Ansible roles by Evolix
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

CHANGELOG.md 27 KiB

2 years ago
2 years ago
6 months ago
2 months ago
3 months ago
3 months ago
3 months ago
3 months ago
6 months ago
6 months ago
6 months ago
1 year ago
9 months ago
1 year ago
11 months ago
9 months ago
9 months ago
9 months ago
1 year ago
1 year ago
9 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721
  1. # Changelog
  2. All notable changes to this project will be documented in this file.
  3. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
  4. This project does not follow semantic versioning.
  5. The **major** part of the version is aligned with the stable version of Debian.
  6. The **minor** part changes with big changes (probably incompatible).
  7. The **patch** part changes incrementally at each release.
  8. ## [Unreleased]
  9. ### Added
  10. ### Changed
  11. ### Fixed
  12. ### Removed
  13. ### Security
  14. ## [10.2.0] 2020-09-17
  15. ### Added
  16. * evoacme: remount /usr if necessary
  17. * evolinux-base: swappiness is customizable
  18. * evolinux-base: install wget
  19. * tomcat: root directory owner/group are configurable
  20. ### Changed
  21. * Change default public SSH/SFTP port from 2222 to 22222
  22. ### Fixed
  23. * certbot: an empty change shouldn't raise an exception
  24. * certbot: fix "no-self-upgrade" option
  25. ### Removed
  26. * evoacme: remove Debian 9 support
  27. ## [10.1.0] 2020-08-21
  28. ### Added
  29. * certbot: detect HAProxy cert directory
  30. * filebeat: allow using a template
  31. * generate-ldif: add NVMe disk support
  32. * haproxy: add deny_ips file to reject connections
  33. * haproxy: add some comments to default config
  34. * haproxy: enable stats frontend with access lists
  35. * haproxy: preconfigure SSL with defaults
  36. * lxc-php: Don't disable putenv() by default in PHP settings
  37. * lxc-php: Install php-sqlite by default
  38. * metricbeat: allow using a template
  39. * mysql: activate binary logs by specifying log_bin path
  40. * mysql: option to define as read only
  41. * mysql: specify a custom server_id
  42. * nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
  43. * nginx: make default vhost configurable
  44. * packweb-apache: Install zip & unzip by default
  45. * php: Don't disable putenv() by default in PHP settings
  46. * php: Install php-sqlite by default
  47. ### Changed
  48. * certbot: fix haproxy hook (ssl cert directory detection)
  49. * certbot: install certbot dependencies non-interactively for jessie
  50. * elasticsearch: configure cluster with seed hosts and initial masters
  51. * elasticsearch: set tmpdir before datadir
  52. * evoacme: read values from environment before defaults file
  53. * evoacme: update for new certbot role
  54. * evoacme: upstream release 20.08
  55. * haproxy: adapt backports installed package list to distibution
  56. * haproxy: chroot and socket path are configurable
  57. * haproxy: deport SSL tuning to Mozilla SSL generator
  58. * haproxy: rotate logs with date extension and immediate compression
  59. * haproxy: split stats variables
  60. * lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
  61. * mongodb: install custom munin plugins
  62. * nginx: read server-status values before changing the config
  63. * packweb-apache: Don't turn on mod-evasive emails by default
  64. * redis: create sudoers file if missing
  65. * redis: new syntax for match filter
  66. * redis: raise an error is port 6379 is used in "instance" mode
  67. ### Fixed
  68. * certbot: restore compatibility with old Nginx
  69. * evobackup-client: fixed the ssh connection test
  70. * generate-ldif: better detection of computerOS field
  71. * generate-ldif: skip some odd ethernet devices
  72. * lxc-php: Install opensmtpd as intended
  73. * mongodb: fix logrotate patterm on Debian buster
  74. * nagios-nrpe: check_amavis: updated regex
  75. * squid: better regex to match sa-update domains
  76. * varnish: fix start command when multiple addresses are present
  77. ## [10.0.0] - 2020-05-13
  78. ### Added
  79. * apache: the default VHost doesn't redirect to https for ".well-known" paths
  80. * apt: added buster backports prerferences
  81. * apt: check if cron is installed before adding a cron job
  82. * apt: remove jessie/buster sources from Gandi servers
  83. * apt: verify that /etc/evolinux is present
  84. * certbot : new role to install and configure certbot
  85. * etc-git: add versioning for /usr/share/scripts on Debian 10+
