Jérémy Dubois
70ab0c80de
So that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
240 lines
10 KiB
Plaintext
240 lines
10 KiB
Plaintext
# Changelog
|
|
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
|
## [Unreleased]
|
|
|
|
### Added
|
|
|
|
* base: set the title of the terminal when connecting to a server
|
|
* base: import dump-server-state.sh script
|
|
* post-install: add a version number to motd-carp-state.sh
|
|
* nagios-nrpe: add a check dhcp_pool
|
|
* collectd: add dhcp_pool.pl script
|
|
* base: add a "next_part" before executing evobackup in daily.local file
|
|
* base: add update-evobackup-canary script
|
|
* base: session timeout is configurable
|
|
* add a update-utils.yml playbook to update scripts
|
|
* base: use a variable to define ntpd server
|
|
* base: add entry in doas.conf for sd0 in case we have a hard raid
|
|
* base: add munin files in newsyslog.conf by default
|
|
* nagios-nrpe: add some information in check_connections_state.sh check
|
|
* ospf: precise in the readme file that no daemon is configured/activated
|
|
* logsentry: delete unused default file that we put in /usr/share/scripts
|
|
* base: set the lookup option so that resolv.conf searches /etc/hosts before querying a domain name server; the default is the opposite
|
|
* post-install: add the pf_states check by default in generateldif.sh script
|
|
* nagios-nrpe: allow older cipher suites for older Icinga version
|
|
* evobackup: execute canary script before executing backup script
|
|
* accounts: create only users who have a certain value for the `create` key (default: `always`)
|
|
* nagios-nrpe: add the ipmi_sensor check
|
|
* base: doas configuration for ipmi_sensor NRPE check
|
|
* base: deactivate insults in sudo
|
|
* base: added handlers for entries in fstab
|
|
* forwarding: added tags to distinguish IPv4 from IPv6
|
|
* accounts: add a "users" tag so that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
|
|
|
|
### Changed
|
|
|
|
* accounts: use "evobsd_internal_group" for SSH authentication
|
|
* base: zzz_evobackup upstream release 22.03
|
|
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
|
|
* etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible
|
|
* etc-git: add versioning for /usr/share/scripts
|
|
* nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
|
|
* evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
|
|
* pf: reorder some rules, more details on some comments
|
|
* update of tags for each tasks and ease the update of scripts
|
|
* evocheck: execute evocheck without --cron the first of the month
|
|
* etc-git: chmod 600 for local periodic files (daily, weekly, monthly)
|
|
* base: loop over fstab entries instead of copying the same task for each entries
|
|
* etc-git: do not erase custom entries of servers in .gitignore files
|
|
* nagios-nrpe: check_disk1 returns only alerts
|
|
* base: do not erase custom configuration of servers in doas.conf
|
|
* base: vmd and pass are not used in our infrastructure, deletion of autocompletion
|
|
* nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore
|
|
* base: export evomaintenance and evobackup tasks into their own roles
|
|
* nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh
|
|
* base: use a variable for /etc/installurl content
|
|
* base: use "servers" option instead of "server" option for ntpd.conf
|
|
* base: fstab options can be activated or not
|
|
* base: configure "/usr/X11R6" and "/usr/local" for servers that have a mount on it
|
|
* base: we can chose to deploy or not utils files
|
|
* base: reordering default variable file and deleting unused one
|
|
* base: use a template for ntp configuration to ease the management of the different cases
|
|
* logsentry: update config files, add "[logsentry]" in subject, and simplify task
|
|
* nagios-nrpe: deleted unused variables and added a ntp check server variable
|
|
* post-install: use basename of path in generateldif.sh to define file from elsewhere
|
|
* bgp, collectd, logsentry, ospf: update scripts
|
|
* collectd: improve dns_stats.sh script for more metrics
|
|
* ospf: do not repeat use of command, use variable instead with output of command
|
|
* nagios-nrpe: changed check_load to make it more relevant
|
|
* nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
|
|
* evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash
|
|
* base: install bash, now needed for zzz_evobackup script
|
|
* post-install: execute motd-carp-state.sh every 10 minuts
|
|
* collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
|
|
* base: install ncdu and htop often used as diagnostic tools
|
|
* base: dump-server-state.sh upstream release 24.01
|
|
* evocheck: upstream release 23.06
|
|
* base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
|
|
* etc-git: add versioning for /var/unbound/etc
|
|
* base: ignore errors on packages installation because it fails for some packages when run in check mode
|
|
* evomaintenance: upstream release 23.10.1
|
|
* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
|
|
* base: configure "/var/log" for servers that have a mount on it
|
|
* nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
|
|
|
|
### Fixed
|
|
|
|
* base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history
|
|
* nagios-nrpe: handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh
|
|
* post-install: improve management of ldif file for ldap
|
|
* post-install: ignore errors from syspatch
|
|
* nagios-nrpe: grep in check_ipsecctl_critiques.sh was too large
|
|
* post-install: fix missing space in generateldif.sh script
|
|
* logsentry: fix variables for configuration files
|
|
* nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
|
|
* accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
|
|
* collectd: fix rights for collectd directory
|
|
|
|
### Removed
|
|
|
|
* openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo
|
|
* base: doas is used for evomaintenance, not sudo ; wheel group mustn't be sudo because we use the evolinux-sudo group
|
|
* base: doas configuration for _collectd user is managed in collectd role, not needed to have it by default
|
|
|
|
## [21.12] - 2021-12-17
|
|
|
|
### Changed
|
|
|
|
* Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
|
|
* Use vim as default git editor
|
|
* Change version pattern and fix release scheme
|
|
|
|
### Added
|
|
|
|
* Add a bioctl NRPE check for RAID devices
|
|
|
|
## [6.9.2] - 2021-10-15
|
|
|
|
### Added
|
|
|
|
* Add a more complete ipsecctl check script
|
|
* Add doas configuration for check_openvpn_certificates.sh
|
|
|
|
### Fixed
|
|
|
|
* Fix check_dhcpd for dhcpd server themselves: use back check_procs -c1: -C dhcpd
|
|
* Fix check_mailq: check from monitoring-plugins current version is not compatible with opensmtpd
|
|
|
|
## [6.9.1] - 2021-07-19
|
|
|
|
### Added
|
|
|
|
* Configure the ntpd.conf file
|
|
|
|
## [6.9.0] - 2021-05-06
|
|
|
|
### Changed
|
|
|
|
* Remove the variable VERBOSESTATUS in daily.local configuration file since it is no longer valid.
