2018-01-18 18:40:49 +01:00
# Changelog
All notable changes to this project will be documented in this file.
2018-01-18 23:37:56 +01:00
The format is based on [Keep a Changelog ](http://keepachangelog.com/en/1.0.0/ ).
This project does not follow semantic versioning.
2021-09-29 16:43:05 +02:00
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
2018-01-18 18:40:49 +01:00
2023-03-16 14:56:39 +01:00
2018-01-18 18:40:49 +01:00
## [Unreleased]
2020-05-13 11:20:45 +02:00
### Added
2020-06-05 11:02:50 +02:00
2023-04-23 10:48:39 +02:00
### Changed
### Fixed
### Removed
### Security
## [23.04] 2023-04-23
### Added
2023-03-30 17:58:30 +02:00
* graylog: new role
2023-03-20 18:00:22 +01:00
* lxc-php: add support for PHP 8.2 container
2023-03-30 17:58:30 +02:00
2023-03-16 14:56:39 +01:00
### Changed
2023-04-23 10:48:39 +02:00
* Use FQCN (Fully Qualified Collection Name)
2023-03-18 15:38:05 +01:00
* apt: with Debian 12, backports are installed but disabled by default
2023-03-22 15:21:58 +01:00
* openvpn: updated the README file
2023-03-30 13:19:13 +02:00
* pgbouncer: add handler to restart the service
2023-03-18 15:38:05 +01:00
2023-03-16 14:56:39 +01:00
### Fixed
2023-03-29 11:41:26 +02:00
* generate-ldif: Support for Debian 12
2023-03-16 22:17:46 +01:00
## [23.03.1] 2023-03-16
### Added
* pgbouncer: new role
### Changed
* apt: deb822 migration python script is looked relative to shell script
* listupgrade: remove old typo version of the cron task
* minifirewall: support protocols in numeric form
2023-03-16 14:56:39 +01:00
## [23.03] 2023-03-16
### Added
2023-03-16 14:06:44 +01:00
* apache: add task to enable mailgraph on default vhost and index.html
2023-02-27 13:58:01 +01:00
* apt: add move-apt-keyrings script/tasks
2023-03-15 22:50:00 +01:00
* apt: add tools to migrate sources to deb822 format
2023-01-23 10:33:07 +01:00
* fail2ban: add "Internal login failure" to Dovecot filter
2023-03-16 14:06:44 +01:00
* lxc: copy `/etc/profile.d/evolinux.sh` from host into container
* nagios-nrpe: add tasks/files for a wrapper
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
* php: add `php_version` variable when sury is activated for each Debian version
2023-02-14 16:43:41 +01:00
* php: add a way to choose which version to install using sury repository
2023-03-16 14:06:44 +01:00
* postfix: Add task to enable mailgraph on packmail
2023-03-09 14:37:42 +01:00
* postgresql: configure max_connections
2023-03-16 14:06:44 +01:00
* userlogrotate: create dedicated role, separated from packweb-apache
* varnish: add `varnish_update_config` variable to disable configuration update
2022-12-30 10:46:24 +01:00
2022-12-14 11:37:38 +01:00
### Changed
2022-12-28 09:02:17 +01:00
* Use systemd module instead of command
2023-03-16 14:06:44 +01:00
* Removed all `warn: False` args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
* apt: Use pub.evolix.org instead of pub.evolix.net
2023-02-21 18:30:09 +01:00
* bind: refactor role
2023-03-16 14:06:44 +01:00
* elasticsearch: Disable garabge collector logging (JDK >= 9)
2023-02-21 15:09:05 +01:00
* evolinux-users: Update sudoers template to remove commands allowed without password
2023-03-16 14:31:34 +01:00
* listupgrade: upstream release 23.03.3
2023-03-16 14:37:51 +01:00
* kvmstats: use virsh domstats | awk to get guests informations
2023-03-16 14:06:44 +01:00
* nagios-nrpe : Rewrite `check_vrrpd` for a better check (check `rp_filter` , `vrrpd` and `uvrrpd` compatible, use arguments, …)
* openvpn: Change `check_openvpn` destination file to comply with recent EvoBSD change
2023-02-21 15:09:05 +01:00
* postfix: come back to default value of `notify_classes` for pack mails.