  86. * evoacme: upstream version 19.11
  87. * evolinux-base: default value for "evolinux_ssh_group"
  88. * evolinux-base: install /sbin/deny
  89. * evolinux-base: install Evocheck (default: `True`)
  90. * evolinux-base: on debian 10 and later, add noexec on /dev/shm
  91. * evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
  92. * evolinux-base: remove the chrony package
  93. * evomaintenance: don't configure firewall for database if not necessary
  94. * generate-ldif: support MariaDB 10.3
  95. * haproxy: add a variable to keep the existing configuration
  96. * java: add Java 11 as possible version to install
  97. * listupgrade: install old-kernel-autoremoval script
  98. * minifirewall: add a variable to force the check scripts update
  99. * mongodb: mongodb: compatibility with Debian 10
  100. * mysql-oracle: backport tasks from mysql role
  101. * networkd-to-ifconfig: add variables for configuration by variables
  102. * packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
  103. * php: variable to install the mysqlnd module instead of the default mysql module
  104. * postgresql : variable to install PostGIS (default: `False`)
  105. * redis: rewrite of the role (separate instances, better systemd units…)
  106. * webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
  107. * webapps/evoadmin-web Overload templates if needed
  108. * evolinux-base: install ssacli for HP Smart Array
  109. * evobackup-client role to configure a machine for backups with bkctld(8)
  110. * bind: enable query logging for recursive resolvers
  111. * bind: enable logrotate for recursive resolvers
  112. * bind: enable bind9 munin plugin for recursive resolvers
  113. ### Changed
  114. * replace version_compare() with version()s
  115. * removed some deprecations for Ansible 2.7
  116. * apache: improve permissions in save_apache_status script
  117. * apt: hold packages only if package is installed
  118. * bind: the munin task was present, but not included
  119. * bind: change name of logrotate file to bind9
  120. * certbot: commit hook must be executed at the end
  121. * elasticsearch: listen on local interface only by default
  122. * evocheck: upstream version 20.04.4
  123. * evocheck: cron jobs execute in verbose
  124. * evolinux-base: use "evolinux_internal_group" for SSH authentication
  125. * evolinux-base: Don't customize the logcheck recipient by default.
  126. * evolinux-base: configure cciss-vol-statusd in the proper file
  127. * evomaintenance: upstream release 0.6.3
  128. * evomaintenance: Turn on API by default (instead of DB)
  129. * evomaintenance: install PG dependencies only when needed
  130. * listupgrade: update from upstream
  131. * lxc: rely on lxc_container module instead of command module
  132. * lxc: remove useless loop in apt execution
  133. * lxc: update our default template to be compatible with Debian 10
  134. * lxc-php: refactor tasks for better maintainability
  135. * lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
  136. * lxc-solr: changed default Solr version to 8.4.1
  137. * minifirewall: better alert5 activation
  138. * minifirewall: no http filtering by default
  139. * minifirewall: /bin/true command doesn't report "changed" anymore
  140. * nagios-nrpe: update check_redis_instances (same as redis role)
  141. * nagios-nrpe: change default haproxy socket path
  142. * nagios-nrpe: check_mode per cpu dynamically
  143. * nodejs: change default version to 12 (new LTS)
  144. * packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
  145. * php: By default, allow 128M for OpCache (instead of 64M)
  146. * php: Don't set a chroot for the default fpm pool
  147. * php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
  148. * php: Change the default pool names to something more explicit (and same for the variables names)
  149. * php: Add a task to remove Debian's default FPM pool file (off by default)
  150. * php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
  151. * postgresql : changed logrotate config to 10 days (and fixed permissions)
  152. * rbenv: changed default Ruby version to 2.7.0
  153. * squid: Remove wait time when we turn off squid
  154. * squid: compatibility wit Debian 10
  155. * tomcat: package version derived from Debian version if missing
  156. * varnish: remove custom ExecReload= script for Debian 10+
  157. ### Fixed
  158. * etc-git: fix warnings ansible-lint
  159. * evoadmin-web: Put the php config at the right place for Buster
