EvoBSD is a set of Ansible playbooks and roles providing a customisation of the OpenBSD operating system used by Evolix.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
EvoBSD/CHANGELOG

189 lines
6.4 KiB

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- base: set the title of the terminal when connecting to a server
- base: import dump-server-state.sh script
- post-install: add a version number to motd-carp-state.sh
- nagios-nrpe: add a check dhcp_pool
- collectd: add dhcp_pool.pl script
- base: add a "next_part" before executing evobackup in daily.local file
- base: add update-evobackup-canary script
- base: session timeout is configurable
- add a update-utils.yml playbook to update scripts
- base: use a variable to define ntpd server
- base: add entry in doas.conf for sd0 in case we have a hard raid
- base: add munin files in newsyslog.conf by default
- nagios-nrpe: add some information in check_connections_state.sh check
### Changed
- accounts: use "evobsd_internal_group" for SSH authentication
- evocheck: imported version 22.03
- base: zzz_evobackup upstream release 22.03
- etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
- etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible
- etc-git: add versioning for /usr/share/scripts
- nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
- evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
- pf: reorder some rules, more details on some comments
- update of tags for each tasks and ease the update of scripts
- evocheck: execute evocheck without --cron the first of the month
- etc-git: chmod 600 for local periodic files (daily, weekly, monthly)
- base: loop over fstab entries instead of copying the same task for each entries
- etc-git: do not erase custom entries of servers in .gitignore files
- nagios-nrpe: check_disk1 returns only alerts
- base: do not erase custom configuration of servers in doas.conf
- base: vmd and pass are not used in our infrastructure, deletion of autocompletion
- nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore
- base: export evomaintenance and evobackup tasks into their own roles
### Fixed
- base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history
- nagios-nrpe: handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh
- post-install: improve management of ldif file for ldap
- post-install: ignore errors from syspatch
### Removed
- openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
## [21.12] - 2021-12-17
### Changed
- Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
- Use vim as default git editor
- Change version pattern and fix release scheme
### Added
- Add a bioctl NRPE check for RAID devices
## [6.9.2] - 2021-10-15
### Added
- Add a more complete ipsecctl check script
- Add doas configuration for check_openvpn_certificates.sh
### Fixed
- Fix check_dhcpd for dhcpd server themselves: use back check_procs -c1: -C dhcpd
- Fix check_mailq: check from monitoring-plugins current version is not compatible with opensmtpd
## [6.9.1] - 2021-07-19
### Added
- Configure the ntpd.conf file
## [6.9.0] - 2021-05-06
### Changed
- Remove the variable VERBOSESTATUS in daily.local configuration file since it is no longer valid.
## [6.8.3] - 2021-02-15
### Added
- Add a customization of the logsentry configuration
- Add a check_openvpn_certificates in NRPE and OpenVPN role to check expiration date of server CA and certificates files
### Fixed
- Fix the check_mem command in the NRPE role, precising the percentage sign for it not to check the memory in MB.
- Fix the check_mem script in the NRPE role, adding cached RAM as free RAM
- Fix motd-carp-state.sh by updating the OpenBSD release in our customized motd after an upgrade
### Changed
- The PF role now use a variable for trusted IPs
## [6.8.2] - 2020-10-30
### Added
- Add a Logsentry role
## [6.8.1] - 2020-10-26
### Fixed
- Fix a task using a register where simple quotes prevented the register to be properly filled, breaking the following task
## [6.8.0] - 2020-10-23
### Added
- Add a PF tag to be able to skip that part when rerunning EvoBSD
- Add a doas authorization for NRPE check_ipsecctl_critiques
### Changed
- The task mail.yml replace the former boot/reboot message only if it is untouched
- Replace the variable used to set the email address in etc-git role - now using inventory_hostname
- Not checking syspatch when OpenBSD <= 6.1
- Amend fstab file adding noatime option to each entrie
- Import evocheck v.6.7.7
- Comment NRPE checks that cannot be used as is
### Fixed
- Add the creation of the NRPE plugins directory in nagios-nrpe role
- Add collectd doas rights in the base role to avoid broking anything if EvoBSD is rerun without the collectd role included
- Do not add the motd cron if the same line is already there but uncommented
- Amend fstab entries only when the filesystem is ffs
## [6.7.2] - 2020-10-13
### Added
- Now handling deletion of evobackup crontab (replaced by daily.local cron)
- Customize fstab with noexec and softdep
- Collectd role
### Changed
- Improve rc.local file configuration
- Update evocheck to version 6.7.5
- Hide default daily output mail content (VERBOSESTATUS=0)
- Add deletion of old log files in the OSPF role
### Fixed
- Fix duplicate evobackup cron if the entry is uncommented in daily.local
## [6.7.1] - 2020-09-10
### Added
- Add completions functions in root's profile dotfile
- Add check_connections_state.sh NRPE plugin
- Add an evocheck role
- Add stricter ssh and doas access
- Add an openvpn role
- Add an OpenBGPd NRPE plugin
- Add ospf and bgp roles
- Add an unbound NRPE check since it is part of the base system
- Add a motd-carp-state.sh script that checks the carp state and generates the /etc/motd file
### Changed
- Disable sndiod since it is not required on serveurs
- Replace sudo with doas for script executions
- Update evomaintenance version to 0.6.3
- Disable mouse function in vim configuration
- Drop openup since syspatch can apply stable patches now
- Update evobackup script
- Rewrite newsyslog configuration
- Drop postgresql-client package since evomaintenance use an API now