2023-03-16 14:06:44 +01:00
* userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
2023-02-21 15:09:05 +01:00
* webapps/nextcloud : Change default data directory to be outside web root
* webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
* yarn: update apt key
2022-12-22 17:31:28 +01:00
2022-12-14 11:37:38 +01:00
### Fixed
2022-12-28 09:03:37 +01:00
* Proper jinja spacing
2023-03-16 14:06:44 +01:00
* clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurring failures in Postfix.
* docker-host: fix type in `daemon.json` and remove host configuration that is already in the systemd service by default
2022-12-19 17:05:45 +01:00
* evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
2023-01-11 16:14:46 +01:00
* haproxy: fix missing admin ACL in stats module access permissions
2023-01-12 14:22:40 +01:00
* openvpn: fix the client cipher configuration to match the server cipher configuration
2023-03-16 14:06:44 +01:00
* php: fix error introduced in #33503e4538 (`False` evaluated as a String instead of Boolean)
* php: install using Sury repositories on Bullseye
2023-01-18 10:29:41 +01:00
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-03-16 14:06:44 +01:00
* postfix: avoid Amavis transport to be considered dead when restarted.
* postfix: remove unused `aliases_scope=sub` from virtual_aliases.cf (it generated warnings)
2023-03-01 17:22:36 +01:00
* userlogrotate: fix bug introduced in commit 2e54944a246 (rotated files were not zipped)
2023-03-01 17:50:58 +01:00
* userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
2022-12-19 17:05:45 +01:00
2022-12-14 11:37:38 +01:00
### Removed
2023-02-26 00:10:00 +01:00
* evolinux-base: subversion is not installed anymore
2022-12-14 11:37:38 +01:00
## [22.12] 2022-12-14
### Added
* all: add signed-by option for additional APT sources
2022-11-06 15:20:31 +01:00
* all: preliminary work to support Debian 12
2022-12-14 11:37:38 +01:00
* all: use proper keyrings directory for APT version
2022-10-19 16:32:36 +02:00
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
2022-12-14 11:37:38 +01:00
* lxc-php: set php-fpm umask to `007`
* nagios-nrpe: `check_ceph_*`
* nagios-nrpe: `check_haproxy_stats` supports DRAIN status
* packweb-apache: enable `log_forensic` module
2022-12-07 15:46:40 +01:00
* rabbitmq: add link in default page
2022-12-14 11:37:38 +01:00
* varnish: create special tmp directory for syntax validation
2022-12-15 11:43:13 +01:00
* postfix: add localhost.$mydomain to mydestination
2022-10-26 15:25:22 +02:00
2022-09-19 17:06:25 +02:00
### Changed
2022-12-05 14:22:08 +01:00
* certbot: auto-detect HAPEE version in renewal hook
2022-11-27 22:14:39 +01:00
* evocheck: install script according to Debian version
2022-12-14 11:37:38 +01:00
* evolinux-base: `utils.yml` can be excluded
2022-10-20 14:36:47 +02:00
* evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
2022-12-14 11:37:38 +01:00
* evolinux-user: add sudoers privilege for check `php_fpm81`
2022-11-26 19:09:05 +01:00
* evomaintenance: allow missing API endpoint if APi is disabled
2022-09-30 11:38:53 +02:00
* java: use default JRE package when version is not specified
2022-12-14 11:37:38 +01:00
* keepalived: change exit code (_warning_ if running but not on expected state ; _critical_ if not running)
2022-12-07 21:04:33 +01:00
* listupgrade: better detection for PostgreSQL
2022-12-07 21:05:12 +01:00
* listupgrade: sort/uniq of packages/services lists in email template
2022-09-26 23:46:29 +02:00
* lxc-solr: detect the real partition options
2022-10-20 14:36:47 +02:00
* lxc-solr: download URL according to Solr Version
2022-09-27 07:47:26 +02:00
* lxc-solr: set homedir and port at install
2022-10-03 18:54:29 +02:00
* minifirewall: whitelist deb.freexian.com
2022-12-14 11:37:38 +01:00
* openvpn: shellpki upstream release 22.12.2
* openvpn: specifies that the mail for expirations is for OpenVPN
2022-11-06 15:24:54 +01:00
* packweb-apache: manual dependencies resolution
2022-10-20 14:36:47 +02:00
* redis: some values should be quoted
2022-10-20 14:38:12 +02:00
* redis: variable to disable transparent hugepage (default: do nothing)
2022-12-14 11:37:38 +01:00
* squid: whitelist `deb.freexian.com`
2022-11-21 15:46:46 +01:00
* varnish: better package facts usage with check mode and tags
2022-11-02 13:29:58 +01:00
* varnish: systemd override depends on Varnish version instead of Debian version
2022-09-26 23:46:29 +02:00
2022-09-19 17:06:25 +02:00
### Fixed
2022-12-14 11:37:38 +01:00
* evolinux-user: Fix sudoers privilege for check `php_fpm80`
2022-11-09 17:05:54 +01:00
* nagios-nrpe: Fix check opendkim for recent change in listening port
2022-12-13 19:37:54 +01:00
* openvpn: Fix mode of shellpki script
2022-12-14 11:37:38 +01:00
* proftpd: Fix format of public key files controlled by Ansible
* proftpd: Fix mode of public key directory and files (they have to be accessible by `proftpd:nobody` )
* varnish: fix missing state, that blocked the task
2022-10-07 14:16:32 +02:00
2022-09-19 17:06:25 +02:00
### Removed
2022-12-13 17:53:59 +01:00
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
2022-09-19 17:06:25 +02:00
## [22.09] 2022-09-19
### Added
2022-08-24 15:22:25 +02:00
* evolinux_users: create only users who have a certain value for the `create` key (default: `always` ).
