2018-01-18 18:40:49 +01:00
|
|
|
|
# Changelog
|
|
|
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
|
|
2018-01-18 23:37:56 +01:00
|
|
|
|
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
|
|
|
|
|
|
|
|
|
|
This project does not follow semantic versioning.
|
2018-01-22 10:15:58 +01:00
|
|
|
|
The **major** part of the version is aligned with the stable version of Debian.
|
|
|
|
|
The **minor** part changes with big changes (probably incompatible).
|
2018-02-28 17:41:54 +01:00
|
|
|
|
The **patch** part changes incrementally at each release.
|
2018-01-18 18:40:49 +01:00
|
|
|
|
|
|
|
|
|
## [Unreleased]
|
|
|
|
|
|
2019-06-21 10:46:08 +02:00
|
|
|
|
### Added
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
|
|
|
|
|
### Fixed
|
2019-06-26 11:10:23 +02:00
|
|
|
|
* lxc-php: Don't remove the default pool
|
2019-06-21 10:46:08 +02:00
|
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
|
2019-06-21 14:36:20 +02:00
|
|
|
|
## [9.10.1] - 2019-06-21
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* evocheck : update (version 19.06) from upstream
|
|
|
|
|
|
2019-06-21 10:46:08 +02:00
|
|
|
|
## [9.10.0] - 2019-06-21
|
|
|
|
|
|
2019-04-16 16:41:28 +02:00
|
|
|
|
### Added
|
2019-04-26 11:02:02 +02:00
|
|
|
|
* apache: add server status suffix in VHost (and default site) if missing
|
2019-06-20 17:29:23 +02:00
|
|
|
|
* apache: add a variable to customize the server-status host
|
2019-05-13 17:48:55 +02:00
|
|
|
|
* apt: add a script to manage packages with "hold" mark
|
2019-06-17 14:25:45 +02:00
|
|
|
|
* etc-git: gitignore /etc/letsencrypt/.certbot.lock
|
2019-06-21 09:42:02 +02:00
|
|
|
|
* evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
|
2019-06-17 14:17:30 +02:00
|
|
|
|
* evomaintenance: make hooks configurable
|
2019-04-26 11:02:02 +02:00
|
|
|
|
* nginx: add server status suffix in VHost (and default site) if missing
|
2019-05-13 12:06:22 +02:00
|
|
|
|
* redmine: enable gzip compression in nginx vhost
|
2019-04-16 16:41:28 +02:00
|
|
|
|
|
|
|
|
|
### Changed
|
2019-06-21 09:42:02 +02:00
|
|
|
|
* evocheck : update (unreleased) from upstream
|
2019-04-26 11:09:36 +02:00
|
|
|
|
* evomaintenance : use the web API instead of PG Insert
|
2019-06-21 10:29:18 +02:00
|
|
|
|
* fluentd: store gpg key locally
|
2019-06-21 10:43:20 +02:00
|
|
|
|
* rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
|
2019-05-13 11:19:30 +02:00
|
|
|
|
* redmine: update default version to 4.0.3
|
2019-05-14 14:29:46 +02:00
|
|
|
|
* nagios-nrpe: change required status code for http and https check
|
2019-05-22 12:07:51 +02:00
|
|
|
|
* redmine: use custom errors-pages in Nginx vhost
|
2019-06-05 11:09:47 +02:00
|
|
|
|
* nagios-nrpe: check_load is now based on ansible_processor_vcpus
|
2019-06-06 13:45:53 +02:00
|
|
|
|
* php: Stop enforcing /var/www/html as chroot while we use /var/www
|
2019-06-17 14:24:09 +02:00
|
|
|
|
* apt: Add Debian Buster repositories
|
2019-04-16 16:41:28 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2019-05-13 11:17:02 +02:00
|
|
|
|
* rbenv: add check_mode for check rbenv and ruby versions
|
2019-05-20 14:26:21 +02:00
|
|
|
|
* nagios-nrpe: fix redis_instances check when Redis port equal 0
|
2019-05-29 11:49:10 +02:00
|
|
|
|
* redmine: fix 500 error on logging
|
2019-06-17 09:58:10 +02:00
|
|
|
|
* evolinux-base: Validate sshd config with "-t" instead of "-T"
|
|
|
|
|
* evolinux-base: Ensure rename is present
|
2019-06-17 10:23:56 +02:00
|
|
|
|
* evolinux-users: Validate sshd config with "-t" instead of "-T"
|
2019-06-17 10:25:46 +02:00
|
|
|
|
* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
|
2019-04-16 16:41:28 +02:00
|
|
|
|
|
|
|
|
|
## [9.9.0] - 2019-04-16
|
|
|
|
|
|
2019-01-31 10:22:50 +01:00
|
|
|
|
### Added
|
2019-02-19 16:09:32 +01:00
|
|
|
|
* etc-git: ignore evobackup/.keep-* files
|