  160. * lxc: Don't stop the container if it already exists
  161. * lxc: Fix container existance check to be able to run in check_mode
  162. * lxc-php: Don't remove the default pool
  163. * minifirewall: fix warnings ansible-lint
  164. * nginx: fix munin fcgi not working (missing chmod 660 on logs)
  165. * php: add missing handler for php7.3-fpm
  166. * roundcube: fix typo for roundcube vhost
  167. * tomcat: fix typo for default tomcat_version
  168. * evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
  169. * certbot: Properly evaluate when apache is installed
  170. * evolinux-base: Don't make alert5.service executable as systemd will complain
  171. * webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
  172. * minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
  173. * minifirewall: Properly detect alert5.sh to turn on firewall at boot
  174. * packweb-apache: Add missing dependency to evoacme role
  175. * php: Chose the debian version repo archive for packages.sury.org
  176. * php: update surry_post.yml to match current latest PHP release
  177. * packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
  178. ### Removed
  179. * clamav : do not install the zoo package anymore
  180. ## [9.10.1] - 2019-06-21
  181. ### Changed
  182. * evocheck : update (version 19.06) from upstream
  183. ## [9.10.0] - 2019-06-21
  184. ### Added
  185. * apache: add server status suffix in VHost (and default site) if missing
  186. * apache: add a variable to customize the server-status host
  187. * apt: add a script to manage packages with "hold" mark
  188. * etc-git: gitignore /etc/letsencrypt/.certbot.lock
  189. * evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
  190. * evomaintenance: make hooks configurable
  191. * nginx: add server status suffix in VHost (and default site) if missing
  192. * redmine: enable gzip compression in nginx vhost
  193. ### Changed
  194. * evocheck : update (unreleased) from upstream
  195. * evomaintenance : use the web API instead of PG Insert
  196. * fluentd: store gpg key locally
  197. * rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
  198. * redmine: update default version to 4.0.3
  199. * nagios-nrpe: change required status code for http and https check
  200. * redmine: use custom errors-pages in Nginx vhost
  201. * nagios-nrpe: check_load is now based on ansible_processor_vcpus
  202. * php: Stop enforcing /var/www/html as chroot while we use /var/www
  203. * apt: Add Debian Buster repositories
  204. ### Fixed
  205. * rbenv: add check_mode for check rbenv and ruby versions
  206. * nagios-nrpe: fix redis_instances check when Redis port equal 0
  207. * redmine: fix 500 error on logging
  208. * evolinux-base: Validate sshd config with "-t" instead of "-T"
  209. * evolinux-base: Ensure rename is present
  210. * evolinux-users: Validate sshd config with "-t" instead of "-T"
  211. * nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
  212. ## [9.9.0] - 2019-04-16
  213. ### Added
  214. * etc-git: ignore evobackup/.keep-* files
  215. * lxc: /home is mounted in the container by default
  216. * nginx : add "x-frame-options: sameorigin" for Munin
  217. ### Changed
  218. * changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
  219. * apt: Ensure jessie-backport from archives.debian.org is accepted
  220. * apt: Remove jessie-update suite as it's no longer exists
  221. * apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
  222. * evocheck : update script from upstream
  223. * evolinux-base: remove apt-listchanges on Stretch and later
  224. * evomaintenance: embed version 0.5.0
  225. * opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
  226. * redis: higher limit of open files
  227. * redis: set variables on inclusion, not with set_facts
  228. * tomcat: better tomcat version management
  229. * webapps/evoadmin-web: add dbadmin.sh to sudoers file
  230. ### Fixed
  231. * spamassasin: fix sa-update.sh and ensure service is started and enabled
  232. * tomcat-instance: deploy correct version of config files
  233. * tomcat-instance: deploy correct version of server.xml
  234. ## [9.8.0] - 2019-01-31
  235. ### Added
  236. * filebeat: disable cloud_metadata processor by default
  237. * metricbeat: disable cloud_metadata processor by default
  238. * percona : new role to install Percona repositories and tools
  239. * redis: add variable for configure unixsocketperm
  240. ### Changed
