Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
gitea/ansible-roles/pipeline/head This commit looks good
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
This commit is contained in:
Bruno Tatu
commit
ae94f979a4
49
CHANGELOG.md
49
CHANGELOG.md
|
|
@ -12,56 +12,67 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Added
|
||||
|
||||
* all: Use proper keyrings directory for APT version
|
||||
* all: Add signed-by option for additional APT sources
|
||||
### Changed
|
||||
|
||||
### Fixed
|
||||
|
||||
### Removed
|
||||
|
||||
### Security
|
||||
|
||||
## [22.12] 2022-12-14
|
||||
|
||||
### Added
|
||||
|
||||
* all: add signed-by option for additional APT sources
|
||||
* all: preliminary work to support Debian 12
|
||||
* all: use proper keyrings directory for APT version
|
||||
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
|
||||
* lxc-php: set php-fpm umask to 007
|
||||
* nagios-nrpe: check_ceph_*
|
||||
* nagios-nrpe: check_haproxy_stats supports DRAIN status
|
||||
* packweb-apache: enable log_forensic module
|
||||
* varnish: create special tmp directory for syntax validation
|
||||
* lxc-php: set php-fpm umask to `007`
|
||||
* nagios-nrpe: `check_ceph_*`
|
||||
* nagios-nrpe: `check_haproxy_stats` supports DRAIN status
|
||||
* packweb-apache: enable `log_forensic` module
|
||||
* rabbitmq: add link in default page
|
||||
* varnish: create special tmp directory for syntax validation
|
||||
|
||||
### Changed
|
||||
|
||||
* certbot: auto-detect HAPEE version in renewal hook
|
||||
* evocheck: install script according to Debian version
|
||||
* evolinux-base: utils.yml can be excluded
|
||||
* evolinux-base: `utils.yml` can be excluded
|
||||
* evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
|
||||
* evolinux-user: Add sudoers privilege for check php\_fpm81
|
||||
* evolinux-user: add sudoers privilege for check `php_fpm81`
|
||||
* evomaintenance: allow missing API endpoint if APi is disabled
|
||||
* java: use default JRE package when version is not specified
|
||||
* keepalived: change exit code (_warning_ if running but not on expected state ; _critical_ if not running)
|
||||
* listupgrade: better detection for PostgreSQL
|
||||
* listupgrade: sort/uniq of packages/services lists in email template
|
||||
* lxc-solr: detect the real partition options
|
||||
* lxc-solr: download URL according to Solr Version
|
||||
* lxc-solr: set homedir and port at install
|
||||
* minifirewall: whitelist deb.freexian.com
|
||||
* openvpn: shellpki upstream release 22.12.2
|
||||
* openvpn: specifies that the mail for expirations is for OpenVPN
|
||||
* packweb-apache: manual dependencies resolution
|
||||
* redis: some values should be quoted
|
||||
* redis: variable to disable transparent hugepage (default: do nothing)
|
||||
* squid: whitelist deb.freexian.com
|
||||
* squid: whitelist `deb.freexian.com`
|
||||
* varnish: better package facts usage with check mode and tags
|
||||
* varnish: systemd override depends on Varnish version instead of Debian version
|
||||
* keepalived: change exit code (warning if running but not on expected state ; critical if not running)
|
||||
* openvpn: shellpki upstream release 22.12.2
|
||||
* openvpn: specifies that the mail for expirations is for OpenVPN
|
||||
|
||||
### Fixed
|
||||
|
||||
* evolinux-user: Fix sudoers privilege for check php\_fpm80
|
||||
* evolinux-user: Fix sudoers privilege for check `php_fpm80`
|
||||
* nagios-nrpe: Fix check opendkim for recent change in listening port
|
||||
* varnish: fix missing state, that blocked the task
|
||||
* proftpd: Fix format of public key files controlled by ansible
|
||||
* proftpd: Fix mode of public key directory and files (they have to be accessible by proftpd:nobody)
|
||||
* openvpn: Fix mode of shellpki script
|
||||
* proftpd: Fix format of public key files controlled by Ansible
|
||||
* proftpd: Fix mode of public key directory and files (they have to be accessible by `proftpd:nobody`)
|
||||
* varnish: fix missing state, that blocked the task
|
||||
|
||||
### Removed
|
||||
|
||||
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
|
||||
|
||||
### Security
|
||||
|
||||
## [22.09] 2022-09-19
|
||||
|
||||
|
|
@ -194,7 +205,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* minifirewall: tail template follows symlinks
|
||||
* mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner
|
||||
|
||||
### Fixed
|
||||
### Fixed
|
||||
|
||||
* Role `postfix`: Add missing `localhost.localdomain localhost` to `mydestination` variable which caused undelivered of some local mails.
