-11-17 11:30:34 +01:00
Ludovic Poujol
49d3118976
evoacme: Fix nginx on deb9 for LE challenge
2017-11-16 16:00:27 +01:00
Jérémy Lecour
8ef9554746
Combine evolix and additional trusted IP addresses
2017-11-15 23:57:58 +01:00
Romain Dessort
eaff68a9e5
Merge branch 'amazon-ec2' into unstable
2017-11-15 17:35:44 -05:00
Romain Dessort
16a1111345
Add a post-install task file
2017-11-15 17:34:11 -05:00
Romain Dessort
2fe548ce4e
Open standart ports in default security group
2017-11-15 17:34:11 -05:00
Jérémy Lecour
a80ced9efd
apt: don't upgrade by default
2017-11-15 18:25:38 +01:00
Jérémy Lecour
97d3465ea5
spamassassin: quote command
2017-11-15 12:22:50 +01:00
Jérémy Lecour
6007c98b43
remount-usr: quote commands
2017-11-15 12:21:30 +01:00
Jérémy Lecour
d355532a24
Postfix: extract main.cf md5sum into variables
2017-11-15 12:13:50 +01:00
Jérémy Lecour
8a479eee3f
postfix: quote shell command
2017-11-15 12:00:25 +01:00
Jérémy Lecour
da3838e3e9
fail2ban: create config hierarchy beforehand
2017-11-15 11:46:53 +01:00
Jérémy Lecour
46d70b3cd5
evolnux-base: cache pgp key locally
2017-11-15 11:40:42 +01:00
Jérémy Lecour
5c6c92ab69
evoacme: install hooks in a loop
2017-11-15 11:40:42 +01:00
Jérémy Lecour
6608f13421
redis: add missing tags
2017-11-15 11:29:22 +01:00
Jérémy Lecour
e2e7aba739
redis: looser regexp for check_redis replace
2017-11-15 11:29:22 +01:00
Victor LABORIE
419c7f4cdf
Add meta/main.yml file for ansible galaxy cloning
2017-11-14 22:16:17 +01:00
Victor LABORIE
ce3b5b7cbd
evoacme: use xargs instead of while
2017-11-14 17:19:15 +01:00
Victor LABORIE
b801bdb576
evoacme: use -printf instead of -exec basename
2017-11-14 17:01:51 +01:00
Ludovic Poujol
cf190a76ff
Revert "listupgrade: add missing include remount-usr role"
...
This reverts commit 4f7cb9cb23
.
I broke things
2017-11-14 16:17:13 +01:00
Ludovic Poujol
4f7cb9cb23
listupgrade: add missing include remount-usr role
2017-11-14 16:06:47 +01:00
Jérémy Lecour
7bc668963b
kibana: move optimize and data to /var
2017-11-14 14:24:11 +01:00
Jérémy Lecour
72d08388a5
kibana: host and basepath configuration
2017-11-14 14:24:10 +01:00
Jérémy Lecour
888336e6fe
logstash: daily job for log rotation
2017-11-14 11:07:13 +01:00
Jérémy Lecour
4746354c54
Elasticsearch: daily job for log rotation
2017-11-14 11:07:06 +01:00
Jérémy Lecour
bcbfcf9080
Elasticsearch: use elastic.list APT source list for curator
2017-11-14 11:06:24 +01:00
Jérémy Lecour
5800159830
elasticsearch: fix datadir/tmpdir conditions
2017-11-14 11:05:54 +01:00
Jérémy Lecour
430f36c0e7
Elastic: fix source list filename
2017-11-14 10:26:48 +01:00
Jérémy Lecour
1d68340b3b
mysql: better support for check mode
2017-11-14 09:39:24 +01:00
Jérémy Lecour
549cb2f917
Supervisor: handlers name + tags
2017-11-13 17:48:50 +01:00
Jérémy Lecour
54d72ad9e0
typo + whitespaces
2017-11-13 15:40:18 +01:00
Daniel Jakots
019ce03e3a
Fix for OpenBSD 6.2
...
