ansible-roles/CHANGELOG.md

1010 lines
38 KiB
Markdown
Raw Normal View History

2018-01-18 18:40:49 +01:00
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
This project does not follow semantic versioning.
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
2018-01-18 18:40:49 +01:00
## [Unreleased]
2020-05-13 11:20:45 +02:00
### Added
* minifirewall: configure proxy/backup/sysctl values
* etc-git: Commit /etc in lxc containers when they are git repositories
2022-03-31 15:59:38 +02:00
* nagios-nrpe: Add a check dhcp_pool
2022-03-02 09:42:12 +01:00
### Changed
2022-03-22 11:03:26 +01:00
* evocheck: upstream release 22.03.1
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
2022-03-28 13:28:48 +02:00
* evolinux-base: rename backup-server-state to dump-server-state
* dump-server-state: upstream release 22.04
* generate-ldif: Add services check for bkctld
2022-03-28 13:28:48 +02:00
* minifirewall: restore "force-restart" and fix "restart-if-needed"
* minifirewall: tail template follows symlinks
2022-03-30 22:45:09 +02:00
* minifirewall: upstream release 22.03.5
* openvpn: use a subnet topology instead of the net30 default topology
2022-04-08 11:57:33 +02:00
* tomcat: Tomcat 9 by default with Debian 11
2022-03-02 09:42:12 +01:00
### Fixed
2022-03-02 16:21:39 +01:00
* Repair keepalived role
* generate-ldif: Correct generated entries for php-fpm in containers
* redis: Remount /usr with RW before adding nagios plugin
* postfix: Do not send mails through milters a second time after amavis (in packmail)
* etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
* etc-git: Make evocommit fully compatible with OpenBSD
2022-03-02 16:21:39 +01:00
2022-03-02 09:42:12 +01:00
### Removed
### Security
## [22.03] 2022-03-02
### Added
* apt: apt_hold_packages: broadcast message with wall, if present
* evolinux-base: option to bypass raid-related tasks
* Explicit permissions for systemd overrides
* generate-ldif: Add support for php-fpm in containers
2022-02-03 14:16:09 +01:00
* kvm-host: add missing default value
* lxc-php: preliminary support for PHP 8.1 container
* openvpn: now check that openvpn has been restarted since last certificates renewal
* redis: always install check_redis_instances
* redis: check_redis_instances tolerates absence of instances
### Changed
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
* evolinux-users: check permissions for /etc/sudoers.d
* evolinux-users: optimize sudo configuration
2022-02-17 16:25:20 +01:00
* lxc: Fail if /var is nosuid
* openvpn: make it compatible with OpenBSD and add some improvements
2022-01-31 11:57:21 +01:00
## [22.01.3] 2022-01-31
### Changed
2022-01-28 16:27:20 +01:00
* rbenv: install Ruby 3.1.0 by default
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: add "force" mode
### Fixed
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: fix systemctl invocation
* varnish: update munin plugin to work with recent varnish versions
2022-01-27 14:12:40 +01:00
## [22.01.2] 2022-01-27
2022-01-27 14:04:41 +01:00
### Changed
* evolinux-base: many improvements for backup-server-state script
* remount-usr: use findmnt to find if usr is a readonly partition
2022-01-25 14:53:19 +01:00
## [22.01] 2022-01-25
### Added
2021-09-30 10:45:07 +02:00
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
2022-01-25 14:53:19 +01:00
* apache: new variable for MPM mode (+ updated default config accordingly)
* apache: prevent accessing Git or "env" related files
* certbot: add script for manual deploy hooks execution
* docker-host: install additional dependencies
2022-01-25 14:53:19 +01:00
* dovecot: switch to TLS 1.2+ and external DH params
* etc-git: centralize cron jobs in dedicated crontab
2022-01-25 14:53:19 +01:00
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
* evolinux-base: add script backup-server-state
* evolinux-base: configure top and htop to display the swap column
* evolinux-base: install molly-guard by default