2022-08-18 10:27:08 +02:00
* php: install php-xml with recent PHP versions
2022-08-24 17:58:44 +02:00
* vrrp: add an `ip.yml` task file to help create VRRP addresses
2022-08-26 16:34:19 +02:00
* webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
2022-09-01 15:32:56 +02:00
* memcached: NRPE check for multi-instance setup
2022-09-15 11:45:24 +02:00
* munin: Add ipmi_ plugins on dedicated hardware
2022-09-13 16:31:03 +02:00
* proftpd: Add options to override configs (and add a warning if file was overriden)
2022-09-13 16:29:59 +02:00
* proftpd: Allow user auth with ssh keys
2022-08-18 10:27:08 +02:00
2022-09-15 11:45:24 +02:00
2022-07-06 18:02:42 +02:00
### Changed
2022-09-14 10:55:00 +02:00
* evocheck: upstream release 22.09
2022-09-12 13:54:57 +02:00
* evolinux-base: update-evobackup-canary upstream release 22.06
2022-08-29 17:29:09 +02:00
* generate-ldif: Support any MariaDB version
2022-09-09 16:09:45 +02:00
* minifirewall: use handlers to restart minifirewall
2022-08-10 17:23:47 +02:00
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
2022-09-02 15:48:05 +02:00
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
2022-09-06 11:26:19 +02:00
* openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
2022-09-14 12:21:13 +02:00
* nagios-nrpe: Upgrade check_mongo
2022-07-28 14:18:12 +02:00
2022-07-06 18:02:42 +02:00
### Fixed
2022-09-15 09:48:34 +02:00
* fail2ban: fix dovecot-evolix regex syntax
2022-08-10 10:26:37 +02:00
* haproxy: make it so that munin doesn't break if there is a non default `haproxy_stats_path`
2022-09-15 09:48:34 +02:00
* mysql: Add missing Munin conf for Debian 11
2022-08-17 16:53:05 +02:00
* redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
2022-09-15 09:48:34 +02:00
* varnish: make `-j <jail_config>` the first argument on jessie/stretch as it has to be the first argument there.