758d4ba9a7 (diff-d3ca8881345ccaf84b784637f5244eac)
changes the way vmstat prints free memory
2017-11-08 11:45:00 -05:00
Victor LABORIE
4d007c8eb0
roundcube: add link in default site index
2017-11-07 18:14:03 +01:00
Victor LABORIE
1c48df025c
Move /usr rw remount into remount-usr role
2017-11-07 13:34:05 +01:00
Eric Morino
37c1325c1a
nagios-nrpe: add opendkim check
2017-11-07 11:15:31 +01:00
Victor LABORIE
42c4a20b1f
nagios-nrpe: fix expected return message of test mail
2017-11-06 18:42:05 +01:00
Victor LABORIE
33f85b565c
nagios-nrpe: add date to check_amavis test mail
2017-11-06 18:32:56 +01:00
Victor LABORIE
c0c7183605
ldap: fix domain and cn
2017-11-06 17:26:24 +01:00
Victor LABORIE
6d2506a0ce
packweb-apache: comment cron task instead of remove it and don't remove buildstatic.sh
2017-11-06 11:51:57 +01:00
Victor LABORIE
6f0fb57595
packweb-apache: fix awstats cron
2017-11-06 11:29:15 +01:00
Victor LABORIE
0ef627e4bd
evoacme: add dovecot hook
2017-11-06 11:04:26 +01:00
Victor LABORIE
b0df53a6ee
evoacme: add postix hook
2017-11-06 11:04:13 +01:00
Bruno TATU
7decf35994
proftpd: add default_address + port
2017-11-03 13:54:23 +01:00
Victor LABORIE
d70e541fb7
evoadmin-web: remove unnecessary flush_handlers
2017-10-31 15:55:43 +01:00
Victor LABORIE
ba5b9beb8c
evoadmin-mail: remove unnecessary flush_handlers
2017-10-31 15:52:53 +01:00
Victor LABORIE
17ddda8ed3
apt: use conditionnal instead of handler for update
2017-10-31 15:50:25 +01:00
Victor LABORIE
acf85bfffc
Merge branch 'packmail' into unstable
2017-10-31 15:34:13 +01:00
Victor LABORIE
ce89d5c5a5
apache: fix usr rw remount
2017-10-31 15:28:42 +01:00
Victor LABORIE
bee42c57d2
postfix: mount usr in rw before copy spam.sh
2017-10-31 15:17:27 +01:00
Victor LABORIE
1f70b14896
spamassasin: mount usr in rw before copy sa-update.sh
2017-10-31 15:13:58 +01:00
Victor LABORIE
be3d3c97ef
postfix: don't use milter with amavis
2017-10-31 12:25:26 +01:00
Victor LABORIE
69aa3ab8b8
ldap: don't inject custom schema if ldap is already configured
2017-10-31 10:36:18 +01:00
Victor LABORIE
78d57cf66f
redmine: set loglevel to warn
2017-10-30 11:46:35 +01:00
Victor LABORIE
940be65acb
roundcube: merge imapproxy role into roundcube
2017-10-27 17:59:15 +02:00
Victor LABORIE
91d2cce7d4
opendkim: deploy script for add DKIM domain
2017-10-27 16:04:59 +02:00
Victor LABORIE
79e6c55265
postfix: update README
2017-10-27 15:29:41 +02:00
Victor LABORIE
2d1504ddf6
apache: add somes modules by defaults
2017-10-27 15:01:06 +02:00
Victor LABORIE
b31110fb85
postfix: merge packmail role into postfix role
2017-10-27 14:47:01 +02:00
Victor LABORIE
6b620f4877
postfix/packmail: fix dependencies
2017-10-27 14:34:43 +02:00
Victor LABORIE
210b0095b6
postfix: always include amavis and opendkim config when packmail
2017-10-27 14:23:35 +02:00
Victor LABORIE
3c1416cf28
opendkim: fix UserID and Socket
2017-10-27 14:16:18 +02:00
Victor LABORIE
7413ebdd2b
postfix: add spf verification to packmail config
2017-10-27 12:02:27 +02:00
Victor LABORIE
0cdae8b246
postfix: split main task into minimal and packmail
2017-10-27 11:52:03 +02:00
Victor LABORIE
a3744bbe59
Add opendkim role
2017-10-27 11:41:31 +02:00
Victor LABORIE
bcda3b013e
kvm-host: move add-vm.sh script into another GIT repository
2017-10-26 17:19:04 +02:00
Victor LABORIE
bdc3ec7fd8
kvm-host: make an evomaintenance with add-vm.sh
2017-10-26 16:45:35 +02:00
Victor LABORIE
1075abed23
kvm-host: fix memory allocation in add-vm.sh (again)
2017-10-26 16:44:31 +02:00
Victor LABORIE
4a626df981
kvm-host: fix memory allocation in add-vm.sh
2017-10-26 16:29:57 +02:00
Victor LABORIE
7cf08cec1a
kvm-host: fix shared-secret generation
2017-10-26 15:57:12 +02:00
Victor LABORIE
6a110768b4
kvm-host: add script add-vm.sh
2017-10-26 15:50:34 +02:00
Ludovic Poujol
3532cb3f2d
evolinux-base: harware tasks. Add http://hwraid.le-vert.net/debian repo
...
on stretch for megacli packages
2017-10-26 15:07:28 +02:00
Victor LABORIE
206e2e8a0a
fail2ban: add roundcube filter
2017-10-25 12:12:18 +02:00
Victor LABORIE
8f7004c977
fail2ban: install filter before package
2017-10-25 12:11:46 +02:00
Victor LABORIE
f1349816ce
nagios-nrpe: add check for imapproxy
2017-10-25 11:55:35 +02:00
Victor LABORIE
d0cceb7e80
roundcube: return 503 if imapproxy doesn't run
2017-10-25 11:55:35 +02:00
Victor LABORIE
302fc2ffcc
roundcube: zipdownload plugin nead php-zip
2017-10-25 11:55:34 +02:00
Victor LABORIE
1ea4012736
spamassasin: custom sa-update nead evomaintenance package
2017-10-25 11:55:34 +02:00
Victor LABORIE
33fccf3b51
roundcube: use lineinfile for configure IMAP server and port
2017-10-25 11:55:34 +02:00
Victor LABORIE
ee58a84588
roundcube: fix regex for enabling plugins
2017-10-25 11:55:34 +02:00
Victor LABORIE
e10166249d
roundcube: use imapproxy
2017-10-25 11:55:34 +02:00
Victor LABORIE
628a043ba7
dovecot: login_max_processes_count is obsolete
2017-10-25 11:55:34 +02:00
Victor LABORIE
8e6d7ed568
roundcube: install default plugins
2017-10-25 11:55:34 +02:00
Victor LABORIE
77b8a80753
Add roundcube role
2017-10-25 11:55:34 +02:00
Victor LABORIE
71f64d2c24
clamav: configure debconf before install packages
2017-10-25 11:55:34 +02:00
Victor LABORIE
64928db22b
postfix: add slow transport for packmail by default
2017-10-25 11:55:34 +02:00
Victor LABORIE
82cf150c05
postfix: move spam.sh script from amavis role
2017-10-25 11:55:34 +02:00
Victor LABORIE
10ff2747e2
Add amavis, clamav and spamassasin roles
2017-10-25 11:55:34 +02:00
Victor LABORIE
dee2e2296c
postfix: deploy packmail master.cf and filter files
2017-10-25 11:55:34 +02:00
Victor LABORIE
d5ffb3c472
evoadmin-mail: fix shell and home for evoadmin-mail users
2017-10-25 11:55:34 +02:00
Victor LABORIE
3ac2a9b730
dovecot: update default config
2017-10-25 11:55:34 +02:00
Victor LABORIE
2f71925363
dovecot: disable pam auth
2017-10-25 11:55:34 +02:00
Victor LABORIE
9aaf4fe058
evoadmin-mail: fix document root path
2017-10-25 11:55:34 +02:00
Victor LABORIE
2947825c4b
evoadmin-mail: Fix default title
2017-10-25 11:55:34 +02:00
Victor LABORIE
b6761213f9
evoadmin-mail: fix mail var
2017-10-25 11:55:33 +02:00
Victor LABORIE
6d2dee0338
evoadmin-mail: use / instead of /evoadmin by default
2017-10-25 11:55:33 +02:00
Victor LABORIE
fbd1761cc2
postfix: fix daemon_directory var
2017-10-25 11:55:33 +02:00
Victor LABORIE
556311a607
evoadmin-mail: fix default config and evoadmin user
2017-10-25 11:55:33 +02:00
Victor LABORIE
e0c9de352b
postfix: add config for packmail
2017-10-25 11:55:33 +02:00
Victor LABORIE
a4c4de21a8
evoadmin-mail: fix evoadmin-mail link insertion
2017-10-25 11:55:33 +02:00
Gregory Colpart
3f77c0cb24
Fix: argh, forgot cn=schema in DN :(
2017-10-25 11:55:33 +02:00
Victor LABORIE
a0006a1318
dovecot: default conf for packmail
2017-10-25 11:55:33 +02:00
Victor LABORIE
251299cee6
evoadmin-mail: fix git clone of evoadmin-mail repo
2017-10-25 11:55:33 +02:00
Victor LABORIE
a6499b6712
packmail: use role dependencies instead of include_role
2017-10-25 11:55:33 +02:00
Victor LABORIE
0640a9f8fd
ldap: custom schema can be passed with ldap_schema
2017-10-25 11:55:33 +02:00
Gregory Colpart
1d7d45eb44
Add dovecot role, evoadmin-mail role and packmail role
2017-10-25 11:55:32 +02:00
Gregory Colpart
95408a2409
Improve ldap role
2017-10-25 11:55:32 +02:00
Jérémy Lecour
2aa26e2d68
copy vhosts-domains script
2017-10-24 17:39:49 +02:00
Jérémy Lecour
608b0a5bbc
evoacme: fix hooks tasks
2017-10-24 17:39:32 +02:00
Jérémy Lecour
330d500de6
evoacme: fix hooks execution
...
