From e13543bf0725d2d97fe13304dc361570464b2c86 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Wed, 26 Jun 2019 11:10:23 +0200
Subject: [PATCH 1/3] lxc-php: Don't remove the default pool - That's making
 PHP-FPM sad :(

---
 CHANGELOG.md          |  1 +
 lxc-php/tasks/php.yml | 21 ---------------------
 2 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9472e665..4f7ffaf8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release.
 ### Changed
 
 ### Fixed
+* lxc-php: Don't remove the default pool
 
 ### Security
 
diff --git a/lxc-php/tasks/php.yml b/lxc-php/tasks/php.yml
index 49cb8116..25b72ccd 100644
--- a/lxc-php/tasks/php.yml
+++ b/lxc-php/tasks/php.yml
@@ -46,27 +46,6 @@
   command: "lxc-attach -n {{name}} -- apt-get install -y php7.3 php7.3-fpm php7.3-cli php7.3-curl php7.3-mysql php7.3-pgsql php7.3-ldap php7.3-imap php7.3-gd php-ssh2 php-gettext composer libphp-phpmailer ssmtp git zip unzip php7.3-zip"
   when: name == 'php73'
 
-- name: Remove default FPM 5.6 pool
-  file:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/php5/fpm/pool.d/www.conf"
-    state: absent
-  notify: "Reload {{name}}-fpm"
-  when: name == 'php56'
-
-- name: Remove default FPM 7.0 pool
-  file:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.0/fpm/pool.d/www.conf"
-    state: absent
-  notify: "Reload {{name}}-fpm"
-  when: name == 'php70'
-
-- name: Remove default FPM 7.3 pool
-  file:
-    name: "/var/lib/lxc/{{name}}/rootfs/etc/php/7.3/fpm/pool.d/www.conf"
-    state: absent
-  notify: "Reload {{name}}-fpm"
-  when: name == 'php73'
-
 - name: Copy evolinux PHP 5.6 configuration
   template:
     src: z-evolinux-defaults.ini.j2

From 1b972caa83001c9733e813af5eca667387a79491 Mon Sep 17 00:00:00 2001
From: Eric Morino <emorino@evolix.fr>
Date: Wed, 26 Jun 2019 18:12:39 +0200
Subject: [PATCH 2/3] Add install package percona-toolkit by default

---
 mysql/tasks/utils.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml
index 390acc0e..6f9fa53b 100644
--- a/mysql/tasks/utils.yml
+++ b/mysql/tasks/utils.yml
@@ -75,6 +75,18 @@
   tags:
     - mysql
 
+# Percona Toolkit
+
+- name: "Install percona-toolkit (Debian 9 or later)"
+  apt:
+    name: percona-toolkit
+    state: present
+  tags:
+    - packages
+    - percona-toolkit
+    - mysql
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
 # automatic optimizations
 
 - include_role:

From 11a039bfac56ec55fdb6a3f66bbb5903d474bb03 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 1 Jul 2019 17:17:25 +0200
Subject: [PATCH 3/3] elasticsearch: listen on local interface only by default

---
 CHANGELOG.md                    | 1 +
 elasticsearch/README.md         | 2 +-
 elasticsearch/defaults/main.yml | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f7ffaf8..a7b7d2b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
 ### Added
 
 ### Changed
+* elasticsearch: listen on local interface only by default
 
 ### Fixed
 * lxc-php: Don't remove the default pool
diff --git a/elasticsearch/README.md b/elasticsearch/README.md
index e8184019..933beb0f 100644
--- a/elasticsearch/README.md
+++ b/elasticsearch/README.md
@@ -27,7 +27,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
 * `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (default: `2g`).
 * `elasticsearch_restart_on_upgrade`: restart the service after package upgrade (default: `true`)
 
-By default, Elasticsearch will listen to the public interfaces (`_site_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host), so you will have to secure it, with firewall rules for example.
+By default, Elasticsearch will listen to the local interface (`_local_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host).
 
 ## Curator
 
diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml
index f5693bf2..91e81915 100644
--- a/elasticsearch/defaults/main.yml
+++ b/elasticsearch/defaults/main.yml
@@ -5,7 +5,7 @@ elasticsearch_cluster_name: Null
 elasticsearch_cluster_members: Null
 elasticsearch_minimum_master_nodes: Null
 elasticsearch_node_name: "${HOSTNAME}"
-elasticsearch_network_host: "[_site_, _local_]"
+elasticsearch_network_host: "[_local_]"
 elasticsearch_network_publish_host: Null
 elasticsearch_http_publish_host: Null
 elasticsearch_custom_datadir: Null