2022-09-01 11:28:08 +02:00
* webapps/nextcloud: Add missing dependencies for imagick
2022-08-10 10:26:37 +02:00
2022-07-06 18:02:42 +02:00
### Removed
2022-07-28 13:58:09 +02:00
* evocheck: remove failure if deprecated variable is used
2022-09-01 11:58:24 +02:00
* webapps/nextcloud: Drop support for Nginx
2022-07-28 13:58:09 +02:00
2022-07-28 13:49:57 +02:00
## [22.07.1] 2022-07-28
### Changed
* evocheck: upstream release 22.07
* evomaintenance: upstream release 22.07
* mongodb: replace version_compare() with version()
* nagios-nrpe: check_disk1 returns only alerts
* nagios-nrpe: use regexp to exclude paths/devices in check_disk1
2022-07-08 11:28:29 +02:00
## [22.07] 2022-07-08
### Added
* fail2ban: Ensure apply dbpurgeage from stretch and buster
2022-07-06 18:02:42 +02:00
## [22.07] 2022-07-06
### Added
2022-07-06 14:24:38 +02:00
* evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
2022-06-22 15:32:10 +02:00
* haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
2022-07-05 10:18:49 +02:00
* kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
2022-07-06 14:26:13 +02:00
* openvpn: configure logrotate
2022-06-22 15:32:10 +02:00
2022-06-10 11:11:44 +02:00
### Changed
2022-06-29 16:09:04 +02:00
* openvpn: minimal rights on /etc/shellpki/ and crl.pem
2022-06-10 11:11:44 +02:00
### Fixed
2022-06-22 17:20:15 +02:00
* evolinux-base: Update PermitRootLogin task to work on Debian 11
* evolinux-user: Update PermitRootLogin task to work on Debian 11
* minifirewall: docker mode is configurable
2022-06-21 15:13:33 +02:00
2022-06-17 11:00:51 +02:00
## [22.06.3] 2022-06-17
### Changed
* evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
2022-06-10 11:11:44 +02:00
## [22.06.2] 2022-06-10
### Added
2022-06-08 16:45:41 +02:00
* postgresql: add variable to configure binding addresses (default: 127.0.0.1)
2022-06-03 09:27:01 +02:00
### Changed
2022-06-09 07:41:49 +02:00
* evocheck: upstream release 22.06.2
2022-06-08 17:55:58 +02:00
* fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
* fail2ban: If jail.local was overriden, add a warning
* fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
* fail2ban: Allow to tune the default action with ansible
* fail2ban: Change default action to ban only (instead of ban + mail with whois report)
* fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
2022-06-08 15:36:47 +02:00
* redis: binding is possible on multiple interfaces (breaking change)
2022-06-03 09:27:01 +02:00
### Fixed
2022-06-08 15:38:21 +02:00
* Enforce String notation for mode
2022-06-08 15:39:34 +02:00
* postgresql: fix nested loop for Munin plugins
2022-06-09 10:33:28 +02:00
* postgresql: Fix task order when using pgdg repo
* postgresql: Install the right pg version
2022-06-08 15:38:21 +02:00
2022-06-06 15:07:10 +02:00
## [22.06.1] 2022-06-06
### Changed
* evocheck: upstream release 22.06.1
* minifirewall: upstream release 22.06
* mysql: evomariabackup release 22.06.1
* mysql: reorganize evomariabackup to use mtree instead of our own dir-check
2022-06-03 09:27:01 +02:00
## [22.06] 2022-06-03
### Added
2022-06-01 17:23:56 +02:00
* certbot: add hapee (HAProxy Enterprise Edition) deploy hook
* evolinux-base: add dir-check script
* evolinux-base: add update-evobackup-canary script
2022-06-02 18:26:23 +02:00
* mysql: add post-backup-hook to evomariabackup
2022-06-01 17:24:51 +02:00
* mysql: use dir-check inside evomariabackup
2022-05-31 14:06:15 +02:00
2022-05-12 15:49:18 +02:00
### Changed
2022-05-24 16:22:49 +02:00
* docker: Allow "live-restore" to be toggled with docker_conf_live_restore
2022-06-03 09:15:04 +02:00
* evocheck: upstream release 22.06
2022-06-13 17:35:31 +02:00
* evolinux-base: Replacement of variable `evolinux_packages_hardware` by `ansible_virtualization_role == "host"` automatize host type detection and avoids installing smartd & other on VM.
2022-06-03 10:19:35 +02:00
* minifirewall: tail template follows symlinks
2022-06-03 09:26:07 +02:00
* mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner
2022-05-24 16:22:49 +02:00
2022-12-14 11:47:53 +01:00
### Fixed
2022-06-13 17:35:31 +02:00
* Role `postfix` : Add missing `localhost.localdomain localhost` to `mydestination` variable which caused undelivered of some local mails.