Disable regex for grep with "-F"
2017-10-24 17:38:59 +02:00
Jérémy Lecour
56e5cfc06d
evoacme: directories must be owned by "acme"
2017-10-24 17:38:05 +02:00
Jérémy Lecour
131eac4499
Fix: return if file is not readable
2017-10-24 17:37:46 +02:00
Jérémy Lecour
0e5396faa7
change from CRON to QUIET
2017-10-24 17:37:15 +02:00
Ludovic Poujol
e7987d9b99
postgresql: Add missing package, libdbd-pg-perl needed by munin-plugins
2017-10-20 11:15:19 +02:00
Victor LABORIE
3d3d4affe1
redmine: use default target instead of multi-user for puma service
2017-10-20 10:54:35 +02:00
Jérémy Lecour
172b21b613
mysql: add more Munin plugins
2017-10-20 10:25:34 +02:00
Jérémy Lecour
8567160596
evoacme: don't execute hooks with dots in file name
2017-10-20 10:15:12 +02:00
Jérémy Lecour
0ed1ca1356
evoacme: install hooks
2017-10-20 10:14:46 +02:00
Jérémy Lecour
1b50dfb0b3
evoacme: inline hooks calls + export variables
2017-10-19 23:23:51 +02:00
Jérémy Lecour
3d3e45faef
evoacme: use local variable
2017-10-19 23:18:11 +02:00
Jérémy Lecour
4d6853f844
evoacme: use hooks after certificate creation
2017-10-19 22:21:18 +02:00
Jérémy Lecour
1fa4ccc338
make-csr: create important directories
2017-10-19 11:08:35 +02:00
Jérémy Lecour
d2f86f7950
evoacme: check for arguments first
2017-10-19 11:08:16 +02:00
Jérémy Lecour
37cd22a466
evoacme: remove useless variables
2017-10-19 11:08:01 +02:00
Jérémy Lecour
266ac7fc07
evoacme: create important directories
2017-10-19 11:07:45 +02:00
Jérémy Lecour
e47371f347
Use bash, for proper readonly/local support
...
"readonly" is a safety bonus, but "local" is really important
not to overwrite variables from functions.
2017-10-19 11:05:54 +02:00
Jérémy Lecour
4d3ed7ed97
evoacme: remove a debug statement
2017-10-19 07:59:55 +02:00
Gregory Colpart
34365a145c
Typo: rename script
2017-10-19 01:39:08 +02:00
Jérémy Lecour
95e16287c8
Extract hook scripts for Apache and Nginx
2017-10-18 22:48:22 +02:00
Victor LABORIE
97e4abb37c
fail2ban: add wordpress filters
2017-10-18 15:44:20 +02:00
Victor LABORIE
938aaa4ec1
wordpress: install wp-fail2ban plugin by default
2017-10-18 14:24:44 +02:00
Jérémy Lecour
d8960e2afa
simplify CSR generation
2017-10-18 00:44:04 +02:00
Jérémy Lecour
cd8ea40336
readability and whitespaces
2017-10-18 00:43:33 +02:00
Jérémy Lecour
232648a9b0
readlink -> realpath
...
better portability on BSD systems
2017-10-18 00:42:15 +02:00
Jérémy Lecour
21f698b62c
chmod 700 /etc/evolinux
2017-10-17 18:08:18 +02:00
Jérémy Lecour
b7cede7654
Don't add the trap if it is present or commented
2017-10-17 18:07:51 +02:00
Jérémy Lecour
beff333a1a
Evoacme: big refactoring
...
* debug messages are sent to stdout
* domains discovery from vhosts is extracted to "vhost-domains"
* fixes suggested by shellcheck
* variables are "local" or "readonly" wherever possible
2017-10-17 14:46:37 +02:00
Victor LABORIE
c5844fa193
wordpress: fix summary mail
2017-10-17 11:18:02 +02:00
Victor LABORIE
8f9151c66e
wordpress: don't use special caracter in admin password
2017-10-17 11:01:53 +02:00
Victor LABORIE
35f1ec91d8
wordpress: configure site before update it
2017-10-17 11:01:53 +02:00
Jérémy Lecour
71cd04029c
Insert "Match User" if missing (Jessie only)
2017-10-17 10:28:49 +02:00
Jérémy Lecour
b4e4b14fc6
Invert SSH Match User directives
2017-10-17 10:28:48 +02:00
Victor LABORIE
104a5c962e
wordpress: refactoring into role
2017-10-17 10:24:19 +02:00
Victor LABORIE
3b4bf6d13a
php: fix right on custom conf files
2017-10-16 17:46:55 +02:00
Jérémy Lecour
1941f9a3f9
evoacme: improve webserver config logic
2017-10-13 17:14:03 +02:00
Jérémy Lecour
2066a79f2e
evoacme: exit after certbot in dry-run mode
2017-10-13 17:13:14 +02:00
Jérémy Lecour
350abe5787
evoacme: invert test logic
2017-10-13 14:05:05 +02:00
Jérémy Lecour
baa5eae784
evoacme: add many tests
2017-10-13 12:46:40 +02:00
Jérémy Lecour
1c5e5e965b
evoacme: fix typo
2017-10-13 12:32:16 +02:00
Jérémy Lecour
06a3965fde
whitespaces
2017-10-13 12:30:34 +02:00
Jérémy Lecour
31a19114e5
evoacme: readability of tests
...
