diff --git a/CHANGELOG.md b/CHANGELOG.md index 9472e665..a7b7d2b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,8 +13,10 @@ The **patch** part changes incrementally at each release. ### Added ### Changed +* elasticsearch: listen on local interface only by default ### Fixed +* lxc-php: Don't remove the default pool ### Security diff --git a/elasticsearch/README.md b/elasticsearch/README.md index e8184019..933beb0f 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -27,7 +27,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` : * `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (default: `2g`). * `elasticsearch_restart_on_upgrade`: restart the service after package upgrade (default: `true`) -By default, Elasticsearch will listen to the public interfaces (`_site_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host), so you will have to secure it, with firewall rules for example. +By default, Elasticsearch will listen to the local interface (`_local_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host). ## Curator diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml index f5693bf2..91e81915 100644 --- a/elasticsearch/defaults/main.yml +++ b/elasticsearch/defaults/main.yml @@ -5,7 +5,7 @@ elasticsearch_cluster_name: Null elasticsearch_cluster_members: Null elasticsearch_minimum_master_nodes: Null elasticsearch_node_name: "${HOSTNAME}" -elasticsearch_network_host: "[_site_, _local_]" +elasticsearch_network_host: "[_local_]" elasticsearch_network_publish_host: Null elasticsearch_http_publish_host: Null elasticsearch_custom_datadir: Null diff --git a/lxc-php/tasks/php.yml b/lxc-php/tasks/php.yml index 49cb8116..25b72ccd 100644 --- a/lxc-php/tasks/php.yml +++ b/lxc-php/tasks/php.yml @@ -46,27 +46,6 @@ command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip" when: name == 'php73' -- name: Remove default FPM 5.6 pool - file: - name: "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/pool.d/www.conf" - state: absent - notify: "Reload {{name}}-fpm" - when: name == 'php56' - -- name: Remove default FPM 7.0 pool - file: - name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/pool.d/www.conf" - state: absent - notify: "Reload {{name}}-fpm" - when: name == 'php70' - -- name: Remove default FPM 7.3 pool - file: - name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/pool.d/www.conf" - state: absent - notify: "Reload {{name}}-fpm" - when: name == 'php73' - - name: Copy evolinux PHP 5.6 configuration template: src: z-evolinux-defaults.ini.j2 diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index c2fbb735..e5d48688 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -84,6 +84,18 @@ tags: - mysql +# Percona Toolkit + +- name: "Install percona-toolkit (Debian 9 or later)" + apt: + name: percona-toolkit + state: present + tags: + - packages + - percona-toolkit + - mysql + when: ansible_distribution_major_version | version_compare('9', '>=') + # automatic optimizations - include_role: