2018-01-18 18:40:49 +01:00
# Changelog
All notable changes to this project will be documented in this file.
2018-01-18 23:37:56 +01:00
The format is based on [Keep a Changelog ](http://keepachangelog.com/en/1.0.0/ ).
This project does not follow semantic versioning.
2021-09-29 16:43:05 +02:00
The **major** part of the version is the year
The **minor** part changes is the month
The **patch** part changes is incremented if multiple releases happen the same month
2018-01-18 18:40:49 +01:00
## [Unreleased]
2020-05-13 11:20:45 +02:00
### Added
2020-06-05 11:02:50 +02:00
2022-03-30 09:42:54 +02:00
* minifirewall: configure proxy/backup/sysctl values
2022-03-23 15:07:32 +01:00
* etc-git: Commit /etc in lxc containers when they are git repositories
2022-03-31 15:59:38 +02:00
* nagios-nrpe: Add a check dhcp_pool
2022-03-30 09:42:54 +02:00
2022-03-02 09:42:12 +01:00
### Changed
2022-03-22 11:03:26 +01:00
* evocheck: upstream release 22.03.1
2022-03-15 11:35:20 +01:00
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
2022-03-28 13:28:48 +02:00
* evolinux-base: rename backup-server-state to dump-server-state
2022-04-03 11:18:41 +02:00
* dump-server-state: upstream release 22.04
2022-03-15 10:53:06 +01:00
* generate-ldif: Add services check for bkctld
2022-03-28 13:28:48 +02:00
* minifirewall: restore "force-restart" and fix "restart-if-needed"
2022-03-25 18:12:24 +01:00
* minifirewall: tail template follows symlinks
2022-03-30 22:45:09 +02:00
* minifirewall: upstream release 22.03.5
2022-03-23 10:45:53 +01:00
* openvpn: use a subnet topology instead of the net30 default topology
2022-04-08 11:57:33 +02:00
* tomcat: Tomcat 9 by default with Debian 11
2022-03-08 16:49:53 +01:00
2022-03-02 09:42:12 +01:00
### Fixed
2022-03-02 16:21:39 +01:00
* Repair keepalived role
2022-03-17 17:36:35 +01:00
* generate-ldif: Correct generated entries for php-fpm in containers
2022-03-23 13:55:54 +01:00
* redis: Remount /usr with RW before adding nagios plugin
2022-03-29 16:06:12 +02:00
* postfix: Do not send mails through milters a second time after amavis (in packmail)
2022-04-01 15:47:44 +02:00
* etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
2022-04-07 10:18:08 +02:00
* etc-git: Make evocommit fully compatible with OpenBSD
2022-03-02 16:21:39 +01:00
2022-03-02 09:42:12 +01:00
### Removed
### Security
## [22.03] 2022-03-02
### Added
2022-02-24 11:49:04 +01:00
* apt: apt_hold_packages: broadcast message with wall, if present
2022-02-03 14:15:33 +01:00
* evolinux-base: option to bypass raid-related tasks
2022-03-01 14:02:22 +01:00
* Explicit permissions for systemd overrides
2022-02-21 11:31:00 +01:00
* generate-ldif: Add support for php-fpm in containers
2022-02-03 14:16:09 +01:00
* kvm-host: add missing default value
2022-02-17 14:50:21 +01:00
* lxc-php: preliminary support for PHP 8.1 container
2022-03-01 14:02:22 +01:00
* openvpn: now check that openvpn has been restarted since last certificates renewal
2022-03-01 14:04:05 +01:00
* redis: always install check_redis_instances
2022-03-01 14:02:22 +01:00
* redis: check_redis_instances tolerates absence of instances
2022-02-03 14:15:33 +01:00
2021-09-29 16:43:05 +02:00
### Changed
2022-02-07 15:17:23 +01:00
* elasticsearch: Use `/etc/elasticsearch/jvm.options.d/evolinux` instead of default `/etc/elasticsearch/jvm.options`
2022-03-02 09:40:52 +01:00
* evolinux-users: check permissions for /etc/sudoers.d
* evolinux-users: optimize sudo configuration
2022-02-17 16:25:20 +01:00
* lxc: Fail if /var is nosuid
2022-02-03 18:35:16 +01:00
* openvpn: make it compatible with OpenBSD and add some improvements
2022-01-31 11:57:21 +01:00
## [22.01.3] 2022-01-31
### Changed
2022-01-28 16:27:20 +01:00
* rbenv: install Ruby 3.1.0 by default
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: add "force" mode
2022-02-08 16:16:24 +01:00
2021-09-29 16:43:05 +02:00
### Fixed
2022-01-28 16:27:39 +01:00
* evolinux-base: backup-server-state: fix systemctl invocation
2022-02-08 16:16:24 +01:00
* varnish: update munin plugin to work with recent varnish versions
2021-09-29 16:43:05 +02:00
2022-01-27 14:12:40 +01:00
## [22.01.2] 2022-01-27
2022-01-27 14:04:41 +01:00
### Changed
* evolinux-base: many improvements for backup-server-state script
* remount-usr: use findmnt to find if usr is a readonly partition
2022-01-25 14:53:19 +01:00
## [22.01] 2022-01-25
2021-09-29 16:43:05 +02:00
### Added
2021-09-30 10:45:07 +02:00
* Support for Debian 11 « Bullseye » (with possible remaining blind spots)
2022-01-25 14:53:19 +01:00
* apache: new variable for MPM mode (+ updated default config accordingly)
* apache: prevent accessing Git or "env" related files
2021-06-30 14:29:03 +02:00
* certbot: add script for manual deploy hooks execution
2021-09-30 12:09:11 +02:00
* docker-host: install additional dependencies
2022-01-25 14:53:19 +01:00
* dovecot: switch to TLS 1.2+ and external DH params
2021-10-02 12:50:01 +02:00
* etc-git: centralize cron jobs in dedicated crontab
2022-01-25 14:53:19 +01:00
* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
* evolinux-base: add script backup-server-state
2022-01-25 18:25:47 +01:00
* evolinux-base: configure top and htop to display the swap column
2021-08-25 17:57:38 +02:00
* evolinux-base: install molly-guard by default
2022-01-25 14:53:19 +01:00
* generate-ldif: detect RAID controller
2021-09-16 17:26:58 +02:00
* generate-ldif: detect mdadm
2021-07-02 14:01:46 +02:00
* listupgrade: crontab is configurable
2021-09-21 14:41:07 +02:00
* logstash: logging to syslog is configurable (default: True)
2021-05-02 01:15:38 +02:00
* mongodb: create munin plugins directory if missing
2022-01-25 14:53:19 +01:00
* munin: systemd override to unprotect home directory
* mysql: add evomariabackup 21.11
2021-09-30 10:13:11 +02:00
* mysql: improve Bullseye compatibility
2021-07-08 15:10:35 +02:00
* mysql: script "mysql_connections" to display a compact list of connections
2021-08-30 14:05:15 +02:00
* mysql: script "mysql-queries-killer.sh" to kill MySQL queries
2022-01-25 14:53:19 +01:00
* nagios-nrpe + evolinux-users: new check for ipmi
* nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
2021-08-25 10:43:02 +02:00
* nagios-nrpe + evolinux-users: new checks for bkctld
2022-01-25 14:53:19 +01:00
* nagios-nrpe: new check influxdb
* openvpn: new role (beta)
2021-05-01 22:25:38 +02:00
* redis: instance service for Debian 11
2021-09-07 14:01:52 +02:00
* squid: add *.o.lencr.org to default whitelist
2021-06-30 14:29:03 +02:00
2021-06-28 15:31:55 +02:00
### Changed
2021-09-29 16:43:05 +02:00
* Change version pattern
2021-09-30 17:05:10 +02:00
* Install python 2 or 3 libraries according to running python version
2021-07-04 22:08:47 +02:00
* Remove embedded GPG keys only if legacy keyring is present
2021-08-16 13:50:53 +02:00
* apt: remove workaround for Evolix public repositories with Debian 11
2022-01-25 18:25:47 +01:00
* apt: upgrade packages after all the configuration is done
2021-08-16 14:12:31 +02:00
* apt: use the new security repository for Bullseye
2021-07-20 17:19:57 +02:00
* certbot: silence letsencrypt deprecation warnings
2022-01-25 14:53:19 +01:00
* elasticsearch: elastic_stack_version = 7.x
2021-10-05 08:28:47 +02:00
* evoacme: exclude renewal-hooks directory from cron
2021-08-16 13:49:13 +02:00
* evoadmin-web: simpler PHP packages lists