2022-01-25 14:53:19 +01:00
* generate-ldif: detect RAID controller
2021-09-16 17:26:58 +02:00
* generate-ldif: detect mdadm
2021-07-02 14:01:46 +02:00
* listupgrade: crontab is configurable
* logstash: logging to syslog is configurable (default: True)
* mongodb: create munin plugins directory if missing
2022-01-25 14:53:19 +01:00
* munin: systemd override to unprotect home directory
* mysql: add evomariabackup 21.11
2021-09-30 10:13:11 +02:00
* mysql: improve Bullseye compatibility
* mysql: script "mysql_connections" to display a compact list of connections
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
2022-01-25 14:53:19 +01:00
* nagios-nrpe + evolinux-users: new check for ipmi
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
* nagios-nrpe + evolinux-users: new checks for bkctld
2022-01-25 14:53:19 +01:00
* nagios-nrpe: new check influxdb
* openvpn: new role (beta)
2021-05-01 22:25:38 +02:00
* redis: instance service for Debian 11
* squid: add *.o.lencr.org to default whitelist
2021-06-28 15:31:55 +02:00
### Changed
* Change version pattern
* Install python 2 or 3 libraries according to running python version
* Remove embedded GPG keys only if legacy keyring is present
* apt: remove workaround for Evolix public repositories with Debian 11
* apt: upgrade packages after all the configuration is done
* apt: use the new security repository for Bullseye
* certbot: silence letsencrypt deprecation warnings
2022-01-25 14:53:19 +01:00
* elasticsearch: elastic_stack_version = 7.x
* evoacme: exclude renewal-hooks directory from cron
* evoadmin-web: simpler PHP packages lists
2022-01-25 14:53:19 +01:00
* evocheck: upstream release 21.10.4
* evolinux-base: alert5 comes after the network
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
* evolinux-base: install freeipmi by default on dedicated hw
* evolinux-base: logs are rotated with dateext by default
2022-01-25 14:53:19 +01:00
* evolinux-base: split dpkg logrotate configuration
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
* evomaintenance: extract a config.yml tasks file
* evomaintenance: upstream release 22.01
* filebeat/metricbeat: elastic_stack_version = 7.x
* kibana: elastic_stack_version = 7.x
* listupgrade: old-kernel-removal version 21.10
2021-07-02 13:59:42 +02:00
* listupgrade: upstream release 21.06.3
2021-09-21 14:39:51 +02:00
* logstash: elastic_stack_version = 7.x
2022-01-25 14:53:19 +01:00
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
* nodejs: default to version 16 LTS
* php: enforce Debian version with assert instead of fail
2021-07-03 08:52:50 +02:00
* squid: improve default whitelist (more specific patterns)
* squid: must be started in foreground mode for systemd
* squid: remove obsolete variable on Squid 4
2021-06-28 15:31:55 +02:00
### Fixed
2022-01-25 14:53:19 +01:00
* evolinux-base: fix alert5.service dependency syntax
2021-06-30 07:39:57 +02:00
* certbot: sync_remote excludes itself
2022-01-25 14:53:19 +01:00
* lxc-php: fix config for opensmtpd on bullseye containers
* mysql : Create a default ~root/.my.cnf for compatibility reasons
* nginx : fix variable name and debug to actually use nginx-light
* packweb-apache : Support php 8.0
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
2021-06-30 07:39:57 +02:00
2021-06-28 15:31:55 +02:00
### Removed
2022-01-25 14:53:19 +01:00
* evocheck: package install is not supported anymore
2021-09-21 14:41:48 +02:00
* logstash: no more dependency on Java
2022-01-25 14:53:19 +01:00
* php: remove php-gettext for 7.4
2021-05-01 22:14:33 +02:00
2021-06-28 15:31:55 +02:00
## [10.6.0] 2021-06-28
### Added
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
* apache: new variable for mpm mode (+ updated default config accordingly)
* evolinux-base: add default motd template
2021-04-28 15:53:36 +02:00
* kvm-host: add migrate-vm script
* mysql: variable to disable myadd script overwrite (default: True)
* nodejs: update apt cache before installing the package