|
|
|
|
## [6.8.3] - 2021-02-15
|
|
|
|
### Added
|
|
|
|
* Add a customization of the logsentry configuration
|
|
* Add a check_openvpn_certificates in NRPE and OpenVPN role to check expiration date of server CA and certificates files
|
|
|
|
### Fixed
|
|
|
|
* Fix the check_mem command in the NRPE role, precising the percentage sign for it not to check the memory in MB.
|
|
* Fix the check_mem script in the NRPE role, adding cached RAM as free RAM
|
|
* Fix motd-carp-state.sh by updating the OpenBSD release in our customized motd after an upgrade
|
|
|
|
### Changed
|
|
|
|
* The PF role now use a variable for trusted IPs
|
|
|
|
## [6.8.2] - 2020-10-30
|
|
|
|
### Added
|
|
|
|
* Add a Logsentry role
|
|
|
|
## [6.8.1] - 2020-10-26
|
|
|
|
### Fixed
|
|
|
|
* Fix a task using a register where simple quotes prevented the register to be properly filled, breaking the following task
|
|
|
|
## [6.8.0] - 2020-10-23
|
|
|
|
### Added
|
|
|
|
* Add a PF tag to be able to skip that part when rerunning EvoBSD
|
|
* Add a doas authorization for NRPE check_ipsecctl_critiques
|
|
|
|
### Changed
|
|
|
|
* The task mail.yml replace the former boot/reboot message only if it is untouched
|
|
* Replace the variable used to set the email address in etc-git role - now using inventory_hostname
|
|
* Not checking syspatch when OpenBSD <= 6.1
|
|
* Amend fstab file adding noatime option to each entrie
|
|
* Import evocheck v.6.7.7
|
|
* Comment NRPE checks that cannot be used as is
|
|
|
|
### Fixed
|
|
|
|
* Add the creation of the NRPE plugins directory in nagios-nrpe role
|
|
* Add collectd doas rights in the base role to avoid broking anything if EvoBSD is rerun without the collectd role included
|
|
* Do not add the motd cron if the same line is already there but uncommented
|
|
* Amend fstab entries only when the filesystem is ffs
|
|
|
|
## [6.7.2] - 2020-10-13
|
|
|
|
### Added
|
|
|
|
* Now handling deletion of evobackup crontab (replaced by daily.local cron)
|
|
* Customize fstab with noexec and softdep
|
|
* Collectd role
|
|
|
|
### Changed
|
|
|
|
* Improve rc.local file configuration
|
|
* Update evocheck to version 6.7.5
|
|
* Hide default daily output mail content (VERBOSESTATUS=0)
|
|
* Add deletion of old log files in the OSPF role
|
|
|
|
### Fixed
|
|
|
|
* Fix duplicate evobackup cron if the entry is uncommented in daily.local
|
|
|
|
## [6.7.1] - 2020-09-10
|
|
|
|
### Added
|
|
|
|
* Add completions functions in root's profile dotfile
|
|
* Add check_connections_state.sh NRPE plugin
|
|
* Add an evocheck role
|
|
* Add stricter ssh and doas access
|
|
* Add an openvpn role
|
|
* Add an OpenBGPd NRPE plugin
|
|
* Add ospf and bgp roles
|
|
* Add an unbound NRPE check since it is part of the base system
|
|
* Add a motd-carp-state.sh script that checks the carp state and generates the /etc/motd file
|
|
|
|
### Changed
|
|
|
|
* Disable sndiod since it is not required on serveurs
|
|
* Replace sudo with doas for script executions
|
|
* Update evomaintenance version to 0.6.3
|
|
* Disable mouse function in vim configuration
|
|
* Drop openup since syspatch can apply stable patches now
|
|
* Update evobackup script
|
|
* Rewrite newsyslog configuration
|
|
* Drop postgresql-client package since evomaintenance use an API now
|