change from :
"what I don't want" && error
to :
"what I want" || error
2017-10-13 12:30:24 +02:00
Jérémy Lecour
9bccbd9496
evoacme: check for readability, not just presence
2017-10-13 12:28:44 +02:00
Jérémy Lecour
3c283d2bb4
evoacme: execute evoacme in cron mode
2017-10-13 12:09:12 +02:00
Jérémy Lecour
0022071462
evoacme: add tests to fail with proper messages
2017-10-13 12:08:47 +02:00
Jérémy Lecour
e11958d101
evoacme: fix web servers config check
2017-10-13 11:18:37 +02:00
Jérémy Lecour
6d6d0760cd
evoacme: sed cert path after cert creation
2017-10-13 11:18:15 +02:00
Jérémy Lecour
88600039d3
evoacme: daily iterations are not enough
2017-10-13 11:17:32 +02:00
Jérémy Lecour
5e71da94d3
evoacme: fix typo
2017-10-13 11:16:46 +02:00
Jérémy Lecour
bced7561c9
make-csr: extract a few functions
2017-10-13 11:16:21 +02:00
Jérémy Lecour
fb0c22dfd1
evoacme: refactoring for make-csr
...
inspired from recent refactoring or evoacme itself
2017-10-13 00:47:02 +02:00
Jérémy Lecour
9fccd7e682
evoacme: improve variables
2017-10-12 18:22:43 +02:00
Jérémy Lecour
65ccc2c0b5
evoacme: use env variables for execution modes
2017-10-12 18:22:06 +02:00
Jérémy Lecour
30434a70d8
evoacme: csr verification is a different function call
2017-10-12 18:20:49 +02:00
Jérémy Lecour
118a9759af
evoacme: change function name to be more specific
2017-10-12 18:19:53 +02:00
Jérémy Lecour
3c61484448
evoacme: don't allow uninitialized variables
2017-10-12 18:19:09 +02:00
Victor LABORIE
5e9795435b
nginx: fix ip filtering in default vhost
2017-10-12 15:38:07 +02:00
Jérémy Lecour
0d0c21f908
Evoacme: refactoring
...
* add a lot of variables, to reduce possible typos
* add a lot of debug statements
* add many comments and line breaks for readability
* extract functions for complex openssl commands
* explode the big certbot command into multiple lines
* allow certbot to make test certs (for API query limits)
* allow certbot to run in "dry run" mode
* regroup some lines together when they do related things
2017-10-12 00:29:21 +02:00
Jérémy Lecour
1091dfeeed
evolinux-users: Handle "PermitRootLogin prohibit-password"
2017-10-11 22:17:52 +02:00
Victor LABORIE
1c244f556b
evoacme: better apache/nginx reload
2017-10-11 18:50:20 +02:00
Victor LABORIE
2dbdfb6600
evoacme: add error and debug function
2017-10-11 18:50:19 +02:00
Jérémy Lecour
9527aff68a
apache/nginx: remove compatibility mode
2017-10-11 18:13:15 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Jérémy Lecour
8518902ec9
Elasticsearch-head: no need to have a shell
2017-10-11 17:58:59 +02:00
Ludovic Poujol
745c45f88d
Fix remount_usr_rw/yml
2017-10-11 17:58:18 +02:00
Jérémy Lecour
4bc7635502
Include generate-ldif in evolinux-base
2017-10-11 13:10:15 +02:00
Jérémy Lecour
cca3b2921f
Public role for "generate-ldif"
2017-10-11 13:10:15 +02:00
Jérémy Lecour
20e8a852fa
Handle "PermitRootLogin prohibit-password"
2017-10-10 23:50:14 +02:00
Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
707aabb404
evolinux-base : remove root from AllowUsers directive
...
when disabling root login, also remove it from AllowUsers if present
2017-10-10 22:00:28 +02:00
Jérémy Lecour
79e57b7787
evolinux-base: don't disable root ssh by default
2017-10-10 21:58:03 +02:00
Jérémy Lecour
bf2cd96793
evolinux-users must not be included as is
...
There is a major problem with memory consumption, probably a leak,
when the role is included.
If it is played in the playbook, the whole run takes ~200 MB.
If it is played as an included role, the run takes 2.4GB.
