Jérémy Lecour
008cb6a3c9
quote numeric values
2021-07-02 21:08:59 +02:00
Jérémy Lecour
2f68ae5339
Preliminary support for Bullseye
2021-07-02 20:58:09 +02:00
Jérémy Lecour
b8ac36e673
Fake « testing » as Deban 11 « Bullseye »
2021-07-02 20:53:42 +02:00
Jérémy Lecour
b8c5ac3097
remove whitespace for stream redirection
2021-06-28 15:56:19 +02:00
Jérémy Lecour
6d757f971e
typo
2021-06-28 15:56:19 +02:00
Jérémy Lecour
55ad6882b5
evolinux-base: forgotten case for first-found lookup
continuous-integration/drone/push Build is passing
2021-06-28 15:26:54 +02:00
Jérémy Lecour
0fe0244116
Update Galaxy metadata (company, platforms and galaxy_tags)
2021-06-28 15:26:28 +02:00
Jérémy Lecour
454d4c6d30
explicit permissions for APT GPG keys
continuous-integration/drone/push Build is passing
2021-05-26 13:47:34 +02:00
Jérémy Dubois
89b0bd5a2b
Fix duplicate dict key : check_mode
continuous-integration/drone/push Build is passing
2021-05-19 18:19:30 +02:00
Jérémy Lecour
06b8314211
evolinux-base: fix motd lookup path
2021-05-19 17:02:20 +02:00
Jérémy Lecour
02451f1e67
add default (useless) value for file lookup
continuous-integration/drone/push Build is passing
2021-05-19 14:35:08 +02:00
Jérémy Lecour
4d83f25ae6
fix pipefail option for shell invocations
continuous-integration/drone/push Build is passing
2021-05-18 14:04:54 +02:00
Jérémy Lecour
e65340cb56
Add pipefail option to shell invocations
continuous-integration/drone/push Build is passing
2021-05-13 15:34:27 +02:00
Jérémy Lecour
7dc6f0b849
remove trailing whitespaces
2021-05-13 15:23:39 +02:00
Jérémy Lecour
9ca68a16dd
evolinux-base: quote values
continuous-integration/drone/push Build is passing
2021-05-10 09:07:18 +02:00
Jérémy Lecour
3c9be8d913
fix more Ansible syntax
2021-05-09 23:20:15 +02:00
Jérémy Lecour
2ed77c60f0
Improve Ansible syntax
...
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour
58bf79218f
remove apt keys specifically from embedded database
2021-05-06 13:43:59 +02:00
Jérémy Lecour
7d08b0a30a
rename the tasks for embedded GPG keys
continuous-integration/drone/push Build is passing
2021-05-06 11:33:19 +02:00
Jérémy Lecour
83705a48b8
remove key from trusted.gpg only if file is present
continuous-integration/drone/push Build is passing
2021-05-06 10:42:12 +02:00
Jérémy Lecour
5138065059
Use 'loop' syntax instead of 'with_items'
2021-05-04 14:19:18 +02:00
Jérémy Lecour
debc4a82ca
Use 'loop' syntax instead of 'with_first_found'
continuous-integration/drone/push Build is passing
2021-05-04 13:39:47 +02:00
Jérémy Lecour
9cdddd50a8
Move all trusted GPG keys to file repository
continuous-integration/drone/push Build is passing
2021-05-03 14:23:13 +02:00
Jérémy Lecour
eab68545fe
evolinux-base: add default motd template
continuous-integration/drone/push Build is passing
2021-04-23 11:41:27 +02:00
Ludovic Poujol
f9d6fe0ad4
evolinux-base: install wget
continuous-integration/drone/push Build is passing
2020-09-10 14:59:19 +02:00
Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
continuous-integration/drone/push Build is passing
2020-09-01 14:08:39 +02:00
Jérémy Lecour
221e9edc10
Merge branch 'nagios-nrpe-check-hpraid' into unstable
2020-08-19 14:49:22 +02:00
Benoît S.
1c050b481a
evolinux-base: check_hpraid.cron.sh: Fixed wrong <<<
usage
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing
2020-07-01 10:18:30 +09:00
Benoît S.
9a8f1979bc
evolinux-base: check_hpraid.cron.sh: Fixed wrong else
...
continuous-integration/drone/push Build is passing
The logic was wrong, an else part was not necessary.
2020-06-26 17:57:50 +09:00
Benoît S.
a28b9558cb
evolinux-base: check_hpraid.cron.sh: Better logic and use mail
...
continuous-integration/drone/push Build is passing
First step is to detect errors
Second step is to detect different state
Added mail comand to replace cron output
2020-06-24 18:57:08 +09:00
Benoît S.
766b4dfa82
evolinux-base: check_hpraid cron: Add -p
continuous-integration/drone/push Build is passing
2020-06-16 13:20:43 +09:00
Benoît S.
a74f4e1890
evolinux-base/tasks/hardware.yml: Removed trailing whitespace
continuous-integration/drone/push Build is passing
2020-06-16 12:42:33 +09:00
Benoît S.
4bec21a9f3
evolinux-base: harware: Support HP gen >=10 RAID controller
continuous-integration/drone/push Build is passing
2020-06-16 12:35:56 +09:00
Jérémy Dubois
1a0872c507
nagios-nrpe / evolinux-base : new ntp server variable
...
continuous-integration/drone/push Build is passing
Online hosted servers must use ntp.online.net as
ntp server, because others one are rate limited.
Default ntp server is pool.ntp.org, and a custom
one can be set with the nagios_nrpe_ntp_server
variable.
2020-06-04 10:55:48 +02:00
Benoît S.
342810362d
evolinux-base: check_hpraid.sh: Fix missing copy of RAID state
continuous-integration/drone/push Build is passing
2020-06-04 17:32:49 +09:00
Benoît S.
91dda2e1a2
evolinux-base: check_hpraid.sh: Fix RAID state detection
2020-06-04 17:23:14 +09:00
Benoît S.
7b97702f15
evolinux-base: Add check_hpraid.sh
...
continuous-integration/drone/push Build is passing
This script is meant to be executed as a cron by executing Nagios
NRPE plugin check_hpraid and notify by mail any errors
2020-06-04 16:50:35 +09:00
Jérémy Lecour
f2613e91aa
evolinux-base: configure cciss-vol-statusd in the proper file
...
continuous-integration/drone/push Build is passing
The default file should be used for configuration instead of the init
script.
2020-04-10 11:36:03 +02:00
Jérémy Lecour
4ad785abaf
evolinux-base: simplify sshd syntax validation
continuous-integration/drone/push Build is passing
2020-03-12 17:04:08 +01:00
Jérémy Lecour
ac98aa2d18
evolinux-base: install Evocheck (default: True
)
continuous-integration/drone/push Build is passing
2020-03-09 17:02:23 +01:00
Jérémy Lecour
ec54af596c
evolinux-base: Don't customize the logcheck recipient by default.
...
continuous-integration/drone/push Build is failing
By default the package sends its messages to the logcheck user.
By default we alias the "logcheck" user to "root" which is redirected to
our custom address.
2020-03-04 14:03:18 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
80081aa26e
evolinux-base: remove the chrony package
continuous-integration/drone/push Build is failing
2020-01-16 10:57:47 +01:00
Jérémy Lecour
6801f4e00e
Add names to many blocks
2019-12-31 16:56:03 +01:00
Jérémy Lecour
27e217467e
Change "|changed" with "is changed"
2019-12-31 16:18:56 +01:00
Jérémy Lecour
e04d881988
replace "with_items" in apt modules
2019-12-31 16:18:56 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Victor LABORIE
2a1e0b7ef6
evolinux-base: install ssacli for HP Smart Array
continuous-integration/drone/push Build is passing
2019-12-13 11:00:20 +01:00
Victor LABORIE
6f5e13f8b8
Add evolix prefix to include_role
2019-11-29 14:00:25 +01:00
Ludovic Poujol
6e918d166e
evolinux-base: Don't make alert5.service executable
...
continuous-integration/drone/push Build is passing
Every 3 mins, systemd complain that the service file is marked as
executable, and asks the executable bit to be remove.