2022-01-25 14:53:19 +01:00
* evocheck: upstream release 21.10.4
2021-07-04 22:07:51 +02:00
* evolinux-base: alert5 comes after the network
2021-05-01 22:22:54 +02:00
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
2021-09-16 15:58:10 +02:00
* evolinux-base: install freeipmi by default on dedicated hw
2021-09-30 12:07:02 +02:00
* evolinux-base: logs are rotated with dateext by default
2022-01-25 14:53:19 +01:00
* evolinux-base: split dpkg logrotate configuration
* evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
* evomaintenance: extract a config.yml tasks file
* evomaintenance: upstream release 22.01
* filebeat/metricbeat: elastic_stack_version = 7.x
* kibana: elastic_stack_version = 7.x
* listupgrade: old-kernel-removal version 21.10
2021-07-02 13:59:42 +02:00
* listupgrade: upstream release 21.06.3
2021-09-21 14:39:51 +02:00
* logstash: elastic_stack_version = 7.x
2022-01-25 14:53:19 +01:00
* mongodb: Allow to specify a mongodb version for buster & bullseye
* mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
* mongodb: Support version 5.0 (for buster)
* mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
* nodejs: default to version 16 LTS
2021-09-29 16:43:05 +02:00
* php: enforce Debian version with assert instead of fail
2021-07-03 08:52:50 +02:00
* squid: improve default whitelist (more specific patterns)
2021-07-02 23:45:42 +02:00
* squid: must be started in foreground mode for systemd
2021-05-01 22:24:40 +02:00
* squid: remove obsolete variable on Squid 4
2021-07-20 17:19:57 +02:00
2021-06-28 15:31:55 +02:00
### Fixed
2022-01-25 14:53:19 +01:00
* evolinux-base: fix alert5.service dependency syntax
2021-06-30 07:39:57 +02:00
* certbot: sync_remote excludes itself
2022-01-25 14:53:19 +01:00
* lxc-php: fix config for opensmtpd on bullseye containers
* mysql : Create a default ~root/.my.cnf for compatibility reasons
* nginx : fix variable name and debug to actually use nginx-light
* packweb-apache : Support php 8.0
* nagios-nrpe: Fix check_nfsserver for buster and bullseye
2021-06-30 07:39:57 +02:00
2021-06-28 15:31:55 +02:00
### Removed
2022-01-25 14:53:19 +01:00
* evocheck: package install is not supported anymore
2021-09-21 14:41:48 +02:00
* logstash: no more dependency on Java
2022-01-25 14:53:19 +01:00
* php: remove php-gettext for 7.4
2021-05-01 22:14:33 +02:00
2021-06-28 15:31:55 +02:00
## [10.6.0] 2021-06-28
### Added
2021-05-25 15:10:00 +02:00
* Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
2021-04-19 17:35:49 +02:00
* apache: new variable for mpm mode (+ updated default config accordingly)
2021-04-23 11:41:27 +02:00
* evolinux-base: add default motd template
2021-04-28 15:53:36 +02:00
* kvm-host: add migrate-vm script
2021-04-23 14:59:29 +02:00
* mysql: variable to disable myadd script overwrite (default: True)
2021-06-07 13:03:18 +02:00
* nodejs: update apt cache before installing the package
2021-06-17 18:19:20 +02:00
* squid: add Yarn apt repository in default whitelist
2021-04-19 17:35:49 +02:00
2021-04-01 15:38:10 +02:00
### Changed
2021-06-28 15:19:29 +02:00
* Update Galaxy metadata (company, platforms and galaxy_tags)
2021-05-04 14:31:22 +02:00
* Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
2021-05-09 23:21:21 +02:00
* Use Ansible syntax used in Ansible 2.8+
2021-05-03 12:02:04 +02:00
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
2021-05-04 14:57:18 +02:00
* certbot: sync_remote.sh is configurable
2021-05-01 16:51:20 +02:00
* evolinux-base: copy GPG key instead of using apt-key
2021-06-17 10:57:07 +02:00
* evomaintenance: upstream release 0.6.4
2021-06-10 11:09:44 +02:00
* kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
2021-06-20 12:06:49 +02:00
* listupgrade: upstream release 21.06.2
2021-06-08 11:19:26 +02:00
* nodejs: change GPG key name
2021-04-21 17:22:45 +02:00
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
2021-05-04 14:57:18 +02:00
* packweb-apache: install phpMyAdmin from buster-backports
2021-05-02 01:22:57 +02:00
* spamassassin: change dependency on evomaintenance
* squid: remove obsolete variable on Squid 4
2021-04-21 17:22:45 +02:00
2021-04-01 15:38:10 +02:00
### Fixed
2021-05-19 14:35:08 +02:00
* add default (useless) value for file lookup (first_found)
2021-05-18 14:04:54 +02:00
* fix pipefail option for shell invocations
2021-06-23 22:38:22 +02:00
* elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
2021-05-19 17:02:10 +02:00
* evolinux-base: fix motd lookup path
2021-05-02 23:28:09 +02:00
* ldap: fix edge cases where passwords were not set/get properly
2021-05-17 23:05:18 +02:00
* listupgrade: fix wget error + shellcheck cleanup
2021-05-02 23:28:09 +02:00
2021-04-01 15:38:10 +02:00
### Removed
2021-06-23 22:37:35 +02:00
* elasticsearch: recent versiond don't depend on external JRE
2021-04-13 15:56:09 +02:00
## [10.5.1] 2021-04-13
### Added
* haproxy: dedicated internal address/binding (without SSL)
### Changed
* etc-git: commit in /usr/share/scripts when there's an active repository
2021-04-01 15:38:10 +02:00
## [10.5.0] 2021-04-01
### Added
2021-01-05 17:47:56 +01:00
* apache: new variables for logrotate + server-status
2021-02-16 16:35:25 +01:00
* filebeat: package can be upgraded to latest (default: False)
2021-02-27 18:43:59 +01:00
* haproxy: possible admin access with login/pass
2021-06-28 15:31:55 +02:00
* lxc-php: Add PHP 7.4 support
2021-02-16 16:35:25 +01:00
* metricbeat: package can be upgraded to latest (default: False)
2021-03-23 16:28:14 +01:00
* metricbeat: new variables to configure SSL mode
2021-02-17 17:23:11 +01:00
* nagios-nrpe: new script check_phpfpm_multi
2021-02-04 11:30:32 +01:00
* nginx: add access to server status on default VHost
2021-02-12 14:10:04 +01:00
* postfix: add smtpd_relay_restrictions in configuration
2021-01-05 17:47:56 +01:00
2020-12-24 14:00:37 +01:00
### Changed
2021-02-12 18:05:43 +01:00
* apache: rotate logs daily instead of weekly
2021-02-22 16:06:57 +01:00
* apache: deny requests to ^/evolinux_fpm_status-.*
2021-01-07 18:55:44 +01:00
* certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
2021-04-01 15:38:10 +02:00
* certbot: use the legacy script on Debian 8 and 9
2021-04-01 15:30:38 +02:00
* elasticsearch: log rotation is more readable/maintainable
2021-01-07 19:16:06 +01:00
* evoacme: upstream release 21.01
2021-03-04 16:48:47 +01:00
* evolinux-users: Add sudo rights for nagios for multi-php lxc
2021-03-23 16:27:15 +01:00
* listupgrade: update script from upstream
2021-02-04 10:55:26 +01:00
* minifirewall: change some defaults
2021-02-12 15:22:57 +01:00
* nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
2021-02-18 16:42:54 +01:00
* redis: use /run instead or /var/run
2021-03-09 18:24:15 +01:00
* redis: escape password in Munin configuration
2021-01-07 18:55:44 +01:00
2020-12-24 14:00:37 +01:00
### Fixed
2021-03-09 22:58:14 +01:00
* bind9: added log files to apparmor definition so bind can run
2021-03-23 16:29:03 +01:00
* filebeat: fix Ansible syntax error
2021-03-18 15:13:17 +01:00
* nagios-nrpe: libfcgi-client-perl is not available before Debian 10
2021-03-09 18:32:35 +01:00
* redis: socket/pid directories have the correct permissions
2021-03-09 18:25:15 +01:00
2020-12-24 14:00:37 +01:00
### Removed
2021-04-01 15:38:10 +02:00
* nginx: no more "minimal" mode, but the package remains customizable.
2020-12-24 14:00:37 +01:00
## [10.4.0] 2020-12-24
### Added
2020-12-24 13:56:11 +01:00
* certbot: detect domains if missing
2020-12-24 10:33:25 +01:00
* certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
2020-12-21 23:33:14 +01:00
* varnish: variable for jail configuration
2020-12-21 16:03:49 +01:00
### Changed
2020-12-24 10:26:28 +01:00
* certbot: disable auth for Let's Encrypt challenge
2020-12-23 15:53:36 +01:00
* nginx: change from "nginx_status-XXX" to "server-status-XXX"
2020-12-21 16:03:49 +01:00
## [10.3.0] 2020-12-21
### Added
2020-10-16 15:35:13 +02:00
* dovecot: Update munin plugin & configure it
2020-12-07 17:26:45 +01:00
* dovecot: vmail uid/gid are configurable
2020-11-21 09:59:10 +01:00
* evoacme: variable to disable Debian version check (default: False)
2020-10-30 11:56:24 +01:00
* kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
2020-12-01 22:57:13 +01:00
* minifirewall: upstream release 20.12
2020-12-07 17:23:21 +01:00
* minifirewall: add variables to force upgrade the script and the config (default: False)
2020-11-24 13:58:59 +01:00
* mysql: install save_mysql_processlist script
2020-10-02 16:51:05 +02:00
* nextcloud: New role to setup a nextcloud instance
2020-10-19 16:03:58 +02:00
* redis: variable to force use of port 6379 in instances mode
2020-12-01 19:02:35 +01:00
* redis: check maxmemory in NRPE check
2020-10-20 17:27:34 +02:00
* lxc-php: Allow php containers to contact local MySQL with localhost
2020-12-20 22:55:39 +01:00
* varnish: config file name is configurable
2020-10-02 16:51:05 +02:00
2020-09-17 14:06:46 +02:00
### Changed
2020-12-17 08:05:16 +01:00
* Create system users for vmail (dovecot) and evoadmin
2020-11-24 11:19:18 +01:00
* apt: disable APT Periodic
2020-12-01 22:27:05 +01:00
* evoacme: upstream release 20.12
2020-12-08 11:07:42 +01:00
* evocheck: upstream release 20.12
2020-12-17 15:25:48 +01:00
* evolinux-users: improve uid/login checks
2020-12-17 08:06:44 +01:00
* tomcat-instance: fail if uid already exists
2020-12-20 22:56:15 +01:00
* varnish: change template name for better readability
* varnish: no threadpool delay by default
2021-06-28 15:31:55 +02:00
* varnish: no custom reload script for Debian 10 and later
2020-10-20 10:58:51 +02:00
2020-09-17 14:06:46 +02:00
### Fixed
2020-12-03 17:26:16 +01:00
* cerbot: parse HAProxy config file only if HAProxy is found
2020-09-17 14:06:46 +02:00
## [10.2.0] 2020-09-17
### Added
2020-09-14 11:31:47 +02:00
* evoacme: remount /usr if necessary
2020-09-01 14:08:39 +02:00
* evolinux-base: swappiness is customizable
2020-09-10 14:59:19 +02:00
* evolinux-base: install wget
2020-08-27 17:12:34 +02:00
* tomcat: root directory owner/group are configurable
2020-08-21 14:50:17 +02:00
### Changed
2020-08-28 18:32:47 +02:00
* Change default public SSH/SFTP port from 2222 to 22222
2020-08-21 14:50:17 +02:00
### Fixed
2020-09-16 12:07:27 +02:00
* certbot: an empty change shouldn't raise an exception
2020-09-08 10:02:15 +02:00
* certbot: fix "no-self-upgrade" option
2020-08-21 14:50:17 +02:00
### Removed
2020-09-11 11:08:42 +02:00
* evoacme: remove Debian 9 support
2020-08-21 14:50:17 +02:00
## [10.1.0] 2020-08-21
### Added
2020-06-14 12:30:34 +02:00
* certbot: detect HAProxy cert directory
2020-08-18 14:00:46 +02:00
* filebeat: allow using a template
2020-08-21 14:03:41 +02:00
* generate-ldif: add NVMe disk support
2020-06-14 23:28:29 +02:00
* haproxy: add deny_ips file to reject connections
2020-06-14 23:27:29 +02:00
* haproxy: add some comments to default config
2020-06-09 11:41:26 +02:00
* haproxy: enable stats frontend with access lists
2020-06-14 12:36:58 +02:00
* haproxy: preconfigure SSL with defaults
2020-06-04 11:51:25 +02:00
* lxc-php: Don't disable putenv() by default in PHP settings
2020-08-21 14:03:41 +02:00
* lxc-php: Install php-sqlite by default
2020-08-18 14:01:09 +02:00
* metricbeat: allow using a template
2020-06-01 18:03:23 +02:00
* mysql: activate binary logs by specifying log_bin path
* mysql: option to define as read only
2020-08-21 14:03:41 +02:00
* mysql: specify a custom server_id
* nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
2020-06-14 12:32:14 +02:00
* nginx: make default vhost configurable