2019-04-16 16:36:27 +02:00
|
|
|
|
* lxc: /home is mounted in the container by default
|
2019-04-25 13:34:28 +02:00
|
|
|
|
* nginx : add "x-frame-options: sameorigin" for Munin
|
2019-02-19 16:09:32 +01:00
|
|
|
|
|
2019-01-31 10:22:50 +01:00
|
|
|
|
### Changed
|
2019-03-21 15:38:36 +01:00
|
|
|
|
* changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
|
2019-04-16 16:27:10 +02:00
|
|
|
|
* apt: Ensure jessie-backport from archives.debian.org is accepted
|
|
|
|
|
* apt: Remove jessie-update suite as it's no longer exists
|
|
|
|
|
* apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
|
2019-04-16 10:46:44 +02:00
|
|
|
|
* evocheck : update script from upstream
|
2019-03-05 11:10:12 +01:00
|
|
|
|
* evolinux-base: remove apt-listchanges on Stretch and later
|
2019-04-16 16:27:10 +02:00
|
|
|
|
* evomaintenance: embed version 0.5.0
|
|
|
|
|
* opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
|
2019-03-08 13:43:59 +01:00
|
|
|
|
* redis: higher limit of open files
|
2019-04-16 16:27:10 +02:00
|
|
|
|
* redis: set variables on inclusion, not with set_facts
|
2019-02-20 11:28:59 +01:00
|
|
|
|
* tomcat: better tomcat version management
|
2019-03-18 11:50:46 +01:00
|
|
|
|
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
|
2019-01-31 10:22:50 +01:00
|
|
|
|
|
2019-03-21 15:38:36 +01:00
|
|
|
|
|
2019-01-31 10:22:50 +01:00
|
|
|
|
### Fixed
|
2019-01-31 14:37:41 +01:00
|
|
|
|
* spamassasin: fix sa-update.sh and ensure service is started and enabled
|
2019-03-06 15:46:10 +01:00
|
|
|
|
* tomcat-instance: deploy correct version of config files
|
2019-04-16 16:27:10 +02:00
|
|
|
|
* tomcat-instance: deploy correct version of server.xml
|
2019-01-31 10:22:50 +01:00
|
|
|
|
|
|
|
|
|
## [9.8.0] - 2019-01-31
|
|
|
|
|
|
2019-01-17 18:11:46 +01:00
|
|
|
|
### Added
|
2019-01-29 16:57:45 +01:00
|
|
|
|
* filebeat: disable cloud_metadata processor by default
|
2019-01-29 17:04:36 +01:00
|
|
|
|
* metricbeat: disable cloud_metadata processor by default
|
2019-01-31 10:20:11 +01:00
|
|
|
|
* percona : new role to install Percona repositories and tools
|
2019-01-28 14:26:13 +01:00
|
|
|
|
* redis: add variable for configure unixsocketperm
|
2019-01-17 18:11:46 +01:00
|
|
|
|
|
|
|
|
|
### Changed
|
2019-01-28 14:29:01 +01:00
|
|
|
|
* redmine: refactoring of redmine role with use of rbenv
|
2019-01-17 18:11:46 +01:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2019-01-18 15:32:45 +01:00
|
|
|
|
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
|
2019-01-17 18:11:46 +01:00
|
|
|
|
|
|
|
|
|
## [9.7.0] - 2019-01-17
|
|
|
|
|
|
2018-12-04 14:51:17 +01:00
|
|
|
|
### Added
|
2019-01-01 21:08:51 +01:00
|
|
|
|
* apache: add Munin configuration for Apache server-status URL
|
2018-12-11 10:50:07 +01:00
|
|
|
|
* evomaintenance: database variables must be set or the task fails
|
2019-01-17 17:42:18 +01:00
|
|
|
|
* fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml
|
2019-01-08 11:05:20 +01:00
|
|
|
|
* metricbeat: add a variable for the protocol to use with Elasticsearch
|
2019-01-03 10:16:46 +01:00
|
|
|
|
* rbenv: add pkg-config to the list of packages to install
|
2018-12-17 14:47:07 +01:00
|
|
|
|
* redis: Configure munin when working in instance mode
|
2019-01-08 10:04:27 +01:00
|
|
|
|
* redis: add a variable for renamed/disabled commands
|
2018-12-21 11:11:15 +01:00
|
|
|
|
* redis: add a variable to disable the restart handler
|
|
|
|
|
* redis: add a variable to force a restart (even with no change)
|
2019-01-24 11:47:03 +01:00
|
|
|
|
* proftpd: add FTPS and SFTP support
|
2018-12-04 14:51:17 +01:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-12-21 11:08:18 +01:00
|
|
|
|
* redis: distinction between main and master password
|
2019-01-08 10:24:47 +01:00
|
|
|
|
* evocheck: update evocheck.sh for source install
|
2019-01-10 19:12:53 +01:00