2022-05-12 15:49:18 +02:00
## [22.05.1] 2022-05-12
### Added
2022-05-10 19:04:58 +02:00
* docker : Introduce new default settings + allow to change the docker data directory
* docker : Introduce new variables to tweak daemon settings
2022-05-10 16:58:32 +02:00
### Changed
2022-05-12 15:47:37 +02:00
* evocheck: upstream release 22.05
2022-05-10 16:58:32 +02:00
### Removed
2022-05-10 17:39:45 +02:00
* docker : Removed Debian Jessie support
2022-05-10 16:58:32 +02:00
## [22.05] 2022-05-10
### Added
2022-04-27 14:22:59 +02:00
* etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible
2022-04-28 12:40:02 +02:00
* minifirewall: compatibility with "legacy" version of minifirewall
2022-05-10 16:58:32 +02:00
* minifirewall: configure proxy/backup/sysctl values
* munin: Add possibility to install local plugins, and install dhcp_pool plugin
2022-03-31 15:59:38 +02:00
* nagios-nrpe: Add a check dhcp_pool
2022-05-05 09:40:30 +02:00
* redis: Activate overcommit sysctl
* redis: Add log2mail user to redis group
2022-03-30 09:42:54 +02:00
2022-03-02 09:42:12 +01:00
### Changed
2022-05-10 16:58:32 +02:00
* dump-server-state: upstream release 22.04.3
2022-04-25 10:33:33 +02:00
* evocheck: upstream release 22.04.1
2022-03-15 11:35:20 +01:00
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
2022-03-28 13:28:48 +02:00
* evolinux-base: rename backup-server-state to dump-server-state
2022-03-15 10:53:06 +01:00
* generate-ldif: Add services check for bkctld
2022-03-28 13:28:48 +02:00
* minifirewall: restore "force-restart" and fix "restart-if-needed"
2022-03-25 18:12:24 +01:00
* minifirewall: tail template follows symlinks
2022-05-10 15:55:08 +02:00
* minifirewall: upstream release 22.05
2022-05-10 16:58:32 +02:00
* opendkim : add generate opendkim-genkey in sha256 and key 4096
* openvpn: use a local copy of files instead of cloning an external git repository
2022-03-23 10:45:53 +01:00
* openvpn: use a subnet topology instead of the net30 default topology
2022-04-08 11:57:33 +02:00
* tomcat: Tomcat 9 by default with Debian 11
2022-04-22 09:32:37 +02:00
* vrrpd: Store sysctl values in specific file
2022-03-08 16:49:53 +01:00
2022-03-02 09:42:12 +01:00
### Fixed
2022-04-01 15:47:44 +02:00
* etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
2022-04-07 10:18:08 +02:00
* etc-git: Make evocommit fully compatible with OpenBSD
2022-05-10 16:58:32 +02:00
* generate-ldif: Correct generated entries for php-fpm in containers
* keepalived: repair broken role
2022-05-10 16:39:44 +02:00
* minifirewall: fix `failed_when` condition on restart
2022-05-10 16:58:32 +02:00
* postfix: Do not send mails through milters a second time after amavis (in packmail)
* redis: Remount /usr with RW before adding nagios plugin
2022-03-02 09:42:12 +01:00
## [22.03] 2022-03-02
### Added
2022-02-24 11:49:04 +01:00
* apt: apt_hold_packages: broadcast message with wall, if present
2022-02-03 14:15:33 +01:00
* evolinux-base: option to bypass raid-related tasks
2022-03-01 14:02:22 +01:00
* Explicit permissions for systemd overrides
2022-02-21 11:31:00 +01:00
* generate-ldif: Add support for php-fpm in containers
2022-02-03 14:16:09 +01:00
* kvm-host: add missing default value
2022-02-17 14:50:21 +01:00
* lxc-php: preliminary support for PHP 8.1 container
2022-03-01 14:02:22 +01:00
* openvpn: now check that openvpn has been restarted since last certificates renewal
2022-03-01 14:04:05 +01:00
* redis: always install check_redis_instances
2022-03-01 14:02:22 +01:00
* redis: check_redis_instances tolerates absence of instances
2022-02-03 14:15:33 +01:00
2021-09-29 16:43:05 +02:00
### Changed
2022-02-07 15:17:23 +01:00
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
2022-03-02 09:40:52 +01:00
* evolinux-users: check permissions for /etc/sudoers.d
* evolinux-users: optimize sudo configuration
2022-02-17 16:25:20 +01:00
* lxc: Fail if /var is nosuid
2022-02-03 18:35:16 +01:00
* openvpn: make it compatible with OpenBSD and add some improvements