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,6 @@
|
|||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
|
||||
- name: Copy Apache defaults config file
|
||||
|
|
@ -134,7 +133,6 @@
|
|||
when: apache_evolinux_default_enabled | bool
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: server_status.yml
|
||||
tags:
|
||||
|
|
@ -160,7 +158,6 @@
|
|||
when: envvar_grep_umask.rc != 0
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ FULLFROM="{{ evomaintenance_full_from }}"
|
|||
URGENCYFROM={{ evomaintenance_urgency_from }}
|
||||
URGENCYTEL="{{ evomaintenance_urgency_tel }}"
|
||||
REALM="{{ evomaintenance_realm }}"
|
||||
API_ENDPOINT={{ evomaintenance_api_endpoint }}
|
||||
API_ENDPOINT={{ evomaintenance_api_endpoint }}
|
||||
API_KEY={{ evomaintenance_api_key }}
|
||||
|
||||
HOOK_API={{ evomaintenance_hook_api | bool | ternary('1','0') }}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ bantime = {{ fail2ban_recidive_bantime }}
|
|||
# Evolix custom jails
|
||||
|
||||
[wordpress-hard]
|
||||
enabled = {{ fail2ban_wordpress_hard }}
|
||||
enabled = {{ fail2ban_wordpress_hard }}
|
||||
port = http, https
|
||||
filter = wordpress-hard
|
||||
logpath = /var/log/auth.log
|
||||
|
|
@ -47,7 +47,7 @@ findtime = {{ fail2ban_wordpress_hard_findtime }}
|
|||
bantime = {{ fail2ban_wordpress_hard_bantime }}
|
||||
|
||||
[wordpress-soft]
|
||||
enabled = {{ fail2ban_wordpress_soft }}
|
||||
enabled = {{ fail2ban_wordpress_soft }}
|
||||
port = http, https
|
||||
filter = wordpress-soft
|
||||
logpath = /var/log/auth.log
|
||||
|
|
@ -56,7 +56,7 @@ findtime = {{ fail2ban_wordpress_soft_findtime }}
|
|||
bantime = {{ fail2ban_wordpress_soft_bantime }}
|
||||
|
||||
[roundcube]
|
||||
enabled = {{ fail2ban_roundcube }}
|
||||
enabled = {{ fail2ban_roundcube }}
|
||||
port = http, https
|
||||
filter = roundcube
|
||||
logpath = /var/lib/roundcube/logs/errors
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
# Ajoute UMask=0007 à l'unité systemd PHP-FPM du conteneur LXC
|
||||
# dans /etc/systemd/system/phpX.X-fpm.service.d/evolinux.conf
|
||||
# dans /etc/systemd/system/phpX.X-fpm.service.d/evolinux.conf
|
||||
---
|
||||
|
||||
- name: "Définis le chemin du système de fichiers du conteneur LXC."
|
||||
set_fact:
|
||||
lxc_rootfs_path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
|
||||
lxc_rootfs_path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
|
||||
|
||||
- name: "Crée des répertoires (si absents) pour surcharger la config des services PHP dans les conteneurs LXC."
|
||||
ansible.builtin.file:
|
||||
path: "{{ lxc_rootfs_path }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d"
|
||||
path: "{{ lxc_rootfs_path }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d"
|
||||
state: directory
|
||||
register: systemd_path
|
||||
|
||||
- name: "[Service] est présent dans la surchage des services PHP-FPM des conteneurs LXC."
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ systemd_path.path }}/evolinux.conf"
|
||||
path: "{{ systemd_path.path }}/evolinux.conf"
|
||||
regex: "\\[Service\\]"
|
||||
line: "[Service]"
|
||||
create: yes
|
||||
|
||||
- name: "UMask=0007 est présent dans la surchage des services PHP-FPM des conteneurs LXC."
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ systemd_path.path }}/evolinux.conf"
|
||||
path: "{{ systemd_path.path }}/evolinux.conf"
|
||||
regex: "^UMask="
|
||||
line: "UMask=0007"
|
||||
insertafter: "\\[Service\\]"
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
- name: "Met-à-jour userlogrotate"
|
||||
ansible.builtin.copy:
|
||||
src: userlogrotate
|
||||
dest: "{{ item }}"
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
loop: "{{ find_logrotate.files }}"
|
||||
when: find_logrotate.files | length>0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
tomcat_instance_java_path: '/usr/lib/jvm/java-7-openjdk-amd64'
|
||||
tomcat_instance_root: '/srv/tomcat'
|
||||
tomcat_instance_shutdown: "{{ tomcat_instance_port | int + 1 }}"
|
||||
tomcat_instance_shutdown: "{{ tomcat_instance_port | int + 1 }}"
|
||||
tomcat_instance_mps: 256
|
||||
|
|
|
|||
|
|
@ -17,4 +17,6 @@
|
|||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: "{{ vrrp_address.state }}"
|
||||
when: vrrp_systemd_unit is changed
|
||||
when:
|
||||
- vrrp_systemd_unit is changed
|
||||
- not ansible_check_mode
|
||||
Loading…
Reference in New Issue