2020-06-04 11:34:26 +02:00
* packweb-apache: Install zip & unzip by default
2020-06-04 11:52:04 +02:00
* php: Don't disable putenv() by default in PHP settings
2020-08-21 14:03:41 +02:00
* php: Install php-sqlite by default
2020-05-13 11:20:45 +02:00
### Changed
2020-07-21 10:45:34 +02:00
* certbot: fix haproxy hook (ssl cert directory detection)
2020-07-17 13:48:18 +02:00
* certbot: install certbot dependencies non-interactively for jessie
2020-07-19 11:40:43 +02:00
* elasticsearch: configure cluster with seed hosts and initial masters
2020-08-21 14:03:41 +02:00
* elasticsearch: set tmpdir before datadir
2020-07-17 13:48:18 +02:00
* evoacme: read values from environment before defaults file
2020-08-21 13:36:24 +02:00
* evoacme: update for new certbot role
2020-08-21 14:03:41 +02:00
* evoacme: upstream release 20.08
2020-06-14 12:35:44 +02:00
* haproxy: adapt backports installed package list to distibution
2020-08-21 14:03:41 +02:00
* haproxy: chroot and socket path are configurable
* haproxy: deport SSL tuning to Mozilla SSL generator
2020-06-22 19:02:29 +02:00
* haproxy: rotate logs with date extension and immediate compression
2020-08-21 14:03:41 +02:00
* haproxy: split stats variables
2020-07-17 13:48:18 +02:00
* lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
* mongodb: install custom munin plugins
2020-06-14 12:49:10 +02:00
* nginx: read server-status values before changing the config
2020-07-17 13:48:18 +02:00
* packweb-apache: Don't turn on mod-evasive emails by default
2020-06-02 10:54:48 +02:00
* redis: create sudoers file if missing
2020-06-02 10:55:35 +02:00
* redis: new syntax for match filter
2020-06-02 11:22:56 +02:00
* redis: raise an error is port 6379 is used in "instance" mode
2020-05-18 12:03:34 +02:00
2020-05-13 11:20:45 +02:00
### Fixed
2020-08-21 14:03:41 +02:00
* certbot: restore compatibility with old Nginx
* evobackup-client: fixed the ssh connection test
2020-08-20 08:49:22 +02:00
* generate-ldif: better detection of computerOS field
* generate-ldif: skip some odd ethernet devices
2020-06-05 10:57:49 +02:00
* lxc-php: Install opensmtpd as intended
2020-06-05 11:02:50 +02:00
* mongodb: fix logrotate patterm on Debian buster
2020-08-21 14:03:41 +02:00
* nagios-nrpe: check_amavis: updated regex
* squid: better regex to match sa-update domains
2020-06-16 13:51:07 +02:00
* varnish: fix start command when multiple addresses are present
2020-06-03 18:24:40 +02:00
2020-05-13 11:20:45 +02:00
## [10.0.0] - 2020-05-13
2019-06-21 10:46:08 +02:00
### Added
2020-01-23 14:32:27 +01:00
* apache: the default VHost doesn't redirect to https for ".well-known" paths
2020-02-10 10:35:18 +01:00
* apt: added buster backports prerferences
2019-09-30 14:12:38 +02:00
* apt: check if cron is installed before adding a cron job
2019-10-30 13:47:59 +01:00
* apt: remove jessie/buster sources from Gandi servers
2019-11-20 11:34:47 +01:00
* apt: verify that /etc/evolinux is present
2019-09-27 00:13:30 +02:00
* certbot : new role to install and configure certbot
2019-11-05 17:00:22 +01:00
* etc-git: add versioning for /usr/share/scripts on Debian 10+
2019-11-05 14:08:02 +01:00
* evoacme: upstream version 19.11
2019-09-22 22:25:30 +02:00
* evolinux-base: default value for "evolinux_ssh_group"
2019-10-30 13:53:47 +01:00
* evolinux-base: install /sbin/deny
2020-03-09 17:01:38 +01:00
* evolinux-base: install Evocheck (default: `True` )
2019-10-30 13:53:47 +01:00
* evolinux-base: on debian 10 and later, add noexec on /dev/shm
2019-11-05 10:52:00 +01:00
* evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
2020-01-16 10:57:38 +01:00
* evolinux-base: remove the chrony package
2020-01-23 14:33:57 +01:00
* evomaintenance: don't configure firewall for database if not necessary
2019-09-02 10:39:25 +02:00
* generate-ldif: support MariaDB 10.3
2019-10-10 11:27:39 +02:00
* haproxy: add a variable to keep the existing configuration
2020-03-21 19:07:17 +01:00
* java: add Java 11 as possible version to install
2019-09-23 13:46:29 +02:00
* listupgrade: install old-kernel-autoremoval script
2019-11-05 10:52:00 +01:00
* minifirewall: add a variable to force the check scripts update
2019-10-24 17:23:53 +02:00
* mongodb: mongodb: compatibility with Debian 10