|
|
|
|
* php: added php-zip in the installed package list for debian 9 (and later)
|
2019-01-10 17:57:51 +01:00
|
|
|
|
* squid: added packagist.org in the whitelist
|
2019-01-10 16:10:03 +01:00
|
|
|
|
* java: update Oracle java package to 8u192
|
2018-12-04 14:51:17 +01:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2019-01-09 16:44:16 +01:00
|
|
|
|
* fail2ban: fix "ignoreip" update
|
2019-01-08 10:02:04 +01:00
|
|
|
|
* metricbeat: fix username/password replacement
|
|
|
|
|
* nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
|
2018-12-05 16:25:48 +01:00
|
|
|
|
* nginx: Munin url config is now a template to insert the server-status prefix
|
2019-01-10 17:57:51 +01:00
|
|
|
|
* nodejs: Update yarn repo GPG key (current key expired)
|
2018-12-05 16:37:52 +01:00
|
|
|
|
* redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
|
2019-01-01 21:08:51 +01:00
|
|
|
|
* redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
|
2018-12-04 14:51:17 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## [9.6.0] - 2018-12-04
|
|
|
|
|
|
2018-11-14 17:15:25 +01:00
|
|
|
|
### Added
|
2018-11-30 15:14:39 +01:00
|
|
|
|
* evolinux-base: deploy custom motd if template are present
|
2018-12-04 14:30:15 +01:00
|
|
|
|
* minifirewall: all variables are configurable (untouched by default)
|
2018-12-04 14:25:39 +01:00
|
|
|
|
* minifirewall: main file is configurable
|
|
|
|
|
* squid: minifirewall main file is configurable
|
2018-11-14 17:15:25 +01:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-12-04 14:27:17 +01:00
|
|
|
|
* minifirewall: compare config before/after (for restart condition)
|
2018-12-04 14:26:13 +01:00
|
|
|
|
* squid: better replacement in minifirewall config
|
2018-12-05 14:59:19 +01:00
|
|
|
|
* evoadmin-mail: complete refactoring, use Debian Package
|
2018-11-14 17:15:25 +01:00
|
|
|
|
|
|
|
|
|
## [9.5.0] - 2018-11-14
|
|
|
|
|
|
2018-10-12 10:16:40 +02:00
|
|
|
|
### Added
|
2018-11-14 16:11:42 +01:00
|
|
|
|
* apache: separate task to update IP whitelist
|
|
|
|
|
* evolinux-base: install man package
|
2018-11-14 17:04:51 +01:00
|
|
|
|
* evolinux-users: add newaliases handler
|
2018-11-14 16:11:42 +01:00
|
|
|
|
* evomaintenance: FROM domain is configurable
|
|
|
|
|
* fail2ban: separate task to update IP whitelist
|
|
|
|
|
* nginx: add tag for ips management
|
|
|
|
|
* nginx: separate task to update IP whitelist
|
|
|
|
|
* postfix: enable SSL/TLS client
|
|
|
|
|
* ssl: add an SSL role for certificates deployment
|
|
|
|
|
* haproxy: add vars for tls configuration
|
2018-11-14 16:13:02 +01:00
|
|
|
|
* mysql: logdir can be customized
|
2018-10-12 10:16:40 +02:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-11-14 16:11:42 +01:00
|
|
|
|
* evocheck: update script from upstream
|
|
|
|
|
* evomaintenance: update script from upstream
|
|
|
|
|
* mysql: restart service if systemd unit has been patched
|
2018-10-12 10:16:40 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-11-14 17:04:03 +01:00
|
|
|
|
* packweb-apache: mod-security config is already included elsewhere
|
2018-11-14 15:35:11 +01:00
|
|
|
|
* redis: for permissions on log and lib directories
|
|
|
|
|
* redis: fix shell for instance users
|
2018-11-22 15:05:38 +01:00
|
|
|
|
* evoacme: fix error handling in sed_cert_path_for_(apache|nginx)
|
2018-10-12 10:16:40 +02:00
|
|
|
|
|
|
|
|
|
## [9.4.2] - 2018-10-12
|
|
|
|
|
|
2018-09-20 12:30:52 +02:00
|
|
|
|
### Added
|
2018-10-08 09:43:09 +02:00
|
|
|
|
* evomaintenance: install dependencies manually when installing vendored version
|
|
|
|
|
* nagios-nrpe: add an option to ignore servers in NOLB status
|
2018-09-20 12:30:52 +02:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-10-08 09:43:09 +02:00
|
|
|
|
* haproxy: move check_haproxy_stats to nagios-nrpe role
|