* squid: add Yarn apt repository in default whitelist
2021-04-01 15:38:10 +02:00
### Changed
* Update Galaxy metadata (company, platforms and galaxy_tags)
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
2021-05-09 23:21:21 +02:00
* Use Ansible syntax used in Ansible 2.8+
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
* certbot: sync_remote.sh is configurable
2021-05-01 16:51:20 +02:00
* evolinux-base: copy GPG key instead of using apt-key
2021-06-17 10:57:07 +02:00
* evomaintenance: upstream release 0.6.4
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
2021-06-20 12:06:49 +02:00
* listupgrade: upstream release 21.06.2
2021-06-08 11:19:26 +02:00
* nodejs: change GPG key name
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
* packweb-apache: install phpMyAdmin from buster-backports
* spamassassin: change dependency on evomaintenance
* squid: remove obsolete variable on Squid 4
2021-04-01 15:38:10 +02:00
### Fixed
* add default (useless) value for file lookup (first_found)
* fix pipefail option for shell invocations
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
2021-05-19 17:02:10 +02:00
* evolinux-base: fix motd lookup path
* ldap: fix edge cases where passwords were not set/get properly
* listupgrade: fix wget error + shellcheck cleanup
2021-04-01 15:38:10 +02:00
### Removed
* elasticsearch: recent versiond don't depend on external JRE
2021-04-13 15:56:09 +02:00
## [10.5.1] 2021-04-13
### Added
* haproxy: dedicated internal address/binding (without SSL)
### Changed
* etc-git: commit in /usr/share/scripts when there's an active repository
2021-04-01 15:38:10 +02:00
## [10.5.0] 2021-04-01
### Added
* apache: new variables for logrotate + server-status
* filebeat: package can be upgraded to latest (default: False)
* haproxy: possible admin access with login/pass
2021-06-28 15:31:55 +02:00
* lxc-php: Add PHP 7.4 support
* metricbeat: package can be upgraded to latest (default: False)
* metricbeat: new variables to configure SSL mode
* nagios-nrpe: new script check_phpfpm_multi
* nginx: add access to server status on default VHost
* postfix: add smtpd_relay_restrictions in configuration
2020-12-24 14:00:37 +01:00
### Changed
* apache: rotate logs daily instead of weekly
* apache: deny requests to ^/evolinux_fpm_status-.*
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
2021-04-01 15:38:10 +02:00
* certbot: use the legacy script on Debian 8 and 9
* elasticsearch: log rotation is more readable/maintainable
2021-01-07 19:16:06 +01:00
* evoacme: upstream release 21.01
* evolinux-users: Add sudo rights for nagios for multi-php lxc
* listupgrade: update script from upstream
* minifirewall: change some defaults
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
2021-02-18 16:42:54 +01:00
* redis: use /run instead or /var/run
* redis: escape password in Munin configuration
2020-12-24 14:00:37 +01:00
### Fixed
* bind9: added log files to apparmor definition so bind can run
2021-03-23 16:29:03 +01:00
* filebeat: fix Ansible syntax error
* nagios-nrpe: libfcgi-client-perl is not available before Debian 10
* redis: socket/pid directories have the correct permissions
2020-12-24 14:00:37 +01:00
### Removed
2021-04-01 15:38:10 +02:00
* nginx: no more "minimal" mode, but the package remains customizable.
2020-12-24 14:00:37 +01:00
## [10.4.0] 2020-12-24
### Added
2020-12-24 13:56:11 +01:00
* certbot: detect domains if missing
* certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
* varnish: variable for jail configuration
2020-12-21 16:03:49 +01:00
### Changed
* certbot: disable auth for Let's Encrypt challenge
* nginx: change from "nginx_status-XXX" to "server-status-XXX"
2020-12-21 16:03:49 +01:00
## [10.3.0] 2020-12-21
### Added
* dovecot: Update munin plugin & configure it
* dovecot: vmail uid/gid are configurable
* evoacme: variable to disable Debian version check (default: False)
* kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-12-01 22:57:13 +01:00
* minifirewall: upstream release 20.12
* minifirewall: add variables to force upgrade the script and the config (default: False)
* mysql: install save_mysql_processlist script
2020-10-02 16:51:05 +02:00
* nextcloud: New role to setup a nextcloud instance
* redis: variable to force use of port 6379 in instances mode
* redis: check maxmemory in NRPE check
2020-10-20 17:27:34 +02:00
* lxc-php: Allow php containers to contact local MySQL with localhost
* varnish: config file name is configurable
2020-10-02 16:51:05 +02:00
2020-09-17 14:06:46 +02:00
### Changed
* Create system users for vmail (dovecot) and evoadmin
* apt: disable APT Periodic
2020-12-01 22:27:05 +01:00
* evoacme: upstream release 20.12
2020-12-08 11:07:42 +01:00
* evocheck: upstream release 20.12
* evolinux-users: improve uid/login checks
* tomcat-instance: fail if uid already exists
* varnish: change template name for better readability
* varnish: no threadpool delay by default
2021-06-28 15:31:55 +02:00
* varnish: no custom reload script for Debian 10 and later
2020-09-17 14:06:46 +02:00
### Fixed
* cerbot: parse HAProxy config file only if HAProxy is found
2020-09-17 14:06:46 +02:00
## [10.2.0] 2020-09-17
### Added
2020-09-14 11:31:47 +02:00
* evoacme: remount /usr if necessary
* evolinux-base: swappiness is customizable
2020-09-10 14:59:19 +02:00
* evolinux-base: install wget
* tomcat: root directory owner/group are configurable
2020-08-21 14:50:17 +02:00
### Changed
* Change default public SSH/SFTP port from 2222 to 22222
2020-08-21 14:50:17 +02:00
### Fixed
* certbot: an empty change shouldn't raise an exception
2020-09-08 10:02:15 +02:00
* certbot: fix "no-self-upgrade" option
2020-08-21 14:50:17 +02:00
### Removed
2020-09-11 11:08:42 +02:00
* evoacme: remove Debian 9 support
2020-08-21 14:50:17 +02:00
## [10.1.0] 2020-08-21
### Added
2020-06-14 12:30:34 +02:00
* certbot: detect HAProxy cert directory
2020-08-18 14:00:46 +02:00
* filebeat: allow using a template
2020-08-21 14:03:41 +02:00
* generate-ldif: add NVMe disk support
* haproxy: add deny_ips file to reject connections
* haproxy: add some comments to default config
* haproxy: enable stats frontend with access lists
* haproxy: preconfigure SSL with defaults
* lxc-php: Don't disable putenv() by default in PHP settings
2020-08-21 14:03:41 +02:00
* lxc-php: Install php-sqlite by default
2020-08-18 14:01:09 +02:00
* metricbeat: allow using a template
* mysql: activate binary logs by specifying log_bin path
* mysql: option to define as read only
2020-08-21 14:03:41 +02:00
* mysql: specify a custom server_id
* nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
2020-06-14 12:32:14 +02:00
* nginx: make default vhost configurable
* packweb-apache: Install zip & unzip by default
* php: Don't disable putenv() by default in PHP settings
2020-08-21 14:03:41 +02:00
* php: Install php-sqlite by default
2020-05-13 11:20:45 +02:00
### Changed
* certbot: fix haproxy hook (ssl cert directory detection)
2020-07-17 13:48:18 +02:00
* certbot: install certbot dependencies non-interactively for jessie
* elasticsearch: configure cluster with seed hosts and initial masters
2020-08-21 14:03:41 +02:00
* elasticsearch: set tmpdir before datadir
2020-07-17 13:48:18 +02:00
* evoacme: read values from environment before defaults file
* evoacme: update for new certbot role
2020-08-21 14:03:41 +02:00
* evoacme: upstream release 20.08
* haproxy: adapt backports installed package list to distibution
2020-08-21 14:03:41 +02:00
* haproxy: chroot and socket path are configurable
* haproxy: deport SSL tuning to Mozilla SSL generator
* haproxy: rotate logs with date extension and immediate compression
2020-08-21 14:03:41 +02:00
* haproxy: split stats variables
2020-07-17 13:48:18 +02:00
* lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
* mongodb: install custom munin plugins
* nginx: read server-status values before changing the config