2019-10-24 15:37:50 +02:00
* mysql-oracle: backport tasks from mysql role
2020-04-26 18:39:25 +02:00
* networkd-to-ifconfig: add variables for configuration by variables
2019-09-23 13:47:19 +02:00
* packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
* php: variable to install the mysqlnd module instead of the default mysql module
2020-03-02 20:53:54 +01:00
* postgresql : variable to install PostGIS (default: `False` )
2019-09-06 16:04:47 +02:00
* redis: rewrite of the role (separate instances, better systemd units…)
2019-09-23 13:47:19 +02:00
* webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
2019-10-24 15:37:50 +02:00
* webapps/evoadmin-web Overload templates if needed
2019-12-13 11:00:10 +01:00
* evolinux-base: install ssacli for HP Smart Array
2019-08-30 20:43:52 +02:00
* evobackup-client role to configure a machine for backups with bkctld(8)
2019-10-09 17:47:07 +02:00
* bind: enable query logging for recursive resolvers
* bind: enable logrotate for recursive resolvers
* bind: enable bind9 munin plugin for recursive resolvers
2019-06-21 10:46:08 +02:00
### Changed
2020-02-25 10:45:35 +01:00
* replace version_compare() with version()s
2020-01-03 16:40:53 +01:00
* removed some deprecations for Ansible 2.7
2019-12-13 09:50:04 +01:00
* apache: improve permissions in save_apache_status script
2020-02-04 18:14:57 +01:00
* apt: hold packages only if package is installed
2020-03-21 19:07:17 +01:00
* bind: the munin task was present, but not included
* bind: change name of logrotate file to bind9
2020-02-25 10:46:21 +01:00
* certbot: commit hook must be executed at the end
2019-07-01 17:17:25 +02:00
* elasticsearch: listen on local interface only by default
2020-04-28 16:00:45 +02:00
* evocheck: upstream version 20.04.4
2019-09-23 09:22:40 +02:00
* evocheck: cron jobs execute in verbose
2019-09-22 22:26:21 +02:00
* evolinux-base: use "evolinux_internal_group" for SSH authentication
2020-03-04 14:03:18 +01:00
* evolinux-base: Don't customize the logcheck recipient by default.
2020-04-10 11:35:33 +02:00
* evolinux-base: configure cciss-vol-statusd in the proper file
2020-03-02 22:12:58 +01:00
* evomaintenance: upstream release 0.6.3
2019-09-23 13:47:19 +02:00
* evomaintenance: Turn on API by default (instead of DB)
2020-02-25 10:43:23 +01:00
* evomaintenance: install PG dependencies only when needed
2020-02-27 13:41:04 +01:00
* listupgrade: update from upstream
2019-10-24 15:37:50 +02:00
* lxc: rely on lxc_container module instead of command module
2019-10-01 17:53:08 +02:00
* lxc: remove useless loop in apt execution
2019-10-01 17:54:07 +02:00
* lxc: update our default template to be compatible with Debian 10
2020-03-02 20:53:54 +01:00
* lxc-php: refactor tasks for better maintainability
2020-04-01 15:56:32 +02:00
* lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
2020-03-02 20:53:54 +01:00
* lxc-solr: changed default Solr version to 8.4.1
2020-02-10 10:36:00 +01:00
* minifirewall: better alert5 activation
2019-10-30 14:37:22 +01:00
* minifirewall: no http filtering by default
2020-05-11 15:23:52 +02:00
* minifirewall: /bin/true command doesn't report "changed" anymore
2019-11-13 09:47:21 +01:00
* nagios-nrpe: update check_redis_instances (same as redis role)
2020-01-23 15:04:25 +01:00
* nagios-nrpe: change default haproxy socket path
2020-02-28 12:14:12 +01:00
* nagios-nrpe: check_mode per cpu dynamically
2020-03-09 13:37:40 +01:00
* nodejs: change default version to 12 (new LTS)
2020-04-08 17:54:16 +02:00
* packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
2019-10-11 21:43:21 +02:00
* php: By default, allow 128M for OpCache (instead of 64M)
2019-10-16 15:59:33 +02:00
* php: Don't set a chroot for the default fpm pool
2019-10-18 16:43:43 +02:00
* php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
2019-11-12 12:14:36 +01:00
* php: Change the default pool names to something more explicit (and same for the variables names)
2019-11-12 12:17:44 +01:00
* php: Add a task to remove Debian's default FPM pool file (off by default)
2020-04-01 18:22:46 +02:00
* php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
2020-03-02 20:53:54 +01:00
* postgresql : changed logrotate config to 10 days (and fixed permissions)