  241. * redmine: refactoring of redmine role with use of rbenv
  242. ### Fixed
  243. * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
  244. ## [9.7.0] - 2019-01-17
  245. ### Added
  246. * apache: add Munin configuration for Apache server-status URL
  247. * evomaintenance: database variables must be set or the task fails
  248. * fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml
  249. * metricbeat: add a variable for the protocol to use with Elasticsearch
  250. * rbenv: add pkg-config to the list of packages to install
  251. * redis: Configure munin when working in instance mode
  252. * redis: add a variable for renamed/disabled commands
  253. * redis: add a variable to disable the restart handler
  254. * redis: add a variable to force a restart (even with no change)
  255. * proftpd: add FTPS and SFTP support
  256. ### Changed
  257. * redis: distinction between main and master password
  258. * evocheck: update evocheck.sh for source install
  259. * php: added php-zip in the installed package list for debian 9 (and later)
  260. * squid: added packagist.org in the whitelist
  261. * java: update Oracle java package to 8u192
  262. ### Fixed
  263. * fail2ban: fix "ignoreip" update
  264. * metricbeat: fix username/password replacement
  265. * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
  266. * nginx: Munin url config is now a template to insert the server-status prefix
  267. * nodejs: Update yarn repo GPG key (current key expired)
  268. * redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
  269. * redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
  270. ## [9.6.0] - 2018-12-04
  271. ### Added
  272. * evolinux-base: deploy custom motd if template are present
  273. * minifirewall: all variables are configurable (untouched by default)
  274. * minifirewall: main file is configurable
  275. * squid: minifirewall main file is configurable
  276. ### Changed
  277. * minifirewall: compare config before/after (for restart condition)
  278. * squid: better replacement in minifirewall config
  279. * evoadmin-mail: complete refactoring, use Debian Package
  280. ## [9.5.0] - 2018-11-14
  281. ### Added
  282. * apache: separate task to update IP whitelist
  283. * evolinux-base: install man package
  284. * evolinux-users: add newaliases handler
  285. * evomaintenance: FROM domain is configurable
  286. * fail2ban: separate task to update IP whitelist
  287. * nginx: add tag for ips management
  288. * nginx: separate task to update IP whitelist
  289. * postfix: enable SSL/TLS client
  290. * ssl: add an SSL role for certificates deployment
  291. * haproxy: add vars for tls configuration
  292. * mysql: logdir can be customized
  293. ### Changed
  294. * evocheck: update script from upstream
  295. * evomaintenance: update script from upstream
  296. * mysql: restart service if systemd unit has been patched
  297. ### Fixed
  298. * packweb-apache: mod-security config is already included elsewhere
  299. * redis: for permissions on log and lib directories
  300. * redis: fix shell for instance users
  301. * evoacme: fix error handling in sed_cert_path_for_(apache|nginx)
  302. ## [9.4.2] - 2018-10-12
  303. ### Added
  304. * evomaintenance: install dependencies manually when installing vendored version
  305. * nagios-nrpe: add an option to ignore servers in NOLB status
  306. ### Changed
  307. * haproxy: move check_haproxy_stats to nagios-nrpe role
  308. ### Fixed
  309. * evoacme: better error when apache2ctl fails
  310. * evomaintenance: fix role compatibility with OpenBSD
  311. * spamassassin: add missing right for amavis
  312. * amavis: fix output result checking
  313. ## [9.4.1] - 2018-09-28
  314. ### Added
  315. * redis: set masterauth when redis_password is defined
  316. * evomaintenance: variable to install a vendored version
  317. * evomaintenance: tasks/variables to handle minifirewall restarts
  318. ### Changed
  319. * mysql-oracle: better handle packages and users
  320. ## [9.4.0] - 2018-09-20
  321. ### Added
  322. * etc-git: manage a cron job to monitor uncommited changes in /etc/.git (default: `True`)
  323. * evolinux-base: better shell history
  324. * evolinux-users: add user to /etc/aliases
  325. * generate-ldif: add a section for postgresql
  326. * logstash: tmp directory can be customized
  327. * logstash: max memory is set to 512M by default
  328. * logstash: version 6.x is installed by default
  329. * mysql: add a variable to prevent mysql from restarting