2018-09-20 12:30:52 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-10-08 09:43:09 +02:00
|
|
|
|
* evoacme: better error when apache2ctl fails
|
2018-10-12 10:12:54 +02:00
|
|
|
|
* evomaintenance: fix role compatibility with OpenBSD
|
2018-10-03 14:41:41 +02:00
|
|
|
|
* spamassassin: add missing right for amavis
|
2018-10-11 17:17:50 +02:00
|
|
|
|
* amavis: fix output result checking
|
2018-09-20 12:30:52 +02:00
|
|
|
|
|
2018-09-28 10:42:25 +02:00
|
|
|
|
## [9.4.1] - 2018-09-28
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* redis: set masterauth when redis_password is defined
|
|
|
|
|
* evomaintenance: variable to install a vendored version
|
|
|
|
|
* evomaintenance: tasks/variables to handle minifirewall restarts
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* mysql-oracle: better handle packages and users
|
|
|
|
|
|
2018-09-20 12:30:52 +02:00
|
|
|
|
## [9.4.0] - 2018-09-20
|
|
|
|
|
|
2018-09-06 15:14:34 +02:00
|
|
|
|
### Added
|
2018-09-08 00:27:03 +02:00
|
|
|
|
* etc-git: manage a cron job to monitor uncommited changes in /etc/.git (default: `True`)
|
2018-09-11 14:20:13 +02:00
|
|
|
|
* evolinux-base: better shell history
|
2018-09-09 23:42:38 +02:00
|
|
|
|
* evolinux-users: add user to /etc/aliases
|
2018-09-20 12:28:48 +02:00
|
|
|
|
* generate-ldif: add a section for postgresql
|
2018-09-20 12:24:19 +02:00
|
|
|
|
* logstash: tmp directory can be customized
|
|
|
|
|
* logstash: max memory is set to 512M by default
|
|
|
|
|
* logstash: version 6.x is installed by default
|
2018-09-13 18:32:19 +02:00
|
|
|
|
* mysql: add a variable to prevent mysql from restarting
|
2018-09-14 14:53:38 +02:00
|
|
|
|
* networkd-to-ifconfig: add a role to switch from networkd to ifconfig
|
2018-09-09 23:42:15 +02:00
|
|
|
|
* webapps/evoadmin-web: add users to /etc/aliases
|
2018-09-19 17:24:26 +02:00
|
|
|
|
* redis: add support for multi instances
|
2018-09-20 10:21:49 +02:00
|
|
|
|
* nagios-nrpe: add check_redis_instances
|
2018-09-06 15:14:34 +02:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-09-11 11:13:02 +02:00
|
|
|
|
* dovecot: stronger TLS configuration
|
|
|
|
|
|
2018-09-06 15:14:34 +02:00
|
|
|
|
### Fixed
|
2018-09-09 23:01:43 +02:00
|
|
|
|
* apache: cleaner way to overwrite the server status suffix
|
2018-09-09 22:59:56 +02:00
|
|
|
|
* packweb-apache: don't regenerate phpMyAdmin suffix each time
|
2018-09-09 23:02:02 +02:00
|
|
|
|
* nginx: cleaner way to overwrite the server status suffix
|
2018-09-19 16:25:47 +02:00
|
|
|
|
* redis: add missing tags
|
2018-09-06 15:14:34 +02:00
|
|
|
|
|
|
|
|
|
## [9.3.2] - 2018-09-06
|
|
|
|
|
|
2018-08-24 18:24:14 +02:00
|
|
|
|
### Added
|
2018-08-30 17:04:14 +02:00
|
|
|
|
* minifirewall: add a variable to disable the restart handler
|
2018-08-30 17:05:30 +02:00
|
|
|
|
* minifirewall: add a variable to force a restart of the firewall (even with no change)
|
2018-08-31 19:28:06 +02:00
|
|
|
|
* minifirewall: improve variables values and documentation
|
2018-08-24 18:24:14 +02:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-09-04 14:50:22 +02:00
|
|
|
|
* dovecot: enable SSL/TLS by default with snakeoil certificate
|
2018-08-24 18:24:14 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
|
2018-08-30 14:06:06 +02:00
|
|
|
|
## [9.3.1] - 2018-08-30
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* metricbeat: new variables to configure elasticsearch hosts and auth
|
|
|
|
|
|
2018-08-24 18:24:14 +02:00
|
|
|
|
## [9.3.0] - 2018-08-24
|
|
|
|
|
|
2018-04-06 10:49:23 +02:00
|
|
|
|
### Added
|
2018-05-16 12:15:04 +02:00
|
|
|
|
* elasticsearch: tmpdir configuration compatible with 5.x also
|
2018-05-22 15:16:27 +02:00
|
|
|
|
* elasticsearch: add http.publish_host variable
|
2018-06-21 17:19:46 +02:00
|
|
|
|
* evoacme: disable old certbot cron also in cron.daily
|
2018-08-17 14:59:22 +02:00
|
|
|
|