2017-10-10 20:52:49 +02:00
Jérémy Lecour
e09a6ace31
evolinux-base: use apt role for all APT configuration
2017-10-10 16:35:23 +02:00
Jérémy Lecour
fae9cd9208
extract APT configuration into apt role
2017-10-10 16:34:53 +02:00
Jérémy Lecour
517c0e672b
Nginx: completely rename ipaddr_whitelist
2017-10-10 09:57:29 +02:00
Jérémy Lecour
2a95325dc6
systemd unit for elasticsearch-head
2017-10-09 17:45:51 +02:00
Jérémy Lecour
9af98e7ebe
ES/head: use https to clone the repository
2017-10-09 16:36:03 +02:00
Jérémy Lecour
ae745d89ff
Nginx: don't overwrite the default vhost
2017-10-09 16:35:38 +02:00
Jérémy Lecour
9798022192
Nginx: fix ipaddr_whitelist path
2017-10-09 16:13:26 +02:00
Jérémy Lecour
9fe76d40da
Let's keep the currently deployed line
2017-10-09 15:57:38 +02:00
Ludovic Poujol
1e68bcb2fc
Nginx: fix missing double quote
2017-10-09 11:56:34 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
3d22cbf927
java8: we only need the headless variant
2017-10-08 22:33:49 +02:00
Jérémy Lecour
c4ca8c3764
cleanup with dependencies on java8
2017-10-08 22:31:22 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
97b0225232
Minifirewall can deal with evomaintenance
...
Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
2017-10-08 00:00:24 +02:00
Jérémy Lecour
98c5619721
minifirewall: install dependencies in install.yml
2017-10-08 00:00:24 +02:00
Jérémy Lecour
64080ead23
evoadmin-web: document root should belong to group too
2017-10-07 23:05:20 +02:00
Jérémy Lecour
2a8e571f04
evoadmin-web: clarify ansible code
2017-10-07 23:04:47 +02:00
Jérémy Lecour
2480088f8b
Change DIR_MODE only if adduser.conf is pristine
2017-10-07 22:59:06 +02:00
Jérémy Lecour
ccaecf690c
proftpd: don't overwrite z-evolinux.conf
2017-10-07 22:57:30 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
c4bdd88e27
evoadmin-web: stay privileged
...
Becoming an unprivilegied user is problemetic for Ansible.
We continue being root, but change the permissions on created files.
2017-10-07 21:48:00 +02:00
Jérémy Lecour
89fe1561b8
evoadmin-web depends on proftpd
2017-10-07 21:45:46 +02:00
Jérémy Lecour
3a34a78045
evoadmin-web: remove a trailing /
2017-10-07 21:43:36 +02:00
Jérémy Lecour
8e86429ea4
proftpd: enforce permissions on password file
2017-10-07 21:43:05 +02:00
Jérémy Lecour
3e12be6a0c
poftpd is compatible with stretch
2017-10-07 21:42:33 +02:00
Jérémy Lecour
c4e61a18d4
evolinux-base includes a few external roles
...
* minifirewall
* munin
* nagios-nrpe
* fail2ban
* listupgrade
2017-10-07 18:13:52 +02:00
Jérémy Lecour
dba77f3bbc
packweb-apache: dependency on squid and mysql
2017-10-07 18:12:28 +02:00
Jérémy Lecour
adade8ae3c
formatting
2017-10-07 17:54:25 +02:00
Jérémy Lecour
e7e9f9e125
Apache/Nginx: use ipaddr_whitelist
2017-10-07 13:48:04 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
382d545d0d
evolinux-base: fix netextreme device detection
2017-10-07 13:12:03 +02:00
Jérémy Lecour
0e9fab48f5
apache: fix ipaddr_whitelist path
2017-10-07 13:12:03 +02:00
Jérémy Lecour
be84ab434e
apache: install save_apache_status.sh
2017-10-07 13:12:01 +02:00
Jérémy Lecour
2395777194
apache: no need for server status suffix anymore
...
The location is restricted, so we don't need to obfuscate
2017-10-07 13:11:25 +02:00
Jérémy Lecour
ddeb39b886
apache: phpmyadmin is not managed here anymore
2017-10-07 13:03:43 +02:00
Jérémy Lecour
dc3b735445
apache: cleanup munin tasks
2017-10-07 11:54:31 +02:00
Jérémy Lecour
1776b4bc24
Apache: improve munin integration
...
* ansible syntax
* remove duplicate tasks
* improve tasks names
2017-10-07 11:17:02 +02:00
Jérémy Lecour
3d7a544820
minifirewall: restore default ports
...
Copied from
https://forge.evolix.org/projects/minifirewall/repository/revisions/master/entry/minifirewall.conf
2017-10-07 10:59:22 +02:00
Benoît S.
9a93e8d449
Merge remote-tracking branch 'origin/unstable' into unstable
2017-10-06 15:45:09 +02:00
Benoît S.