  330. * networkd-to-ifconfig: add a role to switch from networkd to ifconfig
  331. * webapps/evoadmin-web: add users to /etc/aliases
  332. * redis: add support for multi instances
  333. * nagios-nrpe: add check_redis_instances
  334. ### Changed
  335. * dovecot: stronger TLS configuration
  336. ### Fixed
  337. * apache: cleaner way to overwrite the server status suffix
  338. * packweb-apache: don't regenerate phpMyAdmin suffix each time
  339. * nginx: cleaner way to overwrite the server status suffix
  340. * redis: add missing tags
  341. ## [9.3.2] - 2018-09-06
  342. ### Added
  343. * minifirewall: add a variable to disable the restart handler
  344. * minifirewall: add a variable to force a restart of the firewall (even with no change)
  345. * minifirewall: improve variables values and documentation
  346. ### Changed
  347. * dovecot: enable SSL/TLS by default with snakeoil certificate
  348. ### Fixed
  349. ### Security
  350. ## [9.3.1] - 2018-08-30
  351. ### Added
  352. * metricbeat: new variables to configure elasticsearch hosts and auth
  353. ## [9.3.0] - 2018-08-24
  354. ### Added
  355. * elasticsearch: tmpdir configuration compatible with 5.x also
  356. * elasticsearch: add http.publish_host variable
  357. * evoacme: disable old certbot cron also in cron.daily
  358. * evocheck: detect installed packages even if "held" by APT (manual fix)
  359. * evocheck: the crontab is updated by the role (default: `True`)
  360. * evolinux-base: add mail related aliases
  361. * evolinux-todo: new role, to help maintain a file of todo tasks
  362. * fail2ban: add a variable to disable the ssh filter (default: `False`)
  363. * etc-git: install a script to optimize the repository each month
  364. * fail2ban: add a variable to update the list of ignored IP addresses/blocs (default: `False`)
  365. * generate-ldif: detect installed packages even if "held" by APT
  366. * java: support for Oracle JRE
  367. * kibana: log messages go to /var/log/kibana/kibana.log
  368. * metricbeat: add a role (copied from filebeat)
  369. * munin: properly rename Munin cache directory
  370. * mysql: add an option to install the client development libraries (default: `False`)
  371. * mysql: add a few variables to customize the configuration
  372. * nagios-nrpe: add check_postgrey
  373. ### Changed
  374. * etc-git: some entries of .gitignore are mandatory
  375. * evocheck: update upstream script
  376. * evolinux-base: improve hostname configuration (real vs. internal)
  377. * evolinux-base: use the "evolinux-todo" role
  378. * evolinux-users: add sudo permission for bkctld check
  379. * java8: renamed to java (java8 symlinked to java for backward compatibility)
  380. * minifirewall: the tail file can be overwritten, or not (default: `True`)
  381. * nagios-nrpe: use bkctld internal check instead of nrpe plugin
  382. * php: reorganization of the role for Sury overrides and more clear configuration
  383. * redmine: use .my.cnf for mysql password
  384. * rbenv: change default Ruby version (2.5.1)
  385. * rbenv: switch from copy to lineinfile for default gems
  386. * remount-usr: mount doesn't report a change
  387. * squid: add a few news sites to the whitelist
  388. * tomcat: better nrpe check output
  389. * kvm-host: install kvm-tools package instead of copying add-vm.sh
  390. ### Fixed
  391. * apache: logrotate replacement is more subtle/precise. It replaces only the proper directive and not every occurence of the word.
  392. * bind: chroot-bind.sh must not be executed in check mode
  393. * evoacme: fix module detection in apache config
  394. * fail2ban: fix fail2ban_ignore_ips definition
  395. * mysql-oracle: fix configuration directory variable
  396. * php: fpm slowlog needs an absolute path
  397. * roundcube: add missing slash to https redirection
  398. ## [9.2.0] - 2018-05-16
  399. ### Changed
  400. * filebeat: install version 6.x by default
  401. * filebeat: cleanup unused code
  402. * squid: add some domaine and fix broken restrictions
  403. * elasticsearch: defaults to version 6.x
  404. ### Fixed
  405. * evolinux-users: secondary groups are comma-separated
  406. * ntpd: fix configuration (server and ACL)
  407. * varnish: don't fork the process on startup with systemd
  408. ## [9.1.9] - 2018-04-24
  409. ### Added
  410. ### Changed
  411. * apache: customize logrotate (52 weeks)
  412. * evolinux: groups for SSH configuration are used with Debian 10 and later
  413. * evolinux-base: fail2ban is not enabled by default