2020-07-17 13:48:18 +02:00
* packweb-apache: Don't turn on mod-evasive emails by default
2020-06-02 10:54:48 +02:00
* redis: create sudoers file if missing
2020-06-02 10:55:35 +02:00
* redis: new syntax for match filter
* redis: raise an error is port 6379 is used in "instance" mode
2020-05-13 11:20:45 +02:00
### Fixed
2020-08-21 14:03:41 +02:00
* certbot: restore compatibility with old Nginx
* evobackup-client: fixed the ssh connection test
* generate-ldif: better detection of computerOS field
* generate-ldif: skip some odd ethernet devices
2020-06-05 10:57:49 +02:00
* lxc-php: Install opensmtpd as intended
* mongodb: fix logrotate patterm on Debian buster
2020-08-21 14:03:41 +02:00
* nagios-nrpe: check_amavis: updated regex
* squid: better regex to match sa-update domains
* varnish: fix start command when multiple addresses are present
2020-05-13 11:20:45 +02:00
## [10.0.0] - 2020-05-13
2019-06-21 10:46:08 +02:00
### Added
* apache: the default VHost doesn't redirect to https for ".well-known" paths
* apt: added buster backports prerferences
* apt: check if cron is installed before adding a cron job
* apt: remove jessie/buster sources from Gandi servers
* apt: verify that /etc/evolinux is present
2019-09-27 00:13:30 +02:00
* certbot : new role to install and configure certbot
* etc-git: add versioning for /usr/share/scripts on Debian 10+
2019-11-05 14:08:02 +01:00
* evoacme: upstream version 19.11
* evolinux-base: default value for "evolinux_ssh_group"
2019-10-30 13:53:47 +01:00
* evolinux-base: install /sbin/deny
* evolinux-base: install Evocheck (default: `True`)
2019-10-30 13:53:47 +01:00
* evolinux-base: on debian 10 and later, add noexec on /dev/shm
* evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
* evolinux-base: remove the chrony package
* evomaintenance: don't configure firewall for database if not necessary
2019-09-02 10:39:25 +02:00
* generate-ldif: support MariaDB 10.3
* haproxy: add a variable to keep the existing configuration
* java: add Java 11 as possible version to install
* listupgrade: install old-kernel-autoremoval script
* minifirewall: add a variable to force the check scripts update
* mongodb: mongodb: compatibility with Debian 10
2019-10-24 15:37:50 +02:00
* mysql-oracle: backport tasks from mysql role
* networkd-to-ifconfig: add variables for configuration by variables
2019-09-23 13:47:19 +02:00
* packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
* php: variable to install the mysqlnd module instead of the default mysql module
2020-03-02 20:53:54 +01:00
* postgresql : variable to install PostGIS (default: `False`)
2019-09-06 16:04:47 +02:00
* redis: rewrite of the role (separate instances, better systemd units…)
2019-09-23 13:47:19 +02:00
* webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
2019-10-24 15:37:50 +02:00
* webapps/evoadmin-web Overload templates if needed
* evolinux-base: install ssacli for HP Smart Array
2019-08-30 20:43:52 +02:00
* evobackup-client role to configure a machine for backups with bkctld(8)
* bind: enable query logging for recursive resolvers
* bind: enable logrotate for recursive resolvers
* bind: enable bind9 munin plugin for recursive resolvers
2019-06-21 10:46:08 +02:00
### Changed
* replace version_compare() with version()s
2020-01-03 16:40:53 +01:00
* removed some deprecations for Ansible 2.7
* apache: improve permissions in save_apache_status script
* apt: hold packages only if package is installed
* bind: the munin task was present, but not included
* bind: change name of logrotate file to bind9
* certbot: commit hook must be executed at the end
* elasticsearch: listen on local interface only by default
2020-04-28 16:00:45 +02:00
* evocheck: upstream version 20.04.4
2019-09-23 09:22:40 +02:00
* evocheck: cron jobs execute in verbose
* evolinux-base: use "evolinux_internal_group" for SSH authentication
* evolinux-base: Don't customize the logcheck recipient by default.