50cba28f7b
Merge branch 'apache-munin' into unstable
2017-10-06 15:42:45 +02:00
Jérémy Lecour
7f4eb747de
change alert5 only for buster
2017-10-06 15:27:22 +02:00
Jérémy Lecour
ed17676432
A real systemd unit for alert5
2017-10-06 15:27:22 +02:00
Jérémy Lecour
fedbc5b579
evolinux-users: no need to repeat condition
2017-10-06 12:05:07 +02:00
Jérémy Lecour
2b253e075c
Users can be added to secondary groups
2017-10-06 01:06:59 +02:00
Jérémy Lecour
f759b849a5
evolinux-users: install many ssh keys if needed
2017-10-06 01:06:59 +02:00
Jérémy Lecour
ef93d56799
evolinux-base: better task name for postfix
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour
116f086b86
drbd: cleanup readme
2017-10-06 01:06:59 +02:00
Jérémy Lecour
b180ca432b
apt: remove a debug task
2017-10-06 01:06:59 +02:00
Jérémy Lecour
24948cf4fa
proftpd: blank vpasswd if missing
2017-10-05 18:46:40 +02:00
Ludovic Poujol
713ca3fbf4
Merge branch 'redis-lpoujol' into unstable
2017-10-05 11:51:02 +02:00
Jérémy Lecour
be32fd9a23
Remove useless comments
2017-10-05 00:29:14 +02:00
Jérémy Lecour
622698fb99
Don't disable root access by default
...
It will be caught by evocheck if we forget to disable it
but will prevent locking ourselves out if we don't create users
2017-10-05 00:29:14 +02:00
Jérémy Lecour
ee80235e14
evolinux-base: etc-git is included after apt customization
...
APT sources must be customized before installing any package
2017-10-04 23:32:27 +02:00
Jérémy Lecour
f050608596
evolinux-base/meta: compatible with stretch
2017-10-04 23:31:29 +02:00
Jérémy Lecour
d35068cf11
postgresql: forgotten files, sorry
2017-10-04 17:20:33 +02:00
Jérémy Lecour
3f350e7955
nagios: don't overwrite the config file
2017-10-04 17:19:49 +02:00
Jérémy Lecour
72c1bb4834
postgresql: version 9.6 by default
...
For Jessie we use external repositories
For Stretch we install from Debian repositories
2017-10-04 14:54:46 +02:00
Jérémy Lecour
5ffc94281f
evolinux-base: parse fstab with better regex
...
The fstab file usually has fields separated by spaces
but sometimes they are separated by tabs.
2017-10-04 14:31:01 +02:00
Gregory Colpart
46c1cbd1a4
update title
2017-10-03 23:45:17 +02:00
Ludovic Poujol
27e4512e50
Redis: Ensure that we do not modify munin-node config if there is multiple redis config blocs
2017-10-03 10:21:13 +02:00
Gregory Colpart
3e92696556
Improve evoacme, mainly evoacme.sh script
2017-10-03 00:02:19 +02:00
Ludovic Poujol
36419c5b3c
Redis: Set pasword variable as NULL instead of ''
2017-10-02 17:13:10 +02:00
Gregory Colpart
c61c2c86e2
Merge branch 'unstable' (commit 3acd997eca
) into stable
2017-10-02 15:35:35 +02:00
Gregory Colpart
31a8aa0a32
update tasks description.
2017-10-02 15:33:10 +02:00
Benoît S.
7d5ecc3685
Merge branch 'bash-completion' into 'unstable'
...
Bash completion
See merge request !9
2017-10-02 11:30:05 +02:00
Benoît S.
b6775bda65
Merge branch 'evoadmin-web-bad-mail-template' into 'unstable'
...
Sed keyword missing
Closes #2
See merge request !11
2017-10-02 11:27:49 +02:00
Benoît S.
2cba10ea27
Merge branch 'php-71' into 'unstable'
...
Add support for PHP 7.1 using sury repository.
See merge request !10
2017-10-02 11:24:57 +02:00
Victor LABORIE
3acd997eca
varnish: fix systemd unit override
2017-10-02 11:10:08 +02:00
Romain Dessort
a82de720a9
Clean override of docker systemd unit
...
This hack is still unfortunately needed in stretch…
2017-09-29 09:31:52 -04:00
Romain Dessort
203def3b64
Don't upgrade docker packages if already installed
2017-09-29 09:31:45 -04:00
Romain Dessort
3409f87125
New variable for docker home
...
It is set to /srv/docker by default since shellpki requires exec option
on the partition, making the playbook failed otherwise.