2020-03-09 13:39:09 +01:00
* rbenv: changed default Ruby version to 2.7.0
2019-10-11 21:43:21 +02:00
* squid: Remove wait time when we turn off squid
2019-10-24 16:23:48 +02:00
* squid: compatibility wit Debian 10
2019-12-31 16:43:51 +01:00
* tomcat: package version derived from Debian version if missing
2019-10-11 21:43:21 +02:00
* varnish: remove custom ExecReload= script for Debian 10+
2019-06-21 10:46:08 +02:00
### Fixed
2020-01-08 17:19:36 +01:00
* etc-git: fix warnings ansible-lint
2019-10-24 15:37:50 +02:00
* evoadmin-web: Put the php config at the right place for Buster
2019-11-14 15:44:40 +01:00
* lxc: Don't stop the container if it already exists
2020-04-08 17:57:46 +02:00
* lxc: Fix container existance check to be able to run in check_mode
2019-06-26 11:10:23 +02:00
* lxc-php: Don't remove the default pool
2020-01-08 17:19:13 +01:00
* minifirewall: fix warnings ansible-lint
2019-09-23 13:47:19 +02:00
* nginx: fix munin fcgi not working (missing chmod 660 on logs)
2019-10-24 15:37:50 +02:00
* php: add missing handler for php7.3-fpm
2019-07-08 15:35:05 +02:00
* roundcube: fix typo for roundcube vhost
2019-07-12 15:29:00 +02:00
* tomcat: fix typo for default tomcat_version
2019-11-22 16:48:19 +01:00
* evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
2019-11-26 11:58:52 +01:00
* certbot: Properly evaluate when apache is installed
2019-11-28 10:59:29 +01:00
* evolinux-base: Don't make alert5.service executable as systemd will complain
2019-12-24 20:10:24 +01:00
* webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
2020-02-17 10:56:38 +01:00
* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
2020-02-17 16:02:48 +01:00
* minifirewall: Properly detect alert5.sh to turn on firewall at boot
2020-03-11 16:48:55 +01:00
* packweb-apache: Add missing dependency to evoacme role
2020-04-01 15:42:45 +02:00
* php: Chose the debian version repo archive for packages.sury.org
2020-04-01 18:08:57 +02:00
* php: update surry_post.yml to match current latest PHP release
2020-04-01 18:05:20 +02:00
* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
2019-06-21 10:46:08 +02:00
2020-03-02 20:53:54 +01:00
### Removed
* clamav : do not install the zoo package anymore
2019-06-21 14:36:20 +02:00
## [9.10.1] - 2019-06-21
### Changed
* evocheck : update (version 19.06) from upstream
2019-06-21 10:46:08 +02:00
## [9.10.0] - 2019-06-21
2019-04-16 16:41:28 +02:00
### Added
2019-04-26 11:02:02 +02:00
* apache: add server status suffix in VHost (and default site) if missing
2019-06-20 17:29:23 +02:00
* apache: add a variable to customize the server-status host
2019-05-13 17:48:55 +02:00
* apt: add a script to manage packages with "hold" mark
2019-06-17 14:25:45 +02:00
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
2019-06-21 09:42:02 +02:00
* evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
2019-06-17 14:17:30 +02:00
* evomaintenance: make hooks configurable
2019-04-26 11:02:02 +02:00
* nginx: add server status suffix in VHost (and default site) if missing
2019-05-13 12:06:22 +02:00
* redmine: enable gzip compression in nginx vhost
2019-04-16 16:41:28 +02:00
### Changed
2019-06-21 09:42:02 +02:00
* evocheck : update (unreleased) from upstream
2019-04-26 11:09:36 +02:00
* evomaintenance : use the web API instead of PG Insert
2019-06-21 10:29:18 +02:00
* fluentd: store gpg key locally
2019-06-21 10:43:20 +02:00
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
2019-05-13 11:19:30 +02:00
* redmine: update default version to 4.0.3
2019-05-14 14:29:46 +02:00
* nagios-nrpe: change required status code for http and https check
2019-05-22 12:07:51 +02:00
* redmine: use custom errors-pages in Nginx vhost
2019-06-05 11:09:47 +02:00
* nagios-nrpe: check_load is now based on ansible_processor_vcpus
2019-06-06 13:45:53 +02:00
* php: Stop enforcing /var/www/html as chroot while we use /var/www
2019-06-17 14:24:09 +02:00
* apt: Add Debian Buster repositories
2019-04-16 16:41:28 +02:00
### Fixed
2019-05-13 11:17:02 +02:00
* rbenv: add check_mode for check rbenv and ruby versions
2019-05-20 14:26:21 +02:00
* nagios-nrpe: fix redis_instances check when Redis port equal 0
2019-05-29 11:49:10 +02:00