* evocheck: detect installed packages even if "held" by APT (manual fix)
|
2018-08-18 09:41:59 +02:00
|
|
|
|
* evocheck: the crontab is updated by the role (default: `True`)
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* evolinux-base: add mail related aliases
|
2018-08-24 14:29:30 +02:00
|
|
|
|
* evolinux-todo: new role, to help maintain a file of todo tasks
|
2018-08-23 09:16:33 +02:00
|
|
|
|
* fail2ban: add a variable to disable the ssh filter (default: `False`)
|
2018-08-24 00:28:15 +02:00
|
|
|
|
* etc-git: install a script to optimize the repository each month
|
2018-08-23 11:24:11 +02:00
|
|
|
|
* fail2ban: add a variable to update the list of ignored IP addresses/blocs (default: `False`)
|
2018-08-17 11:56:35 +02:00
|
|
|
|
* generate-ldif: detect installed packages even if "held" by APT
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* java: support for Oracle JRE
|
2018-05-22 15:17:16 +02:00
|
|
|
|
* kibana: log messages go to /var/log/kibana/kibana.log
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* metricbeat: add a role (copied from filebeat)
|
2018-07-10 16:25:25 +02:00
|
|
|
|
* munin: properly rename Munin cache directory
|
2018-06-09 13:15:08 +02:00
|
|
|
|
* mysql: add an option to install the client development libraries (default: `False`)
|
2018-08-24 18:38:12 +02:00
|
|
|
|
* mysql: add a few variables to customize the configuration
|
2018-06-14 13:49:35 +02:00
|
|
|
|
* nagios-nrpe: add check_postgrey
|
2018-04-06 10:49:23 +02:00
|
|
|
|
|
2018-05-16 11:10:31 +02:00
|
|
|
|
### Changed
|
2018-08-24 14:44:51 +02:00
|
|
|
|
* etc-git: some entries of .gitignore are mandatory
|
2018-08-17 10:04:07 +02:00
|
|
|
|
* evocheck: update upstream script
|
2018-08-16 16:17:26 +02:00
|
|
|
|
* evolinux-base: improve hostname configuration (real vs. internal)
|
2018-08-24 14:29:30 +02:00
|
|
|
|
* evolinux-base: use the "evolinux-todo" role
|
2018-06-07 10:39:29 +02:00
|
|
|
|
* evolinux-users: add sudo permission for bkctld check
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* java8: renamed to java (java8 symlinked to java for backward compatibility)
|
2018-06-04 16:30:25 +02:00
|
|
|
|
* minifirewall: the tail file can be overwritten, or not (default: `True`)
|
2018-06-07 10:39:29 +02:00
|
|
|
|
* nagios-nrpe: use bkctld internal check instead of nrpe plugin
|
2018-06-11 14:22:42 +02:00
|
|
|
|
* php: reorganization of the role for Sury overrides and more clear configuration
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* redmine: use .my.cnf for mysql password
|
2018-06-07 10:39:29 +02:00
|
|
|
|
* rbenv: change default Ruby version (2.5.1)
|
2018-05-23 16:20:46 +02:00
|
|
|
|
* rbenv: switch from copy to lineinfile for default gems
|
2018-08-06 15:01:52 +02:00
|
|
|
|
* remount-usr: mount doesn't report a change
|
2018-06-07 10:39:29 +02:00
|
|
|
|
* squid: add a few news sites to the whitelist
|
2018-07-03 12:24:11 +02:00
|
|
|
|
* tomcat: better nrpe check output
|
2018-07-27 11:27:27 +02:00
|
|
|
|
* kvm-host: install kvm-tools package instead of copying add-vm.sh
|
2018-05-16 11:10:31 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-08-23 13:02:25 +02:00
|
|
|
|
* apache: logrotate replacement is more subtle/precise. It replaces only the proper directive and not every occurence of the word.
|
2018-08-21 18:46:16 +02:00
|
|
|
|
* bind: chroot-bind.sh must not be executed in check mode
|
2018-07-10 16:27:04 +02:00
|
|
|
|
* evoacme: fix module detection in apache config
|
2018-08-21 23:13:47 +02:00
|
|
|
|
* fail2ban: fix fail2ban_ignore_ips definition
|
2018-06-15 14:41:24 +02:00
|
|
|
|
* mysql-oracle: fix configuration directory variable
|
2018-06-19 16:51:27 +02:00
|
|
|
|
* php: fpm slowlog needs an absolute path
|
2018-06-25 16:57:18 +02:00
|
|
|
|
* roundcube: add missing slash to https redirection