Nov 27 01:35:11 foo systemd[1]: Configuration file /etc/systemd/system/alert5.service is marked executable. Please remove executable permission bits. Proceeding anyway.
2019-11-28 10:59:29 +01:00
Ludovic Poujol
dc1c78e08a
evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
...
continuous-integration/drone/push Build is passing
I've noticed that some log files, especially /var/log/syslog were empty.
After investigating, I've realized that it was happening after a log
rotation by logrotate.
The old mechanism, `invoke-rc.d rsyslog rotate` isn't working anymore on
Debian 10. It will fail with a not so explicit message :
[FAIL] Closing open files: rsyslogd failed!
Long story short, it seems that the pid file (`/run/rsyslogd.pid`) isn't
created any more, so start-stop-daemon as used by /etc/init.d/rsyslog
will fail. Explaining the error message.
Debian 10 rsyslog now brings `/usr/lib/rsyslog/rsyslog-rotate` that is
used by logrotate. It will send the signal HUP the 'right' way, so
rsyslog will be aware of the log rotation.
Sadly, this script isn't present in Debian 9 nor 8, so the logrotate
configuration for rsyslog is now a template, using the right command for
the right version.
2019-11-22 16:48:19 +01:00
Eric Morino
c15f8963e4
Add compatibility for debian 9 and debian 10 in HW tool and megacli package
continuous-integration/drone/push Build is passing
2019-11-14 14:29:04 +01:00
Ludovic Poujol
174bfa5ba0
Fix a syntax error in a task name (a missplaced double quote)
continuous-integration/drone/push Build is passing
2019-11-12 17:59:36 +01:00
Jérémy Lecour
f2dacac139
evolinux-base: add /usr/share/scripts in root's PATH (Debian 10+)
2019-10-30 14:32:32 +01:00
Jérémy Lecour
8679da4cb6
evolinux-base: install /sbin/deny
2019-10-30 14:32:32 +01:00
Jérémy Lecour
78ea4a61e1
typo
2019-10-30 14:32:32 +01:00
Jérémy Lecour
24edbd680a
Add crontabs only when cron package is installed (many roles)
continuous-integration/drone/push Build is passing
2019-10-21 15:26:03 +02:00
Jérémy Lecour
bea11352be
Merge branch 'buster' into unstable
2019-09-23 18:34:35 +02:00
Jérémy Lecour
b31159c9d2
evolinux-base: use "evolinux_internal_group" for SSH authentication
2019-09-22 22:26:21 +02:00
Jérémy Lecour
8f868b8612
evolinux-base: default value for "evolinux_ssh_group"
2019-09-22 22:25:30 +02:00
Ludovic Poujol
f630d93587
evolinux-base: On debian 10 and later, add noexec on /dev/shm
continuous-integration/drone/push Build encountered an error
2019-07-23 18:18:29 +02:00
Benoît S.
d5751150af
evolinux-base: spectre-meltdown-checker need binutils
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/pr Build is passing
2019-07-03 09:56:17 +02:00
Benoît S.
771c75c1de
all-roles: Dot not use ansible_lsb as it is deprecated
...
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/pr Build is passing
We move from `ansible_lsb.codename` to `ansible_distribution_release`.
2019-07-03 09:41:35 +02:00
Jérémy Lecour
fecdbb0406
evolinux-base: use the variable for the "ssh" group name
continuous-integration/drone/pr Build encountered an error
continuous-integration/drone/push Build is passing
2019-06-24 17:08:01 +02:00
Jérémy Lecour
a8ef97fcde
Revert "evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)"
...
This reverts commit 65414d8ae7
.
2019-06-20 17:29:48 +02:00
Jérémy Lecour
b362f422df
evolinux-base: packages for Buster and later
continuous-integration/drone/push Build is passing
2019-06-19 15:08:54 +02:00
Jérémy Lecour
bee57a0b3c
change distribution release codename
...
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/pr Build is failing
Ansible 2.2 is too old to know about buster.
Let's use LSB for that.