  414. * evolinux-users: refactoring of the SSH configuration
  415. * mysql-oracle: copy evolinux config files in mysql.cond.d
  416. * mysql/mysql-oracle: mysqltuner cron scripts is 0755
  417. * generate-ldif: add a minifirewall service when /etc/default/minifirewall exists
  418. ## [9.1.8] - 2018-04-16
  419. ### Changed
  420. * packweb-apache: use dependencies instead of include_role for apache and php roles
  421. ### Fixed
  422. * mysql: use check_mode for apg command (Fix --check)
  423. * mysql/mysql-oracle: properly reload systemd
  424. * packweb-apache: use check_mode for apg command (Fix --check)
  425. ## [9.1.7] - 2018-04-06
  426. ### Added
  427. * added a few become attributes where missing
  428. * etc-git: add tags for Ansible
  429. * evolinux-base: install ncurses-term package
  430. * haproxy: install Munin plugins
  431. * listupgrade: add service restart notification for Squid and libstdc++6
  432. * minifirewall: add "check_minifirewall" Nagios plugin (and `minifirewall_status` script)
  433. * mysql-oracle: new role to install MySQL 5.7 with Oracle packages
  434. * mysql: remount /usr before creating scripts directory
  435. * nagios-nrpe: add "check_open_files" plugin
  436. * nagios-nrpe: mark plugins as executable
  437. * nodejs: Yarn package manager can be installed (default: `false`)
  438. * packweb-apache: choose mysql variant (default: `debian`)
  439. * postfix: add lines in /etc/.gitignore
  440. * proftpd: use "proftpd_accounts" list to manage ftp accounts
  441. * redmine: added missing tags
  442. ### Changed
  443. * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`)
  444. * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`).
  445. * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues)
  446. * evolinux-users: split AllowGroups/AllowUsers modes for SSH directives
  447. * mongodb: allow unauthenticated packages for Jessie
  448. * mongodb: configuration is forced by default but it's configurable (default: `false`)
  449. * mongodb: rename logrotate script
  450. * nagios-nrpe: mark plugins as executable
  451. * nginx: don't debug variables in verbosity 0
  452. * nginx: package name can be specified (default: `nginx-full`)
  453. * php: fix FPM custom file permissions
  454. * php: more tasks notify FPM handler to restart if needed
  455. * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined
  456. ### Fixed
  457. * dovecot: fix support of plus sign
  458. * mysql/mysql-oracle: mysqltuner cron task is executable
  459. * nginx: fix basic auth for default vhost
  460. * rbenv: fix become user issue with copy tasks
  461. ## [9.1.6] - 2018-02-02
  462. ### Added
  463. * mongodb: install python-pymongo for monitoring
  464. * nagios-nrpe: allowed_hosts can be updated
  465. ### Changed
  466. * Changelog: explain the versioning scheme
  467. * Changelog: add a release date for 9.1.5
  468. * evoacme: exclude typical certbot directories
  469. ### Fixed
  470. * fail2ban: fix horrible typo, Python is not Ruby
  471. * nginx: fix servers status dirname
  472. ## [9.1.5] - 2018-01-18
  473. ### Added
  474. * There is a changelog!
  475. * redis: configuration variable for protected mode (v3.2+)
  476. * evolinux-users: users are in "adm" group for Debian 9 or later
  477. * evolinx-base: purge locate/mlocate packages
  478. * evolinx-base: create /etc/evolinux if missing
  479. * many Ansible tags for easier fine grained execution of playbooks
  480. * apache/nginx: server status suffix management
  481. * unbound: retrieve list of root DNS servers
  482. * redmine: ability to install themes and plugins
  483. ### Changed
  484. * rbenv: Ruby 2.5 becomes the default version
  485. * evocheck: update upstream version embedded in role (c993244)
  486. * bind: keep 52 weeks of logs
  487. ### Fixed
  488. * squid: different logrotate file for Jessie or Stretch+
  489. * evoacme: don't invoke evoacme if no vhost is found
  490. * evomaintenance: explicit quotes in config file
  491. * redmine: force xpath gem < 3.0.0
  492. ### Security
  493. * evomaintenance: fix permissions for config file
  494. ## [9.1.4] - 2017-12-20
  495. ### Added
  496. * php: install php5-intl (for Jessie) and php-intl (for Debian 9 or later)
  497. * mysql: add a check_mysql_slave in nrpe configuration
  498. * ldap: slapd tcp port is configurable
  499. * elasticsearch: broader patterns for log rotation
  500. ### Changed
  501. * split IP lists in 2 – default and additional – for easier customization.