|
2018-05-16 11:10:31 +02:00
|
|
|
|
|
|
|
|
|
## [9.2.0] - 2018-05-16
|
|
|
|
|
|
2018-04-24 16:45:05 +02:00
|
|
|
|
### Changed
|
2018-05-09 20:56:48 +02:00
|
|
|
|
* filebeat: install version 6.x by default
|
2018-05-09 20:57:32 +02:00
|
|
|
|
* filebeat: cleanup unused code
|
2018-05-09 15:58:13 +02:00
|
|
|
|
* squid: add some domaine and fix broken restrictions
|
2018-05-16 11:08:18 +02:00
|
|
|
|
* elasticsearch: defaults to version 6.x
|
2018-04-24 16:45:05 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-05-02 17:13:03 +02:00
|
|
|
|
* evolinux-users: secondary groups are comma-separated
|
2018-05-16 11:06:06 +02:00
|
|
|
|
* ntpd: fix configuration (server and ACL)
|
2018-05-16 11:07:12 +02:00
|
|
|
|
* varnish: don't fork the process on startup with systemd
|
2018-04-24 16:45:05 +02:00
|
|
|
|
|
|
|
|
|
## [9.1.9] - 2018-04-24
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
|
2018-04-16 00:00:13 +02:00
|
|
|
|
### Changed
|
2018-04-22 17:44:37 +02:00
|
|
|
|
* apache: customize logrotate (52 weeks)
|
2018-04-20 14:38:45 +02:00
|
|
|
|
* evolinux: groups for SSH configuration are used with Debian 10 and later
|
2018-04-18 12:15:43 +02:00
|
|
|
|
* evolinux-base: fail2ban is not enabled by default
|
2018-04-18 12:01:03 +02:00
|
|
|
|
* evolinux-users: refactoring of the SSH configuration
|
2018-04-18 12:06:15 +02:00
|
|
|
|
* mysql-oracle: copy evolinux config files in mysql.cond.d
|
2018-04-22 17:32:23 +02:00
|
|
|
|
* mysql/mysql-oracle: mysqltuner cron scripts is 0755
|
2018-04-19 15:48:52 +02:00
|
|
|
|
* generate-ldif: add a minifirewall service when /etc/default/minifirewall exists
|
2018-04-16 00:00:13 +02:00
|
|
|
|
|
|
|
|
|
## [9.1.8] - 2018-04-16
|
|
|
|
|
|
2018-04-06 10:49:23 +02:00
|
|
|
|
### Changed
|
2018-04-13 12:05:48 +02:00
|
|
|
|
* packweb-apache: use dependencies instead of include_role for apache and php roles
|
2018-04-06 10:49:23 +02:00
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-04-13 12:07:55 +02:00
|
|
|
|
* mysql: use check_mode for apg command (Fix --check)
|
2018-04-15 23:58:31 +02:00
|
|
|
|
* mysql/mysql-oracle: properly reload systemd
|
2018-04-13 12:13:14 +02:00
|
|
|
|
* packweb-apache: use check_mode for apg command (Fix --check)
|
2018-04-06 10:49:23 +02:00
|
|
|
|
|
|
|
|
|
## [9.1.7] - 2018-04-06
|
|
|
|
|
|
2018-02-04 11:49:14 +01:00
|
|
|
|
### Added
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* added a few become attributes where missing
|
|
|
|
|
* etc-git: add tags for Ansible
|
|
|
|
|
* evolinux-base: install ncurses-term package
|
|
|
|
|
* haproxy: install Munin plugins
|
2018-04-06 10:42:32 +02:00
|
|
|
|
* listupgrade: add service restart notification for Squid and libstdc++6
|
2018-04-06 09:45:10 +02:00
|
|
|
|
* minifirewall: add "check_minifirewall" Nagios plugin (and `minifirewall_status` script)
|
2018-02-28 17:11:47 +01:00
|
|
|
|
* mysql-oracle: new role to install MySQL 5.7 with Oracle packages
|
2018-03-14 09:33:14 +01:00
|
|
|
|
* mysql: remount /usr before creating scripts directory
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* nagios-nrpe: add "check_open_files" plugin
|
|
|
|
|
* nagios-nrpe: mark plugins as executable
|
|
|
|
|
* nodejs: Yarn package manager can be installed (default: `false`)
|
2018-02-28 17:24:44 +01:00
|
|
|
|
* packweb-apache: choose mysql variant (default: `debian`)
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* postfix: add lines in /etc/.gitignore
|
|
|
|
|
* proftpd: use "proftpd_accounts" list to manage ftp accounts
|
2018-04-04 23:46:50 +02:00
|
|
|
|
* redmine: added missing tags
|
2018-02-04 11:49:14 +01:00
|
|
|
|
|
2018-02-07 17:36:04 +01:00
|
|
|
|
### Changed
|
2018-02-20 15:05:58 +01:00
|
|
|
|
* elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`)
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`).