2022-01-31 11:57:21 +01:00
## [22.01.3] 2022-01-31
### Changed
2022-01-28 16:27:20 +01:00
* rbenv: install Ruby 3.1.0 by default
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: add "force" mode
2022-02-08 16:16:24 +01:00
2021-09-29 16:43:05 +02:00
### Fixed
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: fix systemctl invocation
2022-02-08 16:16:24 +01:00
* varnish: update munin plugin to work with recent varnish versions
2021-09-29 16:43:05 +02:00
2022-01-27 14:12:40 +01:00
## [22.01.2] 2022-01-27
2022-01-27 14:04:41 +01:00
### Changed
* evolinux-base: many improvements for backup-server-state script
* remount-usr: use findmnt to find if usr is a readonly partition
2022-01-25 14:53:19 +01:00
## [22.01] 2022-01-25
2021-09-29 16:43:05 +02:00
### Added
2021-09-30 10:45:07 +02:00
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
2022-01-25 14:53:19 +01:00
* apache: new variable for MPM mode (+ updated default config accordingly)
* apache: prevent accessing Git or "env" related files
2021-06-30 14:29:03 +02:00
* certbot: add script for manual deploy hooks execution
2021-09-30 12:09:11 +02:00
* docker-host: install additional dependencies
2022-01-25 14:53:19 +01:00
* dovecot: switch to TLS 1.2+ and external DH params
2021-10-02 12:50:01 +02:00
* etc-git: centralize cron jobs in dedicated crontab
2022-01-25 14:53:19 +01:00
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
* evolinux-base: add script backup-server-state
2022-01-25 18:25:47 +01:00
* evolinux-base: configure top and htop to display the swap column
2021-08-25 17:57:38 +02:00
* evolinux-base: install molly-guard by default
2022-01-25 14:53:19 +01:00
* generate-ldif: detect RAID controller
2021-09-16 17:26:58 +02:00
* generate-ldif: detect mdadm
2021-07-02 14:01:46 +02:00
* listupgrade: crontab is configurable
2021-09-21 14:41:07 +02:00
* logstash: logging to syslog is configurable (default: True)
2021-05-02 01:15:38 +02:00
* mongodb: create munin plugins directory if missing
2022-01-25 14:53:19 +01:00
* munin: systemd override to unprotect home directory
* mysql: add evomariabackup 21.11
2021-09-30 10:13:11 +02:00
* mysql: improve Bullseye compatibility
2021-07-08 15:10:35 +02:00
* mysql: script "mysql_connections" to display a compact list of connections
2021-08-30 14:05:15 +02:00
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
2022-01-25 14:53:19 +01:00
* nagios-nrpe + evolinux-users: new check for ipmi
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
2021-08-25 10:43:02 +02:00
* nagios-nrpe + evolinux-users: new checks for bkctld
2022-01-25 14:53:19 +01:00
* nagios-nrpe: new check influxdb
* openvpn: new role (beta)
2021-05-01 22:25:38 +02:00
* redis: instance service for Debian 11
2021-09-07 14:01:52 +02:00
* squid: add *.o.lencr.org to default whitelist
2021-06-30 14:29:03 +02:00
2021-06-28 15:31:55 +02:00
### Changed
2021-09-29 16:43:05 +02:00
* Change version pattern
2021-09-30 17:05:10 +02:00
* Install python 2 or 3 libraries according to running python version
2021-07-04 22:08:47 +02:00
* Remove embedded GPG keys only if legacy keyring is present
2021-08-16 13:50:53 +02:00
* apt: remove workaround for Evolix public repositories with Debian 11
2022-01-25 18:25:47 +01:00
* apt: upgrade packages after all the configuration is done
2021-08-16 14:12:31 +02:00
* apt: use the new security repository for Bullseye
2021-07-20 17:19:57 +02:00
* certbot: silence letsencrypt deprecation warnings
2022-01-25 14:53:19 +01:00
* elasticsearch: elastic_stack_version = 7.x
2021-10-05 08:28:47 +02:00
* evoacme: exclude renewal-hooks directory from cron
2021-08-16 13:49:13 +02:00
* evoadmin-web: simpler PHP packages lists
2022-01-25 14:53:19 +01:00
* evocheck: upstream release 21.10.4
2021-07-04 22:07:51 +02:00
* evolinux-base: alert5 comes after the network
2021-05-01 22:22:54 +02:00
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
2021-09-16 15:58:10 +02:00