  502. ### Fixed
  503. * minifirewall: allow outgoing SSH connections over IPv6
  504. * nodejs: rename source.list file
  505. ### Security
  506. * evoadmin-web: change config.local.php file permissions
  507. * evolinux-base: change default_www file permissions
  508. ## [9.1.3] 2017-12-08
  509. ### Added
  510. * evolinux-base: install traceroute package
  511. * evolinux-base/ntpd: purge openntpd
  512. * tomcat: add Tomcat 8 cmpatibility
  513. * log2mail: add "The total blob data length" pattern for MySQL
  514. * nagios-nrpe: add bkctld check in evolix.cfg
  515. * varnish: reload or restart if needed
  516. * rabbitmq: add a munin plugin and an NRPE check
  517. * minifirewall: add debug for variables
  518. * elastic: option for stack main version
  519. ### Changed
  520. * nginx: rename Let's Encrypt snippet
  521. * nginx: simpler apt preferences for backports
  522. * generate-ldif: add clamd service instead of clamav_db
  523. * mysql: parameterize evolinux config files
  524. * rbenv: use Rbenv 1.1.1 and Ruby 2.4.2 by default
  525. * elasticsearch: update curator debian repository
  526. * evoacme: crontab management
  527. * evoacme: better documentation
  528. * mongodb: comatible with Stretch
  529. ### Removed
  530. * mongodb: logfile/pidfile are not configurable on Jessie
  531. * minifirewall: remove zidane.evolix.net from HTTPSITES
  532. ### Fixed
  533. * nginx: fix munin CGI graphs
  534. * ntpd: fix default configuration (localhost only)
  535. * logstash: fix permissions on pipeline configuration
  536. * postfix/spamassassin: add user in cron job
  537. * php: php.ini custom file are now readable
  538. * hostname customization needs the dbus package
  539. ## [9.1.2] 2017-12-05
  540. ### Fixed
  541. * listupgrade: remount /usr as rw
  542. ## [9.1.1] 2017-11-21
  543. ### Added
  544. * amazon-ec2: add egress rules
  545. ### Fixed
  546. * evoacme: fix multiple bugs
  547. ## [9.1.0] 2017-11-19
  548. _Warning: huge release, many entries are missing below._
  549. ### Added
  550. * amazon-ec2: new role, for EC2 instances creation
  551. * Move /usr rw remount into remount-usr role
  552. * kibana: host and basepath configuration
  553. * kibana: move optimize and data to /var
  554. * logstash: daily job for log rotation
  555. * elasticsearch: daily job for log rotation
  556. * roundcube: add link in default site index
  557. * nagios-nrpe: add opendkim check
  558. ### Changed
  559. * Combine evolix and additional trusted IP addresses
  560. * amazon-ec2: split tasks
  561. * apt: don't upgrade by default
  562. * postfix: extract main.cf md5sum into variables
  563. * evolinux-base: cache hwraid pgp key locally
  564. * evoacme: improve cron task
  565. * elasticsearch: use elastic.list APT source list for curator
  566. * ldap: better variables
  567. ### Fixed
  568. * fail2ban: create config hierarchy beforehand
  569. * elasticsearch: fix datadir/tmpdir conditions
  570. * elastic: remove double ".list" suffix
  571. * nagios-nrpe: fix check_free_mem for OpenBSD 6.2
  572. * nagios-nrpe: fix check_amavis
  573. ### Removed
  574. ### Security
  575. ## [9.0.1] 2017-10-02
  576. ### Added
  577. * haproxy: add a Nagios check
  578. * php: add "sury" mode for PHP 7.1 on Stretch
  579. * minifirewall: explicit dependency on iptables
  580. * apt: remove Gandi source files
  581. * docker-host: new variable for docker home
  582. ### Changed
  583. * php: install php5/php package after fpm/libapache2-mod-php
  584. ### Fixed
  585. * mysql: add "REPLICATION CLIENT" privilege for nrpe
  586. * evoadmin-web: revert from variables to keywords in the templates
  587. * evoacme: many fixes
  588. * etc-git: detect user if root (without su or sudo)
  589. * docker-host: clean override of docker systemd unit
  590. * varnish: fix systemd unit override
  591. ## [9.0.0] 2017-09-19
  592. First official release