|
|
|
|
|
* evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues)
|
2018-03-01 11:07:43 +01:00
|
|
|
|
* evolinux-users: split AllowGroups/AllowUsers modes for SSH directives
|
2018-04-05 15:23:12 +02:00
|
|
|
|
* mongodb: allow unauthenticated packages for Jessie
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* mongodb: configuration is forced by default but it's configurable (default: `false`)
|
2018-04-05 18:43:29 +02:00
|
|
|
|
* mongodb: rename logrotate script
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* nagios-nrpe: mark plugins as executable
|
|
|
|
|
* nginx: don't debug variables in verbosity 0
|
2018-02-22 00:10:14 +01:00
|
|
|
|
* nginx: package name can be specified (default: `nginx-full`)
|
2018-03-26 21:53:32 +02:00
|
|
|
|
* php: fix FPM custom file permissions
|
|
|
|
|
* php: more tasks notify FPM handler to restart if needed
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined
|
2018-02-07 17:36:04 +01:00
|
|
|
|
|
2018-02-08 11:10:30 +01:00
|
|
|
|
### Fixed
|
2018-03-13 10:25:45 +01:00
|
|
|
|
* dovecot: fix support of plus sign
|
2018-03-14 09:35:26 +01:00
|
|
|
|
* mysql/mysql-oracle: mysqltuner cron task is executable
|
2018-04-06 09:26:51 +02:00
|
|
|
|
* nginx: fix basic auth for default vhost
|
2018-03-26 09:53:35 +02:00
|
|
|
|
* rbenv: fix become user issue with copy tasks
|
2018-02-08 11:10:30 +01:00
|
|
|
|
|
2018-02-02 20:10:20 +01:00
|
|
|
|
## [9.1.6] - 2018-02-02
|
|
|
|
|
|
2018-01-20 19:57:58 +01:00
|
|
|
|
### Added
|
|
|
|
|
* mongodb: install python-pymongo for monitoring
|
2018-01-23 17:41:58 +01:00
|
|
|
|
* nagios-nrpe: allowed_hosts can be updated
|
2018-01-20 19:57:58 +01:00
|
|
|
|
|
2018-01-18 23:37:56 +01:00
|
|
|
|
### Changed
|
|
|
|
|
* Changelog: explain the versioning scheme
|
|
|
|
|
* Changelog: add a release date for 9.1.5
|
2018-01-22 18:26:20 +01:00
|
|
|
|
* evoacme: exclude typical certbot directories
|
2018-01-18 23:37:56 +01:00
|
|
|
|
|
2018-01-23 18:31:31 +01:00
|
|
|
|
### Fixed
|
|
|
|
|
* fail2ban: fix horrible typo, Python is not Ruby
|
2018-02-01 12:27:18 +01:00
|
|
|
|
* nginx: fix servers status dirname
|
2018-01-23 18:31:31 +01:00
|
|
|
|
|
2018-01-18 23:37:56 +01:00
|
|
|
|
## [9.1.5] - 2018-01-18
|
2018-01-18 18:40:49 +01:00
|
|
|
|
|
|
|
|
|
### Added
|
2018-02-28 17:41:54 +01:00
|
|
|
|
* There is a changelog!
|
2018-01-18 23:37:56 +01:00
|
|
|
|
* redis: configuration variable for protected mode (v3.2+)
|
2018-01-18 18:40:49 +01:00
|
|
|
|
* evolinux-users: users are in "adm" group for Debian 9 or later
|
|
|
|
|
* evolinx-base: purge locate/mlocate packages
|
|
|
|
|
* evolinx-base: create /etc/evolinux if missing
|
|
|
|
|
* many Ansible tags for easier fine grained execution of playbooks
|
|
|
|
|
* apache/nginx: server status suffix management
|
|
|
|
|
* unbound: retrieve list of root DNS servers
|
2018-01-18 23:37:56 +01:00
|
|
|
|
* redmine: ability to install themes and plugins
|
2018-01-18 18:40:49 +01:00
|
|
|
|
|
|
|
|
|
### Changed
|
2018-01-18 23:37:56 +01:00
|
|
|
|
* rbenv: Ruby 2.5 becomes the default version
|
2018-01-18 18:40:49 +01:00
|
|
|
|
* evocheck: update upstream version embedded in role (c993244)
|
|
|
|
|
* bind: keep 52 weeks of logs
|
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* squid: different logrotate file for Jessie or Stretch+
|
|
|
|
|
* evoacme: don't invoke evoacme if no vhost is found
|
|
|
|
|
* evomaintenance: explicit quotes in config file
|
|
|
|
|
* redmine: force xpath gem < 3.0.0
|
|
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
* evomaintenance: fix permissions for config file
|
2018-01-18 23:37:56 +01:00
|
|
|
|
|
|
|
|
|
## [9.1.4] - 2017-12-20
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* php: install php5-intl (for Jessie) and php-intl (for Debian 9 or later)
|
|
|
|
|
* mysql: add a check_mysql_slave in nrpe configuration
|
|
|
|
|
* ldap: slapd tcp port is configurable
|
|
|
|
|
* elasticsearch: broader patterns for log rotation
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* split IP lists in 2 – default and additional – for easier customization.