* evolinux-base: install freeipmi by default on dedicated hw
2021-09-30 12:07:02 +02:00
* evolinux-base: logs are rotated with dateext by default
2022-01-25 14:53:19 +01:00
* evolinux-base: split dpkg logrotate configuration
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
* evomaintenance: extract a config.yml tasks file
* evomaintenance: upstream release 22.01
* filebeat/metricbeat: elastic_stack_version = 7.x
* kibana: elastic_stack_version = 7.x
* listupgrade: old-kernel-removal version 21.10
2021-07-02 13:59:42 +02:00
* listupgrade: upstream release 21.06.3
2021-09-21 14:39:51 +02:00
* logstash: elastic_stack_version = 7.x
2022-01-25 14:53:19 +01:00
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
* nodejs: default to version 16 LTS
2021-09-29 16:43:05 +02:00
* php: enforce Debian version with assert instead of fail
2021-07-03 08:52:50 +02:00
* squid: improve default whitelist (more specific patterns)
2021-07-02 23:45:42 +02:00
* squid: must be started in foreground mode for systemd
2021-05-01 22:24:40 +02:00
* squid: remove obsolete variable on Squid 4
2021-07-20 17:19:57 +02:00
2021-06-28 15:31:55 +02:00
### Fixed
2022-01-25 14:53:19 +01:00
* evolinux-base: fix alert5.service dependency syntax
2021-06-30 07:39:57 +02:00
* certbot: sync_remote excludes itself
2022-01-25 14:53:19 +01:00
* lxc-php: fix config for opensmtpd on bullseye containers
* mysql : Create a default ~root/.my.cnf for compatibility reasons
* nginx : fix variable name and debug to actually use nginx-light
* packweb-apache : Support php 8.0
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
2021-06-30 07:39:57 +02:00
2021-06-28 15:31:55 +02:00
### Removed
2022-01-25 14:53:19 +01:00
* evocheck: package install is not supported anymore
2021-09-21 14:41:48 +02:00
* logstash: no more dependency on Java
2022-01-25 14:53:19 +01:00
* php: remove php-gettext for 7.4
2021-05-01 22:14:33 +02:00
2021-06-28 15:31:55 +02:00
## [10.6.0] 2021-06-28
### Added
2021-05-25 15:10:00 +02:00
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
2021-04-19 17:35:49 +02:00
* apache: new variable for mpm mode (+ updated default config accordingly)
2021-04-23 11:41:27 +02:00
* evolinux-base: add default motd template
2021-04-28 15:53:36 +02:00
* kvm-host: add migrate-vm script
2021-04-23 14:59:29 +02:00
* mysql: variable to disable myadd script overwrite (default: True)
2021-06-07 13:03:18 +02:00
* nodejs: update apt cache before installing the package
2021-06-17 18:19:20 +02:00
* squid: add Yarn apt repository in default whitelist
2021-04-19 17:35:49 +02:00
2021-04-01 15:38:10 +02:00
### Changed
2021-06-28 15:19:29 +02:00
* Update Galaxy metadata (company, platforms and galaxy_tags)
2021-05-04 14:31:22 +02:00
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
2021-05-09 23:21:21 +02:00
* Use Ansible syntax used in Ansible 2.8+
2021-05-03 12:02:04 +02:00
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
2021-05-04 14:57:18 +02:00
* certbot: sync_remote.sh is configurable
2021-05-01 16:51:20 +02:00
* evolinux-base: copy GPG key instead of using apt-key
2021-06-17 10:57:07 +02:00
* evomaintenance: upstream release 0.6.4
2021-06-10 11:09:44 +02:00
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
2021-06-20 12:06:49 +02:00
* listupgrade: upstream release 21.06.2
2021-06-08 11:19:26 +02:00
* nodejs: change GPG key name
2021-04-21 17:22:45 +02:00
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
2021-05-04 14:57:18 +02:00
* packweb-apache: install phpMyAdmin from buster-backports
2021-05-02 01:22:57 +02:00
* spamassassin: change dependency on evomaintenance
* squid: remove obsolete variable on Squid 4
2021-04-21 17:22:45 +02:00
2021-04-01 15:38:10 +02:00
### Fixed
2021-05-19 14:35:08 +02:00
* add default (useless) value for file lookup (first_found)
2021-05-18 14:04:54 +02:00
* fix pipefail option for shell invocations
2021-06-23 22:38:22 +02:00
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