2017-09-29 09:27:35 -04:00
Jérémy Lecour
9f9894344d
etc-git: scope=local is not always supported
...
git version 1.7.2.5 (Debian 7) doesn't have "--local" scope
2017-09-29 12:01:06 +02:00
Gregory Colpart
458a199f1e
For GANDI installs, remove useless (and nasty) sources.list.d/*.list files
2017-09-29 01:43:54 +02:00
Gregory Colpart
b4130797cb
ensure iptables is installed
2017-09-29 01:43:31 +02:00
Gregory Colpart
b5b46e707c
Quick fix to avoid failure when you are in root without su/sudo
2017-09-29 01:42:38 +02:00
Ludovic Poujol
43d2de5da7
Redis: Fix error in the conditional inclusion of nrpe_stretch.yml
2017-09-28 18:03:26 +02:00
Ludovic Poujol
c12559193a
Redis: Add the possibility to set an instance password
2017-09-28 15:02:29 +02:00
Gregory Colpart
b64073dd39
quick fix to avoid exit 1
2017-09-28 11:10:25 +02:00
Ludovic Poujol
eab2c3946a
Redis: On stretch, make sure nrpe will use check_redis instead of check_tcp
...
check_redis was added in nagios-plugins-contrib in strech.
2017-09-27 18:41:21 +02:00
Ludovic Poujol
7fa2dcbb28
Redis: Also install redis-tools
2017-09-27 17:57:02 +02:00
Romain Dessort
4d6cbb52cd
Add Amazon EC2 role
...
This role is intended to setup and start EC2 instances, before Evolinux
roles.
2017-09-26 17:32:47 -04:00
Gregory Colpart
30c47fcd50
A lot of improvments: add comments, add tests/tests/tests, add --cron option, drop HAProxy support, modify Apache/Nginx conf only first time
2017-09-21 03:50:24 +02:00
Gregory Colpart
7ea5982611
empty commit, only :retab
2017-09-21 03:48:24 +02:00
Gregory Colpart
81698d03de
by default copy use files/ directory
2017-09-21 03:48:17 +02:00
Gregory Colpart
26d823174f
use {{ evoacme_crt_dir }} var everywhere
2017-09-21 03:48:11 +02:00
Gregory Colpart
a006a604f2
Rename /etc/cron.d/certbot to .disabled as written in https://wiki.evolix.org/HowtoLetsEncrypt
2017-09-21 03:48:05 +02:00
Gregory Colpart
cdf0861821
More clear without include for determining apache/nginx presence
2017-09-21 03:47:57 +02:00
Benoît S.
c1b719f16a
Merge branch 'unstable' into 'bash-completion'
...
# Conflicts:
# evolinux-base/tasks/packages.yml
2017-09-20 15:56:45 +02:00
Benoît S.
4045195495
Sed keyword missing
...
Fix #2
Sed keyword SERVERNAME was replaced with ansible variables which is incorrect.
2017-09-20 15:36:48 +02:00
Benoît S.
7419937196
Force pining to php*
...
Why? Because we have some meta-packages like php which redirect to php7.0 or
php7.1. With this, all php packages will be 7.1 (default from sury).
2017-09-20 15:06:15 +02:00
Benoît S.
e2ed9e4be8
Add preferences file to pin php7.1 packages
2017-09-20 14:33:22 +02:00
Benoît S.
cbe40162d9
Remove useless apt update handler
2017-09-20 14:19:30 +02:00
Benoît S.
21f85e4e84
Use apt_repository and rename source list to sury.list
2017-09-20 14:17:02 +02:00
Jérémy Lecour
95c34c5d88
MySQL: "REPLICATION CLIENT" privilege for nrpe
2017-09-20 11:33:27 +02:00
Benoît S.
fa55761714
Add support for PHP 7.1 using sury repository.
...
See the documentation: https://wiki.evolix.org/HowtoPHP#php-7.1-avec-deb.sury.org
2017-09-20 11:29:54 +02:00
Jérémy Lecour
248f550a7f
Squid: restart minifirewall if needed
2017-09-20 10:30:24 +02:00
Victor LABORIE
c430fa3485
php: install php5/php package after fpm/libapache2-mod-php
...
Because apt dependency always install libapache2-mod-php
if neither is present
2017-09-19 10:29:57 +02:00
Jérémy Lecour
a9278c0d70
haproxy: add a Nagios check
2017-09-19 09:37:38 +02:00
Benoît S.
f5c8d56b6a
Wrong register name fixed
2017-07-20 09:40:45 +02:00
Benoît S.
5ed119eb38
Missing path and tags for a task
2017-07-20 09:38:39 +02:00
Benoît S.
1f87d38320
Be sure to enable libapache2-mod-fcgid
2017-07-20 09:38:05 +02:00
Benoît S.
c2f6708645
Better minimalist config in the vhost
...
Also install mandatory package libcgi-fast-perl.
2017-07-20 09:33:22 +02:00
Jérémy Lecour
3e1a600fd5
apache: enable Munin plugins and CGI mode
2017-07-19 18:25:28 +02:00
Benoît S.
effbfc3189
Be sure to have the bash-completion package
...
It is very handy to have this package to have completion of commands like
systemctl.
2017-07-06 11:58:48 +02:00