2019-06-18 17:35:28 +02:00
Jérémy Lecour
65414d8ae7
evolinux-base: install "spectre-meltdown-checker" (Debian 9 and later)
continuous-integration/drone/push Build is passing
2019-06-17 14:22:00 +02:00
Ludovic Poujol
75a8c90258
evolinux-base: Ensure rename is present
2019-06-17 09:58:10 +02:00
Ludovic Poujol
334b8a3f0d
evolinux-base: Validate sshd config with "sshd -t"
...
See #52 - It seems the behaviour changed with the recent releases, -T
that does an extended test now fails on "Match" blocks when no context
is given through -C
2019-06-17 09:47:22 +02:00
Jérémy Lecour
aa28e9c1b8
change repositories URL
2019-03-21 15:31:58 +01:00
Jérémy Lecour
3e37800994
evolinux-base: remove apt-listchanges on Stretch and later
2019-03-05 11:10:12 +01:00
Jérémy Lecour
a94c94018c
normalize some arguments positions
2019-01-01 20:02:50 +01:00
Benoît S.
776839fe61
Typo: rcpbind and not rcpbin
2018-12-19 15:58:47 +01:00
Victor LABORIE
74f25e8183
evolinux-base: deploy custom motd if template are present
2018-11-30 15:14:39 +01:00
Patrick Marchand
9198c1e2c0
ansible-lint does not like trailing whitespace
2018-11-13 16:56:31 -05:00
Victor LABORIE
83e9f12669
evolinux-base: install man package
2018-10-23 11:38:52 +02:00
Jérémy Lecour
81e9b3d33c
don't reload history on each prompt
2018-09-13 16:54:07 +02:00
Jérémy Lecour
2a89b8ff22
evolinux-base: better shell history
...
* remove duplicates from history
* reload/save history at prompt time
2018-09-11 14:13:29 +02:00
Jérémy Lecour
fe064c16d1
update CHANGELOG for evolinux-todo
2018-08-24 14:43:14 +02:00
Jérémy Lecour
b6fa349394
evolinux-base: compact multiple systctl tasks into one
2018-08-21 13:34:03 +02:00
Gregory Colpart
51f41ff14a
Workaround by Evolix security team for old kernels and vulnerabiliy CVE-2018-5391 (FragmentSmack)
2018-08-17 21:28:14 +02:00
Jérémy Lecour
4461281945
evolinux-base: add internal FQDN/hostname in /etc/hosts if needed
2018-08-17 10:07:36 +02:00
Jérémy Lecour
bc8858fc0a
evolinux-base: improve hostname configuration
...
We can have a "real" hostname and domain, but also an "internal" hostnae
and domain, used mostly for internal tools.
2018-08-16 16:17:34 +02:00
Tristan PILAT
99747e72b5
500px is too narrow, let's switch to 768px
2018-07-24 12:17:07 +02:00
Victor LABORIE
f56f8f7615
evolinux-base: add mail related aliases
2018-06-25 11:20:37 +02:00
Jérémy Lecour
ec535b036c
apt module: Use "state: present" instead of "state: installed"
...
"state: installed" is deprecated in Ansible 2.5
2018-05-18 09:33:25 +02:00
Gregory Colpart
20f6371980
typo
2018-05-01 19:38:55 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b866b6fa0a
evolinux-base: fail2ban is not enabled by default
2018-04-18 12:15:43 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
ad3383a510
Install ncurses-term for additional terminal types
...
When connecting to a server from urxvt, the session behaves like one
with xterm.
2018-03-29 16:42:33 +02:00
Ludovic Poujol
3c2443181b
evolinux-base: Exec the firewall tasks sooner to avoid dependency issues
2018-03-15 12:04:35 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00
Victor LABORIE
f09d93aadb
evolinux-base: purge locate/mlocate by default
2018-01-02 15:11:27 +01:00
Jérémy Lecour
aeba94bcba
default/additional variables
...
List of hosts/ip are a combination of 2 lists allowing overrides
2017-12-20 18:04:54 +01:00
Ludovic Poujol
a2acd250a6
evolinux-base: have default_www files chmoded as 644
2017-12-13 15:44:16 +01:00