|
|
|
|
|
|
|
|
|
|
### Fixed
|
2018-01-20 19:54:41 +01:00
|
|
|
|
* minifirewall: allow outgoing SSH connections over IPv6
|
2018-01-18 23:37:56 +01:00
|
|
|
|
* nodejs: rename source.list file
|
|
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
* evoadmin-web: change config.local.php file permissions
|
|
|
|
|
* evolinux-base: change default_www file permissions
|
|
|
|
|
|
|
|
|
|
## [9.1.3] 2017-12-08
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* evolinux-base: install traceroute package
|
|
|
|
|
* evolinux-base/ntpd: purge openntpd
|
|
|
|
|
* tomcat: add Tomcat 8 cmpatibility
|
2018-01-20 19:54:41 +01:00
|
|
|
|
* log2mail: add "The total blob data length" pattern for MySQL
|
|
|
|
|
* nagios-nrpe: add bkctld check in evolix.cfg
|
|
|
|
|
* varnish: reload or restart if needed
|
|
|
|
|
* rabbitmq: add a munin plugin and an NRPE check
|
|
|
|
|
* minifirewall: add debug for variables
|
|
|
|
|
* elastic: option for stack main version
|
2018-01-18 23:37:56 +01:00
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* nginx: rename Let's Encrypt snippet
|
2018-01-20 19:54:41 +01:00
|
|
|
|
* nginx: simpler apt preferences for backports
|
|
|
|
|
* generate-ldif: add clamd service instead of clamav_db
|
|
|
|
|
* mysql: parameterize evolinux config files
|
|
|
|
|
* rbenv: use Rbenv 1.1.1 and Ruby 2.4.2 by default
|
|
|
|
|
* elasticsearch: update curator debian repository
|
|
|
|
|
* evoacme: crontab management
|
|
|
|
|
* evoacme: better documentation
|
|
|
|
|
* mongodb: comatible with Stretch
|
2018-01-18 23:37:56 +01:00
|
|
|
|
|
|
|
|
|
### Removed
|
|
|
|
|
* mongodb: logfile/pidfile are not configurable on Jessie
|
2018-01-20 19:54:41 +01:00
|
|
|
|
* minifirewall: remove zidane.evolix.net from HTTPSITES
|
2018-01-18 23:37:56 +01:00
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* nginx: fix munin CGI graphs
|
|
|
|
|
* ntpd: fix default configuration (localhost only)
|
2018-01-20 19:54:41 +01:00
|
|
|
|
* logstash: fix permissions on pipeline configuration
|
|
|
|
|
* postfix/spamassassin: add user in cron job
|
|
|
|
|
* php: php.ini custom file are now readable
|
|
|
|
|
* hostname customization needs the dbus package
|
|
|
|
|
|
|
|
|
|
## [9.1.2] 2017-12-05
|
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* listupgrade: remount /usr as rw
|
|
|
|
|
|
|
|
|
|
## [9.1.1] 2017-11-21
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* amazon-ec2: add egress rules
|
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* evoacme: fix multiple bugs
|
|
|
|
|
|
|
|
|
|
## [9.1.0] 2017-11-19
|
|
|
|
|
|
|
|
|
|
_Warning: huge release, many entries are missing below._
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* amazon-ec2: new role, for EC2 instances creation
|
|
|
|
|
* Move /usr rw remount into remount-usr role
|
|
|
|
|
* kibana: host and basepath configuration
|
|
|
|
|
* kibana: move optimize and data to /var
|
|
|
|
|
* logstash: daily job for log rotation
|
|
|
|
|
* elasticsearch: daily job for log rotation
|
|
|
|
|
* roundcube: add link in default site index
|
|
|
|
|
* nagios-nrpe: add opendkim check
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* Combine evolix and additional trusted IP addresses
|
|
|
|
|
* amazon-ec2: split tasks
|
|
|
|
|
* apt: don't upgrade by default
|
|
|
|
|
* postfix: extract main.cf md5sum into variables
|
|
|
|
|
* evolinux-base: cache hwraid pgp key locally
|
|
|
|
|
* evoacme: improve cron task
|
|
|
|
|
* elasticsearch: use elastic.list APT source list for curator
|
|
|
|
|
* ldap: better variables
|
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* fail2ban: create config hierarchy beforehand
|
|
|
|
|
* elasticsearch: fix datadir/tmpdir conditions
|
|
|
|
|
* elastic: remove double ".list" suffix
|
|
|
|
|
* nagios-nrpe: fix check_free_mem for OpenBSD 6.2
|
|
|
|
|
* nagios-nrpe: fix check_amavis
|
|
|
|
|
|
|
|
|
|
### Removed
|
|
|
|
|
|
|
|
|
|
### Security
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## [9.0.1] 2017-10-02
|
|
|
|
|
|
|
|
|
|
### Added
|
|
|
|
|
* haproxy: add a Nagios check
|
|
|
|
|
* php: add "sury" mode for PHP 7.1 on Stretch
|
|
|
|
|
* minifirewall: explicit dependency on iptables
|
|
|
|
|
* apt: remove Gandi source files
|
|
|
|
|
* docker-host: new variable for docker home
|
|
|
|
|
|
|
|
|
|
### Changed
|
|
|
|
|
* php: install php5/php package after fpm/libapache2-mod-php
|
|
|
|
|
|
|
|
|
|
### Fixed
|
|
|
|
|
* mysql: add "REPLICATION CLIENT" privilege for nrpe
|
|
|
|
|
* evoadmin-web: revert from variables to keywords in the templates
|
|
|
|
|
* evoacme: many fixes
|
|
|
|
|
* etc-git: detect user if root (without su or sudo)
|
|
|
|
|
* docker-host: clean override of docker systemd unit
|
|
|
|
|
* varnish: fix systemd unit override
|
|
|
|
|
|
|
|
|
|
## [9.0.0] 2017-09-19
|
|
|
|
|
|
|
|
|
|
First official release
|