* evolinux-base: configure cciss-vol-statusd in the proper file
2020-03-02 22:12:58 +01:00
* evomaintenance: upstream release 0.6.3
2019-09-23 13:47:19 +02:00
* evomaintenance: Turn on API by default (instead of DB)
* evomaintenance: install PG dependencies only when needed
2020-02-27 13:41:04 +01:00
* listupgrade: update from upstream
2019-10-24 15:37:50 +02:00
* lxc: rely on lxc_container module instead of command module
* lxc: remove useless loop in apt execution
* lxc: update our default template to be compatible with Debian 10
2020-03-02 20:53:54 +01:00
* lxc-php: refactor tasks for better maintainability
* lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
2020-03-02 20:53:54 +01:00
* lxc-solr: changed default Solr version to 8.4.1
2020-02-10 10:36:00 +01:00
* minifirewall: better alert5 activation
* minifirewall: no http filtering by default
* minifirewall: /bin/true command doesn't report "changed" anymore
* nagios-nrpe: update check_redis_instances (same as redis role)
* nagios-nrpe: change default haproxy socket path
* nagios-nrpe: check_mode per cpu dynamically
* nodejs: change default version to 12 (new LTS)
* packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
* php: By default, allow 128M for OpCache (instead of 64M)
* php: Don't set a chroot for the default fpm pool
* php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
* php: Change the default pool names to something more explicit (and same for the variables names)
* php: Add a task to remove Debian's default FPM pool file (off by default)
* php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
2020-03-02 20:53:54 +01:00
* postgresql : changed logrotate config to 10 days (and fixed permissions)
* rbenv: changed default Ruby version to 2.7.0
* squid: Remove wait time when we turn off squid
2019-10-24 16:23:48 +02:00
* squid: compatibility wit Debian 10
* tomcat: package version derived from Debian version if missing
* varnish: remove custom ExecReload= script for Debian 10+
2019-06-21 10:46:08 +02:00
### Fixed
2020-01-08 17:19:36 +01:00
* etc-git: fix warnings ansible-lint
2019-10-24 15:37:50 +02:00
* evoadmin-web: Put the php config at the right place for Buster
* lxc: Don't stop the container if it already exists
* lxc: Fix container existance check to be able to run in check_mode
* lxc-php: Don't remove the default pool
* minifirewall: fix warnings ansible-lint
2019-09-23 13:47:19 +02:00
* nginx: fix munin fcgi not working (missing chmod 660 on logs)
2019-10-24 15:37:50 +02:00
* php: add missing handler for php7.3-fpm
* roundcube: fix typo for roundcube vhost
* tomcat: fix typo for default tomcat_version
* evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
* certbot: Properly evaluate when apache is installed
* evolinux-base: Don't make alert5.service executable as systemd will complain
* webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
* minifirewall: Properly detect alert5.sh to turn on firewall at boot
* packweb-apache: Add missing dependency to evoacme role
* php: Chose the debian version repo archive for packages.sury.org
* php: update surry_post.yml to match current latest PHP release
* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
2019-06-21 10:46:08 +02:00
2020-03-02 20:53:54 +01:00
### Removed
* clamav : do not install the zoo package anymore
2019-06-21 14:36:20 +02:00
## [9.10.1] - 2019-06-21
### Changed
* evocheck : update (version 19.06) from upstream
2019-06-21 10:46:08 +02:00
## [9.10.0] - 2019-06-21
2019-04-16 16:41:28 +02:00
### Added
* apache: add server status suffix in VHost (and default site) if missing
* apache: add a variable to customize the server-status host
* apt: add a script to manage packages with "hold" mark
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
2019-06-21 09:42:02 +02:00
* evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
* evomaintenance: make hooks configurable
* nginx: add server status suffix in VHost (and default site) if missing
* redmine: enable gzip compression in nginx vhost
2019-04-16 16:41:28 +02:00
### Changed
2019-06-21 09:42:02 +02:00
* evocheck : update (unreleased) from upstream
2019-04-26 11:09:36 +02:00
* evomaintenance : use the web API instead of PG Insert
2019-06-21 10:29:18 +02:00
* fluentd: store gpg key locally
2019-06-21 10:43:20 +02:00
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
* redmine: update default version to 4.0.3
* nagios-nrpe: change required status code for http and https check
* redmine: use custom errors-pages in Nginx vhost
* nagios-nrpe: check_load is now based on ansible_processor_vcpus
* php: Stop enforcing /var/www/html as chroot while we use /var/www
2019-06-17 14:24:09 +02:00
* apt: Add Debian Buster repositories
2019-04-16 16:41:28 +02:00
### Fixed
* rbenv: add check_mode for check rbenv and ruby versions
* nagios-nrpe: fix redis_instances check when Redis port equal 0
2019-05-29 11:49:10 +02:00
* redmine: fix 500 error on logging
* evolinux-base: Validate sshd config with "-t" instead of "-T"
* evolinux-base: Ensure rename is present
* evolinux-users: Validate sshd config with "-t" instead of "-T"
* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
2019-04-16 16:41:28 +02:00
## [9.9.0] - 2019-04-16
2019-01-31 10:22:50 +01:00
### Added
* etc-git: ignore evobackup/.keep-* files
2019-04-16 16:36:27 +02:00