2021-05-19 17:02:10 +02:00
* evolinux-base: fix motd lookup path
2021-05-02 23:28:09 +02:00
* ldap: fix edge cases where passwords were not set/get properly
2021-05-17 23:05:18 +02:00
* listupgrade: fix wget error + shellcheck cleanup
2021-05-02 23:28:09 +02:00
2021-04-01 15:38:10 +02:00
### Removed
2021-06-23 22:37:35 +02:00
* elasticsearch: recent versiond don't depend on external JRE
2021-04-13 15:56:09 +02:00
## [10.5.1] 2021-04-13
### Added
* haproxy: dedicated internal address/binding (without SSL)
### Changed
* etc-git: commit in /usr/share/scripts when there's an active repository
2021-04-01 15:38:10 +02:00
## [10.5.0] 2021-04-01
### Added
2021-01-05 17:47:56 +01:00
* apache: new variables for logrotate + server-status
2021-02-16 16:35:25 +01:00
* filebeat: package can be upgraded to latest (default: False)
2021-02-27 18:43:59 +01:00
* haproxy: possible admin access with login/pass
2021-06-28 15:31:55 +02:00
* lxc-php: Add PHP 7.4 support
2021-02-16 16:35:25 +01:00
* metricbeat: package can be upgraded to latest (default: False)
2021-03-23 16:28:14 +01:00
* metricbeat: new variables to configure SSL mode
2021-02-17 17:23:11 +01:00
* nagios-nrpe: new script check_phpfpm_multi
2021-02-04 11:30:32 +01:00
* nginx: add access to server status on default VHost
2021-02-12 14:10:04 +01:00
* postfix: add smtpd_relay_restrictions in configuration
2021-01-05 17:47:56 +01:00
2020-12-24 14:00:37 +01:00
### Changed
2021-02-12 18:05:43 +01:00
* apache: rotate logs daily instead of weekly
2021-02-22 16:06:57 +01:00
* apache: deny requests to ^/evolinux_fpm_status-.*
2021-01-07 18:55:44 +01:00
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
2021-04-01 15:38:10 +02:00
* certbot: use the legacy script on Debian 8 and 9
2021-04-01 15:30:38 +02:00
* elasticsearch: log rotation is more readable/maintainable
2021-01-07 19:16:06 +01:00
* evoacme: upstream release 21.01
2021-03-04 16:48:47 +01:00
* evolinux-users: Add sudo rights for nagios for multi-php lxc
2021-03-23 16:27:15 +01:00
* listupgrade: update script from upstream
2021-02-04 10:55:26 +01:00
* minifirewall: change some defaults
2021-02-12 15:22:57 +01:00
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
2021-02-18 16:42:54 +01:00
* redis: use /run instead or /var/run
2021-03-09 18:24:15 +01:00
* redis: escape password in Munin configuration
2021-01-07 18:55:44 +01:00
2020-12-24 14:00:37 +01:00
### Fixed
2021-03-09 22:58:14 +01:00
* bind9: added log files to apparmor definition so bind can run
2021-03-23 16:29:03 +01:00
* filebeat: fix Ansible syntax error
2021-03-18 15:13:17 +01:00
* nagios-nrpe: libfcgi-client-perl is not available before Debian 10
2021-03-09 18:32:35 +01:00
* redis: socket/pid directories have the correct permissions
2021-03-09 18:25:15 +01:00
2020-12-24 14:00:37 +01:00
### Removed
2021-04-01 15:38:10 +02:00
* nginx: no more "minimal" mode, but the package remains customizable.
2020-12-24 14:00:37 +01:00
## [10.4.0] 2020-12-24
### Added
2020-12-24 13:56:11 +01:00
* certbot: detect domains if missing
2020-12-24 10:33:25 +01:00
* certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
2020-12-21 23:33:14 +01:00
* varnish: variable for jail configuration
2020-12-21 16:03:49 +01:00
### Changed
2020-12-24 10:26:28 +01:00
* certbot: disable auth for Let's Encrypt challenge
2020-12-23 15:53:36 +01:00
* nginx: change from "nginx_status-XXX" to "server-status-XXX"
2020-12-21 16:03:49 +01:00
## [10.3.0] 2020-12-21
### Added
2022-11-05 21:15:21 +01:00
* bookworm-detect: transitional role to help dealing with unreleased bookworm version
2020-10-16 15:35:13 +02:00
* dovecot: Update munin plugin & configure it
2020-12-07 17:26:45 +01:00
* dovecot: vmail uid/gid are configurable
2020-11-21 09:59:10 +01:00
* evoacme: variable to disable Debian version check (default: False)
2020-10-30 11:56:24 +01:00
* kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-12-01 22:57:13 +01:00
